./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec8_product33.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec8_product33.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 110ae467dd0e6a723852f1756a5d5c5e6a5ea34b8ae8b082c6ae77d9e8e89434 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:03:58,923 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:03:58,926 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:03:58,948 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:03:58,950 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:03:58,951 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:03:58,953 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:03:58,956 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:03:58,958 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:03:58,959 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:03:58,959 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:03:58,963 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:03:58,964 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:03:58,966 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:03:58,967 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:03:58,968 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:03:58,970 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:03:58,974 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:03:58,975 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:03:58,976 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:03:58,977 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:03:58,981 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:03:58,982 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:03:58,982 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:03:58,984 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:03:58,986 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:03:58,986 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:03:58,988 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:03:58,988 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:03:58,989 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:03:58,989 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:03:58,989 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:03:58,990 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:03:58,991 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:03:58,991 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:03:58,992 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:03:58,993 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:03:58,993 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:03:58,993 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:03:58,994 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:03:58,994 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:03:58,995 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:03:59,018 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:03:59,019 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:03:59,019 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:03:59,019 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:03:59,020 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:03:59,020 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:03:59,021 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:03:59,021 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:03:59,021 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:03:59,021 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:03:59,022 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:03:59,022 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:03:59,022 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:03:59,022 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:03:59,023 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:03:59,024 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:03:59,024 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:03:59,024 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:03:59,024 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:03:59,024 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:03:59,024 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:03:59,025 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:03:59,025 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:03:59,025 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:03:59,026 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:03:59,026 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:03:59,026 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:03:59,026 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 110ae467dd0e6a723852f1756a5d5c5e6a5ea34b8ae8b082c6ae77d9e8e89434 [2022-02-20 18:03:59,247 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:03:59,266 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:03:59,268 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:03:59,269 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:03:59,270 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:03:59,271 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec8_product33.cil.c [2022-02-20 18:03:59,322 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/40126e3ac/d8eab3380b4f47739f64a4085b0160e8/FLAG9e511a8bd [2022-02-20 18:03:59,748 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:03:59,753 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product33.cil.c [2022-02-20 18:03:59,778 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/40126e3ac/d8eab3380b4f47739f64a4085b0160e8/FLAG9e511a8bd [2022-02-20 18:04:00,054 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/40126e3ac/d8eab3380b4f47739f64a4085b0160e8 [2022-02-20 18:04:00,055 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:04:00,057 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:04:00,059 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:04:00,059 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:04:00,061 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:04:00,062 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,064 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6799ae8f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00, skipping insertion in model container [2022-02-20 18:04:00,064 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,069 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:04:00,113 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:04:00,355 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product33.cil.c[11621,11634] [2022-02-20 18:04:00,604 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:04:00,621 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:04:00,667 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product33.cil.c[11621,11634] [2022-02-20 18:04:00,714 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:04:00,736 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:04:00,744 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00 WrapperNode [2022-02-20 18:04:00,745 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:04:00,746 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:04:00,746 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:04:00,746 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:04:00,752 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,782 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,861 INFO L137 Inliner]: procedures = 135, calls = 233, calls flagged for inlining = 66, calls inlined = 61, statements flattened = 1084 [2022-02-20 18:04:00,862 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:04:00,863 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:04:00,863 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:04:00,863 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:04:00,869 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,869 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,883 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,884 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,916 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,922 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,935 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,950 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:04:00,951 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:04:00,951 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:04:00,951 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:04:00,952 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (1/1) ... [2022-02-20 18:04:00,958 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:04:00,967 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:00,996 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:04:00,998 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:04:01,038 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:04:01,038 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:04:01,038 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:04:01,039 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:04:01,039 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:04:01,039 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:04:01,039 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:04:01,039 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:04:01,040 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:04:01,040 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:04:01,041 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:04:01,041 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:04:01,041 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:04:01,041 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:04:01,041 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:04:01,041 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:04:01,041 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:04:01,041 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:04:01,042 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:04:01,042 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:04:01,042 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:04:01,042 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:04:01,042 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:04:01,042 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:04:01,042 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:04:01,042 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:04:01,042 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:04:01,043 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:04:01,043 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:04:01,043 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:04:01,043 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:04:01,043 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:04:01,043 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:04:01,043 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:04:01,043 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:04:01,044 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:04:01,044 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:04:01,044 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:04:01,044 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:04:01,044 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:04:01,044 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:04:01,044 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:04:01,045 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:04:01,045 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:04:01,045 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:04:01,045 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:04:01,045 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:04:01,045 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:04:01,045 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:04:01,045 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:04:01,046 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:04:01,046 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:04:01,046 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:04:01,261 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:04:01,262 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:04:02,038 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:04:02,053 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:04:02,054 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:04:02,057 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:02 BoogieIcfgContainer [2022-02-20 18:04:02,058 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:04:02,059 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:04:02,059 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:04:02,062 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:04:02,062 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:04:00" (1/3) ... [2022-02-20 18:04:02,063 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5a554900 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:02, skipping insertion in model container [2022-02-20 18:04:02,063 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:00" (2/3) ... [2022-02-20 18:04:02,063 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5a554900 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:02, skipping insertion in model container [2022-02-20 18:04:02,063 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:02" (3/3) ... [2022-02-20 18:04:02,097 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec8_product33.cil.c [2022-02-20 18:04:02,102 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:04:02,103 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:04:02,140 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:04:02,150 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:04:02,150 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:04:02,197 INFO L276 IsEmpty]: Start isEmpty. Operand has 389 states, 300 states have (on average 1.5) internal successors, (450), 304 states have internal predecessors, (450), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:04:02,210 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-02-20 18:04:02,211 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:02,212 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:02,212 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:02,219 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:02,220 INFO L85 PathProgramCache]: Analyzing trace with hash 827259601, now seen corresponding path program 1 times [2022-02-20 18:04:02,228 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:02,228 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [719394688] [2022-02-20 18:04:02,228 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:02,229 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:02,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:02,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,542 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,543 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {392#true} #1136#return; {392#true} is VALID [2022-02-20 18:04:02,550 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:02,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,561 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,561 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {392#true} #1138#return; {392#true} is VALID [2022-02-20 18:04:02,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:02,569 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,590 INFO L290 TraceCheckUtils]: 0: Hoare triple {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {450#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:02,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {450#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {451#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:02,591 INFO L290 TraceCheckUtils]: 2: Hoare triple {451#(= |setClientId_#in~handle| 1)} assume true; {451#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:02,592 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {451#(= |setClientId_#in~handle| 1)} {402#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {393#false} is VALID [2022-02-20 18:04:02,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:02,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1142#return; {393#false} is VALID [2022-02-20 18:04:02,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:02,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1144#return; {393#false} is VALID [2022-02-20 18:04:02,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:02,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1146#return; {393#false} is VALID [2022-02-20 18:04:02,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:04:02,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {452#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,654 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,654 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1122#return; {393#false} is VALID [2022-02-20 18:04:02,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:04:02,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {453#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1124#return; {393#false} is VALID [2022-02-20 18:04:02,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:04:02,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {392#true} ~handle := #in~handle;havoc ~retValue_acc~13; {392#true} is VALID [2022-02-20 18:04:02,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {392#true} is VALID [2022-02-20 18:04:02,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,679 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1056#return; {393#false} is VALID [2022-02-20 18:04:02,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:04:02,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {392#true} ~handle := #in~handle;havoc ~retValue_acc~36; {392#true} is VALID [2022-02-20 18:04:02,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {392#true} is VALID [2022-02-20 18:04:02,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,685 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1058#return; {393#false} is VALID [2022-02-20 18:04:02,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:04:02,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {392#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {392#true} is VALID [2022-02-20 18:04:02,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle; {392#true} is VALID [2022-02-20 18:04:02,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {392#true} is VALID [2022-02-20 18:04:02,693 INFO L290 TraceCheckUtils]: 3: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,693 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {392#true} {393#false} #1060#return; {393#false} is VALID [2022-02-20 18:04:02,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:04:02,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {452#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,705 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1066#return; {393#false} is VALID [2022-02-20 18:04:02,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:04:02,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:02,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {392#true} ~handle := #in~handle;havoc ~retValue_acc~39; {392#true} is VALID [2022-02-20 18:04:02,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {392#true} is VALID [2022-02-20 18:04:02,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {392#true} {393#false} #1068#return; {393#false} is VALID [2022-02-20 18:04:02,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {392#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {392#true} is VALID [2022-02-20 18:04:02,716 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {392#true} is VALID [2022-02-20 18:04:02,717 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {392#true} is VALID [2022-02-20 18:04:02,717 INFO L290 TraceCheckUtils]: 3: Hoare triple {392#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {392#true} is VALID [2022-02-20 18:04:02,717 INFO L290 TraceCheckUtils]: 4: Hoare triple {392#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {392#true} is VALID [2022-02-20 18:04:02,718 INFO L290 TraceCheckUtils]: 5: Hoare triple {392#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {392#true} is VALID [2022-02-20 18:04:02,719 INFO L272 TraceCheckUtils]: 6: Hoare triple {392#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:02,719 INFO L290 TraceCheckUtils]: 7: Hoare triple {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,719 INFO L290 TraceCheckUtils]: 8: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,719 INFO L290 TraceCheckUtils]: 9: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,719 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {392#true} {392#true} #1136#return; {392#true} is VALID [2022-02-20 18:04:02,719 INFO L290 TraceCheckUtils]: 11: Hoare triple {392#true} assume { :end_inline_setup_bob__wrappee__Base } true; {392#true} is VALID [2022-02-20 18:04:02,720 INFO L272 TraceCheckUtils]: 12: Hoare triple {392#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:02,721 INFO L290 TraceCheckUtils]: 13: Hoare triple {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,721 INFO L290 TraceCheckUtils]: 14: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,721 INFO L290 TraceCheckUtils]: 15: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,721 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {392#true} {392#true} #1138#return; {392#true} is VALID [2022-02-20 18:04:02,722 INFO L290 TraceCheckUtils]: 17: Hoare triple {392#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {402#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:02,722 INFO L272 TraceCheckUtils]: 18: Hoare triple {402#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:02,723 INFO L290 TraceCheckUtils]: 19: Hoare triple {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {450#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:02,736 INFO L290 TraceCheckUtils]: 20: Hoare triple {450#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {451#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:02,737 INFO L290 TraceCheckUtils]: 21: Hoare triple {451#(= |setClientId_#in~handle| 1)} assume true; {451#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:02,738 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {451#(= |setClientId_#in~handle| 1)} {402#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {393#false} is VALID [2022-02-20 18:04:02,738 INFO L290 TraceCheckUtils]: 23: Hoare triple {393#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {393#false} is VALID [2022-02-20 18:04:02,738 INFO L272 TraceCheckUtils]: 24: Hoare triple {393#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:02,738 INFO L290 TraceCheckUtils]: 25: Hoare triple {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,738 INFO L290 TraceCheckUtils]: 26: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,738 INFO L290 TraceCheckUtils]: 27: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,739 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {392#true} {393#false} #1142#return; {393#false} is VALID [2022-02-20 18:04:02,739 INFO L290 TraceCheckUtils]: 29: Hoare triple {393#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {393#false} is VALID [2022-02-20 18:04:02,739 INFO L272 TraceCheckUtils]: 30: Hoare triple {393#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:02,739 INFO L290 TraceCheckUtils]: 31: Hoare triple {448#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,739 INFO L290 TraceCheckUtils]: 32: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,739 INFO L290 TraceCheckUtils]: 33: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,739 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {392#true} {393#false} #1144#return; {393#false} is VALID [2022-02-20 18:04:02,740 INFO L290 TraceCheckUtils]: 35: Hoare triple {393#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {393#false} is VALID [2022-02-20 18:04:02,740 INFO L272 TraceCheckUtils]: 36: Hoare triple {393#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:02,740 INFO L290 TraceCheckUtils]: 37: Hoare triple {449#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,740 INFO L290 TraceCheckUtils]: 38: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,740 INFO L290 TraceCheckUtils]: 39: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,740 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {392#true} {393#false} #1146#return; {393#false} is VALID [2022-02-20 18:04:02,740 INFO L290 TraceCheckUtils]: 41: Hoare triple {393#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {393#false} is VALID [2022-02-20 18:04:02,741 INFO L290 TraceCheckUtils]: 42: Hoare triple {393#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {393#false} is VALID [2022-02-20 18:04:02,741 INFO L290 TraceCheckUtils]: 43: Hoare triple {393#false} assume false; {393#false} is VALID [2022-02-20 18:04:02,741 INFO L290 TraceCheckUtils]: 44: Hoare triple {393#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {393#false} is VALID [2022-02-20 18:04:02,741 INFO L272 TraceCheckUtils]: 45: Hoare triple {393#false} call sendEmail(~bob~0, ~rjh~0); {393#false} is VALID [2022-02-20 18:04:02,741 INFO L290 TraceCheckUtils]: 46: Hoare triple {393#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {393#false} is VALID [2022-02-20 18:04:02,741 INFO L272 TraceCheckUtils]: 47: Hoare triple {393#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {452#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:02,741 INFO L290 TraceCheckUtils]: 48: Hoare triple {452#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,742 INFO L290 TraceCheckUtils]: 49: Hoare triple {392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,742 INFO L290 TraceCheckUtils]: 50: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,742 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {392#true} {393#false} #1122#return; {393#false} is VALID [2022-02-20 18:04:02,742 INFO L272 TraceCheckUtils]: 52: Hoare triple {393#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {453#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:02,742 INFO L290 TraceCheckUtils]: 53: Hoare triple {453#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,742 INFO L290 TraceCheckUtils]: 54: Hoare triple {392#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,742 INFO L290 TraceCheckUtils]: 55: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,742 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {392#true} {393#false} #1124#return; {393#false} is VALID [2022-02-20 18:04:02,743 INFO L290 TraceCheckUtils]: 57: Hoare triple {393#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {393#false} is VALID [2022-02-20 18:04:02,743 INFO L290 TraceCheckUtils]: 58: Hoare triple {393#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {393#false} is VALID [2022-02-20 18:04:02,743 INFO L272 TraceCheckUtils]: 59: Hoare triple {393#false} call outgoing(~sender#1, ~email~0#1); {393#false} is VALID [2022-02-20 18:04:02,743 INFO L290 TraceCheckUtils]: 60: Hoare triple {393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {393#false} is VALID [2022-02-20 18:04:02,743 INFO L272 TraceCheckUtils]: 61: Hoare triple {393#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {392#true} is VALID [2022-02-20 18:04:02,743 INFO L290 TraceCheckUtils]: 62: Hoare triple {392#true} ~handle := #in~handle;havoc ~retValue_acc~13; {392#true} is VALID [2022-02-20 18:04:02,743 INFO L290 TraceCheckUtils]: 63: Hoare triple {392#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {392#true} is VALID [2022-02-20 18:04:02,743 INFO L290 TraceCheckUtils]: 64: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,744 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {392#true} {393#false} #1056#return; {393#false} is VALID [2022-02-20 18:04:02,744 INFO L290 TraceCheckUtils]: 66: Hoare triple {393#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {393#false} is VALID [2022-02-20 18:04:02,744 INFO L290 TraceCheckUtils]: 67: Hoare triple {393#false} assume 0 == sign_~privkey~1#1; {393#false} is VALID [2022-02-20 18:04:02,744 INFO L290 TraceCheckUtils]: 68: Hoare triple {393#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {393#false} is VALID [2022-02-20 18:04:02,744 INFO L272 TraceCheckUtils]: 69: Hoare triple {393#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {392#true} is VALID [2022-02-20 18:04:02,744 INFO L290 TraceCheckUtils]: 70: Hoare triple {392#true} ~handle := #in~handle;havoc ~retValue_acc~36; {392#true} is VALID [2022-02-20 18:04:02,744 INFO L290 TraceCheckUtils]: 71: Hoare triple {392#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {392#true} is VALID [2022-02-20 18:04:02,745 INFO L290 TraceCheckUtils]: 72: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,745 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {392#true} {393#false} #1058#return; {393#false} is VALID [2022-02-20 18:04:02,745 INFO L290 TraceCheckUtils]: 74: Hoare triple {393#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {393#false} is VALID [2022-02-20 18:04:02,745 INFO L272 TraceCheckUtils]: 75: Hoare triple {393#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {392#true} is VALID [2022-02-20 18:04:02,745 INFO L290 TraceCheckUtils]: 76: Hoare triple {392#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {392#true} is VALID [2022-02-20 18:04:02,745 INFO L290 TraceCheckUtils]: 77: Hoare triple {392#true} assume 1 == ~handle; {392#true} is VALID [2022-02-20 18:04:02,745 INFO L290 TraceCheckUtils]: 78: Hoare triple {392#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {392#true} is VALID [2022-02-20 18:04:02,745 INFO L290 TraceCheckUtils]: 79: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,746 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {392#true} {393#false} #1060#return; {393#false} is VALID [2022-02-20 18:04:02,746 INFO L290 TraceCheckUtils]: 81: Hoare triple {393#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {393#false} is VALID [2022-02-20 18:04:02,746 INFO L290 TraceCheckUtils]: 82: Hoare triple {393#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {393#false} is VALID [2022-02-20 18:04:02,746 INFO L290 TraceCheckUtils]: 83: Hoare triple {393#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {393#false} is VALID [2022-02-20 18:04:02,746 INFO L290 TraceCheckUtils]: 84: Hoare triple {393#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {393#false} is VALID [2022-02-20 18:04:02,746 INFO L290 TraceCheckUtils]: 85: Hoare triple {393#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {393#false} is VALID [2022-02-20 18:04:02,746 INFO L272 TraceCheckUtils]: 86: Hoare triple {393#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {452#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:02,747 INFO L290 TraceCheckUtils]: 87: Hoare triple {452#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:02,747 INFO L290 TraceCheckUtils]: 88: Hoare triple {392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:02,747 INFO L290 TraceCheckUtils]: 89: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,747 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {392#true} {393#false} #1066#return; {393#false} is VALID [2022-02-20 18:04:02,747 INFO L290 TraceCheckUtils]: 91: Hoare triple {393#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {393#false} is VALID [2022-02-20 18:04:02,747 INFO L290 TraceCheckUtils]: 92: Hoare triple {393#false} assume 0 != ~in_encrypted~0; {393#false} is VALID [2022-02-20 18:04:02,747 INFO L272 TraceCheckUtils]: 93: Hoare triple {393#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {392#true} is VALID [2022-02-20 18:04:02,748 INFO L290 TraceCheckUtils]: 94: Hoare triple {392#true} ~handle := #in~handle;havoc ~retValue_acc~39; {392#true} is VALID [2022-02-20 18:04:02,748 INFO L290 TraceCheckUtils]: 95: Hoare triple {392#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {392#true} is VALID [2022-02-20 18:04:02,748 INFO L290 TraceCheckUtils]: 96: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:02,748 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {392#true} {393#false} #1068#return; {393#false} is VALID [2022-02-20 18:04:02,748 INFO L290 TraceCheckUtils]: 98: Hoare triple {393#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {393#false} is VALID [2022-02-20 18:04:02,748 INFO L290 TraceCheckUtils]: 99: Hoare triple {393#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {393#false} is VALID [2022-02-20 18:04:02,748 INFO L290 TraceCheckUtils]: 100: Hoare triple {393#false} assume !false; {393#false} is VALID [2022-02-20 18:04:02,749 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:04:02,750 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:02,750 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [719394688] [2022-02-20 18:04:02,750 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [719394688] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:02,750 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [677894543] [2022-02-20 18:04:02,751 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:02,751 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:02,751 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:02,768 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:02,769 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:04:03,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:03,061 INFO L263 TraceCheckSpWp]: Trace formula consists of 1066 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:04:03,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:03,132 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:03,355 INFO L290 TraceCheckUtils]: 0: Hoare triple {392#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {392#true} is VALID [2022-02-20 18:04:03,355 INFO L290 TraceCheckUtils]: 1: Hoare triple {392#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {392#true} is VALID [2022-02-20 18:04:03,355 INFO L290 TraceCheckUtils]: 2: Hoare triple {392#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {392#true} is VALID [2022-02-20 18:04:03,356 INFO L290 TraceCheckUtils]: 3: Hoare triple {392#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {392#true} is VALID [2022-02-20 18:04:03,356 INFO L290 TraceCheckUtils]: 4: Hoare triple {392#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {392#true} is VALID [2022-02-20 18:04:03,356 INFO L290 TraceCheckUtils]: 5: Hoare triple {392#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {392#true} is VALID [2022-02-20 18:04:03,356 INFO L272 TraceCheckUtils]: 6: Hoare triple {392#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {392#true} is VALID [2022-02-20 18:04:03,356 INFO L290 TraceCheckUtils]: 7: Hoare triple {392#true} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:03,359 INFO L290 TraceCheckUtils]: 8: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:03,359 INFO L290 TraceCheckUtils]: 9: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:03,359 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {392#true} {392#true} #1136#return; {392#true} is VALID [2022-02-20 18:04:03,360 INFO L290 TraceCheckUtils]: 11: Hoare triple {392#true} assume { :end_inline_setup_bob__wrappee__Base } true; {392#true} is VALID [2022-02-20 18:04:03,360 INFO L272 TraceCheckUtils]: 12: Hoare triple {392#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {392#true} is VALID [2022-02-20 18:04:03,360 INFO L290 TraceCheckUtils]: 13: Hoare triple {392#true} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:03,360 INFO L290 TraceCheckUtils]: 14: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:03,360 INFO L290 TraceCheckUtils]: 15: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:03,372 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {392#true} {392#true} #1138#return; {392#true} is VALID [2022-02-20 18:04:03,372 INFO L290 TraceCheckUtils]: 17: Hoare triple {392#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {392#true} is VALID [2022-02-20 18:04:03,373 INFO L272 TraceCheckUtils]: 18: Hoare triple {392#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {392#true} is VALID [2022-02-20 18:04:03,373 INFO L290 TraceCheckUtils]: 19: Hoare triple {392#true} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:03,373 INFO L290 TraceCheckUtils]: 20: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:03,373 INFO L290 TraceCheckUtils]: 21: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:03,373 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {392#true} {392#true} #1140#return; {392#true} is VALID [2022-02-20 18:04:03,373 INFO L290 TraceCheckUtils]: 23: Hoare triple {392#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {392#true} is VALID [2022-02-20 18:04:03,374 INFO L272 TraceCheckUtils]: 24: Hoare triple {392#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {392#true} is VALID [2022-02-20 18:04:03,375 INFO L290 TraceCheckUtils]: 25: Hoare triple {392#true} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:03,375 INFO L290 TraceCheckUtils]: 26: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:03,375 INFO L290 TraceCheckUtils]: 27: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:03,377 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {392#true} {392#true} #1142#return; {392#true} is VALID [2022-02-20 18:04:03,377 INFO L290 TraceCheckUtils]: 29: Hoare triple {392#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {392#true} is VALID [2022-02-20 18:04:03,377 INFO L272 TraceCheckUtils]: 30: Hoare triple {392#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {392#true} is VALID [2022-02-20 18:04:03,377 INFO L290 TraceCheckUtils]: 31: Hoare triple {392#true} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:03,377 INFO L290 TraceCheckUtils]: 32: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:03,378 INFO L290 TraceCheckUtils]: 33: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:03,381 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {392#true} {392#true} #1144#return; {392#true} is VALID [2022-02-20 18:04:03,381 INFO L290 TraceCheckUtils]: 35: Hoare triple {392#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {392#true} is VALID [2022-02-20 18:04:03,381 INFO L272 TraceCheckUtils]: 36: Hoare triple {392#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {392#true} is VALID [2022-02-20 18:04:03,381 INFO L290 TraceCheckUtils]: 37: Hoare triple {392#true} ~handle := #in~handle;~value := #in~value; {392#true} is VALID [2022-02-20 18:04:03,381 INFO L290 TraceCheckUtils]: 38: Hoare triple {392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {392#true} is VALID [2022-02-20 18:04:03,381 INFO L290 TraceCheckUtils]: 39: Hoare triple {392#true} assume true; {392#true} is VALID [2022-02-20 18:04:03,382 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {392#true} {392#true} #1146#return; {392#true} is VALID [2022-02-20 18:04:03,382 INFO L290 TraceCheckUtils]: 41: Hoare triple {392#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {392#true} is VALID [2022-02-20 18:04:03,382 INFO L290 TraceCheckUtils]: 42: Hoare triple {392#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {392#true} is VALID [2022-02-20 18:04:03,382 INFO L290 TraceCheckUtils]: 43: Hoare triple {392#true} assume false; {393#false} is VALID [2022-02-20 18:04:03,383 INFO L290 TraceCheckUtils]: 44: Hoare triple {393#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {393#false} is VALID [2022-02-20 18:04:03,383 INFO L272 TraceCheckUtils]: 45: Hoare triple {393#false} call sendEmail(~bob~0, ~rjh~0); {393#false} is VALID [2022-02-20 18:04:03,383 INFO L290 TraceCheckUtils]: 46: Hoare triple {393#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {393#false} is VALID [2022-02-20 18:04:03,383 INFO L272 TraceCheckUtils]: 47: Hoare triple {393#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {393#false} is VALID [2022-02-20 18:04:03,383 INFO L290 TraceCheckUtils]: 48: Hoare triple {393#false} ~handle := #in~handle;~value := #in~value; {393#false} is VALID [2022-02-20 18:04:03,384 INFO L290 TraceCheckUtils]: 49: Hoare triple {393#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {393#false} is VALID [2022-02-20 18:04:03,384 INFO L290 TraceCheckUtils]: 50: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,384 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {393#false} {393#false} #1122#return; {393#false} is VALID [2022-02-20 18:04:03,384 INFO L272 TraceCheckUtils]: 52: Hoare triple {393#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {393#false} is VALID [2022-02-20 18:04:03,384 INFO L290 TraceCheckUtils]: 53: Hoare triple {393#false} ~handle := #in~handle;~value := #in~value; {393#false} is VALID [2022-02-20 18:04:03,388 INFO L290 TraceCheckUtils]: 54: Hoare triple {393#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {393#false} is VALID [2022-02-20 18:04:03,388 INFO L290 TraceCheckUtils]: 55: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,388 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {393#false} {393#false} #1124#return; {393#false} is VALID [2022-02-20 18:04:03,388 INFO L290 TraceCheckUtils]: 57: Hoare triple {393#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {393#false} is VALID [2022-02-20 18:04:03,389 INFO L290 TraceCheckUtils]: 58: Hoare triple {393#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {393#false} is VALID [2022-02-20 18:04:03,389 INFO L272 TraceCheckUtils]: 59: Hoare triple {393#false} call outgoing(~sender#1, ~email~0#1); {393#false} is VALID [2022-02-20 18:04:03,389 INFO L290 TraceCheckUtils]: 60: Hoare triple {393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {393#false} is VALID [2022-02-20 18:04:03,389 INFO L272 TraceCheckUtils]: 61: Hoare triple {393#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {393#false} is VALID [2022-02-20 18:04:03,389 INFO L290 TraceCheckUtils]: 62: Hoare triple {393#false} ~handle := #in~handle;havoc ~retValue_acc~13; {393#false} is VALID [2022-02-20 18:04:03,389 INFO L290 TraceCheckUtils]: 63: Hoare triple {393#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {393#false} is VALID [2022-02-20 18:04:03,390 INFO L290 TraceCheckUtils]: 64: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,390 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {393#false} {393#false} #1056#return; {393#false} is VALID [2022-02-20 18:04:03,390 INFO L290 TraceCheckUtils]: 66: Hoare triple {393#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {393#false} is VALID [2022-02-20 18:04:03,390 INFO L290 TraceCheckUtils]: 67: Hoare triple {393#false} assume 0 == sign_~privkey~1#1; {393#false} is VALID [2022-02-20 18:04:03,390 INFO L290 TraceCheckUtils]: 68: Hoare triple {393#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {393#false} is VALID [2022-02-20 18:04:03,390 INFO L272 TraceCheckUtils]: 69: Hoare triple {393#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {393#false} is VALID [2022-02-20 18:04:03,391 INFO L290 TraceCheckUtils]: 70: Hoare triple {393#false} ~handle := #in~handle;havoc ~retValue_acc~36; {393#false} is VALID [2022-02-20 18:04:03,391 INFO L290 TraceCheckUtils]: 71: Hoare triple {393#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {393#false} is VALID [2022-02-20 18:04:03,391 INFO L290 TraceCheckUtils]: 72: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,391 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {393#false} {393#false} #1058#return; {393#false} is VALID [2022-02-20 18:04:03,391 INFO L290 TraceCheckUtils]: 74: Hoare triple {393#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {393#false} is VALID [2022-02-20 18:04:03,391 INFO L272 TraceCheckUtils]: 75: Hoare triple {393#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {393#false} is VALID [2022-02-20 18:04:03,392 INFO L290 TraceCheckUtils]: 76: Hoare triple {393#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {393#false} is VALID [2022-02-20 18:04:03,392 INFO L290 TraceCheckUtils]: 77: Hoare triple {393#false} assume 1 == ~handle; {393#false} is VALID [2022-02-20 18:04:03,392 INFO L290 TraceCheckUtils]: 78: Hoare triple {393#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {393#false} is VALID [2022-02-20 18:04:03,392 INFO L290 TraceCheckUtils]: 79: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,392 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {393#false} {393#false} #1060#return; {393#false} is VALID [2022-02-20 18:04:03,393 INFO L290 TraceCheckUtils]: 81: Hoare triple {393#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {393#false} is VALID [2022-02-20 18:04:03,393 INFO L290 TraceCheckUtils]: 82: Hoare triple {393#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {393#false} is VALID [2022-02-20 18:04:03,393 INFO L290 TraceCheckUtils]: 83: Hoare triple {393#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {393#false} is VALID [2022-02-20 18:04:03,393 INFO L290 TraceCheckUtils]: 84: Hoare triple {393#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {393#false} is VALID [2022-02-20 18:04:03,393 INFO L290 TraceCheckUtils]: 85: Hoare triple {393#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {393#false} is VALID [2022-02-20 18:04:03,393 INFO L272 TraceCheckUtils]: 86: Hoare triple {393#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {393#false} is VALID [2022-02-20 18:04:03,394 INFO L290 TraceCheckUtils]: 87: Hoare triple {393#false} ~handle := #in~handle;~value := #in~value; {393#false} is VALID [2022-02-20 18:04:03,394 INFO L290 TraceCheckUtils]: 88: Hoare triple {393#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {393#false} is VALID [2022-02-20 18:04:03,394 INFO L290 TraceCheckUtils]: 89: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,394 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {393#false} {393#false} #1066#return; {393#false} is VALID [2022-02-20 18:04:03,394 INFO L290 TraceCheckUtils]: 91: Hoare triple {393#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {393#false} is VALID [2022-02-20 18:04:03,398 INFO L290 TraceCheckUtils]: 92: Hoare triple {393#false} assume 0 != ~in_encrypted~0; {393#false} is VALID [2022-02-20 18:04:03,398 INFO L272 TraceCheckUtils]: 93: Hoare triple {393#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {393#false} is VALID [2022-02-20 18:04:03,399 INFO L290 TraceCheckUtils]: 94: Hoare triple {393#false} ~handle := #in~handle;havoc ~retValue_acc~39; {393#false} is VALID [2022-02-20 18:04:03,399 INFO L290 TraceCheckUtils]: 95: Hoare triple {393#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {393#false} is VALID [2022-02-20 18:04:03,399 INFO L290 TraceCheckUtils]: 96: Hoare triple {393#false} assume true; {393#false} is VALID [2022-02-20 18:04:03,399 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {393#false} {393#false} #1068#return; {393#false} is VALID [2022-02-20 18:04:03,399 INFO L290 TraceCheckUtils]: 98: Hoare triple {393#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {393#false} is VALID [2022-02-20 18:04:03,399 INFO L290 TraceCheckUtils]: 99: Hoare triple {393#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {393#false} is VALID [2022-02-20 18:04:03,400 INFO L290 TraceCheckUtils]: 100: Hoare triple {393#false} assume !false; {393#false} is VALID [2022-02-20 18:04:03,400 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:04:03,400 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:03,402 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [677894543] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:03,402 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:03,403 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:04:03,404 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [989760458] [2022-02-20 18:04:03,405 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:03,409 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 18:04:03,411 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:03,415 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:03,479 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:03,480 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:04:03,480 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:03,496 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:04:03,497 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:03,503 INFO L87 Difference]: Start difference. First operand has 389 states, 300 states have (on average 1.5) internal successors, (450), 304 states have internal predecessors, (450), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) Second operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:03,911 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:03,911 INFO L93 Difference]: Finished difference Result 619 states and 898 transitions. [2022-02-20 18:04:03,911 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:04:03,912 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 18:04:03,912 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:03,913 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:03,945 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 898 transitions. [2022-02-20 18:04:03,945 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:03,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 898 transitions. [2022-02-20 18:04:03,958 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 898 transitions. [2022-02-20 18:04:04,621 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 898 edges. 898 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:04,660 INFO L225 Difference]: With dead ends: 619 [2022-02-20 18:04:04,660 INFO L226 Difference]: Without dead ends: 382 [2022-02-20 18:04:04,668 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:04,671 INFO L933 BasicCegarLoop]: 572 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 572 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:04,673 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 572 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:04,687 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 382 states. [2022-02-20 18:04:04,731 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 382 to 382. [2022-02-20 18:04:04,732 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:04,740 INFO L82 GeneralOperation]: Start isEquivalent. First operand 382 states. Second operand has 382 states, 294 states have (on average 1.4931972789115646) internal successors, (439), 297 states have internal predecessors, (439), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:04,742 INFO L74 IsIncluded]: Start isIncluded. First operand 382 states. Second operand has 382 states, 294 states have (on average 1.4931972789115646) internal successors, (439), 297 states have internal predecessors, (439), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:04,745 INFO L87 Difference]: Start difference. First operand 382 states. Second operand has 382 states, 294 states have (on average 1.4931972789115646) internal successors, (439), 297 states have internal predecessors, (439), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:04,761 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:04,761 INFO L93 Difference]: Finished difference Result 382 states and 564 transitions. [2022-02-20 18:04:04,761 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 564 transitions. [2022-02-20 18:04:04,769 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:04,769 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:04,771 INFO L74 IsIncluded]: Start isIncluded. First operand has 382 states, 294 states have (on average 1.4931972789115646) internal successors, (439), 297 states have internal predecessors, (439), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) Second operand 382 states. [2022-02-20 18:04:04,772 INFO L87 Difference]: Start difference. First operand has 382 states, 294 states have (on average 1.4931972789115646) internal successors, (439), 297 states have internal predecessors, (439), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) Second operand 382 states. [2022-02-20 18:04:04,786 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:04,786 INFO L93 Difference]: Finished difference Result 382 states and 564 transitions. [2022-02-20 18:04:04,786 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 564 transitions. [2022-02-20 18:04:04,787 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:04,787 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:04,787 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:04,788 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:04,789 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 382 states, 294 states have (on average 1.4931972789115646) internal successors, (439), 297 states have internal predecessors, (439), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:04,803 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 382 states to 382 states and 564 transitions. [2022-02-20 18:04:04,804 INFO L78 Accepts]: Start accepts. Automaton has 382 states and 564 transitions. Word has length 101 [2022-02-20 18:04:04,805 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:04,805 INFO L470 AbstractCegarLoop]: Abstraction has 382 states and 564 transitions. [2022-02-20 18:04:04,806 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:04,806 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 564 transitions. [2022-02-20 18:04:04,809 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 18:04:04,809 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:04,809 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:04,832 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:04:05,030 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:04:05,031 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:05,031 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:05,031 INFO L85 PathProgramCache]: Analyzing trace with hash -1955888924, now seen corresponding path program 1 times [2022-02-20 18:04:05,031 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:05,031 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1650705401] [2022-02-20 18:04:05,031 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:05,032 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:05,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:05,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,135 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,135 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2925#true} #1136#return; {2925#true} is VALID [2022-02-20 18:04:05,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:05,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,146 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2925#true} #1138#return; {2925#true} is VALID [2022-02-20 18:04:05,146 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:05,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2983#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:05,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {2983#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:05,161 INFO L290 TraceCheckUtils]: 2: Hoare triple {2984#(= |setClientId_#in~handle| 1)} assume true; {2984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:05,161 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2984#(= |setClientId_#in~handle| 1)} {2935#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {2926#false} is VALID [2022-02-20 18:04:05,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:05,163 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,182 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,182 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,182 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1142#return; {2926#false} is VALID [2022-02-20 18:04:05,182 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:05,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,187 INFO L290 TraceCheckUtils]: 0: Hoare triple {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,187 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,187 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,187 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1144#return; {2926#false} is VALID [2022-02-20 18:04:05,187 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:05,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,190 INFO L290 TraceCheckUtils]: 0: Hoare triple {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,190 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,190 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,190 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1146#return; {2926#false} is VALID [2022-02-20 18:04:05,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:04:05,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {2985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1122#return; {2926#false} is VALID [2022-02-20 18:04:05,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:04:05,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,216 INFO L290 TraceCheckUtils]: 0: Hoare triple {2986#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,217 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,217 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,217 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1124#return; {2926#false} is VALID [2022-02-20 18:04:05,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:04:05,219 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,222 INFO L290 TraceCheckUtils]: 0: Hoare triple {2925#true} ~handle := #in~handle;havoc ~retValue_acc~13; {2925#true} is VALID [2022-02-20 18:04:05,222 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {2925#true} is VALID [2022-02-20 18:04:05,222 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,222 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1056#return; {2926#false} is VALID [2022-02-20 18:04:05,222 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:04:05,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {2925#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2925#true} is VALID [2022-02-20 18:04:05,225 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2925#true} is VALID [2022-02-20 18:04:05,225 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,225 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1058#return; {2926#false} is VALID [2022-02-20 18:04:05,225 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:04:05,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {2925#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {2925#true} is VALID [2022-02-20 18:04:05,228 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle; {2925#true} is VALID [2022-02-20 18:04:05,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {2925#true} is VALID [2022-02-20 18:04:05,230 INFO L290 TraceCheckUtils]: 3: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,230 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2925#true} {2926#false} #1060#return; {2926#false} is VALID [2022-02-20 18:04:05,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:04:05,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {2985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1066#return; {2926#false} is VALID [2022-02-20 18:04:05,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:04:05,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {2925#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2925#true} is VALID [2022-02-20 18:04:05,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2925#true} is VALID [2022-02-20 18:04:05,239 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,239 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2926#false} #1068#return; {2926#false} is VALID [2022-02-20 18:04:05,240 INFO L290 TraceCheckUtils]: 0: Hoare triple {2925#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2925#true} is VALID [2022-02-20 18:04:05,240 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {2925#true} is VALID [2022-02-20 18:04:05,240 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2925#true} is VALID [2022-02-20 18:04:05,240 INFO L290 TraceCheckUtils]: 3: Hoare triple {2925#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {2925#true} is VALID [2022-02-20 18:04:05,240 INFO L290 TraceCheckUtils]: 4: Hoare triple {2925#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {2925#true} is VALID [2022-02-20 18:04:05,240 INFO L290 TraceCheckUtils]: 5: Hoare triple {2925#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2925#true} is VALID [2022-02-20 18:04:05,241 INFO L272 TraceCheckUtils]: 6: Hoare triple {2925#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:05,242 INFO L290 TraceCheckUtils]: 7: Hoare triple {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,242 INFO L290 TraceCheckUtils]: 8: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,242 INFO L290 TraceCheckUtils]: 9: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,242 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2925#true} {2925#true} #1136#return; {2925#true} is VALID [2022-02-20 18:04:05,242 INFO L290 TraceCheckUtils]: 11: Hoare triple {2925#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2925#true} is VALID [2022-02-20 18:04:05,243 INFO L272 TraceCheckUtils]: 12: Hoare triple {2925#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:05,243 INFO L290 TraceCheckUtils]: 13: Hoare triple {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,243 INFO L290 TraceCheckUtils]: 14: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,243 INFO L290 TraceCheckUtils]: 15: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,243 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2925#true} {2925#true} #1138#return; {2925#true} is VALID [2022-02-20 18:04:05,244 INFO L290 TraceCheckUtils]: 17: Hoare triple {2925#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2935#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:05,244 INFO L272 TraceCheckUtils]: 18: Hoare triple {2935#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:05,245 INFO L290 TraceCheckUtils]: 19: Hoare triple {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2983#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:05,246 INFO L290 TraceCheckUtils]: 20: Hoare triple {2983#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:05,246 INFO L290 TraceCheckUtils]: 21: Hoare triple {2984#(= |setClientId_#in~handle| 1)} assume true; {2984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:05,247 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2984#(= |setClientId_#in~handle| 1)} {2935#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {2926#false} is VALID [2022-02-20 18:04:05,247 INFO L290 TraceCheckUtils]: 23: Hoare triple {2926#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2926#false} is VALID [2022-02-20 18:04:05,247 INFO L272 TraceCheckUtils]: 24: Hoare triple {2926#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:05,247 INFO L290 TraceCheckUtils]: 25: Hoare triple {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,247 INFO L290 TraceCheckUtils]: 26: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,248 INFO L290 TraceCheckUtils]: 27: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,248 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2925#true} {2926#false} #1142#return; {2926#false} is VALID [2022-02-20 18:04:05,248 INFO L290 TraceCheckUtils]: 29: Hoare triple {2926#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2926#false} is VALID [2022-02-20 18:04:05,248 INFO L272 TraceCheckUtils]: 30: Hoare triple {2926#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:05,248 INFO L290 TraceCheckUtils]: 31: Hoare triple {2981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,248 INFO L290 TraceCheckUtils]: 32: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,248 INFO L290 TraceCheckUtils]: 33: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,248 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2925#true} {2926#false} #1144#return; {2926#false} is VALID [2022-02-20 18:04:05,249 INFO L290 TraceCheckUtils]: 35: Hoare triple {2926#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2926#false} is VALID [2022-02-20 18:04:05,249 INFO L272 TraceCheckUtils]: 36: Hoare triple {2926#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:05,249 INFO L290 TraceCheckUtils]: 37: Hoare triple {2982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,249 INFO L290 TraceCheckUtils]: 38: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,249 INFO L290 TraceCheckUtils]: 39: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,249 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2925#true} {2926#false} #1146#return; {2926#false} is VALID [2022-02-20 18:04:05,249 INFO L290 TraceCheckUtils]: 41: Hoare triple {2926#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L290 TraceCheckUtils]: 42: Hoare triple {2926#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L290 TraceCheckUtils]: 43: Hoare triple {2926#false} assume !false; {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L290 TraceCheckUtils]: 44: Hoare triple {2926#false} assume !(test_~splverifierCounter~0#1 < 4); {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L290 TraceCheckUtils]: 45: Hoare triple {2926#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L272 TraceCheckUtils]: 46: Hoare triple {2926#false} call sendEmail(~bob~0, ~rjh~0); {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L290 TraceCheckUtils]: 47: Hoare triple {2926#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2926#false} is VALID [2022-02-20 18:04:05,250 INFO L272 TraceCheckUtils]: 48: Hoare triple {2926#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:05,250 INFO L290 TraceCheckUtils]: 49: Hoare triple {2985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,251 INFO L290 TraceCheckUtils]: 50: Hoare triple {2925#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,251 INFO L290 TraceCheckUtils]: 51: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,251 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2925#true} {2926#false} #1122#return; {2926#false} is VALID [2022-02-20 18:04:05,251 INFO L272 TraceCheckUtils]: 53: Hoare triple {2926#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2986#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:05,251 INFO L290 TraceCheckUtils]: 54: Hoare triple {2986#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,251 INFO L290 TraceCheckUtils]: 55: Hoare triple {2925#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,251 INFO L290 TraceCheckUtils]: 56: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,251 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2925#true} {2926#false} #1124#return; {2926#false} is VALID [2022-02-20 18:04:05,252 INFO L290 TraceCheckUtils]: 58: Hoare triple {2926#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {2926#false} is VALID [2022-02-20 18:04:05,252 INFO L290 TraceCheckUtils]: 59: Hoare triple {2926#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {2926#false} is VALID [2022-02-20 18:04:05,252 INFO L272 TraceCheckUtils]: 60: Hoare triple {2926#false} call outgoing(~sender#1, ~email~0#1); {2926#false} is VALID [2022-02-20 18:04:05,252 INFO L290 TraceCheckUtils]: 61: Hoare triple {2926#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {2926#false} is VALID [2022-02-20 18:04:05,252 INFO L272 TraceCheckUtils]: 62: Hoare triple {2926#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {2925#true} is VALID [2022-02-20 18:04:05,252 INFO L290 TraceCheckUtils]: 63: Hoare triple {2925#true} ~handle := #in~handle;havoc ~retValue_acc~13; {2925#true} is VALID [2022-02-20 18:04:05,252 INFO L290 TraceCheckUtils]: 64: Hoare triple {2925#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {2925#true} is VALID [2022-02-20 18:04:05,252 INFO L290 TraceCheckUtils]: 65: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,254 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2925#true} {2926#false} #1056#return; {2926#false} is VALID [2022-02-20 18:04:05,255 INFO L290 TraceCheckUtils]: 67: Hoare triple {2926#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {2926#false} is VALID [2022-02-20 18:04:05,260 INFO L290 TraceCheckUtils]: 68: Hoare triple {2926#false} assume 0 == sign_~privkey~1#1; {2926#false} is VALID [2022-02-20 18:04:05,261 INFO L290 TraceCheckUtils]: 69: Hoare triple {2926#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2926#false} is VALID [2022-02-20 18:04:05,261 INFO L272 TraceCheckUtils]: 70: Hoare triple {2926#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2925#true} is VALID [2022-02-20 18:04:05,261 INFO L290 TraceCheckUtils]: 71: Hoare triple {2925#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2925#true} is VALID [2022-02-20 18:04:05,261 INFO L290 TraceCheckUtils]: 72: Hoare triple {2925#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2925#true} is VALID [2022-02-20 18:04:05,262 INFO L290 TraceCheckUtils]: 73: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,271 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2925#true} {2926#false} #1058#return; {2926#false} is VALID [2022-02-20 18:04:05,271 INFO L290 TraceCheckUtils]: 75: Hoare triple {2926#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {2926#false} is VALID [2022-02-20 18:04:05,271 INFO L272 TraceCheckUtils]: 76: Hoare triple {2926#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2925#true} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 77: Hoare triple {2925#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {2925#true} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 78: Hoare triple {2925#true} assume 1 == ~handle; {2925#true} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 79: Hoare triple {2925#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {2925#true} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 80: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,272 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2925#true} {2926#false} #1060#return; {2926#false} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 82: Hoare triple {2926#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2926#false} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 83: Hoare triple {2926#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2926#false} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 84: Hoare triple {2926#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {2926#false} is VALID [2022-02-20 18:04:05,272 INFO L290 TraceCheckUtils]: 85: Hoare triple {2926#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {2926#false} is VALID [2022-02-20 18:04:05,273 INFO L290 TraceCheckUtils]: 86: Hoare triple {2926#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {2926#false} is VALID [2022-02-20 18:04:05,273 INFO L272 TraceCheckUtils]: 87: Hoare triple {2926#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {2985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:05,273 INFO L290 TraceCheckUtils]: 88: Hoare triple {2985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,273 INFO L290 TraceCheckUtils]: 89: Hoare triple {2925#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,273 INFO L290 TraceCheckUtils]: 90: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,273 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2925#true} {2926#false} #1066#return; {2926#false} is VALID [2022-02-20 18:04:05,273 INFO L290 TraceCheckUtils]: 92: Hoare triple {2926#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {2926#false} is VALID [2022-02-20 18:04:05,273 INFO L290 TraceCheckUtils]: 93: Hoare triple {2926#false} assume 0 != ~in_encrypted~0; {2926#false} is VALID [2022-02-20 18:04:05,274 INFO L272 TraceCheckUtils]: 94: Hoare triple {2926#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {2925#true} is VALID [2022-02-20 18:04:05,274 INFO L290 TraceCheckUtils]: 95: Hoare triple {2925#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2925#true} is VALID [2022-02-20 18:04:05,274 INFO L290 TraceCheckUtils]: 96: Hoare triple {2925#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2925#true} is VALID [2022-02-20 18:04:05,274 INFO L290 TraceCheckUtils]: 97: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,274 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2925#true} {2926#false} #1068#return; {2926#false} is VALID [2022-02-20 18:04:05,274 INFO L290 TraceCheckUtils]: 99: Hoare triple {2926#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {2926#false} is VALID [2022-02-20 18:04:05,274 INFO L290 TraceCheckUtils]: 100: Hoare triple {2926#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {2926#false} is VALID [2022-02-20 18:04:05,275 INFO L290 TraceCheckUtils]: 101: Hoare triple {2926#false} assume !false; {2926#false} is VALID [2022-02-20 18:04:05,276 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:04:05,276 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:05,276 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1650705401] [2022-02-20 18:04:05,279 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1650705401] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:05,279 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1016787105] [2022-02-20 18:04:05,279 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:05,280 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:05,280 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:05,297 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:05,298 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:04:05,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,526 INFO L263 TraceCheckSpWp]: Trace formula consists of 1067 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:04:05,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:05,565 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:05,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {2925#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2925#true} is VALID [2022-02-20 18:04:05,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {2925#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {2925#true} is VALID [2022-02-20 18:04:05,801 INFO L290 TraceCheckUtils]: 2: Hoare triple {2925#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2925#true} is VALID [2022-02-20 18:04:05,801 INFO L290 TraceCheckUtils]: 3: Hoare triple {2925#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {2925#true} is VALID [2022-02-20 18:04:05,801 INFO L290 TraceCheckUtils]: 4: Hoare triple {2925#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {2925#true} is VALID [2022-02-20 18:04:05,801 INFO L290 TraceCheckUtils]: 5: Hoare triple {2925#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L272 TraceCheckUtils]: 6: Hoare triple {2925#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 7: Hoare triple {2925#true} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 8: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 9: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2925#true} {2925#true} #1136#return; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 11: Hoare triple {2925#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L272 TraceCheckUtils]: 12: Hoare triple {2925#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 13: Hoare triple {2925#true} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 14: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 15: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2925#true} {2925#true} #1138#return; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 17: Hoare triple {2925#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L272 TraceCheckUtils]: 18: Hoare triple {2925#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 19: Hoare triple {2925#true} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 20: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 21: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2925#true} {2925#true} #1140#return; {2925#true} is VALID [2022-02-20 18:04:05,802 INFO L290 TraceCheckUtils]: 23: Hoare triple {2925#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L272 TraceCheckUtils]: 24: Hoare triple {2925#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 25: Hoare triple {2925#true} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 26: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 27: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2925#true} {2925#true} #1142#return; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 29: Hoare triple {2925#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L272 TraceCheckUtils]: 30: Hoare triple {2925#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 31: Hoare triple {2925#true} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 32: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 33: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2925#true} {2925#true} #1144#return; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 35: Hoare triple {2925#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L272 TraceCheckUtils]: 36: Hoare triple {2925#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 37: Hoare triple {2925#true} ~handle := #in~handle;~value := #in~value; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 38: Hoare triple {2925#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 39: Hoare triple {2925#true} assume true; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2925#true} {2925#true} #1146#return; {2925#true} is VALID [2022-02-20 18:04:05,803 INFO L290 TraceCheckUtils]: 41: Hoare triple {2925#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {2925#true} is VALID [2022-02-20 18:04:05,805 INFO L290 TraceCheckUtils]: 42: Hoare triple {2925#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3116#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:05,805 INFO L290 TraceCheckUtils]: 43: Hoare triple {3116#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3116#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:05,805 INFO L290 TraceCheckUtils]: 44: Hoare triple {3116#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2926#false} is VALID [2022-02-20 18:04:05,805 INFO L290 TraceCheckUtils]: 45: Hoare triple {2926#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {2926#false} is VALID [2022-02-20 18:04:05,805 INFO L272 TraceCheckUtils]: 46: Hoare triple {2926#false} call sendEmail(~bob~0, ~rjh~0); {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 47: Hoare triple {2926#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L272 TraceCheckUtils]: 48: Hoare triple {2926#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 49: Hoare triple {2926#false} ~handle := #in~handle;~value := #in~value; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 50: Hoare triple {2926#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 51: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2926#false} {2926#false} #1122#return; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L272 TraceCheckUtils]: 53: Hoare triple {2926#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 54: Hoare triple {2926#false} ~handle := #in~handle;~value := #in~value; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 55: Hoare triple {2926#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 56: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2926#false} {2926#false} #1124#return; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 58: Hoare triple {2926#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 59: Hoare triple {2926#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L272 TraceCheckUtils]: 60: Hoare triple {2926#false} call outgoing(~sender#1, ~email~0#1); {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 61: Hoare triple {2926#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L272 TraceCheckUtils]: 62: Hoare triple {2926#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 63: Hoare triple {2926#false} ~handle := #in~handle;havoc ~retValue_acc~13; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 64: Hoare triple {2926#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {2926#false} is VALID [2022-02-20 18:04:05,806 INFO L290 TraceCheckUtils]: 65: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2926#false} {2926#false} #1056#return; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 67: Hoare triple {2926#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 68: Hoare triple {2926#false} assume 0 == sign_~privkey~1#1; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 69: Hoare triple {2926#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L272 TraceCheckUtils]: 70: Hoare triple {2926#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 71: Hoare triple {2926#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 72: Hoare triple {2926#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 73: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2926#false} {2926#false} #1058#return; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 75: Hoare triple {2926#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L272 TraceCheckUtils]: 76: Hoare triple {2926#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 77: Hoare triple {2926#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 78: Hoare triple {2926#false} assume 1 == ~handle; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 79: Hoare triple {2926#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 80: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2926#false} {2926#false} #1060#return; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 82: Hoare triple {2926#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 83: Hoare triple {2926#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2926#false} is VALID [2022-02-20 18:04:05,807 INFO L290 TraceCheckUtils]: 84: Hoare triple {2926#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 85: Hoare triple {2926#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 86: Hoare triple {2926#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L272 TraceCheckUtils]: 87: Hoare triple {2926#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 88: Hoare triple {2926#false} ~handle := #in~handle;~value := #in~value; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 89: Hoare triple {2926#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 90: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2926#false} {2926#false} #1066#return; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 92: Hoare triple {2926#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 93: Hoare triple {2926#false} assume 0 != ~in_encrypted~0; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L272 TraceCheckUtils]: 94: Hoare triple {2926#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 95: Hoare triple {2926#false} ~handle := #in~handle;havoc ~retValue_acc~39; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 96: Hoare triple {2926#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L290 TraceCheckUtils]: 97: Hoare triple {2926#false} assume true; {2926#false} is VALID [2022-02-20 18:04:05,808 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2926#false} {2926#false} #1068#return; {2926#false} is VALID [2022-02-20 18:04:05,809 INFO L290 TraceCheckUtils]: 99: Hoare triple {2926#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {2926#false} is VALID [2022-02-20 18:04:05,809 INFO L290 TraceCheckUtils]: 100: Hoare triple {2926#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {2926#false} is VALID [2022-02-20 18:04:05,809 INFO L290 TraceCheckUtils]: 101: Hoare triple {2926#false} assume !false; {2926#false} is VALID [2022-02-20 18:04:05,809 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:04:05,809 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:05,809 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1016787105] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:05,809 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:05,809 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:04:05,809 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1757425541] [2022-02-20 18:04:05,809 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:05,811 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 18:04:05,812 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:05,812 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:05,872 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:05,872 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:04:05,873 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:05,873 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:04:05,873 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:05,873 INFO L87 Difference]: Start difference. First operand 382 states and 564 transitions. Second operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:06,355 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:06,355 INFO L93 Difference]: Finished difference Result 609 states and 879 transitions. [2022-02-20 18:04:06,355 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:04:06,356 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 18:04:06,356 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:06,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:06,366 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 879 transitions. [2022-02-20 18:04:06,366 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:06,376 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 879 transitions. [2022-02-20 18:04:06,376 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 879 transitions. [2022-02-20 18:04:06,919 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 879 edges. 879 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:06,942 INFO L225 Difference]: With dead ends: 609 [2022-02-20 18:04:06,942 INFO L226 Difference]: Without dead ends: 385 [2022-02-20 18:04:06,943 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:06,944 INFO L933 BasicCegarLoop]: 562 mSDtfsCounter, 1 mSDsluCounter, 560 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1122 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:06,944 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1122 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:06,945 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 385 states. [2022-02-20 18:04:06,962 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 385 to 384. [2022-02-20 18:04:06,962 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:06,963 INFO L82 GeneralOperation]: Start isEquivalent. First operand 385 states. Second operand has 384 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:06,964 INFO L74 IsIncluded]: Start isIncluded. First operand 385 states. Second operand has 384 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:06,965 INFO L87 Difference]: Start difference. First operand 385 states. Second operand has 384 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:06,978 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:06,978 INFO L93 Difference]: Finished difference Result 385 states and 567 transitions. [2022-02-20 18:04:06,978 INFO L276 IsEmpty]: Start isEmpty. Operand 385 states and 567 transitions. [2022-02-20 18:04:06,980 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:06,980 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:06,981 INFO L74 IsIncluded]: Start isIncluded. First operand has 384 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) Second operand 385 states. [2022-02-20 18:04:06,982 INFO L87 Difference]: Start difference. First operand has 384 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) Second operand 385 states. [2022-02-20 18:04:06,998 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:06,998 INFO L93 Difference]: Finished difference Result 385 states and 567 transitions. [2022-02-20 18:04:06,998 INFO L276 IsEmpty]: Start isEmpty. Operand 385 states and 567 transitions. [2022-02-20 18:04:06,999 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:06,999 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:07,000 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:07,000 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:07,001 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 384 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 63 states have call successors, (63), 24 states have call predecessors, (63), 24 states have return successors, (62), 62 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:04:07,015 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 384 states to 384 states and 566 transitions. [2022-02-20 18:04:07,015 INFO L78 Accepts]: Start accepts. Automaton has 384 states and 566 transitions. Word has length 102 [2022-02-20 18:04:07,016 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:07,016 INFO L470 AbstractCegarLoop]: Abstraction has 384 states and 566 transitions. [2022-02-20 18:04:07,016 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:07,016 INFO L276 IsEmpty]: Start isEmpty. Operand 384 states and 566 transitions. [2022-02-20 18:04:07,017 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:04:07,018 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:07,018 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:07,037 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 18:04:07,236 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:04:07,236 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:07,236 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:07,237 INFO L85 PathProgramCache]: Analyzing trace with hash -745029444, now seen corresponding path program 1 times [2022-02-20 18:04:07,237 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:07,237 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [521214839] [2022-02-20 18:04:07,237 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:07,237 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:07,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:07,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5455#true} #1136#return; {5455#true} is VALID [2022-02-20 18:04:07,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:07,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5455#true} #1138#return; {5455#true} is VALID [2022-02-20 18:04:07,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:07,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5513#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:07,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {5513#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:07,339 INFO L290 TraceCheckUtils]: 2: Hoare triple {5514#(= |setClientId_#in~handle| 1)} assume true; {5514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:07,340 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5514#(= |setClientId_#in~handle| 1)} {5465#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {5456#false} is VALID [2022-02-20 18:04:07,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:07,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,344 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1142#return; {5456#false} is VALID [2022-02-20 18:04:07,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:07,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,348 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,348 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1144#return; {5456#false} is VALID [2022-02-20 18:04:07,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:07,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,354 INFO L290 TraceCheckUtils]: 0: Hoare triple {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,354 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1146#return; {5456#false} is VALID [2022-02-20 18:04:07,360 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:04:07,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {5515#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1122#return; {5456#false} is VALID [2022-02-20 18:04:07,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:04:07,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {5516#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,375 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1124#return; {5456#false} is VALID [2022-02-20 18:04:07,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:04:07,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {5455#true} ~handle := #in~handle;havoc ~retValue_acc~13; {5455#true} is VALID [2022-02-20 18:04:07,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {5455#true} is VALID [2022-02-20 18:04:07,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,381 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1056#return; {5456#false} is VALID [2022-02-20 18:04:07,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:04:07,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {5455#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5455#true} is VALID [2022-02-20 18:04:07,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {5455#true} is VALID [2022-02-20 18:04:07,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,384 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1058#return; {5456#false} is VALID [2022-02-20 18:04:07,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:04:07,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,387 INFO L290 TraceCheckUtils]: 0: Hoare triple {5455#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {5455#true} is VALID [2022-02-20 18:04:07,387 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle; {5455#true} is VALID [2022-02-20 18:04:07,387 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {5455#true} is VALID [2022-02-20 18:04:07,387 INFO L290 TraceCheckUtils]: 3: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,387 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5455#true} {5456#false} #1060#return; {5456#false} is VALID [2022-02-20 18:04:07,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:04:07,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {5515#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,390 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1066#return; {5456#false} is VALID [2022-02-20 18:04:07,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:04:07,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {5455#true} ~handle := #in~handle;havoc ~retValue_acc~39; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5455#true} {5456#false} #1068#return; {5456#false} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {5455#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 3: Hoare triple {5455#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 4: Hoare triple {5455#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {5455#true} is VALID [2022-02-20 18:04:07,393 INFO L290 TraceCheckUtils]: 5: Hoare triple {5455#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5455#true} is VALID [2022-02-20 18:04:07,394 INFO L272 TraceCheckUtils]: 6: Hoare triple {5455#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:07,394 INFO L290 TraceCheckUtils]: 7: Hoare triple {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,394 INFO L290 TraceCheckUtils]: 8: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,394 INFO L290 TraceCheckUtils]: 9: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,394 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5455#true} {5455#true} #1136#return; {5455#true} is VALID [2022-02-20 18:04:07,394 INFO L290 TraceCheckUtils]: 11: Hoare triple {5455#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5455#true} is VALID [2022-02-20 18:04:07,395 INFO L272 TraceCheckUtils]: 12: Hoare triple {5455#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:07,395 INFO L290 TraceCheckUtils]: 13: Hoare triple {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,395 INFO L290 TraceCheckUtils]: 14: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,395 INFO L290 TraceCheckUtils]: 15: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,395 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5455#true} {5455#true} #1138#return; {5455#true} is VALID [2022-02-20 18:04:07,395 INFO L290 TraceCheckUtils]: 17: Hoare triple {5455#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5465#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:07,396 INFO L272 TraceCheckUtils]: 18: Hoare triple {5465#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:07,396 INFO L290 TraceCheckUtils]: 19: Hoare triple {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5513#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:07,396 INFO L290 TraceCheckUtils]: 20: Hoare triple {5513#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:07,396 INFO L290 TraceCheckUtils]: 21: Hoare triple {5514#(= |setClientId_#in~handle| 1)} assume true; {5514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:07,397 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5514#(= |setClientId_#in~handle| 1)} {5465#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {5456#false} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 23: Hoare triple {5456#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5456#false} is VALID [2022-02-20 18:04:07,397 INFO L272 TraceCheckUtils]: 24: Hoare triple {5456#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 25: Hoare triple {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 26: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 27: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,397 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5455#true} {5456#false} #1142#return; {5456#false} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 29: Hoare triple {5456#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5456#false} is VALID [2022-02-20 18:04:07,397 INFO L272 TraceCheckUtils]: 30: Hoare triple {5456#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 31: Hoare triple {5511#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,397 INFO L290 TraceCheckUtils]: 32: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 33: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,398 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5455#true} {5456#false} #1144#return; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 35: Hoare triple {5456#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L272 TraceCheckUtils]: 36: Hoare triple {5456#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 37: Hoare triple {5512#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 38: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 39: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,398 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5455#true} {5456#false} #1146#return; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 41: Hoare triple {5456#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 42: Hoare triple {5456#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 43: Hoare triple {5456#false} assume !false; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 44: Hoare triple {5456#false} assume test_~splverifierCounter~0#1 < 4; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 45: Hoare triple {5456#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 46: Hoare triple {5456#false} assume !(0 == test_~op1~0#1); {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 47: Hoare triple {5456#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 48: Hoare triple {5456#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5456#false} is VALID [2022-02-20 18:04:07,398 INFO L290 TraceCheckUtils]: 49: Hoare triple {5456#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 50: Hoare triple {5456#false} assume { :end_inline_setClientAutoResponse } true; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 51: Hoare triple {5456#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 52: Hoare triple {5456#false} assume !false; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 53: Hoare triple {5456#false} assume !(test_~splverifierCounter~0#1 < 4); {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 54: Hoare triple {5456#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L272 TraceCheckUtils]: 55: Hoare triple {5456#false} call sendEmail(~bob~0, ~rjh~0); {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 56: Hoare triple {5456#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L272 TraceCheckUtils]: 57: Hoare triple {5456#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5515#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 58: Hoare triple {5515#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 59: Hoare triple {5455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 60: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,399 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5455#true} {5456#false} #1122#return; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L272 TraceCheckUtils]: 62: Hoare triple {5456#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5516#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 63: Hoare triple {5516#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 64: Hoare triple {5455#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 65: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,399 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5455#true} {5456#false} #1124#return; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 67: Hoare triple {5456#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L290 TraceCheckUtils]: 68: Hoare triple {5456#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {5456#false} is VALID [2022-02-20 18:04:07,399 INFO L272 TraceCheckUtils]: 69: Hoare triple {5456#false} call outgoing(~sender#1, ~email~0#1); {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 70: Hoare triple {5456#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L272 TraceCheckUtils]: 71: Hoare triple {5456#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 72: Hoare triple {5455#true} ~handle := #in~handle;havoc ~retValue_acc~13; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 73: Hoare triple {5455#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 74: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5455#true} {5456#false} #1056#return; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 76: Hoare triple {5456#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 77: Hoare triple {5456#false} assume 0 == sign_~privkey~1#1; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 78: Hoare triple {5456#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L272 TraceCheckUtils]: 79: Hoare triple {5456#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 80: Hoare triple {5455#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 81: Hoare triple {5455#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 82: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5455#true} {5456#false} #1058#return; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 84: Hoare triple {5456#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {5456#false} is VALID [2022-02-20 18:04:07,400 INFO L272 TraceCheckUtils]: 85: Hoare triple {5456#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 86: Hoare triple {5455#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 87: Hoare triple {5455#true} assume 1 == ~handle; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 88: Hoare triple {5455#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {5455#true} is VALID [2022-02-20 18:04:07,400 INFO L290 TraceCheckUtils]: 89: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5455#true} {5456#false} #1060#return; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 91: Hoare triple {5456#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 92: Hoare triple {5456#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 93: Hoare triple {5456#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 94: Hoare triple {5456#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 95: Hoare triple {5456#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L272 TraceCheckUtils]: 96: Hoare triple {5456#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {5515#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 97: Hoare triple {5515#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 98: Hoare triple {5455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 99: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {5455#true} {5456#false} #1066#return; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 101: Hoare triple {5456#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 102: Hoare triple {5456#false} assume 0 != ~in_encrypted~0; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L272 TraceCheckUtils]: 103: Hoare triple {5456#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 104: Hoare triple {5455#true} ~handle := #in~handle;havoc ~retValue_acc~39; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 105: Hoare triple {5455#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 106: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,401 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {5455#true} {5456#false} #1068#return; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 108: Hoare triple {5456#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {5456#false} is VALID [2022-02-20 18:04:07,401 INFO L290 TraceCheckUtils]: 109: Hoare triple {5456#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {5456#false} is VALID [2022-02-20 18:04:07,402 INFO L290 TraceCheckUtils]: 110: Hoare triple {5456#false} assume !false; {5456#false} is VALID [2022-02-20 18:04:07,402 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:07,402 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:07,402 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [521214839] [2022-02-20 18:04:07,402 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [521214839] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:07,402 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [694951990] [2022-02-20 18:04:07,402 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:07,402 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:07,402 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:07,403 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:07,404 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:04:07,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,666 INFO L263 TraceCheckSpWp]: Trace formula consists of 1094 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:04:07,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:07,714 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:07,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {5455#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5455#true} is VALID [2022-02-20 18:04:07,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {5455#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {5455#true} is VALID [2022-02-20 18:04:07,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {5455#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5455#true} is VALID [2022-02-20 18:04:07,957 INFO L290 TraceCheckUtils]: 3: Hoare triple {5455#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {5455#true} is VALID [2022-02-20 18:04:07,957 INFO L290 TraceCheckUtils]: 4: Hoare triple {5455#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {5455#true} is VALID [2022-02-20 18:04:07,957 INFO L290 TraceCheckUtils]: 5: Hoare triple {5455#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L272 TraceCheckUtils]: 6: Hoare triple {5455#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 7: Hoare triple {5455#true} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 8: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 9: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5455#true} {5455#true} #1136#return; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 11: Hoare triple {5455#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L272 TraceCheckUtils]: 12: Hoare triple {5455#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 13: Hoare triple {5455#true} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 14: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 15: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5455#true} {5455#true} #1138#return; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 17: Hoare triple {5455#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L272 TraceCheckUtils]: 18: Hoare triple {5455#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 19: Hoare triple {5455#true} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 20: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 21: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5455#true} {5455#true} #1140#return; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 23: Hoare triple {5455#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L272 TraceCheckUtils]: 24: Hoare triple {5455#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5455#true} is VALID [2022-02-20 18:04:07,958 INFO L290 TraceCheckUtils]: 25: Hoare triple {5455#true} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 26: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 27: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5455#true} {5455#true} #1142#return; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 29: Hoare triple {5455#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L272 TraceCheckUtils]: 30: Hoare triple {5455#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 31: Hoare triple {5455#true} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 32: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 33: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5455#true} {5455#true} #1144#return; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 35: Hoare triple {5455#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L272 TraceCheckUtils]: 36: Hoare triple {5455#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 37: Hoare triple {5455#true} ~handle := #in~handle;~value := #in~value; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 38: Hoare triple {5455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 39: Hoare triple {5455#true} assume true; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5455#true} {5455#true} #1146#return; {5455#true} is VALID [2022-02-20 18:04:07,959 INFO L290 TraceCheckUtils]: 41: Hoare triple {5455#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {5455#true} is VALID [2022-02-20 18:04:07,964 INFO L290 TraceCheckUtils]: 42: Hoare triple {5455#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:07,964 INFO L290 TraceCheckUtils]: 43: Hoare triple {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 44: Hoare triple {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 45: Hoare triple {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 46: Hoare triple {5646#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5456#false} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 47: Hoare triple {5456#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {5456#false} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 48: Hoare triple {5456#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5456#false} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 49: Hoare triple {5456#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5456#false} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 50: Hoare triple {5456#false} assume { :end_inline_setClientAutoResponse } true; {5456#false} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 51: Hoare triple {5456#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5456#false} is VALID [2022-02-20 18:04:07,965 INFO L290 TraceCheckUtils]: 52: Hoare triple {5456#false} assume !false; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 53: Hoare triple {5456#false} assume !(test_~splverifierCounter~0#1 < 4); {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 54: Hoare triple {5456#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L272 TraceCheckUtils]: 55: Hoare triple {5456#false} call sendEmail(~bob~0, ~rjh~0); {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 56: Hoare triple {5456#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L272 TraceCheckUtils]: 57: Hoare triple {5456#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 58: Hoare triple {5456#false} ~handle := #in~handle;~value := #in~value; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 59: Hoare triple {5456#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 60: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5456#false} {5456#false} #1122#return; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L272 TraceCheckUtils]: 62: Hoare triple {5456#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 63: Hoare triple {5456#false} ~handle := #in~handle;~value := #in~value; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 64: Hoare triple {5456#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 65: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5456#false} {5456#false} #1124#return; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 67: Hoare triple {5456#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 68: Hoare triple {5456#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L272 TraceCheckUtils]: 69: Hoare triple {5456#false} call outgoing(~sender#1, ~email~0#1); {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 70: Hoare triple {5456#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L272 TraceCheckUtils]: 71: Hoare triple {5456#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {5456#false} is VALID [2022-02-20 18:04:07,966 INFO L290 TraceCheckUtils]: 72: Hoare triple {5456#false} ~handle := #in~handle;havoc ~retValue_acc~13; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 73: Hoare triple {5456#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 74: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5456#false} {5456#false} #1056#return; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 76: Hoare triple {5456#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 77: Hoare triple {5456#false} assume 0 == sign_~privkey~1#1; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 78: Hoare triple {5456#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L272 TraceCheckUtils]: 79: Hoare triple {5456#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 80: Hoare triple {5456#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 81: Hoare triple {5456#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 82: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5456#false} {5456#false} #1058#return; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 84: Hoare triple {5456#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L272 TraceCheckUtils]: 85: Hoare triple {5456#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 86: Hoare triple {5456#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 87: Hoare triple {5456#false} assume 1 == ~handle; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 88: Hoare triple {5456#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 89: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5456#false} {5456#false} #1060#return; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 91: Hoare triple {5456#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5456#false} is VALID [2022-02-20 18:04:07,967 INFO L290 TraceCheckUtils]: 92: Hoare triple {5456#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 93: Hoare triple {5456#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 94: Hoare triple {5456#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 95: Hoare triple {5456#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L272 TraceCheckUtils]: 96: Hoare triple {5456#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 97: Hoare triple {5456#false} ~handle := #in~handle;~value := #in~value; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 98: Hoare triple {5456#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 99: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {5456#false} {5456#false} #1066#return; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 101: Hoare triple {5456#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 102: Hoare triple {5456#false} assume 0 != ~in_encrypted~0; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L272 TraceCheckUtils]: 103: Hoare triple {5456#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 104: Hoare triple {5456#false} ~handle := #in~handle;havoc ~retValue_acc~39; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 105: Hoare triple {5456#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 106: Hoare triple {5456#false} assume true; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {5456#false} {5456#false} #1068#return; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 108: Hoare triple {5456#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 109: Hoare triple {5456#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {5456#false} is VALID [2022-02-20 18:04:07,968 INFO L290 TraceCheckUtils]: 110: Hoare triple {5456#false} assume !false; {5456#false} is VALID [2022-02-20 18:04:07,969 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:04:07,969 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:07,969 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [694951990] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:07,969 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:07,969 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:04:07,969 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1347634950] [2022-02-20 18:04:07,969 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:07,970 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 18:04:07,970 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:07,970 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:08,029 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:08,029 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:04:08,029 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:08,029 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:04:08,029 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:08,030 INFO L87 Difference]: Start difference. First operand 384 states and 566 transitions. Second operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:08,582 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:08,583 INFO L93 Difference]: Finished difference Result 803 states and 1199 transitions. [2022-02-20 18:04:08,583 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:04:08,583 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 18:04:08,583 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:08,583 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:08,593 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1197 transitions. [2022-02-20 18:04:08,594 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:08,603 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1197 transitions. [2022-02-20 18:04:08,603 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1197 transitions. [2022-02-20 18:04:09,353 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1197 edges. 1197 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:09,370 INFO L225 Difference]: With dead ends: 803 [2022-02-20 18:04:09,370 INFO L226 Difference]: Without dead ends: 446 [2022-02-20 18:04:09,372 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 140 GetRequests, 132 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:09,372 INFO L933 BasicCegarLoop]: 588 mSDtfsCounter, 115 mSDsluCounter, 518 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 130 SdHoareTripleChecker+Valid, 1106 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:09,373 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [130 Valid, 1106 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:09,374 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 446 states. [2022-02-20 18:04:09,387 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 446 to 438. [2022-02-20 18:04:09,387 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:09,388 INFO L82 GeneralOperation]: Start isEquivalent. First operand 446 states. Second operand has 438 states, 339 states have (on average 1.5073746312684366) internal successors, (511), 342 states have internal predecessors, (511), 74 states have call successors, (74), 24 states have call predecessors, (74), 24 states have return successors, (73), 73 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 18:04:09,389 INFO L74 IsIncluded]: Start isIncluded. First operand 446 states. Second operand has 438 states, 339 states have (on average 1.5073746312684366) internal successors, (511), 342 states have internal predecessors, (511), 74 states have call successors, (74), 24 states have call predecessors, (74), 24 states have return successors, (73), 73 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 18:04:09,390 INFO L87 Difference]: Start difference. First operand 446 states. Second operand has 438 states, 339 states have (on average 1.5073746312684366) internal successors, (511), 342 states have internal predecessors, (511), 74 states have call successors, (74), 24 states have call predecessors, (74), 24 states have return successors, (73), 73 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 18:04:09,407 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:09,407 INFO L93 Difference]: Finished difference Result 446 states and 667 transitions. [2022-02-20 18:04:09,407 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 667 transitions. [2022-02-20 18:04:09,409 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:09,409 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:09,410 INFO L74 IsIncluded]: Start isIncluded. First operand has 438 states, 339 states have (on average 1.5073746312684366) internal successors, (511), 342 states have internal predecessors, (511), 74 states have call successors, (74), 24 states have call predecessors, (74), 24 states have return successors, (73), 73 states have call predecessors, (73), 73 states have call successors, (73) Second operand 446 states. [2022-02-20 18:04:09,411 INFO L87 Difference]: Start difference. First operand has 438 states, 339 states have (on average 1.5073746312684366) internal successors, (511), 342 states have internal predecessors, (511), 74 states have call successors, (74), 24 states have call predecessors, (74), 24 states have return successors, (73), 73 states have call predecessors, (73), 73 states have call successors, (73) Second operand 446 states. [2022-02-20 18:04:09,427 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:09,428 INFO L93 Difference]: Finished difference Result 446 states and 667 transitions. [2022-02-20 18:04:09,428 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 667 transitions. [2022-02-20 18:04:09,429 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:09,429 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:09,429 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:09,430 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:09,431 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 438 states, 339 states have (on average 1.5073746312684366) internal successors, (511), 342 states have internal predecessors, (511), 74 states have call successors, (74), 24 states have call predecessors, (74), 24 states have return successors, (73), 73 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 18:04:09,448 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 438 states to 438 states and 658 transitions. [2022-02-20 18:04:09,448 INFO L78 Accepts]: Start accepts. Automaton has 438 states and 658 transitions. Word has length 111 [2022-02-20 18:04:09,448 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:09,449 INFO L470 AbstractCegarLoop]: Abstraction has 438 states and 658 transitions. [2022-02-20 18:04:09,449 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:04:09,449 INFO L276 IsEmpty]: Start isEmpty. Operand 438 states and 658 transitions. [2022-02-20 18:04:09,450 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:04:09,450 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:09,450 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:09,499 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:09,667 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:09,667 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:09,668 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:09,668 INFO L85 PathProgramCache]: Analyzing trace with hash 1339832561, now seen corresponding path program 1 times [2022-02-20 18:04:09,668 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:09,668 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [30686992] [2022-02-20 18:04:09,668 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:09,668 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:09,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:09,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,713 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8498#true} #1136#return; {8498#true} is VALID [2022-02-20 18:04:09,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:09,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,721 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8498#true} #1138#return; {8498#true} is VALID [2022-02-20 18:04:09,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:09,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8556#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:09,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {8556#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8557#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:09,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {8557#(= |setClientId_#in~handle| 1)} assume true; {8557#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:09,738 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8557#(= |setClientId_#in~handle| 1)} {8508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {8499#false} is VALID [2022-02-20 18:04:09,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:09,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,749 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,749 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1142#return; {8499#false} is VALID [2022-02-20 18:04:09,749 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:09,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,753 INFO L290 TraceCheckUtils]: 0: Hoare triple {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,753 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,753 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,754 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1144#return; {8499#false} is VALID [2022-02-20 18:04:09,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:09,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,757 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,757 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1146#return; {8499#false} is VALID [2022-02-20 18:04:09,762 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:09,763 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {8558#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,765 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1122#return; {8499#false} is VALID [2022-02-20 18:04:09,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:04:09,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {8559#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,777 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,777 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1124#return; {8499#false} is VALID [2022-02-20 18:04:09,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:04:09,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,779 INFO L290 TraceCheckUtils]: 0: Hoare triple {8498#true} ~handle := #in~handle;havoc ~retValue_acc~13; {8498#true} is VALID [2022-02-20 18:04:09,779 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {8498#true} is VALID [2022-02-20 18:04:09,779 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,779 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1056#return; {8499#false} is VALID [2022-02-20 18:04:09,779 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:04:09,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {8498#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8498#true} is VALID [2022-02-20 18:04:09,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {8498#true} is VALID [2022-02-20 18:04:09,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,782 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1058#return; {8499#false} is VALID [2022-02-20 18:04:09,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:04:09,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {8498#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {8498#true} is VALID [2022-02-20 18:04:09,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle; {8498#true} is VALID [2022-02-20 18:04:09,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {8498#true} is VALID [2022-02-20 18:04:09,784 INFO L290 TraceCheckUtils]: 3: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,784 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8498#true} {8499#false} #1060#return; {8499#false} is VALID [2022-02-20 18:04:09,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:04:09,785 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,786 INFO L290 TraceCheckUtils]: 0: Hoare triple {8558#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,786 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,786 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,786 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1066#return; {8499#false} is VALID [2022-02-20 18:04:09,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:04:09,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 0: Hoare triple {8498#true} ~handle := #in~handle;havoc ~retValue_acc~39; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8498#true} {8499#false} #1068#return; {8499#false} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 0: Hoare triple {8498#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 3: Hoare triple {8498#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 4: Hoare triple {8498#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {8498#true} is VALID [2022-02-20 18:04:09,789 INFO L290 TraceCheckUtils]: 5: Hoare triple {8498#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L272 TraceCheckUtils]: 6: Hoare triple {8498#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 7: Hoare triple {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 8: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 9: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8498#true} {8498#true} #1136#return; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 11: Hoare triple {8498#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L272 TraceCheckUtils]: 12: Hoare triple {8498#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 13: Hoare triple {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 14: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,790 INFO L290 TraceCheckUtils]: 15: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,791 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8498#true} {8498#true} #1138#return; {8498#true} is VALID [2022-02-20 18:04:09,791 INFO L290 TraceCheckUtils]: 17: Hoare triple {8498#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:09,791 INFO L272 TraceCheckUtils]: 18: Hoare triple {8508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,792 INFO L290 TraceCheckUtils]: 19: Hoare triple {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8556#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:09,792 INFO L290 TraceCheckUtils]: 20: Hoare triple {8556#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8557#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:09,792 INFO L290 TraceCheckUtils]: 21: Hoare triple {8557#(= |setClientId_#in~handle| 1)} assume true; {8557#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:09,793 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8557#(= |setClientId_#in~handle| 1)} {8508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1140#return; {8499#false} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 23: Hoare triple {8499#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8499#false} is VALID [2022-02-20 18:04:09,793 INFO L272 TraceCheckUtils]: 24: Hoare triple {8499#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 25: Hoare triple {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 26: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 27: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8498#true} {8499#false} #1142#return; {8499#false} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 29: Hoare triple {8499#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8499#false} is VALID [2022-02-20 18:04:09,793 INFO L272 TraceCheckUtils]: 30: Hoare triple {8499#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 31: Hoare triple {8554#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 32: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 33: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8498#true} {8499#false} #1144#return; {8499#false} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 35: Hoare triple {8499#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8499#false} is VALID [2022-02-20 18:04:09,793 INFO L272 TraceCheckUtils]: 36: Hoare triple {8499#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 37: Hoare triple {8555#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 38: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L290 TraceCheckUtils]: 39: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,793 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8498#true} {8499#false} #1146#return; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 41: Hoare triple {8499#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 42: Hoare triple {8499#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 43: Hoare triple {8499#false} assume !false; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 44: Hoare triple {8499#false} assume test_~splverifierCounter~0#1 < 4; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 45: Hoare triple {8499#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 46: Hoare triple {8499#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 47: Hoare triple {8499#false} assume !(0 != test_~tmp___9~0#1); {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 48: Hoare triple {8499#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 49: Hoare triple {8499#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 50: Hoare triple {8499#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 51: Hoare triple {8499#false} assume { :end_inline_setClientAutoResponse } true; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 52: Hoare triple {8499#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 53: Hoare triple {8499#false} assume !false; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 54: Hoare triple {8499#false} assume !(test_~splverifierCounter~0#1 < 4); {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 55: Hoare triple {8499#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L272 TraceCheckUtils]: 56: Hoare triple {8499#false} call sendEmail(~bob~0, ~rjh~0); {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 57: Hoare triple {8499#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8499#false} is VALID [2022-02-20 18:04:09,794 INFO L272 TraceCheckUtils]: 58: Hoare triple {8499#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8558#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 59: Hoare triple {8558#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,794 INFO L290 TraceCheckUtils]: 60: Hoare triple {8498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 61: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8498#true} {8499#false} #1122#return; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L272 TraceCheckUtils]: 63: Hoare triple {8499#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8559#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 64: Hoare triple {8559#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 65: Hoare triple {8498#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 66: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8498#true} {8499#false} #1124#return; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 68: Hoare triple {8499#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 69: Hoare triple {8499#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L272 TraceCheckUtils]: 70: Hoare triple {8499#false} call outgoing(~sender#1, ~email~0#1); {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 71: Hoare triple {8499#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L272 TraceCheckUtils]: 72: Hoare triple {8499#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 73: Hoare triple {8498#true} ~handle := #in~handle;havoc ~retValue_acc~13; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 74: Hoare triple {8498#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 75: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8498#true} {8499#false} #1056#return; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 77: Hoare triple {8499#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 78: Hoare triple {8499#false} assume 0 == sign_~privkey~1#1; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 79: Hoare triple {8499#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8499#false} is VALID [2022-02-20 18:04:09,795 INFO L272 TraceCheckUtils]: 80: Hoare triple {8499#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {8498#true} is VALID [2022-02-20 18:04:09,795 INFO L290 TraceCheckUtils]: 81: Hoare triple {8498#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 82: Hoare triple {8498#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 83: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8498#true} {8499#false} #1058#return; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 85: Hoare triple {8499#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L272 TraceCheckUtils]: 86: Hoare triple {8499#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 87: Hoare triple {8498#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 88: Hoare triple {8498#true} assume 1 == ~handle; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 89: Hoare triple {8498#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 90: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8498#true} {8499#false} #1060#return; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 92: Hoare triple {8499#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 93: Hoare triple {8499#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 94: Hoare triple {8499#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 95: Hoare triple {8499#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 96: Hoare triple {8499#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {8499#false} is VALID [2022-02-20 18:04:09,796 INFO L272 TraceCheckUtils]: 97: Hoare triple {8499#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {8558#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 98: Hoare triple {8558#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 99: Hoare triple {8498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L290 TraceCheckUtils]: 100: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,796 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {8498#true} {8499#false} #1066#return; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 102: Hoare triple {8499#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 103: Hoare triple {8499#false} assume 0 != ~in_encrypted~0; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L272 TraceCheckUtils]: 104: Hoare triple {8499#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {8498#true} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 105: Hoare triple {8498#true} ~handle := #in~handle;havoc ~retValue_acc~39; {8498#true} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 106: Hoare triple {8498#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {8498#true} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 107: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:09,797 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {8498#true} {8499#false} #1068#return; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 109: Hoare triple {8499#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 110: Hoare triple {8499#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L290 TraceCheckUtils]: 111: Hoare triple {8499#false} assume !false; {8499#false} is VALID [2022-02-20 18:04:09,797 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:09,797 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:09,797 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [30686992] [2022-02-20 18:04:09,797 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [30686992] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:09,798 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [392055084] [2022-02-20 18:04:09,798 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:09,798 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:09,798 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:09,799 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:09,835 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:04:10,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:10,041 INFO L263 TraceCheckSpWp]: Trace formula consists of 1101 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:04:10,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:10,094 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:10,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {8498#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8498#true} is VALID [2022-02-20 18:04:10,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {8498#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {8498#true} is VALID [2022-02-20 18:04:10,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {8498#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8498#true} is VALID [2022-02-20 18:04:10,419 INFO L290 TraceCheckUtils]: 3: Hoare triple {8498#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 4: Hoare triple {8498#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 5: Hoare triple {8498#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L272 TraceCheckUtils]: 6: Hoare triple {8498#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 7: Hoare triple {8498#true} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 8: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 9: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8498#true} {8498#true} #1136#return; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 11: Hoare triple {8498#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L272 TraceCheckUtils]: 12: Hoare triple {8498#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 13: Hoare triple {8498#true} ~handle := #in~handle;~value := #in~value; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 14: Hoare triple {8498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L290 TraceCheckUtils]: 15: Hoare triple {8498#true} assume true; {8498#true} is VALID [2022-02-20 18:04:10,420 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8498#true} {8498#true} #1138#return; {8498#true} is VALID [2022-02-20 18:04:10,421 INFO L290 TraceCheckUtils]: 17: Hoare triple {8498#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8614#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:04:10,421 INFO L272 TraceCheckUtils]: 18: Hoare triple {8614#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8498#true} is VALID [2022-02-20 18:04:10,421 INFO L290 TraceCheckUtils]: 19: Hoare triple {8498#true} ~handle := #in~handle;~value := #in~value; {8621#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:04:10,422 INFO L290 TraceCheckUtils]: 20: Hoare triple {8621#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8625#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:10,422 INFO L290 TraceCheckUtils]: 21: Hoare triple {8625#(<= |setClientId_#in~handle| 1)} assume true; {8625#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:10,423 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8625#(<= |setClientId_#in~handle| 1)} {8614#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1140#return; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 23: Hoare triple {8499#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L272 TraceCheckUtils]: 24: Hoare triple {8499#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 25: Hoare triple {8499#false} ~handle := #in~handle;~value := #in~value; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 26: Hoare triple {8499#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 27: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8499#false} {8499#false} #1142#return; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 29: Hoare triple {8499#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L272 TraceCheckUtils]: 30: Hoare triple {8499#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 31: Hoare triple {8499#false} ~handle := #in~handle;~value := #in~value; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 32: Hoare triple {8499#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 33: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8499#false} {8499#false} #1144#return; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 35: Hoare triple {8499#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L272 TraceCheckUtils]: 36: Hoare triple {8499#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 37: Hoare triple {8499#false} ~handle := #in~handle;~value := #in~value; {8499#false} is VALID [2022-02-20 18:04:10,423 INFO L290 TraceCheckUtils]: 38: Hoare triple {8499#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 39: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8499#false} {8499#false} #1146#return; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 41: Hoare triple {8499#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 42: Hoare triple {8499#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 43: Hoare triple {8499#false} assume !false; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 44: Hoare triple {8499#false} assume test_~splverifierCounter~0#1 < 4; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 45: Hoare triple {8499#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 46: Hoare triple {8499#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 47: Hoare triple {8499#false} assume !(0 != test_~tmp___9~0#1); {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 48: Hoare triple {8499#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 49: Hoare triple {8499#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 50: Hoare triple {8499#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 51: Hoare triple {8499#false} assume { :end_inline_setClientAutoResponse } true; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 52: Hoare triple {8499#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 53: Hoare triple {8499#false} assume !false; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 54: Hoare triple {8499#false} assume !(test_~splverifierCounter~0#1 < 4); {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 55: Hoare triple {8499#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L272 TraceCheckUtils]: 56: Hoare triple {8499#false} call sendEmail(~bob~0, ~rjh~0); {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L290 TraceCheckUtils]: 57: Hoare triple {8499#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8499#false} is VALID [2022-02-20 18:04:10,424 INFO L272 TraceCheckUtils]: 58: Hoare triple {8499#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 59: Hoare triple {8499#false} ~handle := #in~handle;~value := #in~value; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 60: Hoare triple {8499#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 61: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8499#false} {8499#false} #1122#return; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L272 TraceCheckUtils]: 63: Hoare triple {8499#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 64: Hoare triple {8499#false} ~handle := #in~handle;~value := #in~value; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 65: Hoare triple {8499#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 66: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8499#false} {8499#false} #1124#return; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 68: Hoare triple {8499#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 69: Hoare triple {8499#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L272 TraceCheckUtils]: 70: Hoare triple {8499#false} call outgoing(~sender#1, ~email~0#1); {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 71: Hoare triple {8499#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L272 TraceCheckUtils]: 72: Hoare triple {8499#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 73: Hoare triple {8499#false} ~handle := #in~handle;havoc ~retValue_acc~13; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 74: Hoare triple {8499#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 75: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8499#false} {8499#false} #1056#return; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 77: Hoare triple {8499#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {8499#false} is VALID [2022-02-20 18:04:10,425 INFO L290 TraceCheckUtils]: 78: Hoare triple {8499#false} assume 0 == sign_~privkey~1#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 79: Hoare triple {8499#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L272 TraceCheckUtils]: 80: Hoare triple {8499#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 81: Hoare triple {8499#false} ~handle := #in~handle;havoc ~retValue_acc~36; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 82: Hoare triple {8499#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 83: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8499#false} {8499#false} #1058#return; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 85: Hoare triple {8499#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L272 TraceCheckUtils]: 86: Hoare triple {8499#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 87: Hoare triple {8499#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 88: Hoare triple {8499#false} assume 1 == ~handle; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 89: Hoare triple {8499#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 90: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8499#false} {8499#false} #1060#return; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 92: Hoare triple {8499#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 93: Hoare triple {8499#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 94: Hoare triple {8499#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 95: Hoare triple {8499#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 96: Hoare triple {8499#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L272 TraceCheckUtils]: 97: Hoare triple {8499#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 98: Hoare triple {8499#false} ~handle := #in~handle;~value := #in~value; {8499#false} is VALID [2022-02-20 18:04:10,426 INFO L290 TraceCheckUtils]: 99: Hoare triple {8499#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 100: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {8499#false} {8499#false} #1066#return; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 102: Hoare triple {8499#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 103: Hoare triple {8499#false} assume 0 != ~in_encrypted~0; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L272 TraceCheckUtils]: 104: Hoare triple {8499#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 105: Hoare triple {8499#false} ~handle := #in~handle;havoc ~retValue_acc~39; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 106: Hoare triple {8499#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 107: Hoare triple {8499#false} assume true; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {8499#false} {8499#false} #1068#return; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 109: Hoare triple {8499#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 110: Hoare triple {8499#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L290 TraceCheckUtils]: 111: Hoare triple {8499#false} assume !false; {8499#false} is VALID [2022-02-20 18:04:10,427 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:04:10,427 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:10,427 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [392055084] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:10,428 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:10,428 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:04:10,428 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1362453237] [2022-02-20 18:04:10,428 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:10,428 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 18:04:10,429 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:10,429 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:10,493 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:10,493 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:04:10,493 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:10,493 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:04:10,494 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:10,494 INFO L87 Difference]: Start difference. First operand 438 states and 658 transitions. Second operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:11,436 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:11,436 INFO L93 Difference]: Finished difference Result 867 states and 1306 transitions. [2022-02-20 18:04:11,437 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:04:11,437 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 18:04:11,437 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:11,437 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:11,446 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1118 transitions. [2022-02-20 18:04:11,446 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:11,469 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1118 transitions. [2022-02-20 18:04:11,469 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1118 transitions. [2022-02-20 18:04:12,166 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1118 edges. 1118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:12,182 INFO L225 Difference]: With dead ends: 867 [2022-02-20 18:04:12,182 INFO L226 Difference]: Without dead ends: 440 [2022-02-20 18:04:12,183 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 131 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:04:12,183 INFO L933 BasicCegarLoop]: 555 mSDtfsCounter, 133 mSDsluCounter, 1513 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 153 SdHoareTripleChecker+Valid, 2068 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:12,184 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [153 Valid, 2068 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:12,184 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 440 states. [2022-02-20 18:04:12,237 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 440 to 440. [2022-02-20 18:04:12,237 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:12,238 INFO L82 GeneralOperation]: Start isEquivalent. First operand 440 states. Second operand has 440 states, 340 states have (on average 1.5058823529411764) internal successors, (512), 344 states have internal predecessors, (512), 74 states have call successors, (74), 24 states have call predecessors, (74), 25 states have return successors, (75), 73 states have call predecessors, (75), 73 states have call successors, (75) [2022-02-20 18:04:12,239 INFO L74 IsIncluded]: Start isIncluded. First operand 440 states. Second operand has 440 states, 340 states have (on average 1.5058823529411764) internal successors, (512), 344 states have internal predecessors, (512), 74 states have call successors, (74), 24 states have call predecessors, (74), 25 states have return successors, (75), 73 states have call predecessors, (75), 73 states have call successors, (75) [2022-02-20 18:04:12,240 INFO L87 Difference]: Start difference. First operand 440 states. Second operand has 440 states, 340 states have (on average 1.5058823529411764) internal successors, (512), 344 states have internal predecessors, (512), 74 states have call successors, (74), 24 states have call predecessors, (74), 25 states have return successors, (75), 73 states have call predecessors, (75), 73 states have call successors, (75) [2022-02-20 18:04:12,250 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:12,251 INFO L93 Difference]: Finished difference Result 440 states and 661 transitions. [2022-02-20 18:04:12,251 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 661 transitions. [2022-02-20 18:04:12,252 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:12,252 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:12,253 INFO L74 IsIncluded]: Start isIncluded. First operand has 440 states, 340 states have (on average 1.5058823529411764) internal successors, (512), 344 states have internal predecessors, (512), 74 states have call successors, (74), 24 states have call predecessors, (74), 25 states have return successors, (75), 73 states have call predecessors, (75), 73 states have call successors, (75) Second operand 440 states. [2022-02-20 18:04:12,253 INFO L87 Difference]: Start difference. First operand has 440 states, 340 states have (on average 1.5058823529411764) internal successors, (512), 344 states have internal predecessors, (512), 74 states have call successors, (74), 24 states have call predecessors, (74), 25 states have return successors, (75), 73 states have call predecessors, (75), 73 states have call successors, (75) Second operand 440 states. [2022-02-20 18:04:12,265 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:12,266 INFO L93 Difference]: Finished difference Result 440 states and 661 transitions. [2022-02-20 18:04:12,266 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 661 transitions. [2022-02-20 18:04:12,269 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:12,269 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:12,269 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:12,269 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:12,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 440 states, 340 states have (on average 1.5058823529411764) internal successors, (512), 344 states have internal predecessors, (512), 74 states have call successors, (74), 24 states have call predecessors, (74), 25 states have return successors, (75), 73 states have call predecessors, (75), 73 states have call successors, (75) [2022-02-20 18:04:12,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 440 states to 440 states and 661 transitions. [2022-02-20 18:04:12,283 INFO L78 Accepts]: Start accepts. Automaton has 440 states and 661 transitions. Word has length 112 [2022-02-20 18:04:12,284 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:12,284 INFO L470 AbstractCegarLoop]: Abstraction has 440 states and 661 transitions. [2022-02-20 18:04:12,284 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:12,284 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 661 transitions. [2022-02-20 18:04:12,285 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 18:04:12,285 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:12,285 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:12,306 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:12,499 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:12,499 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:12,500 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:12,500 INFO L85 PathProgramCache]: Analyzing trace with hash -345346834, now seen corresponding path program 1 times [2022-02-20 18:04:12,500 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:12,500 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1102653148] [2022-02-20 18:04:12,500 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:12,500 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:12,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:12,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,563 INFO L290 TraceCheckUtils]: 0: Hoare triple {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,563 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,564 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,564 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11637#true} #1136#return; {11637#true} is VALID [2022-02-20 18:04:12,569 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:12,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,572 INFO L290 TraceCheckUtils]: 0: Hoare triple {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,572 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,572 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,572 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11637#true} #1138#return; {11637#true} is VALID [2022-02-20 18:04:12,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:12,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11697#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {11697#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11697#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {11697#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11698#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,603 INFO L290 TraceCheckUtils]: 3: Hoare triple {11698#(= 2 |setClientId_#in~handle|)} assume true; {11698#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,604 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11698#(= 2 |setClientId_#in~handle|)} {11647#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1140#return; {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:12,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:12,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,622 INFO L290 TraceCheckUtils]: 0: Hoare triple {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11699#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:12,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {11699#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11700#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:12,623 INFO L290 TraceCheckUtils]: 2: Hoare triple {11700#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11700#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:12,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11700#(= |setClientPrivateKey_#in~handle| 1)} {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1142#return; {11638#false} is VALID [2022-02-20 18:04:12,624 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:04:12,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1144#return; {11638#false} is VALID [2022-02-20 18:04:12,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:04:12,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1146#return; {11638#false} is VALID [2022-02-20 18:04:12,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:04:12,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {11701#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,642 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,642 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1122#return; {11638#false} is VALID [2022-02-20 18:04:12,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:04:12,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,653 INFO L290 TraceCheckUtils]: 0: Hoare triple {11702#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,653 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1124#return; {11638#false} is VALID [2022-02-20 18:04:12,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:04:12,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {11637#true} ~handle := #in~handle;havoc ~retValue_acc~13; {11637#true} is VALID [2022-02-20 18:04:12,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {11637#true} is VALID [2022-02-20 18:04:12,680 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,680 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1056#return; {11638#false} is VALID [2022-02-20 18:04:12,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:04:12,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {11637#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11637#true} is VALID [2022-02-20 18:04:12,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {11637#true} is VALID [2022-02-20 18:04:12,683 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,684 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1058#return; {11638#false} is VALID [2022-02-20 18:04:12,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:04:12,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {11637#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {11637#true} is VALID [2022-02-20 18:04:12,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle; {11637#true} is VALID [2022-02-20 18:04:12,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {11637#true} is VALID [2022-02-20 18:04:12,690 INFO L290 TraceCheckUtils]: 3: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,690 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11637#true} {11638#false} #1060#return; {11638#false} is VALID [2022-02-20 18:04:12,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:04:12,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {11701#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,694 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,694 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1066#return; {11638#false} is VALID [2022-02-20 18:04:12,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:04:12,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {11637#true} ~handle := #in~handle;havoc ~retValue_acc~39; {11637#true} is VALID [2022-02-20 18:04:12,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11637#true} {11638#false} #1068#return; {11638#false} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {11637#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 3: Hoare triple {11637#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 4: Hoare triple {11637#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {11637#true} is VALID [2022-02-20 18:04:12,699 INFO L290 TraceCheckUtils]: 5: Hoare triple {11637#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11637#true} is VALID [2022-02-20 18:04:12,700 INFO L272 TraceCheckUtils]: 6: Hoare triple {11637#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:12,700 INFO L290 TraceCheckUtils]: 7: Hoare triple {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,700 INFO L290 TraceCheckUtils]: 8: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,700 INFO L290 TraceCheckUtils]: 9: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,700 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11637#true} {11637#true} #1136#return; {11637#true} is VALID [2022-02-20 18:04:12,700 INFO L290 TraceCheckUtils]: 11: Hoare triple {11637#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11637#true} is VALID [2022-02-20 18:04:12,701 INFO L272 TraceCheckUtils]: 12: Hoare triple {11637#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:12,701 INFO L290 TraceCheckUtils]: 13: Hoare triple {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,701 INFO L290 TraceCheckUtils]: 14: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,701 INFO L290 TraceCheckUtils]: 15: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,701 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11637#true} {11637#true} #1138#return; {11637#true} is VALID [2022-02-20 18:04:12,701 INFO L290 TraceCheckUtils]: 17: Hoare triple {11637#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11647#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:04:12,702 INFO L272 TraceCheckUtils]: 18: Hoare triple {11647#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:12,702 INFO L290 TraceCheckUtils]: 19: Hoare triple {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11697#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,703 INFO L290 TraceCheckUtils]: 20: Hoare triple {11697#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11697#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,703 INFO L290 TraceCheckUtils]: 21: Hoare triple {11697#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11698#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,703 INFO L290 TraceCheckUtils]: 22: Hoare triple {11698#(= 2 |setClientId_#in~handle|)} assume true; {11698#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:12,704 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11698#(= 2 |setClientId_#in~handle|)} {11647#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1140#return; {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:12,704 INFO L290 TraceCheckUtils]: 24: Hoare triple {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:12,705 INFO L272 TraceCheckUtils]: 25: Hoare triple {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:12,705 INFO L290 TraceCheckUtils]: 26: Hoare triple {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11699#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:12,705 INFO L290 TraceCheckUtils]: 27: Hoare triple {11699#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11700#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:12,706 INFO L290 TraceCheckUtils]: 28: Hoare triple {11700#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11700#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:12,706 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11700#(= |setClientPrivateKey_#in~handle| 1)} {11653#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1142#return; {11638#false} is VALID [2022-02-20 18:04:12,706 INFO L290 TraceCheckUtils]: 30: Hoare triple {11638#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11638#false} is VALID [2022-02-20 18:04:12,706 INFO L272 TraceCheckUtils]: 31: Hoare triple {11638#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:12,706 INFO L290 TraceCheckUtils]: 32: Hoare triple {11695#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,706 INFO L290 TraceCheckUtils]: 33: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,706 INFO L290 TraceCheckUtils]: 34: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,706 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11637#true} {11638#false} #1144#return; {11638#false} is VALID [2022-02-20 18:04:12,706 INFO L290 TraceCheckUtils]: 36: Hoare triple {11638#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L272 TraceCheckUtils]: 37: Hoare triple {11638#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 38: Hoare triple {11696#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 39: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 40: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,707 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11637#true} {11638#false} #1146#return; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 42: Hoare triple {11638#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 43: Hoare triple {11638#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 44: Hoare triple {11638#false} assume !false; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 45: Hoare triple {11638#false} assume test_~splverifierCounter~0#1 < 4; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 46: Hoare triple {11638#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 47: Hoare triple {11638#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 48: Hoare triple {11638#false} assume !(0 != test_~tmp___9~0#1); {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 49: Hoare triple {11638#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 50: Hoare triple {11638#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11638#false} is VALID [2022-02-20 18:04:12,707 INFO L290 TraceCheckUtils]: 51: Hoare triple {11638#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 52: Hoare triple {11638#false} assume { :end_inline_setClientAutoResponse } true; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 53: Hoare triple {11638#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 54: Hoare triple {11638#false} assume !false; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 55: Hoare triple {11638#false} assume !(test_~splverifierCounter~0#1 < 4); {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 56: Hoare triple {11638#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L272 TraceCheckUtils]: 57: Hoare triple {11638#false} call sendEmail(~bob~0, ~rjh~0); {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 58: Hoare triple {11638#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L272 TraceCheckUtils]: 59: Hoare triple {11638#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11701#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 60: Hoare triple {11701#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 61: Hoare triple {11637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 62: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,708 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11637#true} {11638#false} #1122#return; {11638#false} is VALID [2022-02-20 18:04:12,708 INFO L272 TraceCheckUtils]: 64: Hoare triple {11638#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11702#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 65: Hoare triple {11702#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,708 INFO L290 TraceCheckUtils]: 66: Hoare triple {11637#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 67: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11637#true} {11638#false} #1124#return; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 69: Hoare triple {11638#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 70: Hoare triple {11638#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L272 TraceCheckUtils]: 71: Hoare triple {11638#false} call outgoing(~sender#1, ~email~0#1); {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 72: Hoare triple {11638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L272 TraceCheckUtils]: 73: Hoare triple {11638#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 74: Hoare triple {11637#true} ~handle := #in~handle;havoc ~retValue_acc~13; {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 75: Hoare triple {11637#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 76: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11637#true} {11638#false} #1056#return; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 78: Hoare triple {11638#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 79: Hoare triple {11638#false} assume 0 == sign_~privkey~1#1; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 80: Hoare triple {11638#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11638#false} is VALID [2022-02-20 18:04:12,709 INFO L272 TraceCheckUtils]: 81: Hoare triple {11638#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {11637#true} is VALID [2022-02-20 18:04:12,709 INFO L290 TraceCheckUtils]: 82: Hoare triple {11637#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 83: Hoare triple {11637#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 84: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {11637#true} {11638#false} #1058#return; {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 86: Hoare triple {11638#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L272 TraceCheckUtils]: 87: Hoare triple {11638#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 88: Hoare triple {11637#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 89: Hoare triple {11637#true} assume 1 == ~handle; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 90: Hoare triple {11637#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 91: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,710 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11637#true} {11638#false} #1060#return; {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 93: Hoare triple {11638#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 94: Hoare triple {11638#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 95: Hoare triple {11638#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 96: Hoare triple {11638#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {11638#false} is VALID [2022-02-20 18:04:12,710 INFO L290 TraceCheckUtils]: 97: Hoare triple {11638#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L272 TraceCheckUtils]: 98: Hoare triple {11638#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {11701#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 99: Hoare triple {11701#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 100: Hoare triple {11637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 101: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {11637#true} {11638#false} #1066#return; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 103: Hoare triple {11638#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 104: Hoare triple {11638#false} assume 0 != ~in_encrypted~0; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L272 TraceCheckUtils]: 105: Hoare triple {11638#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 106: Hoare triple {11637#true} ~handle := #in~handle;havoc ~retValue_acc~39; {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 107: Hoare triple {11637#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 108: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:12,711 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {11637#true} {11638#false} #1068#return; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 110: Hoare triple {11638#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 111: Hoare triple {11638#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {11638#false} is VALID [2022-02-20 18:04:12,711 INFO L290 TraceCheckUtils]: 112: Hoare triple {11638#false} assume !false; {11638#false} is VALID [2022-02-20 18:04:12,712 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:12,712 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:12,712 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1102653148] [2022-02-20 18:04:12,712 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1102653148] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:12,712 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1979259203] [2022-02-20 18:04:12,712 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:12,712 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:12,712 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:12,713 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:12,715 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:04:12,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,932 INFO L263 TraceCheckSpWp]: Trace formula consists of 1102 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:04:12,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:12,965 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:13,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {11637#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {11637#true} is VALID [2022-02-20 18:04:13,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {11637#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {11637#true} is VALID [2022-02-20 18:04:13,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {11637#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11637#true} is VALID [2022-02-20 18:04:13,232 INFO L290 TraceCheckUtils]: 3: Hoare triple {11637#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L290 TraceCheckUtils]: 4: Hoare triple {11637#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L290 TraceCheckUtils]: 5: Hoare triple {11637#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L272 TraceCheckUtils]: 6: Hoare triple {11637#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L290 TraceCheckUtils]: 7: Hoare triple {11637#true} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L290 TraceCheckUtils]: 8: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L290 TraceCheckUtils]: 9: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11637#true} {11637#true} #1136#return; {11637#true} is VALID [2022-02-20 18:04:13,233 INFO L290 TraceCheckUtils]: 11: Hoare triple {11637#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11637#true} is VALID [2022-02-20 18:04:13,234 INFO L272 TraceCheckUtils]: 12: Hoare triple {11637#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11637#true} is VALID [2022-02-20 18:04:13,234 INFO L290 TraceCheckUtils]: 13: Hoare triple {11637#true} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:13,234 INFO L290 TraceCheckUtils]: 14: Hoare triple {11637#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:13,234 INFO L290 TraceCheckUtils]: 15: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:13,234 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11637#true} {11637#true} #1138#return; {11637#true} is VALID [2022-02-20 18:04:13,234 INFO L290 TraceCheckUtils]: 17: Hoare triple {11637#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:13,235 INFO L272 TraceCheckUtils]: 18: Hoare triple {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11637#true} is VALID [2022-02-20 18:04:13,235 INFO L290 TraceCheckUtils]: 19: Hoare triple {11637#true} ~handle := #in~handle;~value := #in~value; {11637#true} is VALID [2022-02-20 18:04:13,235 INFO L290 TraceCheckUtils]: 20: Hoare triple {11637#true} assume !(1 == ~handle); {11637#true} is VALID [2022-02-20 18:04:13,235 INFO L290 TraceCheckUtils]: 21: Hoare triple {11637#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11637#true} is VALID [2022-02-20 18:04:13,235 INFO L290 TraceCheckUtils]: 22: Hoare triple {11637#true} assume true; {11637#true} is VALID [2022-02-20 18:04:13,236 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11637#true} {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1140#return; {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:13,236 INFO L290 TraceCheckUtils]: 24: Hoare triple {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:13,236 INFO L272 TraceCheckUtils]: 25: Hoare triple {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11637#true} is VALID [2022-02-20 18:04:13,237 INFO L290 TraceCheckUtils]: 26: Hoare triple {11637#true} ~handle := #in~handle;~value := #in~value; {11785#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:04:13,237 INFO L290 TraceCheckUtils]: 27: Hoare triple {11785#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11789#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:13,237 INFO L290 TraceCheckUtils]: 28: Hoare triple {11789#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11789#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:13,238 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11789#(<= |setClientPrivateKey_#in~handle| 1)} {11757#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1142#return; {11638#false} is VALID [2022-02-20 18:04:13,238 INFO L290 TraceCheckUtils]: 30: Hoare triple {11638#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11638#false} is VALID [2022-02-20 18:04:13,238 INFO L272 TraceCheckUtils]: 31: Hoare triple {11638#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11638#false} is VALID [2022-02-20 18:04:13,238 INFO L290 TraceCheckUtils]: 32: Hoare triple {11638#false} ~handle := #in~handle;~value := #in~value; {11638#false} is VALID [2022-02-20 18:04:13,238 INFO L290 TraceCheckUtils]: 33: Hoare triple {11638#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11638#false} is VALID [2022-02-20 18:04:13,238 INFO L290 TraceCheckUtils]: 34: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11638#false} {11638#false} #1144#return; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L290 TraceCheckUtils]: 36: Hoare triple {11638#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L272 TraceCheckUtils]: 37: Hoare triple {11638#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L290 TraceCheckUtils]: 38: Hoare triple {11638#false} ~handle := #in~handle;~value := #in~value; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L290 TraceCheckUtils]: 39: Hoare triple {11638#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L290 TraceCheckUtils]: 40: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11638#false} {11638#false} #1146#return; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L290 TraceCheckUtils]: 42: Hoare triple {11638#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {11638#false} is VALID [2022-02-20 18:04:13,239 INFO L290 TraceCheckUtils]: 43: Hoare triple {11638#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 44: Hoare triple {11638#false} assume !false; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 45: Hoare triple {11638#false} assume test_~splverifierCounter~0#1 < 4; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 46: Hoare triple {11638#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 47: Hoare triple {11638#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 48: Hoare triple {11638#false} assume !(0 != test_~tmp___9~0#1); {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 49: Hoare triple {11638#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 50: Hoare triple {11638#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 51: Hoare triple {11638#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11638#false} is VALID [2022-02-20 18:04:13,240 INFO L290 TraceCheckUtils]: 52: Hoare triple {11638#false} assume { :end_inline_setClientAutoResponse } true; {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 53: Hoare triple {11638#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 54: Hoare triple {11638#false} assume !false; {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 55: Hoare triple {11638#false} assume !(test_~splverifierCounter~0#1 < 4); {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 56: Hoare triple {11638#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L272 TraceCheckUtils]: 57: Hoare triple {11638#false} call sendEmail(~bob~0, ~rjh~0); {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 58: Hoare triple {11638#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L272 TraceCheckUtils]: 59: Hoare triple {11638#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 60: Hoare triple {11638#false} ~handle := #in~handle;~value := #in~value; {11638#false} is VALID [2022-02-20 18:04:13,241 INFO L290 TraceCheckUtils]: 61: Hoare triple {11638#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L290 TraceCheckUtils]: 62: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11638#false} {11638#false} #1122#return; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L272 TraceCheckUtils]: 64: Hoare triple {11638#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L290 TraceCheckUtils]: 65: Hoare triple {11638#false} ~handle := #in~handle;~value := #in~value; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L290 TraceCheckUtils]: 66: Hoare triple {11638#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L290 TraceCheckUtils]: 67: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11638#false} {11638#false} #1124#return; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L290 TraceCheckUtils]: 69: Hoare triple {11638#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {11638#false} is VALID [2022-02-20 18:04:13,242 INFO L290 TraceCheckUtils]: 70: Hoare triple {11638#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L272 TraceCheckUtils]: 71: Hoare triple {11638#false} call outgoing(~sender#1, ~email~0#1); {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L290 TraceCheckUtils]: 72: Hoare triple {11638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L272 TraceCheckUtils]: 73: Hoare triple {11638#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L290 TraceCheckUtils]: 74: Hoare triple {11638#false} ~handle := #in~handle;havoc ~retValue_acc~13; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L290 TraceCheckUtils]: 75: Hoare triple {11638#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L290 TraceCheckUtils]: 76: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11638#false} {11638#false} #1056#return; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L290 TraceCheckUtils]: 78: Hoare triple {11638#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {11638#false} is VALID [2022-02-20 18:04:13,243 INFO L290 TraceCheckUtils]: 79: Hoare triple {11638#false} assume 0 == sign_~privkey~1#1; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L290 TraceCheckUtils]: 80: Hoare triple {11638#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L272 TraceCheckUtils]: 81: Hoare triple {11638#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L290 TraceCheckUtils]: 82: Hoare triple {11638#false} ~handle := #in~handle;havoc ~retValue_acc~36; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L290 TraceCheckUtils]: 83: Hoare triple {11638#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L290 TraceCheckUtils]: 84: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {11638#false} {11638#false} #1058#return; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L290 TraceCheckUtils]: 86: Hoare triple {11638#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L272 TraceCheckUtils]: 87: Hoare triple {11638#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {11638#false} is VALID [2022-02-20 18:04:13,244 INFO L290 TraceCheckUtils]: 88: Hoare triple {11638#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 89: Hoare triple {11638#false} assume 1 == ~handle; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 90: Hoare triple {11638#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 91: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11638#false} {11638#false} #1060#return; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 93: Hoare triple {11638#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 94: Hoare triple {11638#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 95: Hoare triple {11638#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 96: Hoare triple {11638#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {11638#false} is VALID [2022-02-20 18:04:13,245 INFO L290 TraceCheckUtils]: 97: Hoare triple {11638#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L272 TraceCheckUtils]: 98: Hoare triple {11638#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L290 TraceCheckUtils]: 99: Hoare triple {11638#false} ~handle := #in~handle;~value := #in~value; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L290 TraceCheckUtils]: 100: Hoare triple {11638#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L290 TraceCheckUtils]: 101: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {11638#false} {11638#false} #1066#return; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L290 TraceCheckUtils]: 103: Hoare triple {11638#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L290 TraceCheckUtils]: 104: Hoare triple {11638#false} assume 0 != ~in_encrypted~0; {11638#false} is VALID [2022-02-20 18:04:13,246 INFO L272 TraceCheckUtils]: 105: Hoare triple {11638#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L290 TraceCheckUtils]: 106: Hoare triple {11638#false} ~handle := #in~handle;havoc ~retValue_acc~39; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L290 TraceCheckUtils]: 107: Hoare triple {11638#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L290 TraceCheckUtils]: 108: Hoare triple {11638#false} assume true; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {11638#false} {11638#false} #1068#return; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L290 TraceCheckUtils]: 110: Hoare triple {11638#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L290 TraceCheckUtils]: 111: Hoare triple {11638#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L290 TraceCheckUtils]: 112: Hoare triple {11638#false} assume !false; {11638#false} is VALID [2022-02-20 18:04:13,247 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:04:13,248 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:13,248 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1979259203] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:13,248 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:13,248 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:04:13,248 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [946278158] [2022-02-20 18:04:13,248 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:13,249 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 18:04:13,249 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:13,249 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:13,332 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:13,332 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:04:13,332 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:13,332 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:04:13,332 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:04:13,333 INFO L87 Difference]: Start difference. First operand 440 states and 661 transitions. Second operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:14,328 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:14,328 INFO L93 Difference]: Finished difference Result 869 states and 1311 transitions. [2022-02-20 18:04:14,328 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:04:14,329 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 18:04:14,329 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:14,329 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:14,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1117 transitions. [2022-02-20 18:04:14,337 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:14,344 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1117 transitions. [2022-02-20 18:04:14,344 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1117 transitions. [2022-02-20 18:04:15,023 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1117 edges. 1117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:15,036 INFO L225 Difference]: With dead ends: 869 [2022-02-20 18:04:15,036 INFO L226 Difference]: Without dead ends: 442 [2022-02-20 18:04:15,037 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 145 GetRequests, 131 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:04:15,038 INFO L933 BasicCegarLoop]: 553 mSDtfsCounter, 132 mSDsluCounter, 1504 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 2057 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:15,038 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 2057 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:15,039 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 442 states. [2022-02-20 18:04:15,124 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 442 to 442. [2022-02-20 18:04:15,124 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:15,125 INFO L82 GeneralOperation]: Start isEquivalent. First operand 442 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:15,126 INFO L74 IsIncluded]: Start isIncluded. First operand 442 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:15,126 INFO L87 Difference]: Start difference. First operand 442 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:15,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:15,139 INFO L93 Difference]: Finished difference Result 442 states and 667 transitions. [2022-02-20 18:04:15,139 INFO L276 IsEmpty]: Start isEmpty. Operand 442 states and 667 transitions. [2022-02-20 18:04:15,140 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:15,140 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:15,142 INFO L74 IsIncluded]: Start isIncluded. First operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) Second operand 442 states. [2022-02-20 18:04:15,143 INFO L87 Difference]: Start difference. First operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) Second operand 442 states. [2022-02-20 18:04:15,154 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:15,154 INFO L93 Difference]: Finished difference Result 442 states and 667 transitions. [2022-02-20 18:04:15,154 INFO L276 IsEmpty]: Start isEmpty. Operand 442 states and 667 transitions. [2022-02-20 18:04:15,155 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:15,155 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:15,155 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:15,155 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:15,156 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:15,169 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 442 states to 442 states and 667 transitions. [2022-02-20 18:04:15,170 INFO L78 Accepts]: Start accepts. Automaton has 442 states and 667 transitions. Word has length 113 [2022-02-20 18:04:15,171 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:15,171 INFO L470 AbstractCegarLoop]: Abstraction has 442 states and 667 transitions. [2022-02-20 18:04:15,171 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:15,171 INFO L276 IsEmpty]: Start isEmpty. Operand 442 states and 667 transitions. [2022-02-20 18:04:15,174 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 18:04:15,174 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:15,174 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:15,196 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:15,391 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:15,391 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:15,392 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:15,392 INFO L85 PathProgramCache]: Analyzing trace with hash 1612890018, now seen corresponding path program 1 times [2022-02-20 18:04:15,392 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:15,392 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [600237028] [2022-02-20 18:04:15,392 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:15,392 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:15,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:15,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,471 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14789#true} #1136#return; {14789#true} is VALID [2022-02-20 18:04:15,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:15,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,481 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,481 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14789#true} #1138#return; {14789#true} is VALID [2022-02-20 18:04:15,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:15,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume !(1 == ~handle); {14789#true} is VALID [2022-02-20 18:04:15,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,485 INFO L290 TraceCheckUtils]: 3: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,485 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14789#true} {14789#true} #1140#return; {14789#true} is VALID [2022-02-20 18:04:15,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:15,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,488 INFO L290 TraceCheckUtils]: 0: Hoare triple {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,488 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume !(1 == ~handle); {14789#true} is VALID [2022-02-20 18:04:15,488 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,488 INFO L290 TraceCheckUtils]: 3: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,488 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14789#true} {14789#true} #1142#return; {14789#true} is VALID [2022-02-20 18:04:15,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:15,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14849#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:15,503 INFO L290 TraceCheckUtils]: 1: Hoare triple {14849#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14850#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:15,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {14850#(= |setClientId_#in~handle| 1)} assume true; {14850#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:15,504 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14850#(= |setClientId_#in~handle| 1)} {14809#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {14790#false} is VALID [2022-02-20 18:04:15,504 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:15,505 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,507 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,507 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1146#return; {14790#false} is VALID [2022-02-20 18:04:15,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:04:15,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {14851#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1122#return; {14790#false} is VALID [2022-02-20 18:04:15,524 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:04:15,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {14852#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,527 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1124#return; {14790#false} is VALID [2022-02-20 18:04:15,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:04:15,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {14789#true} ~handle := #in~handle;havoc ~retValue_acc~13; {14789#true} is VALID [2022-02-20 18:04:15,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {14789#true} is VALID [2022-02-20 18:04:15,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,530 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1056#return; {14790#false} is VALID [2022-02-20 18:04:15,530 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:04:15,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,534 INFO L290 TraceCheckUtils]: 0: Hoare triple {14789#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14789#true} is VALID [2022-02-20 18:04:15,534 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {14789#true} is VALID [2022-02-20 18:04:15,534 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,534 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1058#return; {14790#false} is VALID [2022-02-20 18:04:15,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:04:15,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {14789#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {14789#true} is VALID [2022-02-20 18:04:15,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle; {14789#true} is VALID [2022-02-20 18:04:15,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {14789#true} is VALID [2022-02-20 18:04:15,537 INFO L290 TraceCheckUtils]: 3: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,537 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14789#true} {14790#false} #1060#return; {14790#false} is VALID [2022-02-20 18:04:15,537 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:04:15,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {14851#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,539 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1066#return; {14790#false} is VALID [2022-02-20 18:04:15,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:04:15,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 0: Hoare triple {14789#true} ~handle := #in~handle;havoc ~retValue_acc~39; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14789#true} {14790#false} #1068#return; {14790#false} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 0: Hoare triple {14789#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 1: Hoare triple {14789#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 2: Hoare triple {14789#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 3: Hoare triple {14789#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 4: Hoare triple {14789#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {14789#true} is VALID [2022-02-20 18:04:15,541 INFO L290 TraceCheckUtils]: 5: Hoare triple {14789#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14789#true} is VALID [2022-02-20 18:04:15,542 INFO L272 TraceCheckUtils]: 6: Hoare triple {14789#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,542 INFO L290 TraceCheckUtils]: 7: Hoare triple {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,542 INFO L290 TraceCheckUtils]: 8: Hoare triple {14789#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,542 INFO L290 TraceCheckUtils]: 9: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,542 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14789#true} {14789#true} #1136#return; {14789#true} is VALID [2022-02-20 18:04:15,542 INFO L290 TraceCheckUtils]: 11: Hoare triple {14789#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L272 TraceCheckUtils]: 12: Hoare triple {14789#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 13: Hoare triple {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 14: Hoare triple {14789#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 15: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14789#true} {14789#true} #1138#return; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 17: Hoare triple {14789#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L272 TraceCheckUtils]: 18: Hoare triple {14789#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 19: Hoare triple {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 20: Hoare triple {14789#true} assume !(1 == ~handle); {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 21: Hoare triple {14789#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,543 INFO L290 TraceCheckUtils]: 22: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14789#true} {14789#true} #1140#return; {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L290 TraceCheckUtils]: 24: Hoare triple {14789#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L272 TraceCheckUtils]: 25: Hoare triple {14789#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:15,544 INFO L290 TraceCheckUtils]: 26: Hoare triple {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L290 TraceCheckUtils]: 27: Hoare triple {14789#true} assume !(1 == ~handle); {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L290 TraceCheckUtils]: 28: Hoare triple {14789#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L290 TraceCheckUtils]: 29: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,544 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14789#true} {14789#true} #1142#return; {14789#true} is VALID [2022-02-20 18:04:15,545 INFO L290 TraceCheckUtils]: 31: Hoare triple {14789#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14809#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:15,545 INFO L272 TraceCheckUtils]: 32: Hoare triple {14809#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,545 INFO L290 TraceCheckUtils]: 33: Hoare triple {14847#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14849#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:15,546 INFO L290 TraceCheckUtils]: 34: Hoare triple {14849#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14850#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:15,546 INFO L290 TraceCheckUtils]: 35: Hoare triple {14850#(= |setClientId_#in~handle| 1)} assume true; {14850#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:15,546 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14850#(= |setClientId_#in~handle| 1)} {14809#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {14790#false} is VALID [2022-02-20 18:04:15,546 INFO L290 TraceCheckUtils]: 37: Hoare triple {14790#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14790#false} is VALID [2022-02-20 18:04:15,546 INFO L272 TraceCheckUtils]: 38: Hoare triple {14790#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 39: Hoare triple {14848#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 40: Hoare triple {14789#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 41: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,547 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14789#true} {14790#false} #1146#return; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 43: Hoare triple {14790#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 44: Hoare triple {14790#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 45: Hoare triple {14790#false} assume !false; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 46: Hoare triple {14790#false} assume test_~splverifierCounter~0#1 < 4; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 47: Hoare triple {14790#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 48: Hoare triple {14790#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 49: Hoare triple {14790#false} assume !(0 != test_~tmp___9~0#1); {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 50: Hoare triple {14790#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 51: Hoare triple {14790#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 52: Hoare triple {14790#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 53: Hoare triple {14790#false} assume { :end_inline_setClientAutoResponse } true; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 54: Hoare triple {14790#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 55: Hoare triple {14790#false} assume !false; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 56: Hoare triple {14790#false} assume !(test_~splverifierCounter~0#1 < 4); {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 57: Hoare triple {14790#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L272 TraceCheckUtils]: 58: Hoare triple {14790#false} call sendEmail(~bob~0, ~rjh~0); {14790#false} is VALID [2022-02-20 18:04:15,547 INFO L290 TraceCheckUtils]: 59: Hoare triple {14790#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L272 TraceCheckUtils]: 60: Hoare triple {14790#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14851#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 61: Hoare triple {14851#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 62: Hoare triple {14789#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 63: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {14789#true} {14790#false} #1122#return; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L272 TraceCheckUtils]: 65: Hoare triple {14790#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14852#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 66: Hoare triple {14852#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 67: Hoare triple {14789#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 68: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {14789#true} {14790#false} #1124#return; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 70: Hoare triple {14790#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 71: Hoare triple {14790#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L272 TraceCheckUtils]: 72: Hoare triple {14790#false} call outgoing(~sender#1, ~email~0#1); {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 73: Hoare triple {14790#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L272 TraceCheckUtils]: 74: Hoare triple {14790#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 75: Hoare triple {14789#true} ~handle := #in~handle;havoc ~retValue_acc~13; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 76: Hoare triple {14789#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 77: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,548 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {14789#true} {14790#false} #1056#return; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 79: Hoare triple {14790#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 80: Hoare triple {14790#false} assume 0 == sign_~privkey~1#1; {14790#false} is VALID [2022-02-20 18:04:15,548 INFO L290 TraceCheckUtils]: 81: Hoare triple {14790#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L272 TraceCheckUtils]: 82: Hoare triple {14790#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 83: Hoare triple {14789#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 84: Hoare triple {14789#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 85: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {14789#true} {14790#false} #1058#return; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 87: Hoare triple {14790#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L272 TraceCheckUtils]: 88: Hoare triple {14790#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 89: Hoare triple {14789#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 90: Hoare triple {14789#true} assume 1 == ~handle; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 91: Hoare triple {14789#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 92: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {14789#true} {14790#false} #1060#return; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 94: Hoare triple {14790#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 95: Hoare triple {14790#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 96: Hoare triple {14790#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 97: Hoare triple {14790#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 98: Hoare triple {14790#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {14790#false} is VALID [2022-02-20 18:04:15,549 INFO L272 TraceCheckUtils]: 99: Hoare triple {14790#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {14851#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 100: Hoare triple {14851#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 101: Hoare triple {14789#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14789#true} is VALID [2022-02-20 18:04:15,549 INFO L290 TraceCheckUtils]: 102: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,550 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {14789#true} {14790#false} #1066#return; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 104: Hoare triple {14790#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 105: Hoare triple {14790#false} assume 0 != ~in_encrypted~0; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L272 TraceCheckUtils]: 106: Hoare triple {14790#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {14789#true} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 107: Hoare triple {14789#true} ~handle := #in~handle;havoc ~retValue_acc~39; {14789#true} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 108: Hoare triple {14789#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {14789#true} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 109: Hoare triple {14789#true} assume true; {14789#true} is VALID [2022-02-20 18:04:15,550 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {14789#true} {14790#false} #1068#return; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 111: Hoare triple {14790#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 112: Hoare triple {14790#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L290 TraceCheckUtils]: 113: Hoare triple {14790#false} assume !false; {14790#false} is VALID [2022-02-20 18:04:15,550 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:15,550 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:15,550 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [600237028] [2022-02-20 18:04:15,550 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [600237028] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:15,550 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:15,551 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:04:15,551 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1277833100] [2022-02-20 18:04:15,551 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:15,551 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 18:04:15,551 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:15,551 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:15,625 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:15,625 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:04:15,625 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:15,625 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:04:15,625 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:15,626 INFO L87 Difference]: Start difference. First operand 442 states and 667 transitions. Second operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:23,591 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:23,592 INFO L93 Difference]: Finished difference Result 1076 states and 1633 transitions. [2022-02-20 18:04:23,592 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:04:23,592 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 18:04:23,592 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:23,593 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:23,606 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1431 transitions. [2022-02-20 18:04:23,606 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:23,622 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1431 transitions. [2022-02-20 18:04:23,622 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1431 transitions. [2022-02-20 18:04:24,780 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1431 edges. 1431 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:24,802 INFO L225 Difference]: With dead ends: 1076 [2022-02-20 18:04:24,802 INFO L226 Difference]: Without dead ends: 657 [2022-02-20 18:04:24,803 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:04:24,804 INFO L933 BasicCegarLoop]: 669 mSDtfsCounter, 1492 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2436 mSolverCounterSat, 635 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1509 SdHoareTripleChecker+Valid, 1532 SdHoareTripleChecker+Invalid, 3071 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 635 IncrementalHoareTripleChecker+Valid, 2436 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:24,804 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1509 Valid, 1532 Invalid, 3071 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [635 Valid, 2436 Invalid, 0 Unknown, 0 Unchecked, 3.6s Time] [2022-02-20 18:04:24,805 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 657 states. [2022-02-20 18:04:24,912 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 657 to 442. [2022-02-20 18:04:24,912 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:24,913 INFO L82 GeneralOperation]: Start isEquivalent. First operand 657 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (79), 73 states have call predecessors, (79), 73 states have call successors, (79) [2022-02-20 18:04:24,914 INFO L74 IsIncluded]: Start isIncluded. First operand 657 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (79), 73 states have call predecessors, (79), 73 states have call successors, (79) [2022-02-20 18:04:24,915 INFO L87 Difference]: Start difference. First operand 657 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (79), 73 states have call predecessors, (79), 73 states have call successors, (79) [2022-02-20 18:04:24,935 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:24,935 INFO L93 Difference]: Finished difference Result 657 states and 997 transitions. [2022-02-20 18:04:24,936 INFO L276 IsEmpty]: Start isEmpty. Operand 657 states and 997 transitions. [2022-02-20 18:04:24,939 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:24,939 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:24,941 INFO L74 IsIncluded]: Start isIncluded. First operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (79), 73 states have call predecessors, (79), 73 states have call successors, (79) Second operand 657 states. [2022-02-20 18:04:24,949 INFO L87 Difference]: Start difference. First operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (79), 73 states have call predecessors, (79), 73 states have call successors, (79) Second operand 657 states. [2022-02-20 18:04:24,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:24,974 INFO L93 Difference]: Finished difference Result 657 states and 997 transitions. [2022-02-20 18:04:24,974 INFO L276 IsEmpty]: Start isEmpty. Operand 657 states and 997 transitions. [2022-02-20 18:04:24,977 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:24,977 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:24,977 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:24,977 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:24,979 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 346 states have internal predecessors, (513), 74 states have call successors, (74), 24 states have call predecessors, (74), 26 states have return successors, (79), 73 states have call predecessors, (79), 73 states have call successors, (79) [2022-02-20 18:04:24,997 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 442 states to 442 states and 666 transitions. [2022-02-20 18:04:24,998 INFO L78 Accepts]: Start accepts. Automaton has 442 states and 666 transitions. Word has length 114 [2022-02-20 18:04:24,998 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:24,998 INFO L470 AbstractCegarLoop]: Abstraction has 442 states and 666 transitions. [2022-02-20 18:04:24,999 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:24,999 INFO L276 IsEmpty]: Start isEmpty. Operand 442 states and 666 transitions. [2022-02-20 18:04:25,001 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 116 [2022-02-20 18:04:25,001 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:25,001 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:25,001 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:04:25,001 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:25,002 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:25,002 INFO L85 PathProgramCache]: Analyzing trace with hash 1193438081, now seen corresponding path program 2 times [2022-02-20 18:04:25,002 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:25,002 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [5962319] [2022-02-20 18:04:25,003 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:25,003 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:25,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:25,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,080 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,081 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18363#true} #1136#return; {18363#true} is VALID [2022-02-20 18:04:25,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:25,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,090 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18363#true} #1138#return; {18363#true} is VALID [2022-02-20 18:04:25,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:25,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,094 INFO L290 TraceCheckUtils]: 0: Hoare triple {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,095 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume !(1 == ~handle); {18363#true} is VALID [2022-02-20 18:04:25,095 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,095 INFO L290 TraceCheckUtils]: 3: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,095 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18363#true} {18363#true} #1140#return; {18363#true} is VALID [2022-02-20 18:04:25,095 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:25,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,100 INFO L290 TraceCheckUtils]: 0: Hoare triple {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,100 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume !(1 == ~handle); {18363#true} is VALID [2022-02-20 18:04:25,100 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,100 INFO L290 TraceCheckUtils]: 3: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,100 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18363#true} {18363#true} #1142#return; {18363#true} is VALID [2022-02-20 18:04:25,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:25,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {18424#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,126 INFO L290 TraceCheckUtils]: 2: Hoare triple {18424#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18425#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,126 INFO L290 TraceCheckUtils]: 3: Hoare triple {18425#(= 2 |setClientId_#in~handle|)} assume true; {18425#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,127 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18425#(= 2 |setClientId_#in~handle|)} {18383#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {18364#false} is VALID [2022-02-20 18:04:25,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:04:25,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,131 INFO L290 TraceCheckUtils]: 0: Hoare triple {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,131 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,131 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1146#return; {18364#false} is VALID [2022-02-20 18:04:25,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:04:25,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {18426#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,142 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1122#return; {18364#false} is VALID [2022-02-20 18:04:25,149 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:04:25,150 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {18427#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,154 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1124#return; {18364#false} is VALID [2022-02-20 18:04:25,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:04:25,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {18363#true} ~handle := #in~handle;havoc ~retValue_acc~13; {18363#true} is VALID [2022-02-20 18:04:25,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {18363#true} is VALID [2022-02-20 18:04:25,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1056#return; {18364#false} is VALID [2022-02-20 18:04:25,158 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:04:25,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,161 INFO L290 TraceCheckUtils]: 0: Hoare triple {18363#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18363#true} is VALID [2022-02-20 18:04:25,161 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {18363#true} is VALID [2022-02-20 18:04:25,161 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,161 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1058#return; {18364#false} is VALID [2022-02-20 18:04:25,161 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:04:25,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {18363#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {18363#true} is VALID [2022-02-20 18:04:25,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle; {18363#true} is VALID [2022-02-20 18:04:25,164 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {18363#true} is VALID [2022-02-20 18:04:25,164 INFO L290 TraceCheckUtils]: 3: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,165 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18363#true} {18364#false} #1060#return; {18364#false} is VALID [2022-02-20 18:04:25,165 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:04:25,166 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,170 INFO L290 TraceCheckUtils]: 0: Hoare triple {18426#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,170 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,171 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,171 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1066#return; {18364#false} is VALID [2022-02-20 18:04:25,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:04:25,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {18363#true} ~handle := #in~handle;havoc ~retValue_acc~39; {18363#true} is VALID [2022-02-20 18:04:25,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {18363#true} is VALID [2022-02-20 18:04:25,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18363#true} {18364#false} #1068#return; {18364#false} is VALID [2022-02-20 18:04:25,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {18363#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {18363#true} is VALID [2022-02-20 18:04:25,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {18363#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {18363#true} is VALID [2022-02-20 18:04:25,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {18363#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18363#true} is VALID [2022-02-20 18:04:25,174 INFO L290 TraceCheckUtils]: 3: Hoare triple {18363#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {18363#true} is VALID [2022-02-20 18:04:25,175 INFO L290 TraceCheckUtils]: 4: Hoare triple {18363#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {18363#true} is VALID [2022-02-20 18:04:25,175 INFO L290 TraceCheckUtils]: 5: Hoare triple {18363#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18363#true} is VALID [2022-02-20 18:04:25,175 INFO L272 TraceCheckUtils]: 6: Hoare triple {18363#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,176 INFO L290 TraceCheckUtils]: 7: Hoare triple {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,176 INFO L290 TraceCheckUtils]: 8: Hoare triple {18363#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,176 INFO L290 TraceCheckUtils]: 9: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,176 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18363#true} {18363#true} #1136#return; {18363#true} is VALID [2022-02-20 18:04:25,176 INFO L290 TraceCheckUtils]: 11: Hoare triple {18363#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18363#true} is VALID [2022-02-20 18:04:25,177 INFO L272 TraceCheckUtils]: 12: Hoare triple {18363#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:25,177 INFO L290 TraceCheckUtils]: 13: Hoare triple {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,177 INFO L290 TraceCheckUtils]: 14: Hoare triple {18363#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,177 INFO L290 TraceCheckUtils]: 15: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,177 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18363#true} {18363#true} #1138#return; {18363#true} is VALID [2022-02-20 18:04:25,177 INFO L290 TraceCheckUtils]: 17: Hoare triple {18363#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18363#true} is VALID [2022-02-20 18:04:25,178 INFO L272 TraceCheckUtils]: 18: Hoare triple {18363#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,178 INFO L290 TraceCheckUtils]: 19: Hoare triple {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,178 INFO L290 TraceCheckUtils]: 20: Hoare triple {18363#true} assume !(1 == ~handle); {18363#true} is VALID [2022-02-20 18:04:25,178 INFO L290 TraceCheckUtils]: 21: Hoare triple {18363#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,178 INFO L290 TraceCheckUtils]: 22: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,178 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18363#true} {18363#true} #1140#return; {18363#true} is VALID [2022-02-20 18:04:25,179 INFO L290 TraceCheckUtils]: 24: Hoare triple {18363#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18363#true} is VALID [2022-02-20 18:04:25,179 INFO L272 TraceCheckUtils]: 25: Hoare triple {18363#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:25,179 INFO L290 TraceCheckUtils]: 26: Hoare triple {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,179 INFO L290 TraceCheckUtils]: 27: Hoare triple {18363#true} assume !(1 == ~handle); {18363#true} is VALID [2022-02-20 18:04:25,180 INFO L290 TraceCheckUtils]: 28: Hoare triple {18363#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,180 INFO L290 TraceCheckUtils]: 29: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,180 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18363#true} {18363#true} #1142#return; {18363#true} is VALID [2022-02-20 18:04:25,180 INFO L290 TraceCheckUtils]: 31: Hoare triple {18363#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18383#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:25,181 INFO L272 TraceCheckUtils]: 32: Hoare triple {18383#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,181 INFO L290 TraceCheckUtils]: 33: Hoare triple {18422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,181 INFO L290 TraceCheckUtils]: 34: Hoare triple {18424#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,182 INFO L290 TraceCheckUtils]: 35: Hoare triple {18424#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18425#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,182 INFO L290 TraceCheckUtils]: 36: Hoare triple {18425#(= 2 |setClientId_#in~handle|)} assume true; {18425#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,183 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18425#(= 2 |setClientId_#in~handle|)} {18383#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {18364#false} is VALID [2022-02-20 18:04:25,183 INFO L290 TraceCheckUtils]: 38: Hoare triple {18364#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18364#false} is VALID [2022-02-20 18:04:25,183 INFO L272 TraceCheckUtils]: 39: Hoare triple {18364#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:25,183 INFO L290 TraceCheckUtils]: 40: Hoare triple {18423#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,183 INFO L290 TraceCheckUtils]: 41: Hoare triple {18363#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,183 INFO L290 TraceCheckUtils]: 42: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,183 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18363#true} {18364#false} #1146#return; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 44: Hoare triple {18364#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 45: Hoare triple {18364#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 46: Hoare triple {18364#false} assume !false; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 47: Hoare triple {18364#false} assume test_~splverifierCounter~0#1 < 4; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 48: Hoare triple {18364#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 49: Hoare triple {18364#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 50: Hoare triple {18364#false} assume !(0 != test_~tmp___9~0#1); {18364#false} is VALID [2022-02-20 18:04:25,184 INFO L290 TraceCheckUtils]: 51: Hoare triple {18364#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 52: Hoare triple {18364#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 53: Hoare triple {18364#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 54: Hoare triple {18364#false} assume { :end_inline_setClientAutoResponse } true; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 55: Hoare triple {18364#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 56: Hoare triple {18364#false} assume !false; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 57: Hoare triple {18364#false} assume !(test_~splverifierCounter~0#1 < 4); {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L290 TraceCheckUtils]: 58: Hoare triple {18364#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {18364#false} is VALID [2022-02-20 18:04:25,185 INFO L272 TraceCheckUtils]: 59: Hoare triple {18364#false} call sendEmail(~bob~0, ~rjh~0); {18364#false} is VALID [2022-02-20 18:04:25,186 INFO L290 TraceCheckUtils]: 60: Hoare triple {18364#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18364#false} is VALID [2022-02-20 18:04:25,186 INFO L272 TraceCheckUtils]: 61: Hoare triple {18364#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18426#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:25,186 INFO L290 TraceCheckUtils]: 62: Hoare triple {18426#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,186 INFO L290 TraceCheckUtils]: 63: Hoare triple {18363#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,186 INFO L290 TraceCheckUtils]: 64: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,186 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18363#true} {18364#false} #1122#return; {18364#false} is VALID [2022-02-20 18:04:25,186 INFO L272 TraceCheckUtils]: 66: Hoare triple {18364#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18427#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:25,186 INFO L290 TraceCheckUtils]: 67: Hoare triple {18427#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,187 INFO L290 TraceCheckUtils]: 68: Hoare triple {18363#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,187 INFO L290 TraceCheckUtils]: 69: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,187 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {18363#true} {18364#false} #1124#return; {18364#false} is VALID [2022-02-20 18:04:25,187 INFO L290 TraceCheckUtils]: 71: Hoare triple {18364#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {18364#false} is VALID [2022-02-20 18:04:25,187 INFO L290 TraceCheckUtils]: 72: Hoare triple {18364#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {18364#false} is VALID [2022-02-20 18:04:25,187 INFO L272 TraceCheckUtils]: 73: Hoare triple {18364#false} call outgoing(~sender#1, ~email~0#1); {18364#false} is VALID [2022-02-20 18:04:25,187 INFO L290 TraceCheckUtils]: 74: Hoare triple {18364#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {18364#false} is VALID [2022-02-20 18:04:25,187 INFO L272 TraceCheckUtils]: 75: Hoare triple {18364#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {18363#true} is VALID [2022-02-20 18:04:25,188 INFO L290 TraceCheckUtils]: 76: Hoare triple {18363#true} ~handle := #in~handle;havoc ~retValue_acc~13; {18363#true} is VALID [2022-02-20 18:04:25,188 INFO L290 TraceCheckUtils]: 77: Hoare triple {18363#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {18363#true} is VALID [2022-02-20 18:04:25,188 INFO L290 TraceCheckUtils]: 78: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,188 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {18363#true} {18364#false} #1056#return; {18364#false} is VALID [2022-02-20 18:04:25,188 INFO L290 TraceCheckUtils]: 80: Hoare triple {18364#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {18364#false} is VALID [2022-02-20 18:04:25,188 INFO L290 TraceCheckUtils]: 81: Hoare triple {18364#false} assume 0 == sign_~privkey~1#1; {18364#false} is VALID [2022-02-20 18:04:25,188 INFO L290 TraceCheckUtils]: 82: Hoare triple {18364#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {18364#false} is VALID [2022-02-20 18:04:25,189 INFO L272 TraceCheckUtils]: 83: Hoare triple {18364#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {18363#true} is VALID [2022-02-20 18:04:25,189 INFO L290 TraceCheckUtils]: 84: Hoare triple {18363#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18363#true} is VALID [2022-02-20 18:04:25,189 INFO L290 TraceCheckUtils]: 85: Hoare triple {18363#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {18363#true} is VALID [2022-02-20 18:04:25,189 INFO L290 TraceCheckUtils]: 86: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,189 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {18363#true} {18364#false} #1058#return; {18364#false} is VALID [2022-02-20 18:04:25,189 INFO L290 TraceCheckUtils]: 88: Hoare triple {18364#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {18364#false} is VALID [2022-02-20 18:04:25,189 INFO L272 TraceCheckUtils]: 89: Hoare triple {18364#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {18363#true} is VALID [2022-02-20 18:04:25,189 INFO L290 TraceCheckUtils]: 90: Hoare triple {18363#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {18363#true} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 91: Hoare triple {18363#true} assume 1 == ~handle; {18363#true} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 92: Hoare triple {18363#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {18363#true} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 93: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,190 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {18363#true} {18364#false} #1060#return; {18364#false} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 95: Hoare triple {18364#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {18364#false} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 96: Hoare triple {18364#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {18364#false} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 97: Hoare triple {18364#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {18364#false} is VALID [2022-02-20 18:04:25,190 INFO L290 TraceCheckUtils]: 98: Hoare triple {18364#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {18364#false} is VALID [2022-02-20 18:04:25,191 INFO L290 TraceCheckUtils]: 99: Hoare triple {18364#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {18364#false} is VALID [2022-02-20 18:04:25,191 INFO L272 TraceCheckUtils]: 100: Hoare triple {18364#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {18426#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:25,191 INFO L290 TraceCheckUtils]: 101: Hoare triple {18426#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18363#true} is VALID [2022-02-20 18:04:25,191 INFO L290 TraceCheckUtils]: 102: Hoare triple {18363#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18363#true} is VALID [2022-02-20 18:04:25,191 INFO L290 TraceCheckUtils]: 103: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,191 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {18363#true} {18364#false} #1066#return; {18364#false} is VALID [2022-02-20 18:04:25,191 INFO L290 TraceCheckUtils]: 105: Hoare triple {18364#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {18364#false} is VALID [2022-02-20 18:04:25,191 INFO L290 TraceCheckUtils]: 106: Hoare triple {18364#false} assume 0 != ~in_encrypted~0; {18364#false} is VALID [2022-02-20 18:04:25,192 INFO L272 TraceCheckUtils]: 107: Hoare triple {18364#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {18363#true} is VALID [2022-02-20 18:04:25,192 INFO L290 TraceCheckUtils]: 108: Hoare triple {18363#true} ~handle := #in~handle;havoc ~retValue_acc~39; {18363#true} is VALID [2022-02-20 18:04:25,192 INFO L290 TraceCheckUtils]: 109: Hoare triple {18363#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {18363#true} is VALID [2022-02-20 18:04:25,192 INFO L290 TraceCheckUtils]: 110: Hoare triple {18363#true} assume true; {18363#true} is VALID [2022-02-20 18:04:25,192 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {18363#true} {18364#false} #1068#return; {18364#false} is VALID [2022-02-20 18:04:25,192 INFO L290 TraceCheckUtils]: 112: Hoare triple {18364#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {18364#false} is VALID [2022-02-20 18:04:25,192 INFO L290 TraceCheckUtils]: 113: Hoare triple {18364#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {18364#false} is VALID [2022-02-20 18:04:25,192 INFO L290 TraceCheckUtils]: 114: Hoare triple {18364#false} assume !false; {18364#false} is VALID [2022-02-20 18:04:25,193 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:25,193 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:25,193 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [5962319] [2022-02-20 18:04:25,193 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [5962319] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:25,193 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:25,194 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:04:25,194 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [961049911] [2022-02-20 18:04:25,194 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:25,195 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 18:04:25,195 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:25,195 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:25,282 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:25,283 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:04:25,283 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:25,283 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:04:25,283 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:25,283 INFO L87 Difference]: Start difference. First operand 442 states and 666 transitions. Second operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:32,614 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:32,614 INFO L93 Difference]: Finished difference Result 1078 states and 1636 transitions. [2022-02-20 18:04:32,614 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:04:32,614 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 18:04:32,615 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:32,615 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:32,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1432 transitions. [2022-02-20 18:04:32,628 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:32,641 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1432 transitions. [2022-02-20 18:04:32,641 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1432 transitions. [2022-02-20 18:04:33,837 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1432 edges. 1432 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:33,858 INFO L225 Difference]: With dead ends: 1078 [2022-02-20 18:04:33,858 INFO L226 Difference]: Without dead ends: 659 [2022-02-20 18:04:33,860 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:04:33,860 INFO L933 BasicCegarLoop]: 670 mSDtfsCounter, 1478 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2452 mSolverCounterSat, 622 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1495 SdHoareTripleChecker+Valid, 1533 SdHoareTripleChecker+Invalid, 3074 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 622 IncrementalHoareTripleChecker+Valid, 2452 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:33,860 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1495 Valid, 1533 Invalid, 3074 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [622 Valid, 2452 Invalid, 0 Unknown, 0 Unchecked, 3.3s Time] [2022-02-20 18:04:33,861 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 659 states. [2022-02-20 18:04:33,984 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 659 to 444. [2022-02-20 18:04:33,984 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:33,985 INFO L82 GeneralOperation]: Start isEquivalent. First operand 659 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (81), 73 states have call predecessors, (81), 73 states have call successors, (81) [2022-02-20 18:04:33,986 INFO L74 IsIncluded]: Start isIncluded. First operand 659 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (81), 73 states have call predecessors, (81), 73 states have call successors, (81) [2022-02-20 18:04:33,987 INFO L87 Difference]: Start difference. First operand 659 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (81), 73 states have call predecessors, (81), 73 states have call successors, (81) [2022-02-20 18:04:34,008 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:34,008 INFO L93 Difference]: Finished difference Result 659 states and 1000 transitions. [2022-02-20 18:04:34,008 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 1000 transitions. [2022-02-20 18:04:34,011 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:34,011 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:34,012 INFO L74 IsIncluded]: Start isIncluded. First operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (81), 73 states have call predecessors, (81), 73 states have call successors, (81) Second operand 659 states. [2022-02-20 18:04:34,013 INFO L87 Difference]: Start difference. First operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (81), 73 states have call predecessors, (81), 73 states have call successors, (81) Second operand 659 states. [2022-02-20 18:04:34,032 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:34,032 INFO L93 Difference]: Finished difference Result 659 states and 1000 transitions. [2022-02-20 18:04:34,032 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 1000 transitions. [2022-02-20 18:04:34,035 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:34,035 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:34,035 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:34,036 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:34,042 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (81), 73 states have call predecessors, (81), 73 states have call successors, (81) [2022-02-20 18:04:34,054 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 444 states to 444 states and 669 transitions. [2022-02-20 18:04:34,055 INFO L78 Accepts]: Start accepts. Automaton has 444 states and 669 transitions. Word has length 115 [2022-02-20 18:04:34,055 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:34,055 INFO L470 AbstractCegarLoop]: Abstraction has 444 states and 669 transitions. [2022-02-20 18:04:34,056 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:04:34,056 INFO L276 IsEmpty]: Start isEmpty. Operand 444 states and 669 transitions. [2022-02-20 18:04:34,057 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-02-20 18:04:34,058 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:34,058 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:34,058 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:04:34,058 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:34,058 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:34,059 INFO L85 PathProgramCache]: Analyzing trace with hash -1780926243, now seen corresponding path program 1 times [2022-02-20 18:04:34,059 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:34,059 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1754211727] [2022-02-20 18:04:34,059 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:34,059 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:34,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:34,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,126 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,127 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21946#true} #1136#return; {21946#true} is VALID [2022-02-20 18:04:34,134 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:34,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,137 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,137 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21946#true} #1138#return; {21946#true} is VALID [2022-02-20 18:04:34,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:34,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,139 INFO L290 TraceCheckUtils]: 0: Hoare triple {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume !(1 == ~handle); {21946#true} is VALID [2022-02-20 18:04:34,140 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,140 INFO L290 TraceCheckUtils]: 3: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,140 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21946#true} {21946#true} #1140#return; {21946#true} is VALID [2022-02-20 18:04:34,140 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:34,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume !(1 == ~handle); {21946#true} is VALID [2022-02-20 18:04:34,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,144 INFO L290 TraceCheckUtils]: 3: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,144 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21946#true} {21946#true} #1142#return; {21946#true} is VALID [2022-02-20 18:04:34,144 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:34,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,163 INFO L290 TraceCheckUtils]: 0: Hoare triple {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22009#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {22009#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22009#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,164 INFO L290 TraceCheckUtils]: 2: Hoare triple {22009#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22009#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,164 INFO L290 TraceCheckUtils]: 3: Hoare triple {22009#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22010#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,164 INFO L290 TraceCheckUtils]: 4: Hoare triple {22010#(= 3 |setClientId_#in~handle|)} assume true; {22010#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,165 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22010#(= 3 |setClientId_#in~handle|)} {21966#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:34,165 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:34,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22011#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {22011#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22012#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:34,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {22012#(= |setClientPrivateKey_#in~handle| 1)} assume true; {22012#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:34,181 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22012#(= |setClientPrivateKey_#in~handle| 1)} {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1146#return; {21947#false} is VALID [2022-02-20 18:04:34,187 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:04:34,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,190 INFO L290 TraceCheckUtils]: 0: Hoare triple {22013#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,190 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,190 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,190 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21947#false} #1122#return; {21947#false} is VALID [2022-02-20 18:04:34,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:34,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {22014#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,202 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,203 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21947#false} #1124#return; {21947#false} is VALID [2022-02-20 18:04:34,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:04:34,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {21946#true} ~handle := #in~handle;havoc ~retValue_acc~13; {21946#true} is VALID [2022-02-20 18:04:34,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {21946#true} is VALID [2022-02-20 18:04:34,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21947#false} #1056#return; {21947#false} is VALID [2022-02-20 18:04:34,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:04:34,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {21946#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21946#true} is VALID [2022-02-20 18:04:34,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21946#true} is VALID [2022-02-20 18:04:34,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,209 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21947#false} #1058#return; {21947#false} is VALID [2022-02-20 18:04:34,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:04:34,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {21946#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {21946#true} is VALID [2022-02-20 18:04:34,211 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle; {21946#true} is VALID [2022-02-20 18:04:34,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {21946#true} is VALID [2022-02-20 18:04:34,212 INFO L290 TraceCheckUtils]: 3: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,212 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21946#true} {21947#false} #1060#return; {21947#false} is VALID [2022-02-20 18:04:34,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:04:34,213 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,214 INFO L290 TraceCheckUtils]: 0: Hoare triple {22013#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,214 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,214 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,214 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21947#false} #1066#return; {21947#false} is VALID [2022-02-20 18:04:34,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:04:34,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,218 INFO L290 TraceCheckUtils]: 0: Hoare triple {21946#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21946#true} is VALID [2022-02-20 18:04:34,218 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21946#true} is VALID [2022-02-20 18:04:34,218 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,218 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21946#true} {21947#false} #1068#return; {21947#false} is VALID [2022-02-20 18:04:34,218 INFO L290 TraceCheckUtils]: 0: Hoare triple {21946#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {21946#true} is VALID [2022-02-20 18:04:34,218 INFO L290 TraceCheckUtils]: 1: Hoare triple {21946#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {21946#true} is VALID [2022-02-20 18:04:34,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {21946#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21946#true} is VALID [2022-02-20 18:04:34,219 INFO L290 TraceCheckUtils]: 3: Hoare triple {21946#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {21946#true} is VALID [2022-02-20 18:04:34,219 INFO L290 TraceCheckUtils]: 4: Hoare triple {21946#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {21946#true} is VALID [2022-02-20 18:04:34,219 INFO L290 TraceCheckUtils]: 5: Hoare triple {21946#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21946#true} is VALID [2022-02-20 18:04:34,220 INFO L272 TraceCheckUtils]: 6: Hoare triple {21946#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:34,220 INFO L290 TraceCheckUtils]: 7: Hoare triple {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,220 INFO L290 TraceCheckUtils]: 8: Hoare triple {21946#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,220 INFO L290 TraceCheckUtils]: 9: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,220 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21946#true} {21946#true} #1136#return; {21946#true} is VALID [2022-02-20 18:04:34,220 INFO L290 TraceCheckUtils]: 11: Hoare triple {21946#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21946#true} is VALID [2022-02-20 18:04:34,221 INFO L272 TraceCheckUtils]: 12: Hoare triple {21946#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:34,221 INFO L290 TraceCheckUtils]: 13: Hoare triple {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,221 INFO L290 TraceCheckUtils]: 14: Hoare triple {21946#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,221 INFO L290 TraceCheckUtils]: 15: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,221 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21946#true} {21946#true} #1138#return; {21946#true} is VALID [2022-02-20 18:04:34,221 INFO L290 TraceCheckUtils]: 17: Hoare triple {21946#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21946#true} is VALID [2022-02-20 18:04:34,222 INFO L272 TraceCheckUtils]: 18: Hoare triple {21946#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:34,222 INFO L290 TraceCheckUtils]: 19: Hoare triple {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,222 INFO L290 TraceCheckUtils]: 20: Hoare triple {21946#true} assume !(1 == ~handle); {21946#true} is VALID [2022-02-20 18:04:34,222 INFO L290 TraceCheckUtils]: 21: Hoare triple {21946#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,222 INFO L290 TraceCheckUtils]: 22: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,222 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21946#true} {21946#true} #1140#return; {21946#true} is VALID [2022-02-20 18:04:34,222 INFO L290 TraceCheckUtils]: 24: Hoare triple {21946#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21946#true} is VALID [2022-02-20 18:04:34,223 INFO L272 TraceCheckUtils]: 25: Hoare triple {21946#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:34,223 INFO L290 TraceCheckUtils]: 26: Hoare triple {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,223 INFO L290 TraceCheckUtils]: 27: Hoare triple {21946#true} assume !(1 == ~handle); {21946#true} is VALID [2022-02-20 18:04:34,223 INFO L290 TraceCheckUtils]: 28: Hoare triple {21946#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,223 INFO L290 TraceCheckUtils]: 29: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,223 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21946#true} {21946#true} #1142#return; {21946#true} is VALID [2022-02-20 18:04:34,224 INFO L290 TraceCheckUtils]: 31: Hoare triple {21946#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21966#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:34,224 INFO L272 TraceCheckUtils]: 32: Hoare triple {21966#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:34,224 INFO L290 TraceCheckUtils]: 33: Hoare triple {22007#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22009#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,225 INFO L290 TraceCheckUtils]: 34: Hoare triple {22009#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22009#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,225 INFO L290 TraceCheckUtils]: 35: Hoare triple {22009#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22009#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,225 INFO L290 TraceCheckUtils]: 36: Hoare triple {22009#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22010#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,225 INFO L290 TraceCheckUtils]: 37: Hoare triple {22010#(= 3 |setClientId_#in~handle|)} assume true; {22010#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,226 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22010#(= 3 |setClientId_#in~handle|)} {21966#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:34,226 INFO L290 TraceCheckUtils]: 39: Hoare triple {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:34,227 INFO L272 TraceCheckUtils]: 40: Hoare triple {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:34,227 INFO L290 TraceCheckUtils]: 41: Hoare triple {22008#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22011#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,227 INFO L290 TraceCheckUtils]: 42: Hoare triple {22011#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22012#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:34,227 INFO L290 TraceCheckUtils]: 43: Hoare triple {22012#(= |setClientPrivateKey_#in~handle| 1)} assume true; {22012#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:34,228 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {22012#(= |setClientPrivateKey_#in~handle| 1)} {21973#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1146#return; {21947#false} is VALID [2022-02-20 18:04:34,228 INFO L290 TraceCheckUtils]: 45: Hoare triple {21947#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {21947#false} is VALID [2022-02-20 18:04:34,228 INFO L290 TraceCheckUtils]: 46: Hoare triple {21947#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21947#false} is VALID [2022-02-20 18:04:34,228 INFO L290 TraceCheckUtils]: 47: Hoare triple {21947#false} assume !false; {21947#false} is VALID [2022-02-20 18:04:34,228 INFO L290 TraceCheckUtils]: 48: Hoare triple {21947#false} assume test_~splverifierCounter~0#1 < 4; {21947#false} is VALID [2022-02-20 18:04:34,228 INFO L290 TraceCheckUtils]: 49: Hoare triple {21947#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 50: Hoare triple {21947#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 51: Hoare triple {21947#false} assume !(0 != test_~tmp___9~0#1); {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 52: Hoare triple {21947#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 53: Hoare triple {21947#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 54: Hoare triple {21947#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 55: Hoare triple {21947#false} assume { :end_inline_setClientAutoResponse } true; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 56: Hoare triple {21947#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 57: Hoare triple {21947#false} assume !false; {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 58: Hoare triple {21947#false} assume !(test_~splverifierCounter~0#1 < 4); {21947#false} is VALID [2022-02-20 18:04:34,229 INFO L290 TraceCheckUtils]: 59: Hoare triple {21947#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {21947#false} is VALID [2022-02-20 18:04:34,230 INFO L272 TraceCheckUtils]: 60: Hoare triple {21947#false} call sendEmail(~bob~0, ~rjh~0); {21947#false} is VALID [2022-02-20 18:04:34,230 INFO L290 TraceCheckUtils]: 61: Hoare triple {21947#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21947#false} is VALID [2022-02-20 18:04:34,230 INFO L272 TraceCheckUtils]: 62: Hoare triple {21947#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22013#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:34,230 INFO L290 TraceCheckUtils]: 63: Hoare triple {22013#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,230 INFO L290 TraceCheckUtils]: 64: Hoare triple {21946#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,230 INFO L290 TraceCheckUtils]: 65: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,230 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21946#true} {21947#false} #1122#return; {21947#false} is VALID [2022-02-20 18:04:34,230 INFO L272 TraceCheckUtils]: 67: Hoare triple {21947#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22014#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:34,230 INFO L290 TraceCheckUtils]: 68: Hoare triple {22014#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,231 INFO L290 TraceCheckUtils]: 69: Hoare triple {21946#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,231 INFO L290 TraceCheckUtils]: 70: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,231 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21946#true} {21947#false} #1124#return; {21947#false} is VALID [2022-02-20 18:04:34,231 INFO L290 TraceCheckUtils]: 72: Hoare triple {21947#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {21947#false} is VALID [2022-02-20 18:04:34,231 INFO L290 TraceCheckUtils]: 73: Hoare triple {21947#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {21947#false} is VALID [2022-02-20 18:04:34,231 INFO L272 TraceCheckUtils]: 74: Hoare triple {21947#false} call outgoing(~sender#1, ~email~0#1); {21947#false} is VALID [2022-02-20 18:04:34,231 INFO L290 TraceCheckUtils]: 75: Hoare triple {21947#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {21947#false} is VALID [2022-02-20 18:04:34,231 INFO L272 TraceCheckUtils]: 76: Hoare triple {21947#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {21946#true} is VALID [2022-02-20 18:04:34,231 INFO L290 TraceCheckUtils]: 77: Hoare triple {21946#true} ~handle := #in~handle;havoc ~retValue_acc~13; {21946#true} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 78: Hoare triple {21946#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {21946#true} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 79: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,232 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {21946#true} {21947#false} #1056#return; {21947#false} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 81: Hoare triple {21947#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {21947#false} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 82: Hoare triple {21947#false} assume 0 == sign_~privkey~1#1; {21947#false} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 83: Hoare triple {21947#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {21947#false} is VALID [2022-02-20 18:04:34,232 INFO L272 TraceCheckUtils]: 84: Hoare triple {21947#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {21946#true} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 85: Hoare triple {21946#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21946#true} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 86: Hoare triple {21946#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21946#true} is VALID [2022-02-20 18:04:34,232 INFO L290 TraceCheckUtils]: 87: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,233 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21946#true} {21947#false} #1058#return; {21947#false} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 89: Hoare triple {21947#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {21947#false} is VALID [2022-02-20 18:04:34,233 INFO L272 TraceCheckUtils]: 90: Hoare triple {21947#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {21946#true} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 91: Hoare triple {21946#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {21946#true} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 92: Hoare triple {21946#true} assume 1 == ~handle; {21946#true} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 93: Hoare triple {21946#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {21946#true} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 94: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,233 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {21946#true} {21947#false} #1060#return; {21947#false} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 96: Hoare triple {21947#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {21947#false} is VALID [2022-02-20 18:04:34,233 INFO L290 TraceCheckUtils]: 97: Hoare triple {21947#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {21947#false} is VALID [2022-02-20 18:04:34,234 INFO L290 TraceCheckUtils]: 98: Hoare triple {21947#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {21947#false} is VALID [2022-02-20 18:04:34,234 INFO L290 TraceCheckUtils]: 99: Hoare triple {21947#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {21947#false} is VALID [2022-02-20 18:04:34,234 INFO L290 TraceCheckUtils]: 100: Hoare triple {21947#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {21947#false} is VALID [2022-02-20 18:04:34,234 INFO L272 TraceCheckUtils]: 101: Hoare triple {21947#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {22013#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:34,240 INFO L290 TraceCheckUtils]: 102: Hoare triple {22013#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21946#true} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 103: Hoare triple {21946#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21946#true} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 104: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,241 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21946#true} {21947#false} #1066#return; {21947#false} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 106: Hoare triple {21947#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {21947#false} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 107: Hoare triple {21947#false} assume 0 != ~in_encrypted~0; {21947#false} is VALID [2022-02-20 18:04:34,241 INFO L272 TraceCheckUtils]: 108: Hoare triple {21947#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {21946#true} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 109: Hoare triple {21946#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21946#true} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 110: Hoare triple {21946#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21946#true} is VALID [2022-02-20 18:04:34,241 INFO L290 TraceCheckUtils]: 111: Hoare triple {21946#true} assume true; {21946#true} is VALID [2022-02-20 18:04:34,242 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {21946#true} {21947#false} #1068#return; {21947#false} is VALID [2022-02-20 18:04:34,242 INFO L290 TraceCheckUtils]: 113: Hoare triple {21947#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {21947#false} is VALID [2022-02-20 18:04:34,242 INFO L290 TraceCheckUtils]: 114: Hoare triple {21947#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {21947#false} is VALID [2022-02-20 18:04:34,242 INFO L290 TraceCheckUtils]: 115: Hoare triple {21947#false} assume !false; {21947#false} is VALID [2022-02-20 18:04:34,242 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:34,242 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:34,242 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1754211727] [2022-02-20 18:04:34,242 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1754211727] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:34,243 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:34,243 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:04:34,243 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1023875501] [2022-02-20 18:04:34,243 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:34,243 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 18:04:34,244 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:34,244 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:34,304 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:34,304 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:04:34,305 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:34,305 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:04:34,305 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:34,306 INFO L87 Difference]: Start difference. First operand 444 states and 669 transitions. Second operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:44,689 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:44,689 INFO L93 Difference]: Finished difference Result 1076 states and 1631 transitions. [2022-02-20 18:04:44,689 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:04:44,690 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 18:04:44,690 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:44,690 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:44,701 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1433 transitions. [2022-02-20 18:04:44,702 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:44,713 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1433 transitions. [2022-02-20 18:04:44,713 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1433 transitions. [2022-02-20 18:04:45,842 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1433 edges. 1433 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:45,869 INFO L225 Difference]: With dead ends: 1076 [2022-02-20 18:04:45,869 INFO L226 Difference]: Without dead ends: 659 [2022-02-20 18:04:45,870 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:04:45,871 INFO L933 BasicCegarLoop]: 635 mSDtfsCounter, 1673 mSDsluCounter, 1196 mSDsCounter, 0 mSdLazyCounter, 4235 mSolverCounterSat, 685 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1673 SdHoareTripleChecker+Valid, 1831 SdHoareTripleChecker+Invalid, 4920 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 685 IncrementalHoareTripleChecker+Valid, 4235 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:45,871 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1673 Valid, 1831 Invalid, 4920 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [685 Valid, 4235 Invalid, 0 Unknown, 0 Unchecked, 4.9s Time] [2022-02-20 18:04:45,872 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 659 states. [2022-02-20 18:04:45,962 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 659 to 444. [2022-02-20 18:04:45,962 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:45,963 INFO L82 GeneralOperation]: Start isEquivalent. First operand 659 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:45,963 INFO L74 IsIncluded]: Start isIncluded. First operand 659 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:45,964 INFO L87 Difference]: Start difference. First operand 659 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:45,984 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:45,984 INFO L93 Difference]: Finished difference Result 659 states and 999 transitions. [2022-02-20 18:04:45,985 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 999 transitions. [2022-02-20 18:04:45,988 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:45,988 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:45,989 INFO L74 IsIncluded]: Start isIncluded. First operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) Second operand 659 states. [2022-02-20 18:04:45,990 INFO L87 Difference]: Start difference. First operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) Second operand 659 states. [2022-02-20 18:04:46,008 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:46,008 INFO L93 Difference]: Finished difference Result 659 states and 999 transitions. [2022-02-20 18:04:46,008 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 999 transitions. [2022-02-20 18:04:46,012 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:46,012 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:46,012 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:46,012 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:46,013 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 348 states have internal predecessors, (514), 74 states have call successors, (74), 24 states have call predecessors, (74), 27 states have return successors, (80), 73 states have call predecessors, (80), 73 states have call successors, (80) [2022-02-20 18:04:46,024 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 444 states to 444 states and 668 transitions. [2022-02-20 18:04:46,024 INFO L78 Accepts]: Start accepts. Automaton has 444 states and 668 transitions. Word has length 116 [2022-02-20 18:04:46,024 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:46,024 INFO L470 AbstractCegarLoop]: Abstraction has 444 states and 668 transitions. [2022-02-20 18:04:46,025 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:46,025 INFO L276 IsEmpty]: Start isEmpty. Operand 444 states and 668 transitions. [2022-02-20 18:04:46,026 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 18:04:46,026 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:46,026 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:46,027 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:04:46,027 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:46,027 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:46,027 INFO L85 PathProgramCache]: Analyzing trace with hash 1953819643, now seen corresponding path program 2 times [2022-02-20 18:04:46,027 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:46,027 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [502823381] [2022-02-20 18:04:46,027 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:46,028 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:46,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:46,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,071 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25538#true} #1136#return; {25538#true} is VALID [2022-02-20 18:04:46,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:46,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,087 INFO L290 TraceCheckUtils]: 0: Hoare triple {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,087 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,087 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,087 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25538#true} #1138#return; {25538#true} is VALID [2022-02-20 18:04:46,087 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:46,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume !(1 == ~handle); {25538#true} is VALID [2022-02-20 18:04:46,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,090 INFO L290 TraceCheckUtils]: 3: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,090 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25538#true} {25538#true} #1140#return; {25538#true} is VALID [2022-02-20 18:04:46,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:46,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume !(1 == ~handle); {25538#true} is VALID [2022-02-20 18:04:46,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,093 INFO L290 TraceCheckUtils]: 3: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,094 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25538#true} {25538#true} #1142#return; {25538#true} is VALID [2022-02-20 18:04:46,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:46,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25602#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {25602#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25602#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,117 INFO L290 TraceCheckUtils]: 2: Hoare triple {25602#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25602#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,118 INFO L290 TraceCheckUtils]: 3: Hoare triple {25602#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25603#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,118 INFO L290 TraceCheckUtils]: 4: Hoare triple {25603#(= 3 |setClientId_#in~handle|)} assume true; {25603#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,118 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25603#(= 3 |setClientId_#in~handle|)} {25558#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:46,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:46,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,135 INFO L290 TraceCheckUtils]: 2: Hoare triple {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25605#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,135 INFO L290 TraceCheckUtils]: 3: Hoare triple {25605#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {25605#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,136 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25605#(= 2 |setClientPrivateKey_#in~handle|)} {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1146#return; {25539#false} is VALID [2022-02-20 18:04:46,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:04:46,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {25606#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,145 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25539#false} #1122#return; {25539#false} is VALID [2022-02-20 18:04:46,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:04:46,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {25607#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,157 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,157 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25539#false} #1124#return; {25539#false} is VALID [2022-02-20 18:04:46,158 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:04:46,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {25538#true} ~handle := #in~handle;havoc ~retValue_acc~13; {25538#true} is VALID [2022-02-20 18:04:46,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {25538#true} is VALID [2022-02-20 18:04:46,160 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,160 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25539#false} #1056#return; {25539#false} is VALID [2022-02-20 18:04:46,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:04:46,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {25538#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25538#true} is VALID [2022-02-20 18:04:46,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {25538#true} is VALID [2022-02-20 18:04:46,164 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,164 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25539#false} #1058#return; {25539#false} is VALID [2022-02-20 18:04:46,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:04:46,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {25538#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {25538#true} is VALID [2022-02-20 18:04:46,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle; {25538#true} is VALID [2022-02-20 18:04:46,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {25538#true} is VALID [2022-02-20 18:04:46,168 INFO L290 TraceCheckUtils]: 3: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,168 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25538#true} {25539#false} #1060#return; {25539#false} is VALID [2022-02-20 18:04:46,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:04:46,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {25606#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,172 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25539#false} #1066#return; {25539#false} is VALID [2022-02-20 18:04:46,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:04:46,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {25538#true} ~handle := #in~handle;havoc ~retValue_acc~39; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25538#true} {25539#false} #1068#return; {25539#false} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 0: Hoare triple {25538#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {25538#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 2: Hoare triple {25538#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 3: Hoare triple {25538#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {25538#true} is VALID [2022-02-20 18:04:46,175 INFO L290 TraceCheckUtils]: 4: Hoare triple {25538#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {25538#true} is VALID [2022-02-20 18:04:46,176 INFO L290 TraceCheckUtils]: 5: Hoare triple {25538#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25538#true} is VALID [2022-02-20 18:04:46,176 INFO L272 TraceCheckUtils]: 6: Hoare triple {25538#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:46,176 INFO L290 TraceCheckUtils]: 7: Hoare triple {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,176 INFO L290 TraceCheckUtils]: 8: Hoare triple {25538#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,176 INFO L290 TraceCheckUtils]: 9: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,177 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25538#true} {25538#true} #1136#return; {25538#true} is VALID [2022-02-20 18:04:46,177 INFO L290 TraceCheckUtils]: 11: Hoare triple {25538#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25538#true} is VALID [2022-02-20 18:04:46,177 INFO L272 TraceCheckUtils]: 12: Hoare triple {25538#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:46,177 INFO L290 TraceCheckUtils]: 13: Hoare triple {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,177 INFO L290 TraceCheckUtils]: 14: Hoare triple {25538#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,177 INFO L290 TraceCheckUtils]: 15: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,178 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25538#true} {25538#true} #1138#return; {25538#true} is VALID [2022-02-20 18:04:46,178 INFO L290 TraceCheckUtils]: 17: Hoare triple {25538#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25538#true} is VALID [2022-02-20 18:04:46,178 INFO L272 TraceCheckUtils]: 18: Hoare triple {25538#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:46,178 INFO L290 TraceCheckUtils]: 19: Hoare triple {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,178 INFO L290 TraceCheckUtils]: 20: Hoare triple {25538#true} assume !(1 == ~handle); {25538#true} is VALID [2022-02-20 18:04:46,178 INFO L290 TraceCheckUtils]: 21: Hoare triple {25538#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,179 INFO L290 TraceCheckUtils]: 22: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,179 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25538#true} {25538#true} #1140#return; {25538#true} is VALID [2022-02-20 18:04:46,179 INFO L290 TraceCheckUtils]: 24: Hoare triple {25538#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25538#true} is VALID [2022-02-20 18:04:46,179 INFO L272 TraceCheckUtils]: 25: Hoare triple {25538#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:46,179 INFO L290 TraceCheckUtils]: 26: Hoare triple {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,179 INFO L290 TraceCheckUtils]: 27: Hoare triple {25538#true} assume !(1 == ~handle); {25538#true} is VALID [2022-02-20 18:04:46,180 INFO L290 TraceCheckUtils]: 28: Hoare triple {25538#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,180 INFO L290 TraceCheckUtils]: 29: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,180 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25538#true} {25538#true} #1142#return; {25538#true} is VALID [2022-02-20 18:04:46,180 INFO L290 TraceCheckUtils]: 31: Hoare triple {25538#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25558#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:46,181 INFO L272 TraceCheckUtils]: 32: Hoare triple {25558#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:46,181 INFO L290 TraceCheckUtils]: 33: Hoare triple {25600#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25602#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,181 INFO L290 TraceCheckUtils]: 34: Hoare triple {25602#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25602#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,181 INFO L290 TraceCheckUtils]: 35: Hoare triple {25602#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25602#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,182 INFO L290 TraceCheckUtils]: 36: Hoare triple {25602#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25603#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,182 INFO L290 TraceCheckUtils]: 37: Hoare triple {25603#(= 3 |setClientId_#in~handle|)} assume true; {25603#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:46,182 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25603#(= 3 |setClientId_#in~handle|)} {25558#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1144#return; {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:46,183 INFO L290 TraceCheckUtils]: 39: Hoare triple {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:46,183 INFO L272 TraceCheckUtils]: 40: Hoare triple {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:46,183 INFO L290 TraceCheckUtils]: 41: Hoare triple {25601#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,184 INFO L290 TraceCheckUtils]: 42: Hoare triple {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,184 INFO L290 TraceCheckUtils]: 43: Hoare triple {25604#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25605#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,184 INFO L290 TraceCheckUtils]: 44: Hoare triple {25605#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {25605#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:46,185 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {25605#(= 2 |setClientPrivateKey_#in~handle|)} {25565#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1146#return; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 46: Hoare triple {25539#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 47: Hoare triple {25539#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 48: Hoare triple {25539#false} assume !false; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 49: Hoare triple {25539#false} assume test_~splverifierCounter~0#1 < 4; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 50: Hoare triple {25539#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 51: Hoare triple {25539#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {25539#false} is VALID [2022-02-20 18:04:46,185 INFO L290 TraceCheckUtils]: 52: Hoare triple {25539#false} assume !(0 != test_~tmp___9~0#1); {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 53: Hoare triple {25539#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 54: Hoare triple {25539#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 55: Hoare triple {25539#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 56: Hoare triple {25539#false} assume { :end_inline_setClientAutoResponse } true; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 57: Hoare triple {25539#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 58: Hoare triple {25539#false} assume !false; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 59: Hoare triple {25539#false} assume !(test_~splverifierCounter~0#1 < 4); {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 60: Hoare triple {25539#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L272 TraceCheckUtils]: 61: Hoare triple {25539#false} call sendEmail(~bob~0, ~rjh~0); {25539#false} is VALID [2022-02-20 18:04:46,186 INFO L290 TraceCheckUtils]: 62: Hoare triple {25539#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25539#false} is VALID [2022-02-20 18:04:46,187 INFO L272 TraceCheckUtils]: 63: Hoare triple {25539#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25606#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:46,187 INFO L290 TraceCheckUtils]: 64: Hoare triple {25606#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,187 INFO L290 TraceCheckUtils]: 65: Hoare triple {25538#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,187 INFO L290 TraceCheckUtils]: 66: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,187 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {25538#true} {25539#false} #1122#return; {25539#false} is VALID [2022-02-20 18:04:46,187 INFO L272 TraceCheckUtils]: 68: Hoare triple {25539#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25607#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:46,187 INFO L290 TraceCheckUtils]: 69: Hoare triple {25607#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,187 INFO L290 TraceCheckUtils]: 70: Hoare triple {25538#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 71: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,188 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {25538#true} {25539#false} #1124#return; {25539#false} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 73: Hoare triple {25539#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {25539#false} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 74: Hoare triple {25539#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {25539#false} is VALID [2022-02-20 18:04:46,188 INFO L272 TraceCheckUtils]: 75: Hoare triple {25539#false} call outgoing(~sender#1, ~email~0#1); {25539#false} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 76: Hoare triple {25539#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {25539#false} is VALID [2022-02-20 18:04:46,188 INFO L272 TraceCheckUtils]: 77: Hoare triple {25539#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {25538#true} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 78: Hoare triple {25538#true} ~handle := #in~handle;havoc ~retValue_acc~13; {25538#true} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 79: Hoare triple {25538#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {25538#true} is VALID [2022-02-20 18:04:46,188 INFO L290 TraceCheckUtils]: 80: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,189 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25538#true} {25539#false} #1056#return; {25539#false} is VALID [2022-02-20 18:04:46,189 INFO L290 TraceCheckUtils]: 82: Hoare triple {25539#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {25539#false} is VALID [2022-02-20 18:04:46,189 INFO L290 TraceCheckUtils]: 83: Hoare triple {25539#false} assume 0 == sign_~privkey~1#1; {25539#false} is VALID [2022-02-20 18:04:46,189 INFO L290 TraceCheckUtils]: 84: Hoare triple {25539#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {25539#false} is VALID [2022-02-20 18:04:46,189 INFO L272 TraceCheckUtils]: 85: Hoare triple {25539#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {25538#true} is VALID [2022-02-20 18:04:46,189 INFO L290 TraceCheckUtils]: 86: Hoare triple {25538#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25538#true} is VALID [2022-02-20 18:04:46,189 INFO L290 TraceCheckUtils]: 87: Hoare triple {25538#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {25538#true} is VALID [2022-02-20 18:04:46,189 INFO L290 TraceCheckUtils]: 88: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,189 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {25538#true} {25539#false} #1058#return; {25539#false} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 90: Hoare triple {25539#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {25539#false} is VALID [2022-02-20 18:04:46,190 INFO L272 TraceCheckUtils]: 91: Hoare triple {25539#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {25538#true} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 92: Hoare triple {25538#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {25538#true} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 93: Hoare triple {25538#true} assume 1 == ~handle; {25538#true} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 94: Hoare triple {25538#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {25538#true} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 95: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,190 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {25538#true} {25539#false} #1060#return; {25539#false} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 97: Hoare triple {25539#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {25539#false} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 98: Hoare triple {25539#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {25539#false} is VALID [2022-02-20 18:04:46,190 INFO L290 TraceCheckUtils]: 99: Hoare triple {25539#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {25539#false} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 100: Hoare triple {25539#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {25539#false} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 101: Hoare triple {25539#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {25539#false} is VALID [2022-02-20 18:04:46,191 INFO L272 TraceCheckUtils]: 102: Hoare triple {25539#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {25606#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 103: Hoare triple {25606#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25538#true} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 104: Hoare triple {25538#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25538#true} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 105: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,191 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {25538#true} {25539#false} #1066#return; {25539#false} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 107: Hoare triple {25539#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {25539#false} is VALID [2022-02-20 18:04:46,191 INFO L290 TraceCheckUtils]: 108: Hoare triple {25539#false} assume 0 != ~in_encrypted~0; {25539#false} is VALID [2022-02-20 18:04:46,192 INFO L272 TraceCheckUtils]: 109: Hoare triple {25539#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {25538#true} is VALID [2022-02-20 18:04:46,192 INFO L290 TraceCheckUtils]: 110: Hoare triple {25538#true} ~handle := #in~handle;havoc ~retValue_acc~39; {25538#true} is VALID [2022-02-20 18:04:46,192 INFO L290 TraceCheckUtils]: 111: Hoare triple {25538#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {25538#true} is VALID [2022-02-20 18:04:46,192 INFO L290 TraceCheckUtils]: 112: Hoare triple {25538#true} assume true; {25538#true} is VALID [2022-02-20 18:04:46,192 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {25538#true} {25539#false} #1068#return; {25539#false} is VALID [2022-02-20 18:04:46,192 INFO L290 TraceCheckUtils]: 114: Hoare triple {25539#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {25539#false} is VALID [2022-02-20 18:04:46,192 INFO L290 TraceCheckUtils]: 115: Hoare triple {25539#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {25539#false} is VALID [2022-02-20 18:04:46,192 INFO L290 TraceCheckUtils]: 116: Hoare triple {25539#false} assume !false; {25539#false} is VALID [2022-02-20 18:04:46,193 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:46,193 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:46,193 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [502823381] [2022-02-20 18:04:46,193 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [502823381] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:46,193 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:46,193 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:04:46,193 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [24084718] [2022-02-20 18:04:46,193 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:46,194 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 18:04:46,194 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:46,194 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:46,256 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:46,256 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:04:46,256 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:46,257 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:04:46,257 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:46,257 INFO L87 Difference]: Start difference. First operand 444 states and 668 transitions. Second operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:57,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:57,183 INFO L93 Difference]: Finished difference Result 1078 states and 1637 transitions. [2022-02-20 18:04:57,183 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:04:57,183 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 18:04:57,183 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:57,183 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:57,216 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1434 transitions. [2022-02-20 18:04:57,216 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:57,229 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1434 transitions. [2022-02-20 18:04:57,229 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1434 transitions. [2022-02-20 18:04:58,363 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1434 edges. 1434 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:58,384 INFO L225 Difference]: With dead ends: 1078 [2022-02-20 18:04:58,385 INFO L226 Difference]: Without dead ends: 661 [2022-02-20 18:04:58,386 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:04:58,386 INFO L933 BasicCegarLoop]: 676 mSDtfsCounter, 1564 mSDsluCounter, 1196 mSDsCounter, 0 mSdLazyCounter, 4549 mSolverCounterSat, 652 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1564 SdHoareTripleChecker+Valid, 1872 SdHoareTripleChecker+Invalid, 5201 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 652 IncrementalHoareTripleChecker+Valid, 4549 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:58,387 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1564 Valid, 1872 Invalid, 5201 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [652 Valid, 4549 Invalid, 0 Unknown, 0 Unchecked, 5.2s Time] [2022-02-20 18:04:58,387 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 661 states. [2022-02-20 18:04:58,470 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 661 to 446. [2022-02-20 18:04:58,470 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:58,471 INFO L82 GeneralOperation]: Start isEquivalent. First operand 661 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 350 states have internal predecessors, (515), 74 states have call successors, (74), 24 states have call predecessors, (74), 28 states have return successors, (85), 73 states have call predecessors, (85), 73 states have call successors, (85) [2022-02-20 18:04:58,472 INFO L74 IsIncluded]: Start isIncluded. First operand 661 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 350 states have internal predecessors, (515), 74 states have call successors, (74), 24 states have call predecessors, (74), 28 states have return successors, (85), 73 states have call predecessors, (85), 73 states have call successors, (85) [2022-02-20 18:04:58,472 INFO L87 Difference]: Start difference. First operand 661 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 350 states have internal predecessors, (515), 74 states have call successors, (74), 24 states have call predecessors, (74), 28 states have return successors, (85), 73 states have call predecessors, (85), 73 states have call successors, (85) [2022-02-20 18:04:58,490 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:58,491 INFO L93 Difference]: Finished difference Result 661 states and 1005 transitions. [2022-02-20 18:04:58,491 INFO L276 IsEmpty]: Start isEmpty. Operand 661 states and 1005 transitions. [2022-02-20 18:04:58,493 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:58,493 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:58,494 INFO L74 IsIncluded]: Start isIncluded. First operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 350 states have internal predecessors, (515), 74 states have call successors, (74), 24 states have call predecessors, (74), 28 states have return successors, (85), 73 states have call predecessors, (85), 73 states have call successors, (85) Second operand 661 states. [2022-02-20 18:04:58,494 INFO L87 Difference]: Start difference. First operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 350 states have internal predecessors, (515), 74 states have call successors, (74), 24 states have call predecessors, (74), 28 states have return successors, (85), 73 states have call predecessors, (85), 73 states have call successors, (85) Second operand 661 states. [2022-02-20 18:04:58,515 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:58,515 INFO L93 Difference]: Finished difference Result 661 states and 1005 transitions. [2022-02-20 18:04:58,516 INFO L276 IsEmpty]: Start isEmpty. Operand 661 states and 1005 transitions. [2022-02-20 18:04:58,519 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:58,519 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:58,519 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:58,519 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:58,520 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 350 states have internal predecessors, (515), 74 states have call successors, (74), 24 states have call predecessors, (74), 28 states have return successors, (85), 73 states have call predecessors, (85), 73 states have call successors, (85) [2022-02-20 18:04:58,531 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 446 states to 446 states and 674 transitions. [2022-02-20 18:04:58,531 INFO L78 Accepts]: Start accepts. Automaton has 446 states and 674 transitions. Word has length 117 [2022-02-20 18:04:58,532 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:58,532 INFO L470 AbstractCegarLoop]: Abstraction has 446 states and 674 transitions. [2022-02-20 18:04:58,532 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:04:58,532 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 674 transitions. [2022-02-20 18:04:58,534 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 119 [2022-02-20 18:04:58,534 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:58,534 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:58,534 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:04:58,535 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:58,535 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:58,535 INFO L85 PathProgramCache]: Analyzing trace with hash -310085064, now seen corresponding path program 1 times [2022-02-20 18:04:58,535 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:58,535 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [555700317] [2022-02-20 18:04:58,535 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:58,536 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:58,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:58,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29139#true} #1136#return; {29139#true} is VALID [2022-02-20 18:04:58,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:58,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29139#true} #1138#return; {29139#true} is VALID [2022-02-20 18:04:58,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:58,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29205#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,634 INFO L290 TraceCheckUtils]: 1: Hoare triple {29205#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {29205#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,634 INFO L290 TraceCheckUtils]: 2: Hoare triple {29205#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29206#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,635 INFO L290 TraceCheckUtils]: 3: Hoare triple {29206#(= 2 |setClientId_#in~handle|)} assume true; {29206#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,635 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29206#(= 2 |setClientId_#in~handle|)} {29149#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1140#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:58,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,643 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,644 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29139#true} {29155#(not (= ~rjh~0 1))} #1142#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:58,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,649 INFO L290 TraceCheckUtils]: 0: Hoare triple {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,649 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,649 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,649 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,649 INFO L290 TraceCheckUtils]: 4: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,650 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29139#true} {29155#(not (= ~rjh~0 1))} #1144#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:58,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,656 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,656 INFO L290 TraceCheckUtils]: 4: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,656 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29139#true} {29155#(not (= ~rjh~0 1))} #1146#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:04:58,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {29207#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29140#false} #1122#return; {29140#false} is VALID [2022-02-20 18:04:58,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:04:58,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {29208#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,679 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29140#false} #1124#return; {29140#false} is VALID [2022-02-20 18:04:58,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:04:58,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~13; {29139#true} is VALID [2022-02-20 18:04:58,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {29139#true} is VALID [2022-02-20 18:04:58,683 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,683 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29140#false} #1056#return; {29140#false} is VALID [2022-02-20 18:04:58,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:04:58,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~36; {29139#true} is VALID [2022-02-20 18:04:58,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {29139#true} is VALID [2022-02-20 18:04:58,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,687 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29140#false} #1058#return; {29140#false} is VALID [2022-02-20 18:04:58,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:58,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {29139#true} is VALID [2022-02-20 18:04:58,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle; {29139#true} is VALID [2022-02-20 18:04:58,691 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {29139#true} is VALID [2022-02-20 18:04:58,691 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,692 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29139#true} {29140#false} #1060#return; {29140#false} is VALID [2022-02-20 18:04:58,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:04:58,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {29207#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,695 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29140#false} #1066#return; {29140#false} is VALID [2022-02-20 18:04:58,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:04:58,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~39; {29139#true} is VALID [2022-02-20 18:04:58,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {29139#true} is VALID [2022-02-20 18:04:58,698 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,698 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29139#true} {29140#false} #1068#return; {29140#false} is VALID [2022-02-20 18:04:58,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {29139#true} is VALID [2022-02-20 18:04:58,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {29139#true} is VALID [2022-02-20 18:04:58,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {29139#true} is VALID [2022-02-20 18:04:58,699 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {29139#true} is VALID [2022-02-20 18:04:58,699 INFO L290 TraceCheckUtils]: 4: Hoare triple {29139#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {29139#true} is VALID [2022-02-20 18:04:58,699 INFO L290 TraceCheckUtils]: 5: Hoare triple {29139#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {29139#true} is VALID [2022-02-20 18:04:58,700 INFO L272 TraceCheckUtils]: 6: Hoare triple {29139#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:58,700 INFO L290 TraceCheckUtils]: 7: Hoare triple {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,700 INFO L290 TraceCheckUtils]: 8: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,700 INFO L290 TraceCheckUtils]: 9: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,700 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {29139#true} {29139#true} #1136#return; {29139#true} is VALID [2022-02-20 18:04:58,700 INFO L290 TraceCheckUtils]: 11: Hoare triple {29139#true} assume { :end_inline_setup_bob__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:58,701 INFO L272 TraceCheckUtils]: 12: Hoare triple {29139#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:58,701 INFO L290 TraceCheckUtils]: 13: Hoare triple {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,701 INFO L290 TraceCheckUtils]: 14: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,701 INFO L290 TraceCheckUtils]: 15: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,701 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29139#true} {29139#true} #1138#return; {29139#true} is VALID [2022-02-20 18:04:58,702 INFO L290 TraceCheckUtils]: 17: Hoare triple {29139#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {29149#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:04:58,702 INFO L272 TraceCheckUtils]: 18: Hoare triple {29149#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:58,703 INFO L290 TraceCheckUtils]: 19: Hoare triple {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29205#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,703 INFO L290 TraceCheckUtils]: 20: Hoare triple {29205#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {29205#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,703 INFO L290 TraceCheckUtils]: 21: Hoare triple {29205#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29206#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,703 INFO L290 TraceCheckUtils]: 22: Hoare triple {29206#(= 2 |setClientId_#in~handle|)} assume true; {29206#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:58,704 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {29206#(= 2 |setClientId_#in~handle|)} {29149#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1140#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,704 INFO L290 TraceCheckUtils]: 24: Hoare triple {29155#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,705 INFO L272 TraceCheckUtils]: 25: Hoare triple {29155#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:58,705 INFO L290 TraceCheckUtils]: 26: Hoare triple {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,705 INFO L290 TraceCheckUtils]: 27: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,705 INFO L290 TraceCheckUtils]: 28: Hoare triple {29139#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,705 INFO L290 TraceCheckUtils]: 29: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,705 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {29139#true} {29155#(not (= ~rjh~0 1))} #1142#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,706 INFO L290 TraceCheckUtils]: 31: Hoare triple {29155#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,706 INFO L272 TraceCheckUtils]: 32: Hoare triple {29155#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:58,706 INFO L290 TraceCheckUtils]: 33: Hoare triple {29203#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,706 INFO L290 TraceCheckUtils]: 34: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,707 INFO L290 TraceCheckUtils]: 35: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,707 INFO L290 TraceCheckUtils]: 36: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,707 INFO L290 TraceCheckUtils]: 37: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,707 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {29139#true} {29155#(not (= ~rjh~0 1))} #1144#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,707 INFO L290 TraceCheckUtils]: 39: Hoare triple {29155#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,708 INFO L272 TraceCheckUtils]: 40: Hoare triple {29155#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:58,708 INFO L290 TraceCheckUtils]: 41: Hoare triple {29204#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,708 INFO L290 TraceCheckUtils]: 42: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,708 INFO L290 TraceCheckUtils]: 43: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:58,708 INFO L290 TraceCheckUtils]: 44: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,709 INFO L290 TraceCheckUtils]: 45: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,709 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {29139#true} {29155#(not (= ~rjh~0 1))} #1146#return; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,709 INFO L290 TraceCheckUtils]: 47: Hoare triple {29155#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,709 INFO L290 TraceCheckUtils]: 48: Hoare triple {29155#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,710 INFO L290 TraceCheckUtils]: 49: Hoare triple {29155#(not (= ~rjh~0 1))} assume !false; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,710 INFO L290 TraceCheckUtils]: 50: Hoare triple {29155#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,710 INFO L290 TraceCheckUtils]: 51: Hoare triple {29155#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,710 INFO L290 TraceCheckUtils]: 52: Hoare triple {29155#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,711 INFO L290 TraceCheckUtils]: 53: Hoare triple {29155#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,711 INFO L290 TraceCheckUtils]: 54: Hoare triple {29155#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {29155#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:04:58,711 INFO L290 TraceCheckUtils]: 55: Hoare triple {29155#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {29173#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 56: Hoare triple {29173#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 57: Hoare triple {29140#false} assume { :end_inline_setClientAutoResponse } true; {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 58: Hoare triple {29140#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 59: Hoare triple {29140#false} assume !false; {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 60: Hoare triple {29140#false} assume !(test_~splverifierCounter~0#1 < 4); {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 61: Hoare triple {29140#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L272 TraceCheckUtils]: 62: Hoare triple {29140#false} call sendEmail(~bob~0, ~rjh~0); {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 63: Hoare triple {29140#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29140#false} is VALID [2022-02-20 18:04:58,712 INFO L272 TraceCheckUtils]: 64: Hoare triple {29140#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29207#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:58,712 INFO L290 TraceCheckUtils]: 65: Hoare triple {29207#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,713 INFO L290 TraceCheckUtils]: 66: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,713 INFO L290 TraceCheckUtils]: 67: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,713 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {29139#true} {29140#false} #1122#return; {29140#false} is VALID [2022-02-20 18:04:58,713 INFO L272 TraceCheckUtils]: 69: Hoare triple {29140#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29208#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:58,713 INFO L290 TraceCheckUtils]: 70: Hoare triple {29208#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,713 INFO L290 TraceCheckUtils]: 71: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,713 INFO L290 TraceCheckUtils]: 72: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,713 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {29139#true} {29140#false} #1124#return; {29140#false} is VALID [2022-02-20 18:04:58,713 INFO L290 TraceCheckUtils]: 74: Hoare triple {29140#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {29140#false} is VALID [2022-02-20 18:04:58,714 INFO L290 TraceCheckUtils]: 75: Hoare triple {29140#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {29140#false} is VALID [2022-02-20 18:04:58,714 INFO L272 TraceCheckUtils]: 76: Hoare triple {29140#false} call outgoing(~sender#1, ~email~0#1); {29140#false} is VALID [2022-02-20 18:04:58,714 INFO L290 TraceCheckUtils]: 77: Hoare triple {29140#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {29140#false} is VALID [2022-02-20 18:04:58,714 INFO L272 TraceCheckUtils]: 78: Hoare triple {29140#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {29139#true} is VALID [2022-02-20 18:04:58,714 INFO L290 TraceCheckUtils]: 79: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~13; {29139#true} is VALID [2022-02-20 18:04:58,714 INFO L290 TraceCheckUtils]: 80: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {29139#true} is VALID [2022-02-20 18:04:58,714 INFO L290 TraceCheckUtils]: 81: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,714 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {29139#true} {29140#false} #1056#return; {29140#false} is VALID [2022-02-20 18:04:58,714 INFO L290 TraceCheckUtils]: 83: Hoare triple {29140#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {29140#false} is VALID [2022-02-20 18:04:58,715 INFO L290 TraceCheckUtils]: 84: Hoare triple {29140#false} assume 0 == sign_~privkey~1#1; {29140#false} is VALID [2022-02-20 18:04:58,715 INFO L290 TraceCheckUtils]: 85: Hoare triple {29140#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {29140#false} is VALID [2022-02-20 18:04:58,715 INFO L272 TraceCheckUtils]: 86: Hoare triple {29140#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {29139#true} is VALID [2022-02-20 18:04:58,715 INFO L290 TraceCheckUtils]: 87: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~36; {29139#true} is VALID [2022-02-20 18:04:58,715 INFO L290 TraceCheckUtils]: 88: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {29139#true} is VALID [2022-02-20 18:04:58,715 INFO L290 TraceCheckUtils]: 89: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,715 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {29139#true} {29140#false} #1058#return; {29140#false} is VALID [2022-02-20 18:04:58,715 INFO L290 TraceCheckUtils]: 91: Hoare triple {29140#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {29140#false} is VALID [2022-02-20 18:04:58,715 INFO L272 TraceCheckUtils]: 92: Hoare triple {29140#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {29139#true} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 93: Hoare triple {29139#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {29139#true} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 94: Hoare triple {29139#true} assume 1 == ~handle; {29139#true} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 95: Hoare triple {29139#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {29139#true} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 96: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,716 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {29139#true} {29140#false} #1060#return; {29140#false} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 98: Hoare triple {29140#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {29140#false} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 99: Hoare triple {29140#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {29140#false} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 100: Hoare triple {29140#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {29140#false} is VALID [2022-02-20 18:04:58,716 INFO L290 TraceCheckUtils]: 101: Hoare triple {29140#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {29140#false} is VALID [2022-02-20 18:04:58,717 INFO L290 TraceCheckUtils]: 102: Hoare triple {29140#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {29140#false} is VALID [2022-02-20 18:04:58,717 INFO L272 TraceCheckUtils]: 103: Hoare triple {29140#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {29207#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:58,717 INFO L290 TraceCheckUtils]: 104: Hoare triple {29207#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:58,717 INFO L290 TraceCheckUtils]: 105: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:58,717 INFO L290 TraceCheckUtils]: 106: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,717 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {29139#true} {29140#false} #1066#return; {29140#false} is VALID [2022-02-20 18:04:58,717 INFO L290 TraceCheckUtils]: 108: Hoare triple {29140#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {29140#false} is VALID [2022-02-20 18:04:58,717 INFO L290 TraceCheckUtils]: 109: Hoare triple {29140#false} assume 0 != ~in_encrypted~0; {29140#false} is VALID [2022-02-20 18:04:58,717 INFO L272 TraceCheckUtils]: 110: Hoare triple {29140#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {29139#true} is VALID [2022-02-20 18:04:58,718 INFO L290 TraceCheckUtils]: 111: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~39; {29139#true} is VALID [2022-02-20 18:04:58,718 INFO L290 TraceCheckUtils]: 112: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {29139#true} is VALID [2022-02-20 18:04:58,718 INFO L290 TraceCheckUtils]: 113: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:58,718 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {29139#true} {29140#false} #1068#return; {29140#false} is VALID [2022-02-20 18:04:58,718 INFO L290 TraceCheckUtils]: 115: Hoare triple {29140#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {29140#false} is VALID [2022-02-20 18:04:58,718 INFO L290 TraceCheckUtils]: 116: Hoare triple {29140#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {29140#false} is VALID [2022-02-20 18:04:58,718 INFO L290 TraceCheckUtils]: 117: Hoare triple {29140#false} assume !false; {29140#false} is VALID [2022-02-20 18:04:58,719 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 18:04:58,719 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:58,720 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [555700317] [2022-02-20 18:04:58,720 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [555700317] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:58,720 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1391258246] [2022-02-20 18:04:58,720 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:58,720 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:58,720 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:58,721 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:58,726 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:04:58,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,921 INFO L263 TraceCheckSpWp]: Trace formula consists of 1107 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:04:58,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:58,962 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:59,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {29139#true} is VALID [2022-02-20 18:04:59,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {29139#true} is VALID [2022-02-20 18:04:59,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 4: Hoare triple {29139#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 5: Hoare triple {29139#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L272 TraceCheckUtils]: 6: Hoare triple {29139#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 7: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 8: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 9: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {29139#true} {29139#true} #1136#return; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 11: Hoare triple {29139#true} assume { :end_inline_setup_bob__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L272 TraceCheckUtils]: 12: Hoare triple {29139#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 13: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 14: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 15: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29139#true} {29139#true} #1138#return; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 17: Hoare triple {29139#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L272 TraceCheckUtils]: 18: Hoare triple {29139#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 19: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 20: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 21: Hoare triple {29139#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L290 TraceCheckUtils]: 22: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,186 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {29139#true} {29139#true} #1140#return; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 24: Hoare triple {29139#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L272 TraceCheckUtils]: 25: Hoare triple {29139#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 26: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 27: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 28: Hoare triple {29139#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 29: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {29139#true} {29139#true} #1142#return; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 31: Hoare triple {29139#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L272 TraceCheckUtils]: 32: Hoare triple {29139#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 33: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 34: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 35: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 36: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 37: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {29139#true} {29139#true} #1144#return; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 39: Hoare triple {29139#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L272 TraceCheckUtils]: 40: Hoare triple {29139#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 41: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 42: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 43: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 44: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,187 INFO L290 TraceCheckUtils]: 45: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,188 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {29139#true} {29139#true} #1146#return; {29139#true} is VALID [2022-02-20 18:04:59,188 INFO L290 TraceCheckUtils]: 47: Hoare triple {29139#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {29139#true} is VALID [2022-02-20 18:04:59,188 INFO L290 TraceCheckUtils]: 48: Hoare triple {29139#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29356#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:59,188 INFO L290 TraceCheckUtils]: 49: Hoare triple {29356#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {29356#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:59,189 INFO L290 TraceCheckUtils]: 50: Hoare triple {29356#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {29356#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:59,189 INFO L290 TraceCheckUtils]: 51: Hoare triple {29356#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,189 INFO L290 TraceCheckUtils]: 52: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,190 INFO L290 TraceCheckUtils]: 53: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,190 INFO L290 TraceCheckUtils]: 54: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,190 INFO L290 TraceCheckUtils]: 55: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,190 INFO L290 TraceCheckUtils]: 56: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,191 INFO L290 TraceCheckUtils]: 57: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,191 INFO L290 TraceCheckUtils]: 58: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,191 INFO L290 TraceCheckUtils]: 59: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:59,191 INFO L290 TraceCheckUtils]: 60: Hoare triple {29366#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L290 TraceCheckUtils]: 61: Hoare triple {29140#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L272 TraceCheckUtils]: 62: Hoare triple {29140#false} call sendEmail(~bob~0, ~rjh~0); {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L290 TraceCheckUtils]: 63: Hoare triple {29140#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L272 TraceCheckUtils]: 64: Hoare triple {29140#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L290 TraceCheckUtils]: 65: Hoare triple {29140#false} ~handle := #in~handle;~value := #in~value; {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L290 TraceCheckUtils]: 66: Hoare triple {29140#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L290 TraceCheckUtils]: 67: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {29140#false} {29140#false} #1122#return; {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L272 TraceCheckUtils]: 69: Hoare triple {29140#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29140#false} is VALID [2022-02-20 18:04:59,192 INFO L290 TraceCheckUtils]: 70: Hoare triple {29140#false} ~handle := #in~handle;~value := #in~value; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L290 TraceCheckUtils]: 71: Hoare triple {29140#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L290 TraceCheckUtils]: 72: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {29140#false} {29140#false} #1124#return; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L290 TraceCheckUtils]: 74: Hoare triple {29140#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L290 TraceCheckUtils]: 75: Hoare triple {29140#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L272 TraceCheckUtils]: 76: Hoare triple {29140#false} call outgoing(~sender#1, ~email~0#1); {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L290 TraceCheckUtils]: 77: Hoare triple {29140#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L272 TraceCheckUtils]: 78: Hoare triple {29140#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {29140#false} is VALID [2022-02-20 18:04:59,193 INFO L290 TraceCheckUtils]: 79: Hoare triple {29140#false} ~handle := #in~handle;havoc ~retValue_acc~13; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 80: Hoare triple {29140#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 81: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {29140#false} {29140#false} #1056#return; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 83: Hoare triple {29140#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 84: Hoare triple {29140#false} assume 0 == sign_~privkey~1#1; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 85: Hoare triple {29140#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L272 TraceCheckUtils]: 86: Hoare triple {29140#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 87: Hoare triple {29140#false} ~handle := #in~handle;havoc ~retValue_acc~36; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 88: Hoare triple {29140#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {29140#false} is VALID [2022-02-20 18:04:59,194 INFO L290 TraceCheckUtils]: 89: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {29140#false} {29140#false} #1058#return; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L290 TraceCheckUtils]: 91: Hoare triple {29140#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L272 TraceCheckUtils]: 92: Hoare triple {29140#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L290 TraceCheckUtils]: 93: Hoare triple {29140#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L290 TraceCheckUtils]: 94: Hoare triple {29140#false} assume 1 == ~handle; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L290 TraceCheckUtils]: 95: Hoare triple {29140#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L290 TraceCheckUtils]: 96: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {29140#false} {29140#false} #1060#return; {29140#false} is VALID [2022-02-20 18:04:59,195 INFO L290 TraceCheckUtils]: 98: Hoare triple {29140#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 99: Hoare triple {29140#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 100: Hoare triple {29140#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 101: Hoare triple {29140#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 102: Hoare triple {29140#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L272 TraceCheckUtils]: 103: Hoare triple {29140#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 104: Hoare triple {29140#false} ~handle := #in~handle;~value := #in~value; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 105: Hoare triple {29140#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 106: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {29140#false} {29140#false} #1066#return; {29140#false} is VALID [2022-02-20 18:04:59,196 INFO L290 TraceCheckUtils]: 108: Hoare triple {29140#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 109: Hoare triple {29140#false} assume 0 != ~in_encrypted~0; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L272 TraceCheckUtils]: 110: Hoare triple {29140#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 111: Hoare triple {29140#false} ~handle := #in~handle;havoc ~retValue_acc~39; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 112: Hoare triple {29140#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 113: Hoare triple {29140#false} assume true; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {29140#false} {29140#false} #1068#return; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 115: Hoare triple {29140#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 116: Hoare triple {29140#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {29140#false} is VALID [2022-02-20 18:04:59,197 INFO L290 TraceCheckUtils]: 117: Hoare triple {29140#false} assume !false; {29140#false} is VALID [2022-02-20 18:04:59,198 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:59,198 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:04:59,507 INFO L290 TraceCheckUtils]: 117: Hoare triple {29140#false} assume !false; {29140#false} is VALID [2022-02-20 18:04:59,507 INFO L290 TraceCheckUtils]: 116: Hoare triple {29140#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {29140#false} is VALID [2022-02-20 18:04:59,507 INFO L290 TraceCheckUtils]: 115: Hoare triple {29140#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {29139#true} {29140#false} #1068#return; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 113: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 112: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 111: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~39; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L272 TraceCheckUtils]: 110: Hoare triple {29140#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 109: Hoare triple {29140#false} assume 0 != ~in_encrypted~0; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 108: Hoare triple {29140#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret88#1, mail_#t~ret89#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~10#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(28, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 29, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {29139#true} {29140#false} #1066#return; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 106: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 105: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 104: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L272 TraceCheckUtils]: 103: Hoare triple {29140#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 102: Hoare triple {29140#false} outgoing__wrappee__Keys_#t~ret90#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret90#1 && outgoing__wrappee__Keys_#t~ret90#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret90#1;havoc outgoing__wrappee__Keys_#t~ret90#1; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 101: Hoare triple {29140#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 100: Hoare triple {29140#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret90#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 99: Hoare triple {29140#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 98: Hoare triple {29140#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret92#1 && outgoing__wrappee__AutoResponder_#t~ret92#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret92#1;havoc outgoing__wrappee__AutoResponder_#t~ret92#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {29139#true} {29140#false} #1060#return; {29140#false} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 96: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 95: Hoare triple {29139#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~18 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~18; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 94: Hoare triple {29139#true} assume 1 == ~handle; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L290 TraceCheckUtils]: 93: Hoare triple {29139#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~18; {29139#true} is VALID [2022-02-20 18:04:59,508 INFO L272 TraceCheckUtils]: 92: Hoare triple {29140#false} call outgoing__wrappee__AutoResponder_#t~ret92#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 91: Hoare triple {29140#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret91#1 && outgoing__wrappee__AutoResponder_#t~ret91#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~17#1 := outgoing__wrappee__AutoResponder_#t~ret91#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~17#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {29139#true} {29140#false} #1058#return; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 89: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 88: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 87: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~36; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L272 TraceCheckUtils]: 86: Hoare triple {29140#false} call outgoing__wrappee__AutoResponder_#t~ret91#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 85: Hoare triple {29140#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret91#1, outgoing__wrappee__AutoResponder_#t~ret92#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~17#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~17#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 84: Hoare triple {29140#false} assume 0 == sign_~privkey~1#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 83: Hoare triple {29140#false} assume -2147483648 <= sign_#t~ret105#1 && sign_#t~ret105#1 <= 2147483647;sign_~tmp~24#1 := sign_#t~ret105#1;havoc sign_#t~ret105#1;sign_~privkey~1#1 := sign_~tmp~24#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {29139#true} {29140#false} #1056#return; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 81: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 80: Hoare triple {29139#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 79: Hoare triple {29139#true} ~handle := #in~handle;havoc ~retValue_acc~13; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L272 TraceCheckUtils]: 78: Hoare triple {29140#false} call sign_#t~ret105#1 := getClientPrivateKey(sign_~client#1); {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 77: Hoare triple {29140#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret105#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~24#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~24#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L272 TraceCheckUtils]: 76: Hoare triple {29140#false} call outgoing(~sender#1, ~email~0#1); {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 75: Hoare triple {29140#false} #t~ret101#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~tmp~22#1 := #t~ret101#1;havoc #t~ret101#1;~email~0#1 := ~tmp~22#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 74: Hoare triple {29140#false} createEmail_~retValue_acc~24#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~24#1; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {29139#true} {29140#false} #1124#return; {29140#false} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 72: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 71: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,509 INFO L290 TraceCheckUtils]: 70: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,510 INFO L272 TraceCheckUtils]: 69: Hoare triple {29140#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29139#true} is VALID [2022-02-20 18:04:59,510 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {29139#true} {29140#false} #1122#return; {29140#false} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 67: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 66: Hoare triple {29139#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 65: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,510 INFO L272 TraceCheckUtils]: 64: Hoare triple {29140#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29139#true} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 63: Hoare triple {29140#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~22#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~24#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~24#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29140#false} is VALID [2022-02-20 18:04:59,510 INFO L272 TraceCheckUtils]: 62: Hoare triple {29140#false} call sendEmail(~bob~0, ~rjh~0); {29140#false} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 61: Hoare triple {29140#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret67#1, bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret67#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret67#1 && bobToRjh_#t~ret67#1 <= 2147483647;havoc bobToRjh_#t~ret67#1; {29140#false} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 60: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {29140#false} is VALID [2022-02-20 18:04:59,510 INFO L290 TraceCheckUtils]: 59: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,511 INFO L290 TraceCheckUtils]: 58: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,511 INFO L290 TraceCheckUtils]: 57: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,511 INFO L290 TraceCheckUtils]: 56: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,511 INFO L290 TraceCheckUtils]: 55: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,512 INFO L290 TraceCheckUtils]: 54: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet57#1 && test_#t~nondet57#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet57#1;havoc test_#t~nondet57#1; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,512 INFO L290 TraceCheckUtils]: 53: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,512 INFO L290 TraceCheckUtils]: 52: Hoare triple {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet56#1 && test_#t~nondet56#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet56#1;havoc test_#t~nondet56#1; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,513 INFO L290 TraceCheckUtils]: 51: Hoare triple {29764#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29736#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:59,513 INFO L290 TraceCheckUtils]: 50: Hoare triple {29764#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {29764#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:04:59,513 INFO L290 TraceCheckUtils]: 49: Hoare triple {29764#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {29764#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:04:59,513 INFO L290 TraceCheckUtils]: 48: Hoare triple {29139#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~3#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29764#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 47: Hoare triple {29139#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 34, 0;havoc setup_#t~nondet74#1; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {29139#true} {29139#true} #1146#return; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 45: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 44: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 43: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 42: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 41: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L272 TraceCheckUtils]: 40: Hoare triple {29139#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 39: Hoare triple {29139#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {29139#true} {29139#true} #1144#return; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 37: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 36: Hoare triple {29139#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 35: Hoare triple {29139#true} assume !(2 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 34: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 33: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L272 TraceCheckUtils]: 32: Hoare triple {29139#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 31: Hoare triple {29139#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet73#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {29139#true} {29139#true} #1142#return; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 29: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 28: Hoare triple {29139#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 27: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,514 INFO L290 TraceCheckUtils]: 26: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L272 TraceCheckUtils]: 25: Hoare triple {29139#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 24: Hoare triple {29139#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {29139#true} {29139#true} #1140#return; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 22: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 21: Hoare triple {29139#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 20: Hoare triple {29139#true} assume !(1 == ~handle); {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 19: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L272 TraceCheckUtils]: 18: Hoare triple {29139#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 17: Hoare triple {29139#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet72#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29139#true} {29139#true} #1138#return; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 15: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 14: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 13: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L272 TraceCheckUtils]: 12: Hoare triple {29139#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 11: Hoare triple {29139#true} assume { :end_inline_setup_bob__wrappee__Base } true; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {29139#true} {29139#true} #1136#return; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 9: Hoare triple {29139#true} assume true; {29139#true} is VALID [2022-02-20 18:04:59,515 INFO L290 TraceCheckUtils]: 8: Hoare triple {29139#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 7: Hoare triple {29139#true} ~handle := #in~handle;~value := #in~value; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L272 TraceCheckUtils]: 6: Hoare triple {29139#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 5: Hoare triple {29139#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet72#1, setup_#t~nondet73#1, setup_#t~nondet74#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 4: Hoare triple {29139#true} main_#t~ret75#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret75#1 && main_#t~ret75#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret75#1;havoc main_#t~ret75#1; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 3: Hoare triple {29139#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~27#1;havoc valid_product_~retValue_acc~27#1;valid_product_~retValue_acc~27#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~27#1; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {29139#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {29139#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret75#1, main_~retValue_acc~25#1, main_~tmp~13#1;havoc main_~retValue_acc~25#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {29139#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(17, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(17, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);call #Ultimate.allocInit(21, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {29139#true} is VALID [2022-02-20 18:04:59,516 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:59,516 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1391258246] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:04:59,516 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:04:59,516 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 18:04:59,516 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1081099371] [2022-02-20 18:04:59,516 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:04:59,517 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 118 [2022-02-20 18:04:59,557 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:59,558 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:04:59,666 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 190 edges. 190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:59,666 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:04:59,666 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:59,667 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:04:59,667 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:04:59,667 INFO L87 Difference]: Start difference. First operand 446 states and 674 transitions. Second operand has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24)