./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec9_product12.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec9_product12.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 4d7925e6725ebc9ccc1628dac3a92336bad7d7149419f1b3b2e679ed4e3055d5 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:04:08,093 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:04:08,095 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:04:08,127 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:04:08,128 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:04:08,130 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:04:08,132 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:04:08,134 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:04:08,135 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:04:08,139 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:04:08,139 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:04:08,140 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:04:08,141 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:04:08,142 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:04:08,143 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:04:08,146 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:04:08,146 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:04:08,147 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:04:08,149 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:04:08,153 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:04:08,154 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:04:08,155 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:04:08,156 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:04:08,157 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:04:08,161 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:04:08,161 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:04:08,162 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:04:08,163 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:04:08,163 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:04:08,164 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:04:08,164 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:04:08,165 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:04:08,166 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:04:08,167 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:04:08,168 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:04:08,168 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:04:08,168 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:04:08,168 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:04:08,168 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:04:08,169 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:04:08,169 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:04:08,171 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:04:08,193 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:04:08,193 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:04:08,194 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:04:08,194 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:04:08,195 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:04:08,195 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:04:08,195 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:04:08,195 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:04:08,196 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:04:08,196 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:04:08,196 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:04:08,197 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:04:08,198 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:04:08,198 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:04:08,198 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:04:08,198 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:04:08,198 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:04:08,198 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:04:08,199 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:04:08,199 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:04:08,199 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:04:08,200 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:04:08,200 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:04:08,200 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:04:08,200 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:04:08,200 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:04:08,201 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:04:08,201 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 4d7925e6725ebc9ccc1628dac3a92336bad7d7149419f1b3b2e679ed4e3055d5 [2022-02-20 18:04:08,412 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:04:08,428 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:04:08,429 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:04:08,430 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:04:08,431 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:04:08,432 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec9_product12.cil.c [2022-02-20 18:04:08,495 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/af47a87fe/72b508292b984bc5aabe8596dbd2fb27/FLAG455995247 [2022-02-20 18:04:08,977 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:04:08,981 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product12.cil.c [2022-02-20 18:04:08,995 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/af47a87fe/72b508292b984bc5aabe8596dbd2fb27/FLAG455995247 [2022-02-20 18:04:09,455 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/af47a87fe/72b508292b984bc5aabe8596dbd2fb27 [2022-02-20 18:04:09,457 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:04:09,458 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:04:09,459 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:04:09,459 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:04:09,461 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:04:09,462 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:09" (1/1) ... [2022-02-20 18:04:09,463 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@76dadbfc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:09, skipping insertion in model container [2022-02-20 18:04:09,463 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:09" (1/1) ... [2022-02-20 18:04:09,468 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:04:09,520 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:04:09,877 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product12.cil.c[29763,29776] [2022-02-20 18:04:09,928 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:04:09,935 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:04:10,002 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product12.cil.c[29763,29776] [2022-02-20 18:04:10,033 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:04:10,052 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:04:10,053 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10 WrapperNode [2022-02-20 18:04:10,053 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:04:10,054 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:04:10,054 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:04:10,054 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:04:10,058 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,083 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,121 INFO L137 Inliner]: procedures = 123, calls = 191, calls flagged for inlining = 51, calls inlined = 41, statements flattened = 834 [2022-02-20 18:04:10,121 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:04:10,122 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:04:10,122 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:04:10,122 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:04:10,127 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,128 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,130 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,130 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,139 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,144 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,146 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,150 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:04:10,150 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:04:10,151 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:04:10,151 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:04:10,151 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (1/1) ... [2022-02-20 18:04:10,162 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:04:10,171 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:10,180 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:04:10,182 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:04:10,204 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:04:10,204 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:04:10,204 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:04:10,204 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:04:10,205 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:04:10,205 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:04:10,205 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:04:10,205 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:04:10,205 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:04:10,205 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:04:10,205 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:04:10,206 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:04:10,206 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:04:10,206 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:04:10,206 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:04:10,206 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:04:10,206 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:04:10,206 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:04:10,206 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:04:10,207 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:04:10,207 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:04:10,207 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:04:10,207 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:04:10,207 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:04:10,207 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:04:10,207 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:04:10,207 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:04:10,208 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:04:10,208 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:04:10,208 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:04:10,208 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:04:10,208 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:04:10,208 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:04:10,208 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:04:10,208 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:04:10,375 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:04:10,376 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:04:10,878 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:04:10,885 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:04:10,885 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:04:10,887 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:10 BoogieIcfgContainer [2022-02-20 18:04:10,887 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:04:10,888 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:04:10,888 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:04:10,890 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:04:10,890 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:04:09" (1/3) ... [2022-02-20 18:04:10,891 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@63c49840 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:10, skipping insertion in model container [2022-02-20 18:04:10,891 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:10" (2/3) ... [2022-02-20 18:04:10,891 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@63c49840 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:10, skipping insertion in model container [2022-02-20 18:04:10,891 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:10" (3/3) ... [2022-02-20 18:04:10,892 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec9_product12.cil.c [2022-02-20 18:04:10,895 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:04:10,895 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:04:10,924 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:04:10,928 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:04:10,928 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:04:10,947 INFO L276 IsEmpty]: Start isEmpty. Operand has 262 states, 206 states have (on average 1.5533980582524272) internal successors, (320), 210 states have internal predecessors, (320), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 18:04:10,957 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 87 [2022-02-20 18:04:10,958 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:10,958 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:10,959 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:10,962 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:10,962 INFO L85 PathProgramCache]: Analyzing trace with hash 2039353953, now seen corresponding path program 1 times [2022-02-20 18:04:10,968 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:10,969 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [465269120] [2022-02-20 18:04:10,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:10,969 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:11,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:11,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,173 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {265#true} #818#return; {265#true} is VALID [2022-02-20 18:04:11,179 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:11,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,186 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {265#true} #820#return; {265#true} is VALID [2022-02-20 18:04:11,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:11,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {310#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:11,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {310#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {311#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:11,206 INFO L290 TraceCheckUtils]: 2: Hoare triple {311#(= |setClientId_#in~handle| 1)} assume true; {311#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:11,207 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {311#(= |setClientId_#in~handle| 1)} {275#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {266#false} is VALID [2022-02-20 18:04:11,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:11,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,213 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #824#return; {266#false} is VALID [2022-02-20 18:04:11,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:11,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,228 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,228 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,229 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #826#return; {266#false} is VALID [2022-02-20 18:04:11,229 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:11,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,237 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #828#return; {266#false} is VALID [2022-02-20 18:04:11,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:04:11,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {312#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,248 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,248 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,248 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #814#return; {266#false} is VALID [2022-02-20 18:04:11,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:11,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {265#true} ~handle := #in~handle;havoc ~retValue_acc~11; {265#true} is VALID [2022-02-20 18:04:11,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {265#true} is VALID [2022-02-20 18:04:11,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,252 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #784#return; {266#false} is VALID [2022-02-20 18:04:11,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:04:11,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {312#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,259 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,260 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #790#return; {266#false} is VALID [2022-02-20 18:04:11,261 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:04:11,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {265#true} ~handle := #in~handle;havoc ~retValue_acc~14; {265#true} is VALID [2022-02-20 18:04:11,270 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {265#true} is VALID [2022-02-20 18:04:11,270 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,270 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {265#true} {266#false} #792#return; {266#false} is VALID [2022-02-20 18:04:11,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {265#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {265#true} is VALID [2022-02-20 18:04:11,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {265#true} is VALID [2022-02-20 18:04:11,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {265#true} is VALID [2022-02-20 18:04:11,272 INFO L290 TraceCheckUtils]: 3: Hoare triple {265#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {265#true} is VALID [2022-02-20 18:04:11,273 INFO L290 TraceCheckUtils]: 4: Hoare triple {265#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {265#true} is VALID [2022-02-20 18:04:11,273 INFO L290 TraceCheckUtils]: 5: Hoare triple {265#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {265#true} is VALID [2022-02-20 18:04:11,274 INFO L272 TraceCheckUtils]: 6: Hoare triple {265#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:11,274 INFO L290 TraceCheckUtils]: 7: Hoare triple {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,275 INFO L290 TraceCheckUtils]: 8: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,275 INFO L290 TraceCheckUtils]: 9: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,275 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {265#true} {265#true} #818#return; {265#true} is VALID [2022-02-20 18:04:11,276 INFO L290 TraceCheckUtils]: 11: Hoare triple {265#true} assume { :end_inline_setup_bob__wrappee__Base } true; {265#true} is VALID [2022-02-20 18:04:11,276 INFO L272 TraceCheckUtils]: 12: Hoare triple {265#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:11,277 INFO L290 TraceCheckUtils]: 13: Hoare triple {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,277 INFO L290 TraceCheckUtils]: 14: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,277 INFO L290 TraceCheckUtils]: 15: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,277 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {265#true} {265#true} #820#return; {265#true} is VALID [2022-02-20 18:04:11,278 INFO L290 TraceCheckUtils]: 17: Hoare triple {265#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {275#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:11,279 INFO L272 TraceCheckUtils]: 18: Hoare triple {275#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:11,279 INFO L290 TraceCheckUtils]: 19: Hoare triple {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {310#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:11,280 INFO L290 TraceCheckUtils]: 20: Hoare triple {310#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {311#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:11,280 INFO L290 TraceCheckUtils]: 21: Hoare triple {311#(= |setClientId_#in~handle| 1)} assume true; {311#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:11,281 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {311#(= |setClientId_#in~handle| 1)} {275#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {266#false} is VALID [2022-02-20 18:04:11,281 INFO L290 TraceCheckUtils]: 23: Hoare triple {266#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {266#false} is VALID [2022-02-20 18:04:11,281 INFO L272 TraceCheckUtils]: 24: Hoare triple {266#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:11,281 INFO L290 TraceCheckUtils]: 25: Hoare triple {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,281 INFO L290 TraceCheckUtils]: 26: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,282 INFO L290 TraceCheckUtils]: 27: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,282 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {265#true} {266#false} #824#return; {266#false} is VALID [2022-02-20 18:04:11,282 INFO L290 TraceCheckUtils]: 29: Hoare triple {266#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {266#false} is VALID [2022-02-20 18:04:11,282 INFO L272 TraceCheckUtils]: 30: Hoare triple {266#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:11,282 INFO L290 TraceCheckUtils]: 31: Hoare triple {308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,282 INFO L290 TraceCheckUtils]: 32: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,283 INFO L290 TraceCheckUtils]: 33: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,283 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {265#true} {266#false} #826#return; {266#false} is VALID [2022-02-20 18:04:11,283 INFO L290 TraceCheckUtils]: 35: Hoare triple {266#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {266#false} is VALID [2022-02-20 18:04:11,283 INFO L272 TraceCheckUtils]: 36: Hoare triple {266#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:11,283 INFO L290 TraceCheckUtils]: 37: Hoare triple {309#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,284 INFO L290 TraceCheckUtils]: 38: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,284 INFO L290 TraceCheckUtils]: 39: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,284 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {265#true} {266#false} #828#return; {266#false} is VALID [2022-02-20 18:04:11,284 INFO L290 TraceCheckUtils]: 41: Hoare triple {266#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {266#false} is VALID [2022-02-20 18:04:11,284 INFO L290 TraceCheckUtils]: 42: Hoare triple {266#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {266#false} is VALID [2022-02-20 18:04:11,285 INFO L290 TraceCheckUtils]: 43: Hoare triple {266#false} assume !true; {266#false} is VALID [2022-02-20 18:04:11,286 INFO L290 TraceCheckUtils]: 44: Hoare triple {266#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {266#false} is VALID [2022-02-20 18:04:11,286 INFO L272 TraceCheckUtils]: 45: Hoare triple {266#false} call sendEmail(~bob~0, ~rjh~0); {266#false} is VALID [2022-02-20 18:04:11,286 INFO L290 TraceCheckUtils]: 46: Hoare triple {266#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {266#false} is VALID [2022-02-20 18:04:11,287 INFO L272 TraceCheckUtils]: 47: Hoare triple {266#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {312#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:11,287 INFO L290 TraceCheckUtils]: 48: Hoare triple {312#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,287 INFO L290 TraceCheckUtils]: 49: Hoare triple {265#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,287 INFO L290 TraceCheckUtils]: 50: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,287 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {265#true} {266#false} #814#return; {266#false} is VALID [2022-02-20 18:04:11,288 INFO L290 TraceCheckUtils]: 52: Hoare triple {266#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {266#false} is VALID [2022-02-20 18:04:11,288 INFO L290 TraceCheckUtils]: 53: Hoare triple {266#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {266#false} is VALID [2022-02-20 18:04:11,288 INFO L290 TraceCheckUtils]: 54: Hoare triple {266#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {266#false} is VALID [2022-02-20 18:04:11,288 INFO L290 TraceCheckUtils]: 55: Hoare triple {266#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {266#false} is VALID [2022-02-20 18:04:11,288 INFO L272 TraceCheckUtils]: 56: Hoare triple {266#false} call outgoing(~sender#1, ~email~0#1); {266#false} is VALID [2022-02-20 18:04:11,289 INFO L290 TraceCheckUtils]: 57: Hoare triple {266#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {266#false} is VALID [2022-02-20 18:04:11,289 INFO L272 TraceCheckUtils]: 58: Hoare triple {266#false} call #t~ret15#1 := getEmailTo(~msg#1); {265#true} is VALID [2022-02-20 18:04:11,289 INFO L290 TraceCheckUtils]: 59: Hoare triple {265#true} ~handle := #in~handle;havoc ~retValue_acc~11; {265#true} is VALID [2022-02-20 18:04:11,289 INFO L290 TraceCheckUtils]: 60: Hoare triple {265#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {265#true} is VALID [2022-02-20 18:04:11,289 INFO L290 TraceCheckUtils]: 61: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,290 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {265#true} {266#false} #784#return; {266#false} is VALID [2022-02-20 18:04:11,290 INFO L290 TraceCheckUtils]: 63: Hoare triple {266#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {266#false} is VALID [2022-02-20 18:04:11,290 INFO L290 TraceCheckUtils]: 64: Hoare triple {266#false} assume 1 == findPublicKey_~handle#1; {266#false} is VALID [2022-02-20 18:04:11,290 INFO L290 TraceCheckUtils]: 65: Hoare triple {266#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {266#false} is VALID [2022-02-20 18:04:11,290 INFO L290 TraceCheckUtils]: 66: Hoare triple {266#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {266#false} is VALID [2022-02-20 18:04:11,291 INFO L290 TraceCheckUtils]: 67: Hoare triple {266#false} assume !(0 != ~pubkey~0#1); {266#false} is VALID [2022-02-20 18:04:11,291 INFO L290 TraceCheckUtils]: 68: Hoare triple {266#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {266#false} is VALID [2022-02-20 18:04:11,292 INFO L290 TraceCheckUtils]: 69: Hoare triple {266#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {266#false} is VALID [2022-02-20 18:04:11,292 INFO L290 TraceCheckUtils]: 70: Hoare triple {266#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {266#false} is VALID [2022-02-20 18:04:11,307 INFO L272 TraceCheckUtils]: 71: Hoare triple {266#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {312#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:11,307 INFO L290 TraceCheckUtils]: 72: Hoare triple {312#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,307 INFO L290 TraceCheckUtils]: 73: Hoare triple {265#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,308 INFO L290 TraceCheckUtils]: 74: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,308 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {265#true} {266#false} #790#return; {266#false} is VALID [2022-02-20 18:04:11,308 INFO L290 TraceCheckUtils]: 76: Hoare triple {266#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {266#false} is VALID [2022-02-20 18:04:11,308 INFO L290 TraceCheckUtils]: 77: Hoare triple {266#false} assume 0 != ~in_encrypted~0; {266#false} is VALID [2022-02-20 18:04:11,308 INFO L272 TraceCheckUtils]: 78: Hoare triple {266#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {265#true} is VALID [2022-02-20 18:04:11,308 INFO L290 TraceCheckUtils]: 79: Hoare triple {265#true} ~handle := #in~handle;havoc ~retValue_acc~14; {265#true} is VALID [2022-02-20 18:04:11,308 INFO L290 TraceCheckUtils]: 80: Hoare triple {265#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {265#true} is VALID [2022-02-20 18:04:11,309 INFO L290 TraceCheckUtils]: 81: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,309 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {265#true} {266#false} #792#return; {266#false} is VALID [2022-02-20 18:04:11,309 INFO L290 TraceCheckUtils]: 83: Hoare triple {266#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {266#false} is VALID [2022-02-20 18:04:11,309 INFO L290 TraceCheckUtils]: 84: Hoare triple {266#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {266#false} is VALID [2022-02-20 18:04:11,309 INFO L290 TraceCheckUtils]: 85: Hoare triple {266#false} assume !false; {266#false} is VALID [2022-02-20 18:04:11,310 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:04:11,310 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:11,310 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [465269120] [2022-02-20 18:04:11,311 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [465269120] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:11,311 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1312985189] [2022-02-20 18:04:11,311 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:11,311 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:11,311 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:11,313 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:11,316 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:04:11,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,562 INFO L263 TraceCheckSpWp]: Trace formula consists of 913 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:04:11,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:11,627 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:11,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {265#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {265#true} is VALID [2022-02-20 18:04:11,814 INFO L290 TraceCheckUtils]: 1: Hoare triple {265#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {265#true} is VALID [2022-02-20 18:04:11,814 INFO L290 TraceCheckUtils]: 2: Hoare triple {265#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {265#true} is VALID [2022-02-20 18:04:11,814 INFO L290 TraceCheckUtils]: 3: Hoare triple {265#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {265#true} is VALID [2022-02-20 18:04:11,814 INFO L290 TraceCheckUtils]: 4: Hoare triple {265#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {265#true} is VALID [2022-02-20 18:04:11,815 INFO L290 TraceCheckUtils]: 5: Hoare triple {265#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {265#true} is VALID [2022-02-20 18:04:11,815 INFO L272 TraceCheckUtils]: 6: Hoare triple {265#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {265#true} is VALID [2022-02-20 18:04:11,815 INFO L290 TraceCheckUtils]: 7: Hoare triple {265#true} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,815 INFO L290 TraceCheckUtils]: 8: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,815 INFO L290 TraceCheckUtils]: 9: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,816 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {265#true} {265#true} #818#return; {265#true} is VALID [2022-02-20 18:04:11,816 INFO L290 TraceCheckUtils]: 11: Hoare triple {265#true} assume { :end_inline_setup_bob__wrappee__Base } true; {265#true} is VALID [2022-02-20 18:04:11,816 INFO L272 TraceCheckUtils]: 12: Hoare triple {265#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {265#true} is VALID [2022-02-20 18:04:11,817 INFO L290 TraceCheckUtils]: 13: Hoare triple {265#true} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,817 INFO L290 TraceCheckUtils]: 14: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,817 INFO L290 TraceCheckUtils]: 15: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,819 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {265#true} {265#true} #820#return; {265#true} is VALID [2022-02-20 18:04:11,821 INFO L290 TraceCheckUtils]: 17: Hoare triple {265#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {265#true} is VALID [2022-02-20 18:04:11,821 INFO L272 TraceCheckUtils]: 18: Hoare triple {265#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {265#true} is VALID [2022-02-20 18:04:11,821 INFO L290 TraceCheckUtils]: 19: Hoare triple {265#true} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,822 INFO L290 TraceCheckUtils]: 20: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,822 INFO L290 TraceCheckUtils]: 21: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,822 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {265#true} {265#true} #822#return; {265#true} is VALID [2022-02-20 18:04:11,822 INFO L290 TraceCheckUtils]: 23: Hoare triple {265#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {265#true} is VALID [2022-02-20 18:04:11,823 INFO L272 TraceCheckUtils]: 24: Hoare triple {265#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {265#true} is VALID [2022-02-20 18:04:11,823 INFO L290 TraceCheckUtils]: 25: Hoare triple {265#true} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,826 INFO L290 TraceCheckUtils]: 26: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,826 INFO L290 TraceCheckUtils]: 27: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,827 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {265#true} {265#true} #824#return; {265#true} is VALID [2022-02-20 18:04:11,827 INFO L290 TraceCheckUtils]: 29: Hoare triple {265#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {265#true} is VALID [2022-02-20 18:04:11,827 INFO L272 TraceCheckUtils]: 30: Hoare triple {265#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {265#true} is VALID [2022-02-20 18:04:11,827 INFO L290 TraceCheckUtils]: 31: Hoare triple {265#true} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,827 INFO L290 TraceCheckUtils]: 32: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,828 INFO L290 TraceCheckUtils]: 33: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,828 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {265#true} {265#true} #826#return; {265#true} is VALID [2022-02-20 18:04:11,828 INFO L290 TraceCheckUtils]: 35: Hoare triple {265#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {265#true} is VALID [2022-02-20 18:04:11,828 INFO L272 TraceCheckUtils]: 36: Hoare triple {265#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {265#true} is VALID [2022-02-20 18:04:11,828 INFO L290 TraceCheckUtils]: 37: Hoare triple {265#true} ~handle := #in~handle;~value := #in~value; {265#true} is VALID [2022-02-20 18:04:11,828 INFO L290 TraceCheckUtils]: 38: Hoare triple {265#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {265#true} is VALID [2022-02-20 18:04:11,829 INFO L290 TraceCheckUtils]: 39: Hoare triple {265#true} assume true; {265#true} is VALID [2022-02-20 18:04:11,829 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {265#true} {265#true} #828#return; {265#true} is VALID [2022-02-20 18:04:11,839 INFO L290 TraceCheckUtils]: 41: Hoare triple {265#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {265#true} is VALID [2022-02-20 18:04:11,839 INFO L290 TraceCheckUtils]: 42: Hoare triple {265#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {265#true} is VALID [2022-02-20 18:04:11,840 INFO L290 TraceCheckUtils]: 43: Hoare triple {265#true} assume !true; {266#false} is VALID [2022-02-20 18:04:11,840 INFO L290 TraceCheckUtils]: 44: Hoare triple {266#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {266#false} is VALID [2022-02-20 18:04:11,840 INFO L272 TraceCheckUtils]: 45: Hoare triple {266#false} call sendEmail(~bob~0, ~rjh~0); {266#false} is VALID [2022-02-20 18:04:11,840 INFO L290 TraceCheckUtils]: 46: Hoare triple {266#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {266#false} is VALID [2022-02-20 18:04:11,841 INFO L272 TraceCheckUtils]: 47: Hoare triple {266#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {266#false} is VALID [2022-02-20 18:04:11,841 INFO L290 TraceCheckUtils]: 48: Hoare triple {266#false} ~handle := #in~handle;~value := #in~value; {266#false} is VALID [2022-02-20 18:04:11,842 INFO L290 TraceCheckUtils]: 49: Hoare triple {266#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {266#false} is VALID [2022-02-20 18:04:11,842 INFO L290 TraceCheckUtils]: 50: Hoare triple {266#false} assume true; {266#false} is VALID [2022-02-20 18:04:11,842 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {266#false} {266#false} #814#return; {266#false} is VALID [2022-02-20 18:04:11,843 INFO L290 TraceCheckUtils]: 52: Hoare triple {266#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {266#false} is VALID [2022-02-20 18:04:11,844 INFO L290 TraceCheckUtils]: 53: Hoare triple {266#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {266#false} is VALID [2022-02-20 18:04:11,844 INFO L290 TraceCheckUtils]: 54: Hoare triple {266#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {266#false} is VALID [2022-02-20 18:04:11,844 INFO L290 TraceCheckUtils]: 55: Hoare triple {266#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {266#false} is VALID [2022-02-20 18:04:11,844 INFO L272 TraceCheckUtils]: 56: Hoare triple {266#false} call outgoing(~sender#1, ~email~0#1); {266#false} is VALID [2022-02-20 18:04:11,844 INFO L290 TraceCheckUtils]: 57: Hoare triple {266#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {266#false} is VALID [2022-02-20 18:04:11,844 INFO L272 TraceCheckUtils]: 58: Hoare triple {266#false} call #t~ret15#1 := getEmailTo(~msg#1); {266#false} is VALID [2022-02-20 18:04:11,845 INFO L290 TraceCheckUtils]: 59: Hoare triple {266#false} ~handle := #in~handle;havoc ~retValue_acc~11; {266#false} is VALID [2022-02-20 18:04:11,845 INFO L290 TraceCheckUtils]: 60: Hoare triple {266#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {266#false} is VALID [2022-02-20 18:04:11,845 INFO L290 TraceCheckUtils]: 61: Hoare triple {266#false} assume true; {266#false} is VALID [2022-02-20 18:04:11,845 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {266#false} {266#false} #784#return; {266#false} is VALID [2022-02-20 18:04:11,847 INFO L290 TraceCheckUtils]: 63: Hoare triple {266#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {266#false} is VALID [2022-02-20 18:04:11,847 INFO L290 TraceCheckUtils]: 64: Hoare triple {266#false} assume 1 == findPublicKey_~handle#1; {266#false} is VALID [2022-02-20 18:04:11,847 INFO L290 TraceCheckUtils]: 65: Hoare triple {266#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {266#false} is VALID [2022-02-20 18:04:11,847 INFO L290 TraceCheckUtils]: 66: Hoare triple {266#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {266#false} is VALID [2022-02-20 18:04:11,847 INFO L290 TraceCheckUtils]: 67: Hoare triple {266#false} assume !(0 != ~pubkey~0#1); {266#false} is VALID [2022-02-20 18:04:11,847 INFO L290 TraceCheckUtils]: 68: Hoare triple {266#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {266#false} is VALID [2022-02-20 18:04:11,848 INFO L290 TraceCheckUtils]: 69: Hoare triple {266#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {266#false} is VALID [2022-02-20 18:04:11,848 INFO L290 TraceCheckUtils]: 70: Hoare triple {266#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {266#false} is VALID [2022-02-20 18:04:11,850 INFO L272 TraceCheckUtils]: 71: Hoare triple {266#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {266#false} is VALID [2022-02-20 18:04:11,850 INFO L290 TraceCheckUtils]: 72: Hoare triple {266#false} ~handle := #in~handle;~value := #in~value; {266#false} is VALID [2022-02-20 18:04:11,851 INFO L290 TraceCheckUtils]: 73: Hoare triple {266#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {266#false} is VALID [2022-02-20 18:04:11,851 INFO L290 TraceCheckUtils]: 74: Hoare triple {266#false} assume true; {266#false} is VALID [2022-02-20 18:04:11,851 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {266#false} {266#false} #790#return; {266#false} is VALID [2022-02-20 18:04:11,851 INFO L290 TraceCheckUtils]: 76: Hoare triple {266#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {266#false} is VALID [2022-02-20 18:04:11,851 INFO L290 TraceCheckUtils]: 77: Hoare triple {266#false} assume 0 != ~in_encrypted~0; {266#false} is VALID [2022-02-20 18:04:11,852 INFO L272 TraceCheckUtils]: 78: Hoare triple {266#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {266#false} is VALID [2022-02-20 18:04:11,852 INFO L290 TraceCheckUtils]: 79: Hoare triple {266#false} ~handle := #in~handle;havoc ~retValue_acc~14; {266#false} is VALID [2022-02-20 18:04:11,852 INFO L290 TraceCheckUtils]: 80: Hoare triple {266#false} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {266#false} is VALID [2022-02-20 18:04:11,852 INFO L290 TraceCheckUtils]: 81: Hoare triple {266#false} assume true; {266#false} is VALID [2022-02-20 18:04:11,852 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {266#false} {266#false} #792#return; {266#false} is VALID [2022-02-20 18:04:11,852 INFO L290 TraceCheckUtils]: 83: Hoare triple {266#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {266#false} is VALID [2022-02-20 18:04:11,853 INFO L290 TraceCheckUtils]: 84: Hoare triple {266#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {266#false} is VALID [2022-02-20 18:04:11,853 INFO L290 TraceCheckUtils]: 85: Hoare triple {266#false} assume !false; {266#false} is VALID [2022-02-20 18:04:11,853 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:04:11,854 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:11,854 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1312985189] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:11,854 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:11,855 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [8] total 8 [2022-02-20 18:04:11,856 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [936407799] [2022-02-20 18:04:11,857 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:11,861 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 86 [2022-02-20 18:04:11,863 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:11,866 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:11,918 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 71 edges. 71 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:11,919 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:04:11,919 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:11,937 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:04:11,938 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:04:11,943 INFO L87 Difference]: Start difference. First operand has 262 states, 206 states have (on average 1.5533980582524272) internal successors, (320), 210 states have internal predecessors, (320), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) Second operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:12,197 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:12,198 INFO L93 Difference]: Finished difference Result 375 states and 558 transitions. [2022-02-20 18:04:12,198 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:04:12,198 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 86 [2022-02-20 18:04:12,198 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:12,200 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:12,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 558 transitions. [2022-02-20 18:04:12,212 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:12,219 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 558 transitions. [2022-02-20 18:04:12,220 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 558 transitions. [2022-02-20 18:04:12,592 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 558 edges. 558 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:12,614 INFO L225 Difference]: With dead ends: 375 [2022-02-20 18:04:12,614 INFO L226 Difference]: Without dead ends: 255 [2022-02-20 18:04:12,620 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 109 GetRequests, 103 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:04:12,622 INFO L933 BasicCegarLoop]: 394 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 394 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:12,625 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 394 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:12,638 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 255 states. [2022-02-20 18:04:12,674 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 255 to 255. [2022-02-20 18:04:12,674 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:12,681 INFO L82 GeneralOperation]: Start isEquivalent. First operand 255 states. Second operand has 255 states, 200 states have (on average 1.545) internal successors, (309), 203 states have internal predecessors, (309), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:12,682 INFO L74 IsIncluded]: Start isIncluded. First operand 255 states. Second operand has 255 states, 200 states have (on average 1.545) internal successors, (309), 203 states have internal predecessors, (309), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:12,684 INFO L87 Difference]: Start difference. First operand 255 states. Second operand has 255 states, 200 states have (on average 1.545) internal successors, (309), 203 states have internal predecessors, (309), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:12,700 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:12,700 INFO L93 Difference]: Finished difference Result 255 states and 386 transitions. [2022-02-20 18:04:12,700 INFO L276 IsEmpty]: Start isEmpty. Operand 255 states and 386 transitions. [2022-02-20 18:04:12,708 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:12,708 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:12,710 INFO L74 IsIncluded]: Start isIncluded. First operand has 255 states, 200 states have (on average 1.545) internal successors, (309), 203 states have internal predecessors, (309), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 255 states. [2022-02-20 18:04:12,711 INFO L87 Difference]: Start difference. First operand has 255 states, 200 states have (on average 1.545) internal successors, (309), 203 states have internal predecessors, (309), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 255 states. [2022-02-20 18:04:12,723 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:12,723 INFO L93 Difference]: Finished difference Result 255 states and 386 transitions. [2022-02-20 18:04:12,723 INFO L276 IsEmpty]: Start isEmpty. Operand 255 states and 386 transitions. [2022-02-20 18:04:12,724 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:12,724 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:12,724 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:12,725 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:12,726 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 255 states, 200 states have (on average 1.545) internal successors, (309), 203 states have internal predecessors, (309), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:12,738 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 255 states to 255 states and 386 transitions. [2022-02-20 18:04:12,739 INFO L78 Accepts]: Start accepts. Automaton has 255 states and 386 transitions. Word has length 86 [2022-02-20 18:04:12,740 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:12,740 INFO L470 AbstractCegarLoop]: Abstraction has 255 states and 386 transitions. [2022-02-20 18:04:12,741 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:12,743 INFO L276 IsEmpty]: Start isEmpty. Operand 255 states and 386 transitions. [2022-02-20 18:04:12,746 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 88 [2022-02-20 18:04:12,746 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:12,746 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:12,767 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:12,964 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:04:12,964 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:12,965 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:12,965 INFO L85 PathProgramCache]: Analyzing trace with hash 71453907, now seen corresponding path program 1 times [2022-02-20 18:04:12,965 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:12,965 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [647537976] [2022-02-20 18:04:12,965 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:12,965 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:13,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:13,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,071 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1959#true} #818#return; {1959#true} is VALID [2022-02-20 18:04:13,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:13,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,080 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,080 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1959#true} #820#return; {1959#true} is VALID [2022-02-20 18:04:13,080 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:13,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,098 INFO L290 TraceCheckUtils]: 0: Hoare triple {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2004#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:13,098 INFO L290 TraceCheckUtils]: 1: Hoare triple {2004#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2005#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:13,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {2005#(= |setClientId_#in~handle| 1)} assume true; {2005#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:13,099 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2005#(= |setClientId_#in~handle| 1)} {1969#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {1960#false} is VALID [2022-02-20 18:04:13,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:13,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,104 INFO L290 TraceCheckUtils]: 0: Hoare triple {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,104 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,105 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,105 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #824#return; {1960#false} is VALID [2022-02-20 18:04:13,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:13,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #826#return; {1960#false} is VALID [2022-02-20 18:04:13,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:13,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,116 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #828#return; {1960#false} is VALID [2022-02-20 18:04:13,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:04:13,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {2006#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,126 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,129 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #814#return; {1960#false} is VALID [2022-02-20 18:04:13,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:04:13,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,135 INFO L290 TraceCheckUtils]: 0: Hoare triple {1959#true} ~handle := #in~handle;havoc ~retValue_acc~11; {1959#true} is VALID [2022-02-20 18:04:13,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {1959#true} is VALID [2022-02-20 18:04:13,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,138 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #784#return; {1960#false} is VALID [2022-02-20 18:04:13,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:04:13,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,143 INFO L290 TraceCheckUtils]: 0: Hoare triple {2006#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,143 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,143 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,143 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #790#return; {1960#false} is VALID [2022-02-20 18:04:13,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:04:13,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {1959#true} ~handle := #in~handle;havoc ~retValue_acc~14; {1959#true} is VALID [2022-02-20 18:04:13,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {1959#true} is VALID [2022-02-20 18:04:13,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,148 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1959#true} {1960#false} #792#return; {1960#false} is VALID [2022-02-20 18:04:13,148 INFO L290 TraceCheckUtils]: 0: Hoare triple {1959#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {1959#true} is VALID [2022-02-20 18:04:13,148 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1959#true} is VALID [2022-02-20 18:04:13,149 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1959#true} is VALID [2022-02-20 18:04:13,150 INFO L290 TraceCheckUtils]: 3: Hoare triple {1959#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {1959#true} is VALID [2022-02-20 18:04:13,150 INFO L290 TraceCheckUtils]: 4: Hoare triple {1959#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {1959#true} is VALID [2022-02-20 18:04:13,150 INFO L290 TraceCheckUtils]: 5: Hoare triple {1959#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {1959#true} is VALID [2022-02-20 18:04:13,151 INFO L272 TraceCheckUtils]: 6: Hoare triple {1959#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:13,151 INFO L290 TraceCheckUtils]: 7: Hoare triple {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,151 INFO L290 TraceCheckUtils]: 8: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,152 INFO L290 TraceCheckUtils]: 9: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,152 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {1959#true} {1959#true} #818#return; {1959#true} is VALID [2022-02-20 18:04:13,152 INFO L290 TraceCheckUtils]: 11: Hoare triple {1959#true} assume { :end_inline_setup_bob__wrappee__Base } true; {1959#true} is VALID [2022-02-20 18:04:13,152 INFO L272 TraceCheckUtils]: 12: Hoare triple {1959#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:13,152 INFO L290 TraceCheckUtils]: 13: Hoare triple {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,153 INFO L290 TraceCheckUtils]: 14: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,153 INFO L290 TraceCheckUtils]: 15: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,153 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {1959#true} {1959#true} #820#return; {1959#true} is VALID [2022-02-20 18:04:13,153 INFO L290 TraceCheckUtils]: 17: Hoare triple {1959#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {1969#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:13,154 INFO L272 TraceCheckUtils]: 18: Hoare triple {1969#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:13,154 INFO L290 TraceCheckUtils]: 19: Hoare triple {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2004#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:13,154 INFO L290 TraceCheckUtils]: 20: Hoare triple {2004#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2005#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:13,155 INFO L290 TraceCheckUtils]: 21: Hoare triple {2005#(= |setClientId_#in~handle| 1)} assume true; {2005#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:13,155 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2005#(= |setClientId_#in~handle| 1)} {1969#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {1960#false} is VALID [2022-02-20 18:04:13,155 INFO L290 TraceCheckUtils]: 23: Hoare triple {1960#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {1960#false} is VALID [2022-02-20 18:04:13,155 INFO L272 TraceCheckUtils]: 24: Hoare triple {1960#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:13,155 INFO L290 TraceCheckUtils]: 25: Hoare triple {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,156 INFO L290 TraceCheckUtils]: 26: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,156 INFO L290 TraceCheckUtils]: 27: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,156 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {1959#true} {1960#false} #824#return; {1960#false} is VALID [2022-02-20 18:04:13,156 INFO L290 TraceCheckUtils]: 29: Hoare triple {1960#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {1960#false} is VALID [2022-02-20 18:04:13,156 INFO L272 TraceCheckUtils]: 30: Hoare triple {1960#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:13,156 INFO L290 TraceCheckUtils]: 31: Hoare triple {2002#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,156 INFO L290 TraceCheckUtils]: 32: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,156 INFO L290 TraceCheckUtils]: 33: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,157 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {1959#true} {1960#false} #826#return; {1960#false} is VALID [2022-02-20 18:04:13,157 INFO L290 TraceCheckUtils]: 35: Hoare triple {1960#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {1960#false} is VALID [2022-02-20 18:04:13,157 INFO L272 TraceCheckUtils]: 36: Hoare triple {1960#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:13,157 INFO L290 TraceCheckUtils]: 37: Hoare triple {2003#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,157 INFO L290 TraceCheckUtils]: 38: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,157 INFO L290 TraceCheckUtils]: 39: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,157 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {1959#true} {1960#false} #828#return; {1960#false} is VALID [2022-02-20 18:04:13,157 INFO L290 TraceCheckUtils]: 41: Hoare triple {1960#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {1960#false} is VALID [2022-02-20 18:04:13,159 INFO L290 TraceCheckUtils]: 42: Hoare triple {1960#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {1960#false} is VALID [2022-02-20 18:04:13,159 INFO L290 TraceCheckUtils]: 43: Hoare triple {1960#false} assume !false; {1960#false} is VALID [2022-02-20 18:04:13,159 INFO L290 TraceCheckUtils]: 44: Hoare triple {1960#false} assume !(test_~splverifierCounter~0#1 < 4); {1960#false} is VALID [2022-02-20 18:04:13,159 INFO L290 TraceCheckUtils]: 45: Hoare triple {1960#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {1960#false} is VALID [2022-02-20 18:04:13,159 INFO L272 TraceCheckUtils]: 46: Hoare triple {1960#false} call sendEmail(~bob~0, ~rjh~0); {1960#false} is VALID [2022-02-20 18:04:13,160 INFO L290 TraceCheckUtils]: 47: Hoare triple {1960#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {1960#false} is VALID [2022-02-20 18:04:13,160 INFO L272 TraceCheckUtils]: 48: Hoare triple {1960#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2006#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:13,160 INFO L290 TraceCheckUtils]: 49: Hoare triple {2006#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,160 INFO L290 TraceCheckUtils]: 50: Hoare triple {1959#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,161 INFO L290 TraceCheckUtils]: 51: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,161 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {1959#true} {1960#false} #814#return; {1960#false} is VALID [2022-02-20 18:04:13,161 INFO L290 TraceCheckUtils]: 53: Hoare triple {1960#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {1960#false} is VALID [2022-02-20 18:04:13,161 INFO L290 TraceCheckUtils]: 54: Hoare triple {1960#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {1960#false} is VALID [2022-02-20 18:04:13,161 INFO L290 TraceCheckUtils]: 55: Hoare triple {1960#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {1960#false} is VALID [2022-02-20 18:04:13,161 INFO L290 TraceCheckUtils]: 56: Hoare triple {1960#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {1960#false} is VALID [2022-02-20 18:04:13,161 INFO L272 TraceCheckUtils]: 57: Hoare triple {1960#false} call outgoing(~sender#1, ~email~0#1); {1960#false} is VALID [2022-02-20 18:04:13,162 INFO L290 TraceCheckUtils]: 58: Hoare triple {1960#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {1960#false} is VALID [2022-02-20 18:04:13,162 INFO L272 TraceCheckUtils]: 59: Hoare triple {1960#false} call #t~ret15#1 := getEmailTo(~msg#1); {1959#true} is VALID [2022-02-20 18:04:13,162 INFO L290 TraceCheckUtils]: 60: Hoare triple {1959#true} ~handle := #in~handle;havoc ~retValue_acc~11; {1959#true} is VALID [2022-02-20 18:04:13,162 INFO L290 TraceCheckUtils]: 61: Hoare triple {1959#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {1959#true} is VALID [2022-02-20 18:04:13,162 INFO L290 TraceCheckUtils]: 62: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,162 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {1959#true} {1960#false} #784#return; {1960#false} is VALID [2022-02-20 18:04:13,162 INFO L290 TraceCheckUtils]: 64: Hoare triple {1960#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {1960#false} is VALID [2022-02-20 18:04:13,162 INFO L290 TraceCheckUtils]: 65: Hoare triple {1960#false} assume 1 == findPublicKey_~handle#1; {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 66: Hoare triple {1960#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 67: Hoare triple {1960#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 68: Hoare triple {1960#false} assume !(0 != ~pubkey~0#1); {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 69: Hoare triple {1960#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 70: Hoare triple {1960#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 71: Hoare triple {1960#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {1960#false} is VALID [2022-02-20 18:04:13,163 INFO L272 TraceCheckUtils]: 72: Hoare triple {1960#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {2006#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 73: Hoare triple {2006#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,163 INFO L290 TraceCheckUtils]: 74: Hoare triple {1959#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,164 INFO L290 TraceCheckUtils]: 75: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,166 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {1959#true} {1960#false} #790#return; {1960#false} is VALID [2022-02-20 18:04:13,166 INFO L290 TraceCheckUtils]: 77: Hoare triple {1960#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {1960#false} is VALID [2022-02-20 18:04:13,166 INFO L290 TraceCheckUtils]: 78: Hoare triple {1960#false} assume 0 != ~in_encrypted~0; {1960#false} is VALID [2022-02-20 18:04:13,166 INFO L272 TraceCheckUtils]: 79: Hoare triple {1960#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {1959#true} is VALID [2022-02-20 18:04:13,166 INFO L290 TraceCheckUtils]: 80: Hoare triple {1959#true} ~handle := #in~handle;havoc ~retValue_acc~14; {1959#true} is VALID [2022-02-20 18:04:13,166 INFO L290 TraceCheckUtils]: 81: Hoare triple {1959#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {1959#true} is VALID [2022-02-20 18:04:13,167 INFO L290 TraceCheckUtils]: 82: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,167 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {1959#true} {1960#false} #792#return; {1960#false} is VALID [2022-02-20 18:04:13,167 INFO L290 TraceCheckUtils]: 84: Hoare triple {1960#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {1960#false} is VALID [2022-02-20 18:04:13,167 INFO L290 TraceCheckUtils]: 85: Hoare triple {1960#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {1960#false} is VALID [2022-02-20 18:04:13,167 INFO L290 TraceCheckUtils]: 86: Hoare triple {1960#false} assume !false; {1960#false} is VALID [2022-02-20 18:04:13,169 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:04:13,169 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:13,169 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [647537976] [2022-02-20 18:04:13,172 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [647537976] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:13,172 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [13097780] [2022-02-20 18:04:13,172 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:13,172 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:13,172 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:13,173 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:13,179 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:04:13,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,375 INFO L263 TraceCheckSpWp]: Trace formula consists of 914 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:04:13,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:13,433 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:13,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {1959#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {1959#true} is VALID [2022-02-20 18:04:13,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {1959#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1959#true} is VALID [2022-02-20 18:04:13,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {1959#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1959#true} is VALID [2022-02-20 18:04:13,582 INFO L290 TraceCheckUtils]: 3: Hoare triple {1959#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {1959#true} is VALID [2022-02-20 18:04:13,582 INFO L290 TraceCheckUtils]: 4: Hoare triple {1959#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {1959#true} is VALID [2022-02-20 18:04:13,582 INFO L290 TraceCheckUtils]: 5: Hoare triple {1959#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {1959#true} is VALID [2022-02-20 18:04:13,582 INFO L272 TraceCheckUtils]: 6: Hoare triple {1959#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 7: Hoare triple {1959#true} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 8: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 9: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {1959#true} {1959#true} #818#return; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 11: Hoare triple {1959#true} assume { :end_inline_setup_bob__wrappee__Base } true; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L272 TraceCheckUtils]: 12: Hoare triple {1959#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 13: Hoare triple {1959#true} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 14: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,583 INFO L290 TraceCheckUtils]: 15: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {1959#true} {1959#true} #820#return; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L290 TraceCheckUtils]: 17: Hoare triple {1959#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L272 TraceCheckUtils]: 18: Hoare triple {1959#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L290 TraceCheckUtils]: 19: Hoare triple {1959#true} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L290 TraceCheckUtils]: 20: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L290 TraceCheckUtils]: 21: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1959#true} {1959#true} #822#return; {1959#true} is VALID [2022-02-20 18:04:13,584 INFO L290 TraceCheckUtils]: 23: Hoare triple {1959#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L272 TraceCheckUtils]: 24: Hoare triple {1959#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L290 TraceCheckUtils]: 25: Hoare triple {1959#true} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L290 TraceCheckUtils]: 26: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L290 TraceCheckUtils]: 27: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {1959#true} {1959#true} #824#return; {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L290 TraceCheckUtils]: 29: Hoare triple {1959#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L272 TraceCheckUtils]: 30: Hoare triple {1959#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {1959#true} is VALID [2022-02-20 18:04:13,585 INFO L290 TraceCheckUtils]: 31: Hoare triple {1959#true} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L290 TraceCheckUtils]: 32: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L290 TraceCheckUtils]: 33: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {1959#true} {1959#true} #826#return; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L290 TraceCheckUtils]: 35: Hoare triple {1959#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L272 TraceCheckUtils]: 36: Hoare triple {1959#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L290 TraceCheckUtils]: 37: Hoare triple {1959#true} ~handle := #in~handle;~value := #in~value; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L290 TraceCheckUtils]: 38: Hoare triple {1959#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1959#true} is VALID [2022-02-20 18:04:13,586 INFO L290 TraceCheckUtils]: 39: Hoare triple {1959#true} assume true; {1959#true} is VALID [2022-02-20 18:04:13,587 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {1959#true} {1959#true} #828#return; {1959#true} is VALID [2022-02-20 18:04:13,587 INFO L290 TraceCheckUtils]: 41: Hoare triple {1959#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {1959#true} is VALID [2022-02-20 18:04:13,587 INFO L290 TraceCheckUtils]: 42: Hoare triple {1959#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2136#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:13,587 INFO L290 TraceCheckUtils]: 43: Hoare triple {2136#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2136#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:13,588 INFO L290 TraceCheckUtils]: 44: Hoare triple {2136#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {1960#false} is VALID [2022-02-20 18:04:13,588 INFO L290 TraceCheckUtils]: 45: Hoare triple {1960#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {1960#false} is VALID [2022-02-20 18:04:13,588 INFO L272 TraceCheckUtils]: 46: Hoare triple {1960#false} call sendEmail(~bob~0, ~rjh~0); {1960#false} is VALID [2022-02-20 18:04:13,588 INFO L290 TraceCheckUtils]: 47: Hoare triple {1960#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {1960#false} is VALID [2022-02-20 18:04:13,588 INFO L272 TraceCheckUtils]: 48: Hoare triple {1960#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 49: Hoare triple {1960#false} ~handle := #in~handle;~value := #in~value; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 50: Hoare triple {1960#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 51: Hoare triple {1960#false} assume true; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {1960#false} {1960#false} #814#return; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 53: Hoare triple {1960#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 54: Hoare triple {1960#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 55: Hoare triple {1960#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L290 TraceCheckUtils]: 56: Hoare triple {1960#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {1960#false} is VALID [2022-02-20 18:04:13,589 INFO L272 TraceCheckUtils]: 57: Hoare triple {1960#false} call outgoing(~sender#1, ~email~0#1); {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L290 TraceCheckUtils]: 58: Hoare triple {1960#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L272 TraceCheckUtils]: 59: Hoare triple {1960#false} call #t~ret15#1 := getEmailTo(~msg#1); {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L290 TraceCheckUtils]: 60: Hoare triple {1960#false} ~handle := #in~handle;havoc ~retValue_acc~11; {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L290 TraceCheckUtils]: 61: Hoare triple {1960#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L290 TraceCheckUtils]: 62: Hoare triple {1960#false} assume true; {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {1960#false} {1960#false} #784#return; {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L290 TraceCheckUtils]: 64: Hoare triple {1960#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {1960#false} is VALID [2022-02-20 18:04:13,590 INFO L290 TraceCheckUtils]: 65: Hoare triple {1960#false} assume 1 == findPublicKey_~handle#1; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 66: Hoare triple {1960#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 67: Hoare triple {1960#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 68: Hoare triple {1960#false} assume !(0 != ~pubkey~0#1); {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 69: Hoare triple {1960#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 70: Hoare triple {1960#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 71: Hoare triple {1960#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L272 TraceCheckUtils]: 72: Hoare triple {1960#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 73: Hoare triple {1960#false} ~handle := #in~handle;~value := #in~value; {1960#false} is VALID [2022-02-20 18:04:13,591 INFO L290 TraceCheckUtils]: 74: Hoare triple {1960#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L290 TraceCheckUtils]: 75: Hoare triple {1960#false} assume true; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {1960#false} {1960#false} #790#return; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L290 TraceCheckUtils]: 77: Hoare triple {1960#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L290 TraceCheckUtils]: 78: Hoare triple {1960#false} assume 0 != ~in_encrypted~0; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L272 TraceCheckUtils]: 79: Hoare triple {1960#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L290 TraceCheckUtils]: 80: Hoare triple {1960#false} ~handle := #in~handle;havoc ~retValue_acc~14; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L290 TraceCheckUtils]: 81: Hoare triple {1960#false} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {1960#false} is VALID [2022-02-20 18:04:13,592 INFO L290 TraceCheckUtils]: 82: Hoare triple {1960#false} assume true; {1960#false} is VALID [2022-02-20 18:04:13,593 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {1960#false} {1960#false} #792#return; {1960#false} is VALID [2022-02-20 18:04:13,593 INFO L290 TraceCheckUtils]: 84: Hoare triple {1960#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {1960#false} is VALID [2022-02-20 18:04:13,593 INFO L290 TraceCheckUtils]: 85: Hoare triple {1960#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {1960#false} is VALID [2022-02-20 18:04:13,593 INFO L290 TraceCheckUtils]: 86: Hoare triple {1960#false} assume !false; {1960#false} is VALID [2022-02-20 18:04:13,593 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:04:13,593 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:13,593 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [13097780] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:13,594 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:13,594 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 18:04:13,594 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [79944724] [2022-02-20 18:04:13,594 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:13,595 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 87 [2022-02-20 18:04:13,595 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:13,596 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:13,636 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 72 edges. 72 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:13,637 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:04:13,637 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:13,637 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:04:13,638 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:13,638 INFO L87 Difference]: Start difference. First operand 255 states and 386 transitions. Second operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:13,927 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:13,927 INFO L93 Difference]: Finished difference Result 365 states and 539 transitions. [2022-02-20 18:04:13,927 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:04:13,928 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 87 [2022-02-20 18:04:13,928 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:13,928 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:13,934 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 539 transitions. [2022-02-20 18:04:13,934 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:13,940 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 539 transitions. [2022-02-20 18:04:13,940 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 539 transitions. [2022-02-20 18:04:14,261 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 539 edges. 539 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:14,269 INFO L225 Difference]: With dead ends: 365 [2022-02-20 18:04:14,269 INFO L226 Difference]: Without dead ends: 258 [2022-02-20 18:04:14,271 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 110 GetRequests, 103 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:14,272 INFO L933 BasicCegarLoop]: 384 mSDtfsCounter, 1 mSDsluCounter, 382 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 766 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:14,273 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 766 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:14,275 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 258 states. [2022-02-20 18:04:14,292 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 258 to 257. [2022-02-20 18:04:14,293 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:14,294 INFO L82 GeneralOperation]: Start isEquivalent. First operand 258 states. Second operand has 257 states, 202 states have (on average 1.5396039603960396) internal successors, (311), 205 states have internal predecessors, (311), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:14,295 INFO L74 IsIncluded]: Start isIncluded. First operand 258 states. Second operand has 257 states, 202 states have (on average 1.5396039603960396) internal successors, (311), 205 states have internal predecessors, (311), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:14,296 INFO L87 Difference]: Start difference. First operand 258 states. Second operand has 257 states, 202 states have (on average 1.5396039603960396) internal successors, (311), 205 states have internal predecessors, (311), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:14,303 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:14,304 INFO L93 Difference]: Finished difference Result 258 states and 389 transitions. [2022-02-20 18:04:14,304 INFO L276 IsEmpty]: Start isEmpty. Operand 258 states and 389 transitions. [2022-02-20 18:04:14,305 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:14,305 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:14,305 INFO L74 IsIncluded]: Start isIncluded. First operand has 257 states, 202 states have (on average 1.5396039603960396) internal successors, (311), 205 states have internal predecessors, (311), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 258 states. [2022-02-20 18:04:14,306 INFO L87 Difference]: Start difference. First operand has 257 states, 202 states have (on average 1.5396039603960396) internal successors, (311), 205 states have internal predecessors, (311), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 258 states. [2022-02-20 18:04:14,315 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:14,315 INFO L93 Difference]: Finished difference Result 258 states and 389 transitions. [2022-02-20 18:04:14,315 INFO L276 IsEmpty]: Start isEmpty. Operand 258 states and 389 transitions. [2022-02-20 18:04:14,317 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:14,317 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:14,317 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:14,317 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:14,318 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 257 states, 202 states have (on average 1.5396039603960396) internal successors, (311), 205 states have internal predecessors, (311), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 18:04:14,326 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 257 states to 257 states and 388 transitions. [2022-02-20 18:04:14,326 INFO L78 Accepts]: Start accepts. Automaton has 257 states and 388 transitions. Word has length 87 [2022-02-20 18:04:14,327 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:14,327 INFO L470 AbstractCegarLoop]: Abstraction has 257 states and 388 transitions. [2022-02-20 18:04:14,328 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:14,328 INFO L276 IsEmpty]: Start isEmpty. Operand 257 states and 388 transitions. [2022-02-20 18:04:14,330 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 94 [2022-02-20 18:04:14,331 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:14,331 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:14,349 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:14,549 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:04:14,549 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:14,549 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:14,549 INFO L85 PathProgramCache]: Analyzing trace with hash -153867190, now seen corresponding path program 1 times [2022-02-20 18:04:14,549 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:14,550 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [143123952] [2022-02-20 18:04:14,550 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:14,550 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:14,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:14,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3650#true} #818#return; {3650#true} is VALID [2022-02-20 18:04:14,632 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:14,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,641 INFO L290 TraceCheckUtils]: 0: Hoare triple {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,641 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,641 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,642 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3650#true} #820#return; {3650#true} is VALID [2022-02-20 18:04:14,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:14,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3695#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:14,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {3695#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3696#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:14,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {3696#(= |setClientId_#in~handle| 1)} assume true; {3696#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:14,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3696#(= |setClientId_#in~handle| 1)} {3660#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {3651#false} is VALID [2022-02-20 18:04:14,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:14,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,662 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,662 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #824#return; {3651#false} is VALID [2022-02-20 18:04:14,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:14,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,666 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,666 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #826#return; {3651#false} is VALID [2022-02-20 18:04:14,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:14,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,671 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #828#return; {3651#false} is VALID [2022-02-20 18:04:14,677 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:04:14,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {3697#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,680 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,680 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,680 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #814#return; {3651#false} is VALID [2022-02-20 18:04:14,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:04:14,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {3650#true} ~handle := #in~handle;havoc ~retValue_acc~11; {3650#true} is VALID [2022-02-20 18:04:14,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {3650#true} is VALID [2022-02-20 18:04:14,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,684 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #784#return; {3651#false} is VALID [2022-02-20 18:04:14,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:04:14,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {3697#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,687 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #790#return; {3651#false} is VALID [2022-02-20 18:04:14,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:04:14,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {3650#true} ~handle := #in~handle;havoc ~retValue_acc~14; {3650#true} is VALID [2022-02-20 18:04:14,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3650#true} {3651#false} #792#return; {3651#false} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {3650#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 3: Hoare triple {3650#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 4: Hoare triple {3650#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {3650#true} is VALID [2022-02-20 18:04:14,692 INFO L290 TraceCheckUtils]: 5: Hoare triple {3650#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3650#true} is VALID [2022-02-20 18:04:14,693 INFO L272 TraceCheckUtils]: 6: Hoare triple {3650#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:14,693 INFO L290 TraceCheckUtils]: 7: Hoare triple {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,693 INFO L290 TraceCheckUtils]: 8: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,693 INFO L290 TraceCheckUtils]: 9: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,694 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3650#true} {3650#true} #818#return; {3650#true} is VALID [2022-02-20 18:04:14,694 INFO L290 TraceCheckUtils]: 11: Hoare triple {3650#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3650#true} is VALID [2022-02-20 18:04:14,694 INFO L272 TraceCheckUtils]: 12: Hoare triple {3650#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:14,694 INFO L290 TraceCheckUtils]: 13: Hoare triple {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,694 INFO L290 TraceCheckUtils]: 14: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,694 INFO L290 TraceCheckUtils]: 15: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,695 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3650#true} {3650#true} #820#return; {3650#true} is VALID [2022-02-20 18:04:14,695 INFO L290 TraceCheckUtils]: 17: Hoare triple {3650#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3660#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:14,696 INFO L272 TraceCheckUtils]: 18: Hoare triple {3660#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:14,696 INFO L290 TraceCheckUtils]: 19: Hoare triple {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3695#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:14,696 INFO L290 TraceCheckUtils]: 20: Hoare triple {3695#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3696#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:14,696 INFO L290 TraceCheckUtils]: 21: Hoare triple {3696#(= |setClientId_#in~handle| 1)} assume true; {3696#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:14,697 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3696#(= |setClientId_#in~handle| 1)} {3660#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {3651#false} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 23: Hoare triple {3651#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3651#false} is VALID [2022-02-20 18:04:14,697 INFO L272 TraceCheckUtils]: 24: Hoare triple {3651#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 25: Hoare triple {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 26: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 27: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,697 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3650#true} {3651#false} #824#return; {3651#false} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 29: Hoare triple {3651#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3651#false} is VALID [2022-02-20 18:04:14,697 INFO L272 TraceCheckUtils]: 30: Hoare triple {3651#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 31: Hoare triple {3693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,697 INFO L290 TraceCheckUtils]: 32: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,698 INFO L290 TraceCheckUtils]: 33: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,698 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3650#true} {3651#false} #826#return; {3651#false} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 35: Hoare triple {3651#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3651#false} is VALID [2022-02-20 18:04:14,699 INFO L272 TraceCheckUtils]: 36: Hoare triple {3651#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 37: Hoare triple {3694#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 38: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 39: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,699 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3650#true} {3651#false} #828#return; {3651#false} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 41: Hoare triple {3651#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {3651#false} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 42: Hoare triple {3651#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3651#false} is VALID [2022-02-20 18:04:14,699 INFO L290 TraceCheckUtils]: 43: Hoare triple {3651#false} assume !false; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 44: Hoare triple {3651#false} assume test_~splverifierCounter~0#1 < 4; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 45: Hoare triple {3651#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 46: Hoare triple {3651#false} assume !(0 == test_~op1~0#1); {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 47: Hoare triple {3651#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 48: Hoare triple {3651#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 49: Hoare triple {3651#false} assume !false; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 50: Hoare triple {3651#false} assume !(test_~splverifierCounter~0#1 < 4); {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 51: Hoare triple {3651#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L272 TraceCheckUtils]: 52: Hoare triple {3651#false} call sendEmail(~bob~0, ~rjh~0); {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L290 TraceCheckUtils]: 53: Hoare triple {3651#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3651#false} is VALID [2022-02-20 18:04:14,700 INFO L272 TraceCheckUtils]: 54: Hoare triple {3651#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3697#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 55: Hoare triple {3697#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 56: Hoare triple {3650#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 57: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,701 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {3650#true} {3651#false} #814#return; {3651#false} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 59: Hoare triple {3651#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {3651#false} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 60: Hoare triple {3651#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {3651#false} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 61: Hoare triple {3651#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {3651#false} is VALID [2022-02-20 18:04:14,701 INFO L290 TraceCheckUtils]: 62: Hoare triple {3651#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {3651#false} is VALID [2022-02-20 18:04:14,701 INFO L272 TraceCheckUtils]: 63: Hoare triple {3651#false} call outgoing(~sender#1, ~email~0#1); {3651#false} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 64: Hoare triple {3651#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {3651#false} is VALID [2022-02-20 18:04:14,702 INFO L272 TraceCheckUtils]: 65: Hoare triple {3651#false} call #t~ret15#1 := getEmailTo(~msg#1); {3650#true} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 66: Hoare triple {3650#true} ~handle := #in~handle;havoc ~retValue_acc~11; {3650#true} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 67: Hoare triple {3650#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {3650#true} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 68: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,702 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {3650#true} {3651#false} #784#return; {3651#false} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 70: Hoare triple {3651#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {3651#false} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 71: Hoare triple {3651#false} assume 1 == findPublicKey_~handle#1; {3651#false} is VALID [2022-02-20 18:04:14,702 INFO L290 TraceCheckUtils]: 72: Hoare triple {3651#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {3651#false} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 73: Hoare triple {3651#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {3651#false} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 74: Hoare triple {3651#false} assume !(0 != ~pubkey~0#1); {3651#false} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 75: Hoare triple {3651#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {3651#false} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 76: Hoare triple {3651#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {3651#false} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 77: Hoare triple {3651#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {3651#false} is VALID [2022-02-20 18:04:14,703 INFO L272 TraceCheckUtils]: 78: Hoare triple {3651#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {3697#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 79: Hoare triple {3697#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 80: Hoare triple {3650#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:14,703 INFO L290 TraceCheckUtils]: 81: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,703 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3650#true} {3651#false} #790#return; {3651#false} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 83: Hoare triple {3651#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {3651#false} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 84: Hoare triple {3651#false} assume 0 != ~in_encrypted~0; {3651#false} is VALID [2022-02-20 18:04:14,704 INFO L272 TraceCheckUtils]: 85: Hoare triple {3651#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {3650#true} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 86: Hoare triple {3650#true} ~handle := #in~handle;havoc ~retValue_acc~14; {3650#true} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 87: Hoare triple {3650#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {3650#true} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 88: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:14,704 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3650#true} {3651#false} #792#return; {3651#false} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 90: Hoare triple {3651#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {3651#false} is VALID [2022-02-20 18:04:14,704 INFO L290 TraceCheckUtils]: 91: Hoare triple {3651#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {3651#false} is VALID [2022-02-20 18:04:14,705 INFO L290 TraceCheckUtils]: 92: Hoare triple {3651#false} assume !false; {3651#false} is VALID [2022-02-20 18:04:14,705 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:14,705 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:14,705 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [143123952] [2022-02-20 18:04:14,705 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [143123952] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:14,705 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [983741000] [2022-02-20 18:04:14,706 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:14,706 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:14,706 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:14,707 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:14,734 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:04:14,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,873 INFO L263 TraceCheckSpWp]: Trace formula consists of 928 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:04:14,906 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:14,908 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:15,139 INFO L290 TraceCheckUtils]: 0: Hoare triple {3650#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {3650#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 2: Hoare triple {3650#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 3: Hoare triple {3650#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 4: Hoare triple {3650#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 5: Hoare triple {3650#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L272 TraceCheckUtils]: 6: Hoare triple {3650#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 7: Hoare triple {3650#true} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 8: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 9: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3650#true} {3650#true} #818#return; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 11: Hoare triple {3650#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L272 TraceCheckUtils]: 12: Hoare triple {3650#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3650#true} is VALID [2022-02-20 18:04:15,140 INFO L290 TraceCheckUtils]: 13: Hoare triple {3650#true} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L290 TraceCheckUtils]: 14: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L290 TraceCheckUtils]: 15: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3650#true} {3650#true} #820#return; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L290 TraceCheckUtils]: 17: Hoare triple {3650#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L272 TraceCheckUtils]: 18: Hoare triple {3650#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L290 TraceCheckUtils]: 19: Hoare triple {3650#true} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L290 TraceCheckUtils]: 20: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L290 TraceCheckUtils]: 21: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:15,141 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3650#true} {3650#true} #822#return; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L290 TraceCheckUtils]: 23: Hoare triple {3650#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L272 TraceCheckUtils]: 24: Hoare triple {3650#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L290 TraceCheckUtils]: 25: Hoare triple {3650#true} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L290 TraceCheckUtils]: 26: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L290 TraceCheckUtils]: 27: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3650#true} {3650#true} #824#return; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L290 TraceCheckUtils]: 29: Hoare triple {3650#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3650#true} is VALID [2022-02-20 18:04:15,142 INFO L272 TraceCheckUtils]: 30: Hoare triple {3650#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L290 TraceCheckUtils]: 31: Hoare triple {3650#true} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L290 TraceCheckUtils]: 32: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L290 TraceCheckUtils]: 33: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3650#true} {3650#true} #826#return; {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L290 TraceCheckUtils]: 35: Hoare triple {3650#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L272 TraceCheckUtils]: 36: Hoare triple {3650#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L290 TraceCheckUtils]: 37: Hoare triple {3650#true} ~handle := #in~handle;~value := #in~value; {3650#true} is VALID [2022-02-20 18:04:15,143 INFO L290 TraceCheckUtils]: 38: Hoare triple {3650#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3650#true} is VALID [2022-02-20 18:04:15,144 INFO L290 TraceCheckUtils]: 39: Hoare triple {3650#true} assume true; {3650#true} is VALID [2022-02-20 18:04:15,144 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3650#true} {3650#true} #828#return; {3650#true} is VALID [2022-02-20 18:04:15,144 INFO L290 TraceCheckUtils]: 41: Hoare triple {3650#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {3650#true} is VALID [2022-02-20 18:04:15,152 INFO L290 TraceCheckUtils]: 42: Hoare triple {3650#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:15,152 INFO L290 TraceCheckUtils]: 43: Hoare triple {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:15,153 INFO L290 TraceCheckUtils]: 44: Hoare triple {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:15,153 INFO L290 TraceCheckUtils]: 45: Hoare triple {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:15,153 INFO L290 TraceCheckUtils]: 46: Hoare triple {3827#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {3651#false} is VALID [2022-02-20 18:04:15,153 INFO L290 TraceCheckUtils]: 47: Hoare triple {3651#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {3651#false} is VALID [2022-02-20 18:04:15,153 INFO L290 TraceCheckUtils]: 48: Hoare triple {3651#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L290 TraceCheckUtils]: 49: Hoare triple {3651#false} assume !false; {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L290 TraceCheckUtils]: 50: Hoare triple {3651#false} assume !(test_~splverifierCounter~0#1 < 4); {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L290 TraceCheckUtils]: 51: Hoare triple {3651#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L272 TraceCheckUtils]: 52: Hoare triple {3651#false} call sendEmail(~bob~0, ~rjh~0); {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L290 TraceCheckUtils]: 53: Hoare triple {3651#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L272 TraceCheckUtils]: 54: Hoare triple {3651#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3651#false} is VALID [2022-02-20 18:04:15,154 INFO L290 TraceCheckUtils]: 55: Hoare triple {3651#false} ~handle := #in~handle;~value := #in~value; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L290 TraceCheckUtils]: 56: Hoare triple {3651#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L290 TraceCheckUtils]: 57: Hoare triple {3651#false} assume true; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {3651#false} {3651#false} #814#return; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L290 TraceCheckUtils]: 59: Hoare triple {3651#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L290 TraceCheckUtils]: 60: Hoare triple {3651#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L290 TraceCheckUtils]: 61: Hoare triple {3651#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L290 TraceCheckUtils]: 62: Hoare triple {3651#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {3651#false} is VALID [2022-02-20 18:04:15,155 INFO L272 TraceCheckUtils]: 63: Hoare triple {3651#false} call outgoing(~sender#1, ~email~0#1); {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L290 TraceCheckUtils]: 64: Hoare triple {3651#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L272 TraceCheckUtils]: 65: Hoare triple {3651#false} call #t~ret15#1 := getEmailTo(~msg#1); {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L290 TraceCheckUtils]: 66: Hoare triple {3651#false} ~handle := #in~handle;havoc ~retValue_acc~11; {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L290 TraceCheckUtils]: 67: Hoare triple {3651#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L290 TraceCheckUtils]: 68: Hoare triple {3651#false} assume true; {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {3651#false} {3651#false} #784#return; {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L290 TraceCheckUtils]: 70: Hoare triple {3651#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {3651#false} is VALID [2022-02-20 18:04:15,156 INFO L290 TraceCheckUtils]: 71: Hoare triple {3651#false} assume 1 == findPublicKey_~handle#1; {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 72: Hoare triple {3651#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 73: Hoare triple {3651#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 74: Hoare triple {3651#false} assume !(0 != ~pubkey~0#1); {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 75: Hoare triple {3651#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 76: Hoare triple {3651#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 77: Hoare triple {3651#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L272 TraceCheckUtils]: 78: Hoare triple {3651#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {3651#false} is VALID [2022-02-20 18:04:15,157 INFO L290 TraceCheckUtils]: 79: Hoare triple {3651#false} ~handle := #in~handle;~value := #in~value; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L290 TraceCheckUtils]: 80: Hoare triple {3651#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L290 TraceCheckUtils]: 81: Hoare triple {3651#false} assume true; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3651#false} {3651#false} #790#return; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L290 TraceCheckUtils]: 83: Hoare triple {3651#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L290 TraceCheckUtils]: 84: Hoare triple {3651#false} assume 0 != ~in_encrypted~0; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L272 TraceCheckUtils]: 85: Hoare triple {3651#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L290 TraceCheckUtils]: 86: Hoare triple {3651#false} ~handle := #in~handle;havoc ~retValue_acc~14; {3651#false} is VALID [2022-02-20 18:04:15,158 INFO L290 TraceCheckUtils]: 87: Hoare triple {3651#false} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {3651#false} is VALID [2022-02-20 18:04:15,159 INFO L290 TraceCheckUtils]: 88: Hoare triple {3651#false} assume true; {3651#false} is VALID [2022-02-20 18:04:15,159 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3651#false} {3651#false} #792#return; {3651#false} is VALID [2022-02-20 18:04:15,159 INFO L290 TraceCheckUtils]: 90: Hoare triple {3651#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {3651#false} is VALID [2022-02-20 18:04:15,159 INFO L290 TraceCheckUtils]: 91: Hoare triple {3651#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {3651#false} is VALID [2022-02-20 18:04:15,159 INFO L290 TraceCheckUtils]: 92: Hoare triple {3651#false} assume !false; {3651#false} is VALID [2022-02-20 18:04:15,159 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:04:15,159 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:15,160 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [983741000] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:15,160 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:15,160 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 18:04:15,160 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1896697555] [2022-02-20 18:04:15,160 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:15,161 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 93 [2022-02-20 18:04:15,161 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:15,161 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:15,217 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 78 edges. 78 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:15,217 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:04:15,217 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:15,218 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:04:15,218 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:15,218 INFO L87 Difference]: Start difference. First operand 257 states and 388 transitions. Second operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:15,576 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:15,576 INFO L93 Difference]: Finished difference Result 539 states and 827 transitions. [2022-02-20 18:04:15,576 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:04:15,576 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 93 [2022-02-20 18:04:15,577 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:15,577 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:15,585 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 825 transitions. [2022-02-20 18:04:15,585 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:15,593 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 825 transitions. [2022-02-20 18:04:15,593 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 825 transitions. [2022-02-20 18:04:16,104 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 825 edges. 825 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:16,120 INFO L225 Difference]: With dead ends: 539 [2022-02-20 18:04:16,120 INFO L226 Difference]: Without dead ends: 309 [2022-02-20 18:04:16,121 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 116 GetRequests, 109 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:16,121 INFO L933 BasicCegarLoop]: 408 mSDtfsCounter, 99 mSDsluCounter, 340 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 114 SdHoareTripleChecker+Valid, 748 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:16,121 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [114 Valid, 748 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:16,122 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 309 states. [2022-02-20 18:04:16,129 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 309 to 301. [2022-02-20 18:04:16,129 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:16,130 INFO L82 GeneralOperation]: Start isEquivalent. First operand 309 states. Second operand has 301 states, 235 states have (on average 1.553191489361702) internal successors, (365), 238 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:04:16,131 INFO L74 IsIncluded]: Start isIncluded. First operand 309 states. Second operand has 301 states, 235 states have (on average 1.553191489361702) internal successors, (365), 238 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:04:16,131 INFO L87 Difference]: Start difference. First operand 309 states. Second operand has 301 states, 235 states have (on average 1.553191489361702) internal successors, (365), 238 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:04:16,139 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:16,139 INFO L93 Difference]: Finished difference Result 309 states and 473 transitions. [2022-02-20 18:04:16,140 INFO L276 IsEmpty]: Start isEmpty. Operand 309 states and 473 transitions. [2022-02-20 18:04:16,140 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:16,141 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:16,141 INFO L74 IsIncluded]: Start isIncluded. First operand has 301 states, 235 states have (on average 1.553191489361702) internal successors, (365), 238 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 309 states. [2022-02-20 18:04:16,142 INFO L87 Difference]: Start difference. First operand has 301 states, 235 states have (on average 1.553191489361702) internal successors, (365), 238 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 309 states. [2022-02-20 18:04:16,149 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:16,149 INFO L93 Difference]: Finished difference Result 309 states and 473 transitions. [2022-02-20 18:04:16,150 INFO L276 IsEmpty]: Start isEmpty. Operand 309 states and 473 transitions. [2022-02-20 18:04:16,150 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:16,150 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:16,151 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:16,151 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:16,151 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 301 states, 235 states have (on average 1.553191489361702) internal successors, (365), 238 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:04:16,158 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 301 states to 301 states and 464 transitions. [2022-02-20 18:04:16,159 INFO L78 Accepts]: Start accepts. Automaton has 301 states and 464 transitions. Word has length 93 [2022-02-20 18:04:16,159 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:16,159 INFO L470 AbstractCegarLoop]: Abstraction has 301 states and 464 transitions. [2022-02-20 18:04:16,159 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:16,159 INFO L276 IsEmpty]: Start isEmpty. Operand 301 states and 464 transitions. [2022-02-20 18:04:16,160 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-02-20 18:04:16,160 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:16,161 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:16,178 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:16,375 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:16,375 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:16,376 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:16,376 INFO L85 PathProgramCache]: Analyzing trace with hash 1701782700, now seen corresponding path program 1 times [2022-02-20 18:04:16,376 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:16,376 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2061526413] [2022-02-20 18:04:16,376 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:16,376 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:16,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:16,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,420 INFO L290 TraceCheckUtils]: 0: Hoare triple {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,420 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,420 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5783#true} #818#return; {5783#true} is VALID [2022-02-20 18:04:16,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:16,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,428 INFO L290 TraceCheckUtils]: 0: Hoare triple {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,428 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,428 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,428 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5783#true} #820#return; {5783#true} is VALID [2022-02-20 18:04:16,429 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:16,430 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,441 INFO L290 TraceCheckUtils]: 0: Hoare triple {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5828#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:16,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {5828#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5829#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:16,442 INFO L290 TraceCheckUtils]: 2: Hoare triple {5829#(= |setClientId_#in~handle| 1)} assume true; {5829#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:16,443 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5829#(= |setClientId_#in~handle| 1)} {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {5784#false} is VALID [2022-02-20 18:04:16,443 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:04:16,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,446 INFO L290 TraceCheckUtils]: 0: Hoare triple {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,446 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,446 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,446 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #824#return; {5784#false} is VALID [2022-02-20 18:04:16,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:04:16,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #826#return; {5784#false} is VALID [2022-02-20 18:04:16,450 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:04:16,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,453 INFO L290 TraceCheckUtils]: 0: Hoare triple {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,453 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,453 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #828#return; {5784#false} is VALID [2022-02-20 18:04:16,459 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:04:16,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {5830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,462 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,462 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #814#return; {5784#false} is VALID [2022-02-20 18:04:16,462 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:04:16,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5783#true} is VALID [2022-02-20 18:04:16,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {5783#true} is VALID [2022-02-20 18:04:16,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,465 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #784#return; {5784#false} is VALID [2022-02-20 18:04:16,465 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:04:16,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,467 INFO L290 TraceCheckUtils]: 0: Hoare triple {5830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,467 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,467 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,467 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #790#return; {5784#false} is VALID [2022-02-20 18:04:16,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:04:16,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~14; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #792#return; {5784#false} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 3: Hoare triple {5783#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 4: Hoare triple {5783#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {5783#true} is VALID [2022-02-20 18:04:16,470 INFO L290 TraceCheckUtils]: 5: Hoare triple {5783#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5783#true} is VALID [2022-02-20 18:04:16,471 INFO L272 TraceCheckUtils]: 6: Hoare triple {5783#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:16,471 INFO L290 TraceCheckUtils]: 7: Hoare triple {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,471 INFO L290 TraceCheckUtils]: 8: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,471 INFO L290 TraceCheckUtils]: 9: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,471 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5783#true} {5783#true} #818#return; {5783#true} is VALID [2022-02-20 18:04:16,472 INFO L290 TraceCheckUtils]: 11: Hoare triple {5783#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5783#true} is VALID [2022-02-20 18:04:16,472 INFO L272 TraceCheckUtils]: 12: Hoare triple {5783#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:16,472 INFO L290 TraceCheckUtils]: 13: Hoare triple {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,472 INFO L290 TraceCheckUtils]: 14: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,472 INFO L290 TraceCheckUtils]: 15: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,472 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5783#true} {5783#true} #820#return; {5783#true} is VALID [2022-02-20 18:04:16,473 INFO L290 TraceCheckUtils]: 17: Hoare triple {5783#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:16,473 INFO L272 TraceCheckUtils]: 18: Hoare triple {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:16,474 INFO L290 TraceCheckUtils]: 19: Hoare triple {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5828#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:16,474 INFO L290 TraceCheckUtils]: 20: Hoare triple {5828#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5829#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:16,474 INFO L290 TraceCheckUtils]: 21: Hoare triple {5829#(= |setClientId_#in~handle| 1)} assume true; {5829#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:16,475 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5829#(= |setClientId_#in~handle| 1)} {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #822#return; {5784#false} is VALID [2022-02-20 18:04:16,475 INFO L290 TraceCheckUtils]: 23: Hoare triple {5784#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5784#false} is VALID [2022-02-20 18:04:16,475 INFO L272 TraceCheckUtils]: 24: Hoare triple {5784#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:16,475 INFO L290 TraceCheckUtils]: 25: Hoare triple {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,475 INFO L290 TraceCheckUtils]: 26: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,475 INFO L290 TraceCheckUtils]: 27: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,475 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5783#true} {5784#false} #824#return; {5784#false} is VALID [2022-02-20 18:04:16,475 INFO L290 TraceCheckUtils]: 29: Hoare triple {5784#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5784#false} is VALID [2022-02-20 18:04:16,476 INFO L272 TraceCheckUtils]: 30: Hoare triple {5784#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 31: Hoare triple {5826#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 32: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 33: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,476 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5783#true} {5784#false} #826#return; {5784#false} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 35: Hoare triple {5784#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5784#false} is VALID [2022-02-20 18:04:16,476 INFO L272 TraceCheckUtils]: 36: Hoare triple {5784#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 37: Hoare triple {5827#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 38: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,476 INFO L290 TraceCheckUtils]: 39: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,477 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5783#true} {5784#false} #828#return; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 41: Hoare triple {5784#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 42: Hoare triple {5784#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 43: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 44: Hoare triple {5784#false} assume test_~splverifierCounter~0#1 < 4; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 45: Hoare triple {5784#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 46: Hoare triple {5784#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 47: Hoare triple {5784#false} assume !(0 != test_~tmp___9~0#1); {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 48: Hoare triple {5784#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {5784#false} is VALID [2022-02-20 18:04:16,477 INFO L290 TraceCheckUtils]: 49: Hoare triple {5784#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5784#false} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 50: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 51: Hoare triple {5784#false} assume !(test_~splverifierCounter~0#1 < 4); {5784#false} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 52: Hoare triple {5784#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {5784#false} is VALID [2022-02-20 18:04:16,478 INFO L272 TraceCheckUtils]: 53: Hoare triple {5784#false} call sendEmail(~bob~0, ~rjh~0); {5784#false} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 54: Hoare triple {5784#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5784#false} is VALID [2022-02-20 18:04:16,478 INFO L272 TraceCheckUtils]: 55: Hoare triple {5784#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 56: Hoare triple {5830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 57: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,478 INFO L290 TraceCheckUtils]: 58: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,479 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {5783#true} {5784#false} #814#return; {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 60: Hoare triple {5784#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 61: Hoare triple {5784#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 62: Hoare triple {5784#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 63: Hoare triple {5784#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L272 TraceCheckUtils]: 64: Hoare triple {5784#false} call outgoing(~sender#1, ~email~0#1); {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 65: Hoare triple {5784#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {5784#false} is VALID [2022-02-20 18:04:16,479 INFO L272 TraceCheckUtils]: 66: Hoare triple {5784#false} call #t~ret15#1 := getEmailTo(~msg#1); {5783#true} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 67: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5783#true} is VALID [2022-02-20 18:04:16,479 INFO L290 TraceCheckUtils]: 68: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {5783#true} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 69: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,480 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {5783#true} {5784#false} #784#return; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 71: Hoare triple {5784#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 72: Hoare triple {5784#false} assume 1 == findPublicKey_~handle#1; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 73: Hoare triple {5784#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 74: Hoare triple {5784#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 75: Hoare triple {5784#false} assume !(0 != ~pubkey~0#1); {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 76: Hoare triple {5784#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 77: Hoare triple {5784#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {5784#false} is VALID [2022-02-20 18:04:16,480 INFO L290 TraceCheckUtils]: 78: Hoare triple {5784#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {5784#false} is VALID [2022-02-20 18:04:16,481 INFO L272 TraceCheckUtils]: 79: Hoare triple {5784#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {5830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:16,481 INFO L290 TraceCheckUtils]: 80: Hoare triple {5830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:16,481 INFO L290 TraceCheckUtils]: 81: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:16,481 INFO L290 TraceCheckUtils]: 82: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,481 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5783#true} {5784#false} #790#return; {5784#false} is VALID [2022-02-20 18:04:16,481 INFO L290 TraceCheckUtils]: 84: Hoare triple {5784#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {5784#false} is VALID [2022-02-20 18:04:16,481 INFO L290 TraceCheckUtils]: 85: Hoare triple {5784#false} assume 0 != ~in_encrypted~0; {5784#false} is VALID [2022-02-20 18:04:16,481 INFO L272 TraceCheckUtils]: 86: Hoare triple {5784#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {5783#true} is VALID [2022-02-20 18:04:16,481 INFO L290 TraceCheckUtils]: 87: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~14; {5783#true} is VALID [2022-02-20 18:04:16,482 INFO L290 TraceCheckUtils]: 88: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {5783#true} is VALID [2022-02-20 18:04:16,482 INFO L290 TraceCheckUtils]: 89: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:16,482 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5783#true} {5784#false} #792#return; {5784#false} is VALID [2022-02-20 18:04:16,482 INFO L290 TraceCheckUtils]: 91: Hoare triple {5784#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {5784#false} is VALID [2022-02-20 18:04:16,482 INFO L290 TraceCheckUtils]: 92: Hoare triple {5784#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {5784#false} is VALID [2022-02-20 18:04:16,482 INFO L290 TraceCheckUtils]: 93: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:04:16,482 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:16,483 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:16,483 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2061526413] [2022-02-20 18:04:16,483 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2061526413] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:16,483 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1533330461] [2022-02-20 18:04:16,483 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:16,483 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:16,483 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:16,490 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:16,491 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:04:16,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,671 INFO L263 TraceCheckSpWp]: Trace formula consists of 935 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:04:16,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:16,707 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 3: Hoare triple {5783#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 4: Hoare triple {5783#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 5: Hoare triple {5783#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L272 TraceCheckUtils]: 6: Hoare triple {5783#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 7: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 8: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 9: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5783#true} {5783#true} #818#return; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L290 TraceCheckUtils]: 11: Hoare triple {5783#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5783#true} is VALID [2022-02-20 18:04:17,026 INFO L272 TraceCheckUtils]: 12: Hoare triple {5783#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5783#true} is VALID [2022-02-20 18:04:17,027 INFO L290 TraceCheckUtils]: 13: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:04:17,027 INFO L290 TraceCheckUtils]: 14: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:04:17,027 INFO L290 TraceCheckUtils]: 15: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:04:17,027 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5783#true} {5783#true} #820#return; {5783#true} is VALID [2022-02-20 18:04:17,027 INFO L290 TraceCheckUtils]: 17: Hoare triple {5783#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5885#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:04:17,027 INFO L272 TraceCheckUtils]: 18: Hoare triple {5885#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5783#true} is VALID [2022-02-20 18:04:17,027 INFO L290 TraceCheckUtils]: 19: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5892#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:04:17,028 INFO L290 TraceCheckUtils]: 20: Hoare triple {5892#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5896#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:17,028 INFO L290 TraceCheckUtils]: 21: Hoare triple {5896#(<= |setClientId_#in~handle| 1)} assume true; {5896#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:17,029 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5896#(<= |setClientId_#in~handle| 1)} {5885#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #822#return; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 23: Hoare triple {5784#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L272 TraceCheckUtils]: 24: Hoare triple {5784#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 25: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 26: Hoare triple {5784#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 27: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5784#false} {5784#false} #824#return; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 29: Hoare triple {5784#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L272 TraceCheckUtils]: 30: Hoare triple {5784#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 31: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 32: Hoare triple {5784#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 33: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5784#false} {5784#false} #826#return; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 35: Hoare triple {5784#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L272 TraceCheckUtils]: 36: Hoare triple {5784#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 37: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 38: Hoare triple {5784#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5784#false} is VALID [2022-02-20 18:04:17,029 INFO L290 TraceCheckUtils]: 39: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5784#false} {5784#false} #828#return; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 41: Hoare triple {5784#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 42: Hoare triple {5784#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 43: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 44: Hoare triple {5784#false} assume test_~splverifierCounter~0#1 < 4; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 45: Hoare triple {5784#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 46: Hoare triple {5784#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 47: Hoare triple {5784#false} assume !(0 != test_~tmp___9~0#1); {5784#false} is VALID [2022-02-20 18:04:17,030 INFO L290 TraceCheckUtils]: 48: Hoare triple {5784#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 49: Hoare triple {5784#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 50: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 51: Hoare triple {5784#false} assume !(test_~splverifierCounter~0#1 < 4); {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 52: Hoare triple {5784#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L272 TraceCheckUtils]: 53: Hoare triple {5784#false} call sendEmail(~bob~0, ~rjh~0); {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 54: Hoare triple {5784#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L272 TraceCheckUtils]: 55: Hoare triple {5784#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 56: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:04:17,031 INFO L290 TraceCheckUtils]: 57: Hoare triple {5784#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 58: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {5784#false} {5784#false} #814#return; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 60: Hoare triple {5784#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 61: Hoare triple {5784#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 62: Hoare triple {5784#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 63: Hoare triple {5784#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L272 TraceCheckUtils]: 64: Hoare triple {5784#false} call outgoing(~sender#1, ~email~0#1); {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 65: Hoare triple {5784#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L272 TraceCheckUtils]: 66: Hoare triple {5784#false} call #t~ret15#1 := getEmailTo(~msg#1); {5784#false} is VALID [2022-02-20 18:04:17,032 INFO L290 TraceCheckUtils]: 67: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~11; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 68: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 69: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {5784#false} {5784#false} #784#return; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 71: Hoare triple {5784#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 72: Hoare triple {5784#false} assume 1 == findPublicKey_~handle#1; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 73: Hoare triple {5784#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 74: Hoare triple {5784#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 75: Hoare triple {5784#false} assume !(0 != ~pubkey~0#1); {5784#false} is VALID [2022-02-20 18:04:17,033 INFO L290 TraceCheckUtils]: 76: Hoare triple {5784#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 77: Hoare triple {5784#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 78: Hoare triple {5784#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L272 TraceCheckUtils]: 79: Hoare triple {5784#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 80: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 81: Hoare triple {5784#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 82: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5784#false} {5784#false} #790#return; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 84: Hoare triple {5784#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L290 TraceCheckUtils]: 85: Hoare triple {5784#false} assume 0 != ~in_encrypted~0; {5784#false} is VALID [2022-02-20 18:04:17,034 INFO L272 TraceCheckUtils]: 86: Hoare triple {5784#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L290 TraceCheckUtils]: 87: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~14; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L290 TraceCheckUtils]: 88: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L290 TraceCheckUtils]: 89: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5784#false} {5784#false} #792#return; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L290 TraceCheckUtils]: 91: Hoare triple {5784#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L290 TraceCheckUtils]: 92: Hoare triple {5784#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L290 TraceCheckUtils]: 93: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:04:17,035 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:04:17,036 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:17,036 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1533330461] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:17,036 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:17,036 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2022-02-20 18:04:17,036 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [837214785] [2022-02-20 18:04:17,036 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:17,037 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 94 [2022-02-20 18:04:17,037 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:17,037 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:17,095 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:17,095 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:04:17,096 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:17,096 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:04:17,096 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:04:17,096 INFO L87 Difference]: Start difference. First operand 301 states and 464 transitions. Second operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:17,756 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:17,757 INFO L93 Difference]: Finished difference Result 593 states and 918 transitions. [2022-02-20 18:04:17,757 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:04:17,757 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 94 [2022-02-20 18:04:17,757 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:17,757 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:17,764 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 762 transitions. [2022-02-20 18:04:17,764 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:17,770 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 762 transitions. [2022-02-20 18:04:17,770 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 762 transitions. [2022-02-20 18:04:18,248 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 762 edges. 762 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:18,254 INFO L225 Difference]: With dead ends: 593 [2022-02-20 18:04:18,254 INFO L226 Difference]: Without dead ends: 303 [2022-02-20 18:04:18,255 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 118 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:18,261 INFO L933 BasicCegarLoop]: 377 mSDtfsCounter, 117 mSDsluCounter, 995 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 137 SdHoareTripleChecker+Valid, 1372 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:18,261 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [137 Valid, 1372 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:18,263 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 303 states. [2022-02-20 18:04:18,302 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 303 to 303. [2022-02-20 18:04:18,302 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:18,303 INFO L82 GeneralOperation]: Start isEquivalent. First operand 303 states. Second operand has 303 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 240 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 18:04:18,303 INFO L74 IsIncluded]: Start isIncluded. First operand 303 states. Second operand has 303 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 240 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 18:04:18,305 INFO L87 Difference]: Start difference. First operand 303 states. Second operand has 303 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 240 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 18:04:18,313 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:18,313 INFO L93 Difference]: Finished difference Result 303 states and 467 transitions. [2022-02-20 18:04:18,313 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 467 transitions. [2022-02-20 18:04:18,314 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:18,314 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:18,315 INFO L74 IsIncluded]: Start isIncluded. First operand has 303 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 240 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) Second operand 303 states. [2022-02-20 18:04:18,316 INFO L87 Difference]: Start difference. First operand has 303 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 240 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) Second operand 303 states. [2022-02-20 18:04:18,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:18,323 INFO L93 Difference]: Finished difference Result 303 states and 467 transitions. [2022-02-20 18:04:18,323 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 467 transitions. [2022-02-20 18:04:18,323 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:18,324 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:18,324 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:18,324 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:18,324 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 303 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 240 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 18:04:18,335 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 303 states to 303 states and 467 transitions. [2022-02-20 18:04:18,335 INFO L78 Accepts]: Start accepts. Automaton has 303 states and 467 transitions. Word has length 94 [2022-02-20 18:04:18,335 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:18,335 INFO L470 AbstractCegarLoop]: Abstraction has 303 states and 467 transitions. [2022-02-20 18:04:18,336 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:18,336 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 467 transitions. [2022-02-20 18:04:18,340 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2022-02-20 18:04:18,341 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:18,341 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:18,358 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:18,558 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:18,559 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:18,559 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:18,559 INFO L85 PathProgramCache]: Analyzing trace with hash 361139953, now seen corresponding path program 1 times [2022-02-20 18:04:18,559 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:18,559 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [74785169] [2022-02-20 18:04:18,559 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:18,559 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:18,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:18,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,621 INFO L290 TraceCheckUtils]: 0: Hoare triple {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,621 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,621 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7998#true} #818#return; {7998#true} is VALID [2022-02-20 18:04:18,626 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:18,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7998#true} #820#return; {7998#true} is VALID [2022-02-20 18:04:18,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:18,633 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8045#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {8045#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8045#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,644 INFO L290 TraceCheckUtils]: 2: Hoare triple {8045#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8046#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,645 INFO L290 TraceCheckUtils]: 3: Hoare triple {8046#(= 2 |setClientId_#in~handle|)} assume true; {8046#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,645 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8046#(= 2 |setClientId_#in~handle|)} {8008#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #822#return; {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:18,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:18,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8047#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:18,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {8047#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8048#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:18,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {8048#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8048#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:18,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8048#(= |setClientPrivateKey_#in~handle| 1)} {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #824#return; {7999#false} is VALID [2022-02-20 18:04:18,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:04:18,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,673 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7999#false} #826#return; {7999#false} is VALID [2022-02-20 18:04:18,673 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:04:18,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,680 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7999#false} #828#return; {7999#false} is VALID [2022-02-20 18:04:18,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:04:18,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {8049#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,690 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7999#false} #814#return; {7999#false} is VALID [2022-02-20 18:04:18,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:18,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {7998#true} ~handle := #in~handle;havoc ~retValue_acc~11; {7998#true} is VALID [2022-02-20 18:04:18,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {7998#true} is VALID [2022-02-20 18:04:18,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,702 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7999#false} #784#return; {7999#false} is VALID [2022-02-20 18:04:18,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:04:18,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {8049#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7999#false} #790#return; {7999#false} is VALID [2022-02-20 18:04:18,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:04:18,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {7998#true} ~handle := #in~handle;havoc ~retValue_acc~14; {7998#true} is VALID [2022-02-20 18:04:18,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {7998#true} is VALID [2022-02-20 18:04:18,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7998#true} {7999#false} #792#return; {7999#false} is VALID [2022-02-20 18:04:18,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {7998#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {7998#true} is VALID [2022-02-20 18:04:18,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {7998#true} is VALID [2022-02-20 18:04:18,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7998#true} is VALID [2022-02-20 18:04:18,711 INFO L290 TraceCheckUtils]: 3: Hoare triple {7998#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {7998#true} is VALID [2022-02-20 18:04:18,711 INFO L290 TraceCheckUtils]: 4: Hoare triple {7998#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {7998#true} is VALID [2022-02-20 18:04:18,711 INFO L290 TraceCheckUtils]: 5: Hoare triple {7998#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7998#true} is VALID [2022-02-20 18:04:18,712 INFO L272 TraceCheckUtils]: 6: Hoare triple {7998#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:18,712 INFO L290 TraceCheckUtils]: 7: Hoare triple {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,712 INFO L290 TraceCheckUtils]: 8: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,712 INFO L290 TraceCheckUtils]: 9: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,712 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7998#true} {7998#true} #818#return; {7998#true} is VALID [2022-02-20 18:04:18,712 INFO L290 TraceCheckUtils]: 11: Hoare triple {7998#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7998#true} is VALID [2022-02-20 18:04:18,713 INFO L272 TraceCheckUtils]: 12: Hoare triple {7998#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:18,713 INFO L290 TraceCheckUtils]: 13: Hoare triple {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,713 INFO L290 TraceCheckUtils]: 14: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,713 INFO L290 TraceCheckUtils]: 15: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,713 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7998#true} {7998#true} #820#return; {7998#true} is VALID [2022-02-20 18:04:18,714 INFO L290 TraceCheckUtils]: 17: Hoare triple {7998#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8008#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:04:18,714 INFO L272 TraceCheckUtils]: 18: Hoare triple {8008#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:18,715 INFO L290 TraceCheckUtils]: 19: Hoare triple {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8045#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,715 INFO L290 TraceCheckUtils]: 20: Hoare triple {8045#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8045#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,715 INFO L290 TraceCheckUtils]: 21: Hoare triple {8045#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8046#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,716 INFO L290 TraceCheckUtils]: 22: Hoare triple {8046#(= 2 |setClientId_#in~handle|)} assume true; {8046#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:18,716 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {8046#(= 2 |setClientId_#in~handle|)} {8008#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #822#return; {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:18,716 INFO L290 TraceCheckUtils]: 24: Hoare triple {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:18,717 INFO L272 TraceCheckUtils]: 25: Hoare triple {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:18,717 INFO L290 TraceCheckUtils]: 26: Hoare triple {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8047#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:18,717 INFO L290 TraceCheckUtils]: 27: Hoare triple {8047#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8048#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:18,718 INFO L290 TraceCheckUtils]: 28: Hoare triple {8048#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8048#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:18,718 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8048#(= |setClientPrivateKey_#in~handle| 1)} {8014#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #824#return; {7999#false} is VALID [2022-02-20 18:04:18,718 INFO L290 TraceCheckUtils]: 30: Hoare triple {7999#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7999#false} is VALID [2022-02-20 18:04:18,718 INFO L272 TraceCheckUtils]: 31: Hoare triple {7999#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:18,718 INFO L290 TraceCheckUtils]: 32: Hoare triple {8043#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,719 INFO L290 TraceCheckUtils]: 33: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,719 INFO L290 TraceCheckUtils]: 34: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,719 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {7998#true} {7999#false} #826#return; {7999#false} is VALID [2022-02-20 18:04:18,719 INFO L290 TraceCheckUtils]: 36: Hoare triple {7999#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7999#false} is VALID [2022-02-20 18:04:18,719 INFO L272 TraceCheckUtils]: 37: Hoare triple {7999#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:18,719 INFO L290 TraceCheckUtils]: 38: Hoare triple {8044#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,719 INFO L290 TraceCheckUtils]: 39: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,719 INFO L290 TraceCheckUtils]: 40: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,719 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {7998#true} {7999#false} #828#return; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 42: Hoare triple {7999#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 43: Hoare triple {7999#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 44: Hoare triple {7999#false} assume !false; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 45: Hoare triple {7999#false} assume test_~splverifierCounter~0#1 < 4; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 46: Hoare triple {7999#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 47: Hoare triple {7999#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 48: Hoare triple {7999#false} assume !(0 != test_~tmp___9~0#1); {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 49: Hoare triple {7999#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 50: Hoare triple {7999#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7999#false} is VALID [2022-02-20 18:04:18,720 INFO L290 TraceCheckUtils]: 51: Hoare triple {7999#false} assume !false; {7999#false} is VALID [2022-02-20 18:04:18,721 INFO L290 TraceCheckUtils]: 52: Hoare triple {7999#false} assume !(test_~splverifierCounter~0#1 < 4); {7999#false} is VALID [2022-02-20 18:04:18,721 INFO L290 TraceCheckUtils]: 53: Hoare triple {7999#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {7999#false} is VALID [2022-02-20 18:04:18,721 INFO L272 TraceCheckUtils]: 54: Hoare triple {7999#false} call sendEmail(~bob~0, ~rjh~0); {7999#false} is VALID [2022-02-20 18:04:18,721 INFO L290 TraceCheckUtils]: 55: Hoare triple {7999#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7999#false} is VALID [2022-02-20 18:04:18,721 INFO L272 TraceCheckUtils]: 56: Hoare triple {7999#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8049#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:18,721 INFO L290 TraceCheckUtils]: 57: Hoare triple {8049#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,721 INFO L290 TraceCheckUtils]: 58: Hoare triple {7998#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,721 INFO L290 TraceCheckUtils]: 59: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,721 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {7998#true} {7999#false} #814#return; {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 61: Hoare triple {7999#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 62: Hoare triple {7999#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 63: Hoare triple {7999#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 64: Hoare triple {7999#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L272 TraceCheckUtils]: 65: Hoare triple {7999#false} call outgoing(~sender#1, ~email~0#1); {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 66: Hoare triple {7999#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {7999#false} is VALID [2022-02-20 18:04:18,722 INFO L272 TraceCheckUtils]: 67: Hoare triple {7999#false} call #t~ret15#1 := getEmailTo(~msg#1); {7998#true} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 68: Hoare triple {7998#true} ~handle := #in~handle;havoc ~retValue_acc~11; {7998#true} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 69: Hoare triple {7998#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {7998#true} is VALID [2022-02-20 18:04:18,722 INFO L290 TraceCheckUtils]: 70: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,723 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {7998#true} {7999#false} #784#return; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 72: Hoare triple {7999#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 73: Hoare triple {7999#false} assume 1 == findPublicKey_~handle#1; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 74: Hoare triple {7999#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 75: Hoare triple {7999#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 76: Hoare triple {7999#false} assume !(0 != ~pubkey~0#1); {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 77: Hoare triple {7999#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 78: Hoare triple {7999#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {7999#false} is VALID [2022-02-20 18:04:18,723 INFO L290 TraceCheckUtils]: 79: Hoare triple {7999#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {7999#false} is VALID [2022-02-20 18:04:18,724 INFO L272 TraceCheckUtils]: 80: Hoare triple {7999#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {8049#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:18,724 INFO L290 TraceCheckUtils]: 81: Hoare triple {8049#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:18,724 INFO L290 TraceCheckUtils]: 82: Hoare triple {7998#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:18,724 INFO L290 TraceCheckUtils]: 83: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,724 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7998#true} {7999#false} #790#return; {7999#false} is VALID [2022-02-20 18:04:18,724 INFO L290 TraceCheckUtils]: 85: Hoare triple {7999#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {7999#false} is VALID [2022-02-20 18:04:18,724 INFO L290 TraceCheckUtils]: 86: Hoare triple {7999#false} assume 0 != ~in_encrypted~0; {7999#false} is VALID [2022-02-20 18:04:18,724 INFO L272 TraceCheckUtils]: 87: Hoare triple {7999#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7998#true} is VALID [2022-02-20 18:04:18,724 INFO L290 TraceCheckUtils]: 88: Hoare triple {7998#true} ~handle := #in~handle;havoc ~retValue_acc~14; {7998#true} is VALID [2022-02-20 18:04:18,725 INFO L290 TraceCheckUtils]: 89: Hoare triple {7998#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {7998#true} is VALID [2022-02-20 18:04:18,725 INFO L290 TraceCheckUtils]: 90: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:18,725 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7998#true} {7999#false} #792#return; {7999#false} is VALID [2022-02-20 18:04:18,725 INFO L290 TraceCheckUtils]: 92: Hoare triple {7999#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {7999#false} is VALID [2022-02-20 18:04:18,725 INFO L290 TraceCheckUtils]: 93: Hoare triple {7999#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {7999#false} is VALID [2022-02-20 18:04:18,725 INFO L290 TraceCheckUtils]: 94: Hoare triple {7999#false} assume !false; {7999#false} is VALID [2022-02-20 18:04:18,726 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:18,726 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:18,726 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [74785169] [2022-02-20 18:04:18,726 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [74785169] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:18,726 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1747981785] [2022-02-20 18:04:18,726 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:18,726 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:18,727 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:18,727 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:18,728 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:04:18,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,907 INFO L263 TraceCheckSpWp]: Trace formula consists of 936 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:04:18,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:18,947 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:19,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {7998#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {7998#true} is VALID [2022-02-20 18:04:19,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {7998#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {7998#true} is VALID [2022-02-20 18:04:19,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {7998#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 3: Hoare triple {7998#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 4: Hoare triple {7998#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 5: Hoare triple {7998#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L272 TraceCheckUtils]: 6: Hoare triple {7998#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 7: Hoare triple {7998#true} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 8: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 9: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7998#true} {7998#true} #818#return; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 11: Hoare triple {7998#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L272 TraceCheckUtils]: 12: Hoare triple {7998#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 13: Hoare triple {7998#true} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 14: Hoare triple {7998#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L290 TraceCheckUtils]: 15: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:19,173 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7998#true} {7998#true} #820#return; {7998#true} is VALID [2022-02-20 18:04:19,177 INFO L290 TraceCheckUtils]: 17: Hoare triple {7998#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:19,178 INFO L272 TraceCheckUtils]: 18: Hoare triple {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7998#true} is VALID [2022-02-20 18:04:19,178 INFO L290 TraceCheckUtils]: 19: Hoare triple {7998#true} ~handle := #in~handle;~value := #in~value; {7998#true} is VALID [2022-02-20 18:04:19,178 INFO L290 TraceCheckUtils]: 20: Hoare triple {7998#true} assume !(1 == ~handle); {7998#true} is VALID [2022-02-20 18:04:19,178 INFO L290 TraceCheckUtils]: 21: Hoare triple {7998#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {7998#true} is VALID [2022-02-20 18:04:19,178 INFO L290 TraceCheckUtils]: 22: Hoare triple {7998#true} assume true; {7998#true} is VALID [2022-02-20 18:04:19,178 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {7998#true} {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #822#return; {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:19,178 INFO L290 TraceCheckUtils]: 24: Hoare triple {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:19,179 INFO L272 TraceCheckUtils]: 25: Hoare triple {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7998#true} is VALID [2022-02-20 18:04:19,179 INFO L290 TraceCheckUtils]: 26: Hoare triple {7998#true} ~handle := #in~handle;~value := #in~value; {8132#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:04:19,179 INFO L290 TraceCheckUtils]: 27: Hoare triple {8132#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8136#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:19,179 INFO L290 TraceCheckUtils]: 28: Hoare triple {8136#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {8136#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:19,180 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8136#(<= |setClientPrivateKey_#in~handle| 1)} {8104#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #824#return; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 30: Hoare triple {7999#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L272 TraceCheckUtils]: 31: Hoare triple {7999#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 32: Hoare triple {7999#false} ~handle := #in~handle;~value := #in~value; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 33: Hoare triple {7999#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 34: Hoare triple {7999#false} assume true; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {7999#false} {7999#false} #826#return; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 36: Hoare triple {7999#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L272 TraceCheckUtils]: 37: Hoare triple {7999#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 38: Hoare triple {7999#false} ~handle := #in~handle;~value := #in~value; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 39: Hoare triple {7999#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7999#false} is VALID [2022-02-20 18:04:19,180 INFO L290 TraceCheckUtils]: 40: Hoare triple {7999#false} assume true; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {7999#false} {7999#false} #828#return; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 42: Hoare triple {7999#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 43: Hoare triple {7999#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 44: Hoare triple {7999#false} assume !false; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 45: Hoare triple {7999#false} assume test_~splverifierCounter~0#1 < 4; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 46: Hoare triple {7999#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 47: Hoare triple {7999#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 48: Hoare triple {7999#false} assume !(0 != test_~tmp___9~0#1); {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 49: Hoare triple {7999#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 50: Hoare triple {7999#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 51: Hoare triple {7999#false} assume !false; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 52: Hoare triple {7999#false} assume !(test_~splverifierCounter~0#1 < 4); {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 53: Hoare triple {7999#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L272 TraceCheckUtils]: 54: Hoare triple {7999#false} call sendEmail(~bob~0, ~rjh~0); {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 55: Hoare triple {7999#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L272 TraceCheckUtils]: 56: Hoare triple {7999#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 57: Hoare triple {7999#false} ~handle := #in~handle;~value := #in~value; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 58: Hoare triple {7999#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 59: Hoare triple {7999#false} assume true; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {7999#false} {7999#false} #814#return; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 61: Hoare triple {7999#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 62: Hoare triple {7999#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7999#false} is VALID [2022-02-20 18:04:19,181 INFO L290 TraceCheckUtils]: 63: Hoare triple {7999#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 64: Hoare triple {7999#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L272 TraceCheckUtils]: 65: Hoare triple {7999#false} call outgoing(~sender#1, ~email~0#1); {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 66: Hoare triple {7999#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L272 TraceCheckUtils]: 67: Hoare triple {7999#false} call #t~ret15#1 := getEmailTo(~msg#1); {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 68: Hoare triple {7999#false} ~handle := #in~handle;havoc ~retValue_acc~11; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 69: Hoare triple {7999#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 70: Hoare triple {7999#false} assume true; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {7999#false} {7999#false} #784#return; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 72: Hoare triple {7999#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 73: Hoare triple {7999#false} assume 1 == findPublicKey_~handle#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 74: Hoare triple {7999#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 75: Hoare triple {7999#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 76: Hoare triple {7999#false} assume !(0 != ~pubkey~0#1); {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 77: Hoare triple {7999#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 78: Hoare triple {7999#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 79: Hoare triple {7999#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L272 TraceCheckUtils]: 80: Hoare triple {7999#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 81: Hoare triple {7999#false} ~handle := #in~handle;~value := #in~value; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 82: Hoare triple {7999#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 83: Hoare triple {7999#false} assume true; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7999#false} {7999#false} #790#return; {7999#false} is VALID [2022-02-20 18:04:19,182 INFO L290 TraceCheckUtils]: 85: Hoare triple {7999#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 86: Hoare triple {7999#false} assume 0 != ~in_encrypted~0; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L272 TraceCheckUtils]: 87: Hoare triple {7999#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 88: Hoare triple {7999#false} ~handle := #in~handle;havoc ~retValue_acc~14; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 89: Hoare triple {7999#false} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 90: Hoare triple {7999#false} assume true; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7999#false} {7999#false} #792#return; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 92: Hoare triple {7999#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 93: Hoare triple {7999#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L290 TraceCheckUtils]: 94: Hoare triple {7999#false} assume !false; {7999#false} is VALID [2022-02-20 18:04:19,183 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:04:19,183 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:19,183 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1747981785] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:19,183 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:19,183 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [11] total 14 [2022-02-20 18:04:19,183 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [337517921] [2022-02-20 18:04:19,184 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:19,184 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) Word has length 95 [2022-02-20 18:04:19,184 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:19,184 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:19,237 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 89 edges. 89 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:19,238 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:04:19,238 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:19,238 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:04:19,238 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=28, Invalid=154, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:04:19,238 INFO L87 Difference]: Start difference. First operand 303 states and 467 transitions. Second operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:19,989 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:19,990 INFO L93 Difference]: Finished difference Result 595 states and 923 transitions. [2022-02-20 18:04:19,990 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:04:19,990 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) Word has length 95 [2022-02-20 18:04:19,990 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:19,990 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:19,996 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 761 transitions. [2022-02-20 18:04:19,997 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:20,003 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 761 transitions. [2022-02-20 18:04:20,003 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 761 transitions. [2022-02-20 18:04:20,441 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 761 edges. 761 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:20,446 INFO L225 Difference]: With dead ends: 595 [2022-02-20 18:04:20,446 INFO L226 Difference]: Without dead ends: 305 [2022-02-20 18:04:20,447 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 121 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=178, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:04:20,448 INFO L933 BasicCegarLoop]: 375 mSDtfsCounter, 116 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 136 SdHoareTripleChecker+Valid, 1361 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:20,448 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [136 Valid, 1361 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:20,448 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 305 states. [2022-02-20 18:04:20,524 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 305 to 305. [2022-02-20 18:04:20,524 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:20,525 INFO L82 GeneralOperation]: Start isEquivalent. First operand 305 states. Second operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:20,525 INFO L74 IsIncluded]: Start isIncluded. First operand 305 states. Second operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:20,526 INFO L87 Difference]: Start difference. First operand 305 states. Second operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:20,534 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:20,534 INFO L93 Difference]: Finished difference Result 305 states and 473 transitions. [2022-02-20 18:04:20,534 INFO L276 IsEmpty]: Start isEmpty. Operand 305 states and 473 transitions. [2022-02-20 18:04:20,535 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:20,535 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:20,536 INFO L74 IsIncluded]: Start isIncluded. First operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 305 states. [2022-02-20 18:04:20,536 INFO L87 Difference]: Start difference. First operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 305 states. [2022-02-20 18:04:20,542 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:20,542 INFO L93 Difference]: Finished difference Result 305 states and 473 transitions. [2022-02-20 18:04:20,542 INFO L276 IsEmpty]: Start isEmpty. Operand 305 states and 473 transitions. [2022-02-20 18:04:20,543 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:20,543 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:20,543 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:20,543 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:20,544 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:20,552 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 305 states to 305 states and 473 transitions. [2022-02-20 18:04:20,553 INFO L78 Accepts]: Start accepts. Automaton has 305 states and 473 transitions. Word has length 95 [2022-02-20 18:04:20,553 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:20,554 INFO L470 AbstractCegarLoop]: Abstraction has 305 states and 473 transitions. [2022-02-20 18:04:20,555 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:20,555 INFO L276 IsEmpty]: Start isEmpty. Operand 305 states and 473 transitions. [2022-02-20 18:04:20,556 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 18:04:20,556 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:20,556 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:20,575 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:20,771 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:20,772 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:20,772 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:20,772 INFO L85 PathProgramCache]: Analyzing trace with hash 639964823, now seen corresponding path program 1 times [2022-02-20 18:04:20,772 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:20,772 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2054263313] [2022-02-20 18:04:20,772 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:20,772 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:20,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:20,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,850 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10226#true} #818#return; {10226#true} is VALID [2022-02-20 18:04:20,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:20,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,858 INFO L290 TraceCheckUtils]: 0: Hoare triple {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,859 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,859 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10226#true} #820#return; {10226#true} is VALID [2022-02-20 18:04:20,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:20,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume !(1 == ~handle); {10226#true} is VALID [2022-02-20 18:04:20,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,863 INFO L290 TraceCheckUtils]: 3: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,863 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10226#true} {10226#true} #822#return; {10226#true} is VALID [2022-02-20 18:04:20,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:20,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,866 INFO L290 TraceCheckUtils]: 0: Hoare triple {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume !(1 == ~handle); {10226#true} is VALID [2022-02-20 18:04:20,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,866 INFO L290 TraceCheckUtils]: 3: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,866 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10226#true} {10226#true} #824#return; {10226#true} is VALID [2022-02-20 18:04:20,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:20,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10273#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:20,885 INFO L290 TraceCheckUtils]: 1: Hoare triple {10273#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10274#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:20,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {10274#(= |setClientId_#in~handle| 1)} assume true; {10274#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:20,885 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10274#(= |setClientId_#in~handle| 1)} {10246#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {10227#false} is VALID [2022-02-20 18:04:20,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:20,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #828#return; {10227#false} is VALID [2022-02-20 18:04:20,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:04:20,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {10275#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,916 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #814#return; {10227#false} is VALID [2022-02-20 18:04:20,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:04:20,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,918 INFO L290 TraceCheckUtils]: 0: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~11; {10226#true} is VALID [2022-02-20 18:04:20,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {10226#true} is VALID [2022-02-20 18:04:20,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,918 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #784#return; {10227#false} is VALID [2022-02-20 18:04:20,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:04:20,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {10275#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,920 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #790#return; {10227#false} is VALID [2022-02-20 18:04:20,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:04:20,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:20,923 INFO L290 TraceCheckUtils]: 0: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~14; {10226#true} is VALID [2022-02-20 18:04:20,923 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {10226#true} is VALID [2022-02-20 18:04:20,923 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,923 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #792#return; {10227#false} is VALID [2022-02-20 18:04:20,923 INFO L290 TraceCheckUtils]: 0: Hoare triple {10226#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {10226#true} is VALID [2022-02-20 18:04:20,923 INFO L290 TraceCheckUtils]: 1: Hoare triple {10226#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {10226#true} is VALID [2022-02-20 18:04:20,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {10226#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10226#true} is VALID [2022-02-20 18:04:20,924 INFO L290 TraceCheckUtils]: 3: Hoare triple {10226#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {10226#true} is VALID [2022-02-20 18:04:20,924 INFO L290 TraceCheckUtils]: 4: Hoare triple {10226#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {10226#true} is VALID [2022-02-20 18:04:20,924 INFO L290 TraceCheckUtils]: 5: Hoare triple {10226#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10226#true} is VALID [2022-02-20 18:04:20,925 INFO L272 TraceCheckUtils]: 6: Hoare triple {10226#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:20,925 INFO L290 TraceCheckUtils]: 7: Hoare triple {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,925 INFO L290 TraceCheckUtils]: 8: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,925 INFO L290 TraceCheckUtils]: 9: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,925 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10226#true} {10226#true} #818#return; {10226#true} is VALID [2022-02-20 18:04:20,925 INFO L290 TraceCheckUtils]: 11: Hoare triple {10226#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10226#true} is VALID [2022-02-20 18:04:20,926 INFO L272 TraceCheckUtils]: 12: Hoare triple {10226#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:20,926 INFO L290 TraceCheckUtils]: 13: Hoare triple {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,926 INFO L290 TraceCheckUtils]: 14: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,926 INFO L290 TraceCheckUtils]: 15: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,926 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10226#true} {10226#true} #820#return; {10226#true} is VALID [2022-02-20 18:04:20,926 INFO L290 TraceCheckUtils]: 17: Hoare triple {10226#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10226#true} is VALID [2022-02-20 18:04:20,927 INFO L272 TraceCheckUtils]: 18: Hoare triple {10226#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:20,927 INFO L290 TraceCheckUtils]: 19: Hoare triple {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,927 INFO L290 TraceCheckUtils]: 20: Hoare triple {10226#true} assume !(1 == ~handle); {10226#true} is VALID [2022-02-20 18:04:20,927 INFO L290 TraceCheckUtils]: 21: Hoare triple {10226#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,928 INFO L290 TraceCheckUtils]: 22: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,928 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10226#true} {10226#true} #822#return; {10226#true} is VALID [2022-02-20 18:04:20,928 INFO L290 TraceCheckUtils]: 24: Hoare triple {10226#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {10226#true} is VALID [2022-02-20 18:04:20,928 INFO L272 TraceCheckUtils]: 25: Hoare triple {10226#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:20,928 INFO L290 TraceCheckUtils]: 26: Hoare triple {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,929 INFO L290 TraceCheckUtils]: 27: Hoare triple {10226#true} assume !(1 == ~handle); {10226#true} is VALID [2022-02-20 18:04:20,929 INFO L290 TraceCheckUtils]: 28: Hoare triple {10226#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,929 INFO L290 TraceCheckUtils]: 29: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,929 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {10226#true} {10226#true} #824#return; {10226#true} is VALID [2022-02-20 18:04:20,929 INFO L290 TraceCheckUtils]: 31: Hoare triple {10226#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10246#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:20,930 INFO L272 TraceCheckUtils]: 32: Hoare triple {10246#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:20,930 INFO L290 TraceCheckUtils]: 33: Hoare triple {10271#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10273#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:20,931 INFO L290 TraceCheckUtils]: 34: Hoare triple {10273#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10274#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:20,931 INFO L290 TraceCheckUtils]: 35: Hoare triple {10274#(= |setClientId_#in~handle| 1)} assume true; {10274#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:20,931 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {10274#(= |setClientId_#in~handle| 1)} {10246#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {10227#false} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 37: Hoare triple {10227#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10227#false} is VALID [2022-02-20 18:04:20,932 INFO L272 TraceCheckUtils]: 38: Hoare triple {10227#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 39: Hoare triple {10272#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 40: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 41: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,932 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {10226#true} {10227#false} #828#return; {10227#false} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 43: Hoare triple {10227#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {10227#false} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 44: Hoare triple {10227#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10227#false} is VALID [2022-02-20 18:04:20,932 INFO L290 TraceCheckUtils]: 45: Hoare triple {10227#false} assume !false; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 46: Hoare triple {10227#false} assume test_~splverifierCounter~0#1 < 4; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 47: Hoare triple {10227#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 48: Hoare triple {10227#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 49: Hoare triple {10227#false} assume !(0 != test_~tmp___9~0#1); {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 50: Hoare triple {10227#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 51: Hoare triple {10227#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 52: Hoare triple {10227#false} assume !false; {10227#false} is VALID [2022-02-20 18:04:20,933 INFO L290 TraceCheckUtils]: 53: Hoare triple {10227#false} assume !(test_~splverifierCounter~0#1 < 4); {10227#false} is VALID [2022-02-20 18:04:20,934 INFO L290 TraceCheckUtils]: 54: Hoare triple {10227#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {10227#false} is VALID [2022-02-20 18:04:20,934 INFO L272 TraceCheckUtils]: 55: Hoare triple {10227#false} call sendEmail(~bob~0, ~rjh~0); {10227#false} is VALID [2022-02-20 18:04:20,934 INFO L290 TraceCheckUtils]: 56: Hoare triple {10227#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10227#false} is VALID [2022-02-20 18:04:20,934 INFO L272 TraceCheckUtils]: 57: Hoare triple {10227#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10275#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:20,934 INFO L290 TraceCheckUtils]: 58: Hoare triple {10275#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,934 INFO L290 TraceCheckUtils]: 59: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,934 INFO L290 TraceCheckUtils]: 60: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,934 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {10226#true} {10227#false} #814#return; {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L290 TraceCheckUtils]: 62: Hoare triple {10227#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L290 TraceCheckUtils]: 63: Hoare triple {10227#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L290 TraceCheckUtils]: 64: Hoare triple {10227#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L290 TraceCheckUtils]: 65: Hoare triple {10227#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L272 TraceCheckUtils]: 66: Hoare triple {10227#false} call outgoing(~sender#1, ~email~0#1); {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L290 TraceCheckUtils]: 67: Hoare triple {10227#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {10227#false} is VALID [2022-02-20 18:04:20,935 INFO L272 TraceCheckUtils]: 68: Hoare triple {10227#false} call #t~ret15#1 := getEmailTo(~msg#1); {10226#true} is VALID [2022-02-20 18:04:20,936 INFO L290 TraceCheckUtils]: 69: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~11; {10226#true} is VALID [2022-02-20 18:04:20,936 INFO L290 TraceCheckUtils]: 70: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {10226#true} is VALID [2022-02-20 18:04:20,936 INFO L290 TraceCheckUtils]: 71: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,936 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {10226#true} {10227#false} #784#return; {10227#false} is VALID [2022-02-20 18:04:20,936 INFO L290 TraceCheckUtils]: 73: Hoare triple {10227#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {10227#false} is VALID [2022-02-20 18:04:20,936 INFO L290 TraceCheckUtils]: 74: Hoare triple {10227#false} assume 1 == findPublicKey_~handle#1; {10227#false} is VALID [2022-02-20 18:04:20,936 INFO L290 TraceCheckUtils]: 75: Hoare triple {10227#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {10227#false} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 76: Hoare triple {10227#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {10227#false} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 77: Hoare triple {10227#false} assume !(0 != ~pubkey~0#1); {10227#false} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 78: Hoare triple {10227#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {10227#false} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 79: Hoare triple {10227#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {10227#false} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 80: Hoare triple {10227#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {10227#false} is VALID [2022-02-20 18:04:20,937 INFO L272 TraceCheckUtils]: 81: Hoare triple {10227#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {10275#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 82: Hoare triple {10275#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 83: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID [2022-02-20 18:04:20,937 INFO L290 TraceCheckUtils]: 84: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,938 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {10226#true} {10227#false} #790#return; {10227#false} is VALID [2022-02-20 18:04:20,938 INFO L290 TraceCheckUtils]: 86: Hoare triple {10227#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {10227#false} is VALID [2022-02-20 18:04:20,938 INFO L290 TraceCheckUtils]: 87: Hoare triple {10227#false} assume 0 != ~in_encrypted~0; {10227#false} is VALID [2022-02-20 18:04:20,938 INFO L272 TraceCheckUtils]: 88: Hoare triple {10227#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10226#true} is VALID [2022-02-20 18:04:20,938 INFO L290 TraceCheckUtils]: 89: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~14; {10226#true} is VALID [2022-02-20 18:04:20,938 INFO L290 TraceCheckUtils]: 90: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {10226#true} is VALID [2022-02-20 18:04:20,938 INFO L290 TraceCheckUtils]: 91: Hoare triple {10226#true} assume true; {10226#true} is VALID [2022-02-20 18:04:20,938 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10226#true} {10227#false} #792#return; {10227#false} is VALID [2022-02-20 18:04:20,939 INFO L290 TraceCheckUtils]: 93: Hoare triple {10227#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {10227#false} is VALID [2022-02-20 18:04:20,939 INFO L290 TraceCheckUtils]: 94: Hoare triple {10227#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {10227#false} is VALID [2022-02-20 18:04:20,939 INFO L290 TraceCheckUtils]: 95: Hoare triple {10227#false} assume !false; {10227#false} is VALID [2022-02-20 18:04:20,939 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:20,939 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:20,939 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2054263313] [2022-02-20 18:04:20,940 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2054263313] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:20,940 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:20,940 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:04:20,940 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [501492618] [2022-02-20 18:04:20,940 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:20,941 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 96 [2022-02-20 18:04:20,941 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:20,941 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:20,995 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:20,995 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:04:20,995 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:20,996 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:04:20,996 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:04:20,997 INFO L87 Difference]: Start difference. First operand 305 states and 473 transitions. Second operand has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:24,140 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:24,141 INFO L93 Difference]: Finished difference Result 640 states and 998 transitions. [2022-02-20 18:04:24,141 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:04:24,141 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 96 [2022-02-20 18:04:24,141 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:24,142 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:24,148 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 828 transitions. [2022-02-20 18:04:24,148 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:24,153 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 828 transitions. [2022-02-20 18:04:24,153 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 828 transitions. [2022-02-20 18:04:24,747 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 828 edges. 828 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:24,755 INFO L225 Difference]: With dead ends: 640 [2022-02-20 18:04:24,755 INFO L226 Difference]: Without dead ends: 358 [2022-02-20 18:04:24,756 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:04:24,756 INFO L933 BasicCegarLoop]: 416 mSDtfsCounter, 676 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1175 mSolverCounterSat, 188 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 693 SdHoareTripleChecker+Valid, 1067 SdHoareTripleChecker+Invalid, 1363 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 188 IncrementalHoareTripleChecker+Valid, 1175 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:24,756 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [693 Valid, 1067 Invalid, 1363 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [188 Valid, 1175 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-02-20 18:04:24,757 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 358 states. [2022-02-20 18:04:24,859 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 358 to 305. [2022-02-20 18:04:24,860 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:24,860 INFO L82 GeneralOperation]: Start isEquivalent. First operand 358 states. Second operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 18:04:24,861 INFO L74 IsIncluded]: Start isIncluded. First operand 358 states. Second operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 18:04:24,862 INFO L87 Difference]: Start difference. First operand 358 states. Second operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 18:04:24,869 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:24,869 INFO L93 Difference]: Finished difference Result 358 states and 556 transitions. [2022-02-20 18:04:24,869 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 556 transitions. [2022-02-20 18:04:24,870 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:24,870 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:24,871 INFO L74 IsIncluded]: Start isIncluded. First operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) Second operand 358 states. [2022-02-20 18:04:24,872 INFO L87 Difference]: Start difference. First operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) Second operand 358 states. [2022-02-20 18:04:24,880 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:24,880 INFO L93 Difference]: Finished difference Result 358 states and 556 transitions. [2022-02-20 18:04:24,880 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 556 transitions. [2022-02-20 18:04:24,881 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:24,881 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:24,881 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:24,881 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:24,882 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 305 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 242 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 18:04:24,898 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 305 states to 305 states and 472 transitions. [2022-02-20 18:04:24,898 INFO L78 Accepts]: Start accepts. Automaton has 305 states and 472 transitions. Word has length 96 [2022-02-20 18:04:24,898 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:24,898 INFO L470 AbstractCegarLoop]: Abstraction has 305 states and 472 transitions. [2022-02-20 18:04:24,899 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:24,899 INFO L276 IsEmpty]: Start isEmpty. Operand 305 states and 472 transitions. [2022-02-20 18:04:24,900 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2022-02-20 18:04:24,900 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:24,900 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:24,900 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:04:24,900 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:24,901 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:24,901 INFO L85 PathProgramCache]: Analyzing trace with hash 1163878910, now seen corresponding path program 2 times [2022-02-20 18:04:24,901 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:24,901 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [725973667] [2022-02-20 18:04:24,901 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:24,901 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:24,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:24,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:24,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:24,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:24,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12349#true} #818#return; {12349#true} is VALID [2022-02-20 18:04:24,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:24,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:24,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:24,961 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:24,961 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12349#true} #820#return; {12349#true} is VALID [2022-02-20 18:04:24,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:24,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:24,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume !(1 == ~handle); {12349#true} is VALID [2022-02-20 18:04:24,965 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:24,965 INFO L290 TraceCheckUtils]: 3: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:24,965 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12349#true} {12349#true} #822#return; {12349#true} is VALID [2022-02-20 18:04:24,966 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:24,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:24,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume !(1 == ~handle); {12349#true} is VALID [2022-02-20 18:04:24,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:24,970 INFO L290 TraceCheckUtils]: 3: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:24,970 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12349#true} {12349#true} #824#return; {12349#true} is VALID [2022-02-20 18:04:24,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:24,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:24,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {12397#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:24,986 INFO L290 TraceCheckUtils]: 2: Hoare triple {12397#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12398#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:24,986 INFO L290 TraceCheckUtils]: 3: Hoare triple {12398#(= 2 |setClientId_#in~handle|)} assume true; {12398#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:24,987 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12398#(= 2 |setClientId_#in~handle|)} {12369#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {12350#false} is VALID [2022-02-20 18:04:24,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:04:24,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:24,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:24,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:24,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:24,991 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12350#false} #828#return; {12350#false} is VALID [2022-02-20 18:04:24,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:25,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {12399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,003 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,003 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,003 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12350#false} #814#return; {12350#false} is VALID [2022-02-20 18:04:25,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:04:25,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {12349#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12349#true} is VALID [2022-02-20 18:04:25,006 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {12349#true} is VALID [2022-02-20 18:04:25,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,007 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12350#false} #784#return; {12350#false} is VALID [2022-02-20 18:04:25,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:04:25,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {12399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12350#false} #790#return; {12350#false} is VALID [2022-02-20 18:04:25,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:04:25,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {12349#true} ~handle := #in~handle;havoc ~retValue_acc~14; {12349#true} is VALID [2022-02-20 18:04:25,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {12349#true} is VALID [2022-02-20 18:04:25,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,015 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12349#true} {12350#false} #792#return; {12350#false} is VALID [2022-02-20 18:04:25,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {12349#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {12349#true} is VALID [2022-02-20 18:04:25,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {12349#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {12349#true} is VALID [2022-02-20 18:04:25,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {12349#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12349#true} is VALID [2022-02-20 18:04:25,016 INFO L290 TraceCheckUtils]: 3: Hoare triple {12349#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {12349#true} is VALID [2022-02-20 18:04:25,016 INFO L290 TraceCheckUtils]: 4: Hoare triple {12349#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {12349#true} is VALID [2022-02-20 18:04:25,016 INFO L290 TraceCheckUtils]: 5: Hoare triple {12349#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12349#true} is VALID [2022-02-20 18:04:25,017 INFO L272 TraceCheckUtils]: 6: Hoare triple {12349#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,017 INFO L290 TraceCheckUtils]: 7: Hoare triple {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,017 INFO L290 TraceCheckUtils]: 8: Hoare triple {12349#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,017 INFO L290 TraceCheckUtils]: 9: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,017 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12349#true} {12349#true} #818#return; {12349#true} is VALID [2022-02-20 18:04:25,017 INFO L290 TraceCheckUtils]: 11: Hoare triple {12349#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12349#true} is VALID [2022-02-20 18:04:25,018 INFO L272 TraceCheckUtils]: 12: Hoare triple {12349#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:25,018 INFO L290 TraceCheckUtils]: 13: Hoare triple {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,018 INFO L290 TraceCheckUtils]: 14: Hoare triple {12349#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,018 INFO L290 TraceCheckUtils]: 15: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,018 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12349#true} {12349#true} #820#return; {12349#true} is VALID [2022-02-20 18:04:25,018 INFO L290 TraceCheckUtils]: 17: Hoare triple {12349#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12349#true} is VALID [2022-02-20 18:04:25,019 INFO L272 TraceCheckUtils]: 18: Hoare triple {12349#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,019 INFO L290 TraceCheckUtils]: 19: Hoare triple {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,019 INFO L290 TraceCheckUtils]: 20: Hoare triple {12349#true} assume !(1 == ~handle); {12349#true} is VALID [2022-02-20 18:04:25,019 INFO L290 TraceCheckUtils]: 21: Hoare triple {12349#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,019 INFO L290 TraceCheckUtils]: 22: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,019 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12349#true} {12349#true} #822#return; {12349#true} is VALID [2022-02-20 18:04:25,019 INFO L290 TraceCheckUtils]: 24: Hoare triple {12349#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {12349#true} is VALID [2022-02-20 18:04:25,020 INFO L272 TraceCheckUtils]: 25: Hoare triple {12349#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:25,020 INFO L290 TraceCheckUtils]: 26: Hoare triple {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,020 INFO L290 TraceCheckUtils]: 27: Hoare triple {12349#true} assume !(1 == ~handle); {12349#true} is VALID [2022-02-20 18:04:25,020 INFO L290 TraceCheckUtils]: 28: Hoare triple {12349#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,020 INFO L290 TraceCheckUtils]: 29: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,020 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {12349#true} {12349#true} #824#return; {12349#true} is VALID [2022-02-20 18:04:25,021 INFO L290 TraceCheckUtils]: 31: Hoare triple {12349#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12369#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:25,021 INFO L272 TraceCheckUtils]: 32: Hoare triple {12369#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,022 INFO L290 TraceCheckUtils]: 33: Hoare triple {12395#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,022 INFO L290 TraceCheckUtils]: 34: Hoare triple {12397#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,022 INFO L290 TraceCheckUtils]: 35: Hoare triple {12397#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12398#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,022 INFO L290 TraceCheckUtils]: 36: Hoare triple {12398#(= 2 |setClientId_#in~handle|)} assume true; {12398#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:25,023 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {12398#(= 2 |setClientId_#in~handle|)} {12369#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {12350#false} is VALID [2022-02-20 18:04:25,023 INFO L290 TraceCheckUtils]: 38: Hoare triple {12350#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12350#false} is VALID [2022-02-20 18:04:25,023 INFO L272 TraceCheckUtils]: 39: Hoare triple {12350#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:25,023 INFO L290 TraceCheckUtils]: 40: Hoare triple {12396#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,023 INFO L290 TraceCheckUtils]: 41: Hoare triple {12349#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,023 INFO L290 TraceCheckUtils]: 42: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,023 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {12349#true} {12350#false} #828#return; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 44: Hoare triple {12350#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 45: Hoare triple {12350#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 46: Hoare triple {12350#false} assume !false; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 47: Hoare triple {12350#false} assume test_~splverifierCounter~0#1 < 4; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 48: Hoare triple {12350#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 49: Hoare triple {12350#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 50: Hoare triple {12350#false} assume !(0 != test_~tmp___9~0#1); {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 51: Hoare triple {12350#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {12350#false} is VALID [2022-02-20 18:04:25,024 INFO L290 TraceCheckUtils]: 52: Hoare triple {12350#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12350#false} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 53: Hoare triple {12350#false} assume !false; {12350#false} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 54: Hoare triple {12350#false} assume !(test_~splverifierCounter~0#1 < 4); {12350#false} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 55: Hoare triple {12350#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {12350#false} is VALID [2022-02-20 18:04:25,025 INFO L272 TraceCheckUtils]: 56: Hoare triple {12350#false} call sendEmail(~bob~0, ~rjh~0); {12350#false} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 57: Hoare triple {12350#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12350#false} is VALID [2022-02-20 18:04:25,025 INFO L272 TraceCheckUtils]: 58: Hoare triple {12350#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 59: Hoare triple {12399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 60: Hoare triple {12349#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,025 INFO L290 TraceCheckUtils]: 61: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,026 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {12349#true} {12350#false} #814#return; {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 63: Hoare triple {12350#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 64: Hoare triple {12350#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 65: Hoare triple {12350#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 66: Hoare triple {12350#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L272 TraceCheckUtils]: 67: Hoare triple {12350#false} call outgoing(~sender#1, ~email~0#1); {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 68: Hoare triple {12350#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {12350#false} is VALID [2022-02-20 18:04:25,026 INFO L272 TraceCheckUtils]: 69: Hoare triple {12350#false} call #t~ret15#1 := getEmailTo(~msg#1); {12349#true} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 70: Hoare triple {12349#true} ~handle := #in~handle;havoc ~retValue_acc~11; {12349#true} is VALID [2022-02-20 18:04:25,026 INFO L290 TraceCheckUtils]: 71: Hoare triple {12349#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {12349#true} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 72: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,027 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {12349#true} {12350#false} #784#return; {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 74: Hoare triple {12350#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 75: Hoare triple {12350#false} assume 1 == findPublicKey_~handle#1; {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 76: Hoare triple {12350#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 77: Hoare triple {12350#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 78: Hoare triple {12350#false} assume !(0 != ~pubkey~0#1); {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 79: Hoare triple {12350#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {12350#false} is VALID [2022-02-20 18:04:25,027 INFO L290 TraceCheckUtils]: 80: Hoare triple {12350#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {12350#false} is VALID [2022-02-20 18:04:25,028 INFO L290 TraceCheckUtils]: 81: Hoare triple {12350#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {12350#false} is VALID [2022-02-20 18:04:25,028 INFO L272 TraceCheckUtils]: 82: Hoare triple {12350#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {12399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:25,028 INFO L290 TraceCheckUtils]: 83: Hoare triple {12399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12349#true} is VALID [2022-02-20 18:04:25,028 INFO L290 TraceCheckUtils]: 84: Hoare triple {12349#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12349#true} is VALID [2022-02-20 18:04:25,028 INFO L290 TraceCheckUtils]: 85: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,028 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {12349#true} {12350#false} #790#return; {12350#false} is VALID [2022-02-20 18:04:25,028 INFO L290 TraceCheckUtils]: 87: Hoare triple {12350#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {12350#false} is VALID [2022-02-20 18:04:25,028 INFO L290 TraceCheckUtils]: 88: Hoare triple {12350#false} assume 0 != ~in_encrypted~0; {12350#false} is VALID [2022-02-20 18:04:25,028 INFO L272 TraceCheckUtils]: 89: Hoare triple {12350#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {12349#true} is VALID [2022-02-20 18:04:25,029 INFO L290 TraceCheckUtils]: 90: Hoare triple {12349#true} ~handle := #in~handle;havoc ~retValue_acc~14; {12349#true} is VALID [2022-02-20 18:04:25,029 INFO L290 TraceCheckUtils]: 91: Hoare triple {12349#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {12349#true} is VALID [2022-02-20 18:04:25,029 INFO L290 TraceCheckUtils]: 92: Hoare triple {12349#true} assume true; {12349#true} is VALID [2022-02-20 18:04:25,029 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {12349#true} {12350#false} #792#return; {12350#false} is VALID [2022-02-20 18:04:25,029 INFO L290 TraceCheckUtils]: 94: Hoare triple {12350#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {12350#false} is VALID [2022-02-20 18:04:25,029 INFO L290 TraceCheckUtils]: 95: Hoare triple {12350#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {12350#false} is VALID [2022-02-20 18:04:25,029 INFO L290 TraceCheckUtils]: 96: Hoare triple {12350#false} assume !false; {12350#false} is VALID [2022-02-20 18:04:25,029 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:04:25,030 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:25,030 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [725973667] [2022-02-20 18:04:25,030 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [725973667] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:25,030 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:25,030 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:04:25,030 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1059310439] [2022-02-20 18:04:25,030 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:25,031 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 97 [2022-02-20 18:04:25,031 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:25,031 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:25,079 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:25,079 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:04:25,079 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:25,079 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:04:25,080 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:04:25,080 INFO L87 Difference]: Start difference. First operand 305 states and 472 transitions. Second operand has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:28,218 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:28,218 INFO L93 Difference]: Finished difference Result 642 states and 1001 transitions. [2022-02-20 18:04:28,218 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:04:28,218 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 97 [2022-02-20 18:04:28,219 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:28,219 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:28,224 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 829 transitions. [2022-02-20 18:04:28,224 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:28,229 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 829 transitions. [2022-02-20 18:04:28,230 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 829 transitions. [2022-02-20 18:04:28,806 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 829 edges. 829 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:28,813 INFO L225 Difference]: With dead ends: 642 [2022-02-20 18:04:28,814 INFO L226 Difference]: Without dead ends: 360 [2022-02-20 18:04:28,815 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:04:28,815 INFO L933 BasicCegarLoop]: 417 mSDtfsCounter, 672 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1180 mSolverCounterSat, 190 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 689 SdHoareTripleChecker+Valid, 1068 SdHoareTripleChecker+Invalid, 1370 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 190 IncrementalHoareTripleChecker+Valid, 1180 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:28,815 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [689 Valid, 1068 Invalid, 1370 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [190 Valid, 1180 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-02-20 18:04:28,816 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 360 states. [2022-02-20 18:04:28,908 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 360 to 307. [2022-02-20 18:04:28,908 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:28,909 INFO L82 GeneralOperation]: Start isEquivalent. First operand 360 states. Second operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 18:04:28,910 INFO L74 IsIncluded]: Start isIncluded. First operand 360 states. Second operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 18:04:28,911 INFO L87 Difference]: Start difference. First operand 360 states. Second operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 18:04:28,921 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:28,922 INFO L93 Difference]: Finished difference Result 360 states and 559 transitions. [2022-02-20 18:04:28,922 INFO L276 IsEmpty]: Start isEmpty. Operand 360 states and 559 transitions. [2022-02-20 18:04:28,923 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:28,923 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:28,924 INFO L74 IsIncluded]: Start isIncluded. First operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) Second operand 360 states. [2022-02-20 18:04:28,924 INFO L87 Difference]: Start difference. First operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) Second operand 360 states. [2022-02-20 18:04:28,932 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:28,932 INFO L93 Difference]: Finished difference Result 360 states and 559 transitions. [2022-02-20 18:04:28,932 INFO L276 IsEmpty]: Start isEmpty. Operand 360 states and 559 transitions. [2022-02-20 18:04:28,933 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:28,934 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:28,934 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:28,934 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:28,935 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 18:04:28,942 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 307 states to 307 states and 475 transitions. [2022-02-20 18:04:28,943 INFO L78 Accepts]: Start accepts. Automaton has 307 states and 475 transitions. Word has length 97 [2022-02-20 18:04:28,943 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:28,943 INFO L470 AbstractCegarLoop]: Abstraction has 307 states and 475 transitions. [2022-02-20 18:04:28,944 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 18:04:28,944 INFO L276 IsEmpty]: Start isEmpty. Operand 307 states and 475 transitions. [2022-02-20 18:04:28,946 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 18:04:28,946 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:28,947 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:28,947 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:04:28,947 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:28,948 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:28,948 INFO L85 PathProgramCache]: Analyzing trace with hash -223956590, now seen corresponding path program 1 times [2022-02-20 18:04:28,948 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:28,948 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [131963419] [2022-02-20 18:04:28,948 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:28,948 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:28,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:29,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,013 INFO L290 TraceCheckUtils]: 0: Hoare triple {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,013 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,013 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,013 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14481#true} {14481#true} #818#return; {14481#true} is VALID [2022-02-20 18:04:29,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:29,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14481#true} {14481#true} #820#return; {14481#true} is VALID [2022-02-20 18:04:29,022 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:29,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume !(1 == ~handle); {14481#true} is VALID [2022-02-20 18:04:29,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,026 INFO L290 TraceCheckUtils]: 3: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,026 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14481#true} {14481#true} #822#return; {14481#true} is VALID [2022-02-20 18:04:29,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:29,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume !(1 == ~handle); {14481#true} is VALID [2022-02-20 18:04:29,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,031 INFO L290 TraceCheckUtils]: 3: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,031 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14481#true} {14481#true} #824#return; {14481#true} is VALID [2022-02-20 18:04:29,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:29,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14531#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {14531#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14531#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {14531#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {14531#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,050 INFO L290 TraceCheckUtils]: 3: Hoare triple {14531#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {14532#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,050 INFO L290 TraceCheckUtils]: 4: Hoare triple {14532#(= 3 |setClientId_#in~handle|)} assume true; {14532#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,051 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {14532#(= 3 |setClientId_#in~handle|)} {14501#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:29,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:29,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14533#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:29,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {14533#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14534#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:29,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {14534#(= |setClientPrivateKey_#in~handle| 1)} assume true; {14534#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:29,090 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14534#(= |setClientPrivateKey_#in~handle| 1)} {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #828#return; {14482#false} is VALID [2022-02-20 18:04:29,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:04:29,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {14535#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,099 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,100 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14481#true} {14482#false} #814#return; {14482#false} is VALID [2022-02-20 18:04:29,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:04:29,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {14481#true} ~handle := #in~handle;havoc ~retValue_acc~11; {14481#true} is VALID [2022-02-20 18:04:29,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {14481#true} is VALID [2022-02-20 18:04:29,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,102 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14481#true} {14482#false} #784#return; {14482#false} is VALID [2022-02-20 18:04:29,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:04:29,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,105 INFO L290 TraceCheckUtils]: 0: Hoare triple {14535#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,105 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,105 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,105 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14481#true} {14482#false} #790#return; {14482#false} is VALID [2022-02-20 18:04:29,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:04:29,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:29,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {14481#true} ~handle := #in~handle;havoc ~retValue_acc~14; {14481#true} is VALID [2022-02-20 18:04:29,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {14481#true} is VALID [2022-02-20 18:04:29,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14481#true} {14482#false} #792#return; {14482#false} is VALID [2022-02-20 18:04:29,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {14481#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {14481#true} is VALID [2022-02-20 18:04:29,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {14481#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {14481#true} is VALID [2022-02-20 18:04:29,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {14481#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14481#true} is VALID [2022-02-20 18:04:29,109 INFO L290 TraceCheckUtils]: 3: Hoare triple {14481#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {14481#true} is VALID [2022-02-20 18:04:29,109 INFO L290 TraceCheckUtils]: 4: Hoare triple {14481#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {14481#true} is VALID [2022-02-20 18:04:29,109 INFO L290 TraceCheckUtils]: 5: Hoare triple {14481#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14481#true} is VALID [2022-02-20 18:04:29,109 INFO L272 TraceCheckUtils]: 6: Hoare triple {14481#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:29,109 INFO L290 TraceCheckUtils]: 7: Hoare triple {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,110 INFO L290 TraceCheckUtils]: 8: Hoare triple {14481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,110 INFO L290 TraceCheckUtils]: 9: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,110 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14481#true} {14481#true} #818#return; {14481#true} is VALID [2022-02-20 18:04:29,110 INFO L290 TraceCheckUtils]: 11: Hoare triple {14481#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14481#true} is VALID [2022-02-20 18:04:29,110 INFO L272 TraceCheckUtils]: 12: Hoare triple {14481#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:29,110 INFO L290 TraceCheckUtils]: 13: Hoare triple {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,111 INFO L290 TraceCheckUtils]: 14: Hoare triple {14481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,111 INFO L290 TraceCheckUtils]: 15: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,111 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14481#true} {14481#true} #820#return; {14481#true} is VALID [2022-02-20 18:04:29,111 INFO L290 TraceCheckUtils]: 17: Hoare triple {14481#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14481#true} is VALID [2022-02-20 18:04:29,111 INFO L272 TraceCheckUtils]: 18: Hoare triple {14481#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:29,111 INFO L290 TraceCheckUtils]: 19: Hoare triple {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,112 INFO L290 TraceCheckUtils]: 20: Hoare triple {14481#true} assume !(1 == ~handle); {14481#true} is VALID [2022-02-20 18:04:29,112 INFO L290 TraceCheckUtils]: 21: Hoare triple {14481#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,112 INFO L290 TraceCheckUtils]: 22: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,112 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14481#true} {14481#true} #822#return; {14481#true} is VALID [2022-02-20 18:04:29,112 INFO L290 TraceCheckUtils]: 24: Hoare triple {14481#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14481#true} is VALID [2022-02-20 18:04:29,112 INFO L272 TraceCheckUtils]: 25: Hoare triple {14481#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:29,113 INFO L290 TraceCheckUtils]: 26: Hoare triple {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,113 INFO L290 TraceCheckUtils]: 27: Hoare triple {14481#true} assume !(1 == ~handle); {14481#true} is VALID [2022-02-20 18:04:29,113 INFO L290 TraceCheckUtils]: 28: Hoare triple {14481#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,113 INFO L290 TraceCheckUtils]: 29: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,113 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14481#true} {14481#true} #824#return; {14481#true} is VALID [2022-02-20 18:04:29,113 INFO L290 TraceCheckUtils]: 31: Hoare triple {14481#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14501#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:29,114 INFO L272 TraceCheckUtils]: 32: Hoare triple {14501#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:29,114 INFO L290 TraceCheckUtils]: 33: Hoare triple {14529#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14531#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,114 INFO L290 TraceCheckUtils]: 34: Hoare triple {14531#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14531#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,115 INFO L290 TraceCheckUtils]: 35: Hoare triple {14531#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {14531#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,115 INFO L290 TraceCheckUtils]: 36: Hoare triple {14531#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {14532#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,115 INFO L290 TraceCheckUtils]: 37: Hoare triple {14532#(= 3 |setClientId_#in~handle|)} assume true; {14532#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:29,116 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {14532#(= 3 |setClientId_#in~handle|)} {14501#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:29,116 INFO L290 TraceCheckUtils]: 39: Hoare triple {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:29,116 INFO L272 TraceCheckUtils]: 40: Hoare triple {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:29,117 INFO L290 TraceCheckUtils]: 41: Hoare triple {14530#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14533#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:29,117 INFO L290 TraceCheckUtils]: 42: Hoare triple {14533#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14534#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:29,117 INFO L290 TraceCheckUtils]: 43: Hoare triple {14534#(= |setClientPrivateKey_#in~handle| 1)} assume true; {14534#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:29,118 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {14534#(= |setClientPrivateKey_#in~handle| 1)} {14508#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #828#return; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 45: Hoare triple {14482#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 46: Hoare triple {14482#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 47: Hoare triple {14482#false} assume !false; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 48: Hoare triple {14482#false} assume test_~splverifierCounter~0#1 < 4; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 49: Hoare triple {14482#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 50: Hoare triple {14482#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {14482#false} is VALID [2022-02-20 18:04:29,118 INFO L290 TraceCheckUtils]: 51: Hoare triple {14482#false} assume !(0 != test_~tmp___9~0#1); {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 52: Hoare triple {14482#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 53: Hoare triple {14482#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 54: Hoare triple {14482#false} assume !false; {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 55: Hoare triple {14482#false} assume !(test_~splverifierCounter~0#1 < 4); {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 56: Hoare triple {14482#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L272 TraceCheckUtils]: 57: Hoare triple {14482#false} call sendEmail(~bob~0, ~rjh~0); {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 58: Hoare triple {14482#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14482#false} is VALID [2022-02-20 18:04:29,119 INFO L272 TraceCheckUtils]: 59: Hoare triple {14482#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14535#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:29,119 INFO L290 TraceCheckUtils]: 60: Hoare triple {14535#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 61: Hoare triple {14481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 62: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,120 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {14481#true} {14482#false} #814#return; {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 64: Hoare triple {14482#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 65: Hoare triple {14482#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 66: Hoare triple {14482#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 67: Hoare triple {14482#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L272 TraceCheckUtils]: 68: Hoare triple {14482#false} call outgoing(~sender#1, ~email~0#1); {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L290 TraceCheckUtils]: 69: Hoare triple {14482#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {14482#false} is VALID [2022-02-20 18:04:29,120 INFO L272 TraceCheckUtils]: 70: Hoare triple {14482#false} call #t~ret15#1 := getEmailTo(~msg#1); {14481#true} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 71: Hoare triple {14481#true} ~handle := #in~handle;havoc ~retValue_acc~11; {14481#true} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 72: Hoare triple {14481#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {14481#true} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 73: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,121 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {14481#true} {14482#false} #784#return; {14482#false} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 75: Hoare triple {14482#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {14482#false} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 76: Hoare triple {14482#false} assume 1 == findPublicKey_~handle#1; {14482#false} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 77: Hoare triple {14482#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {14482#false} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 78: Hoare triple {14482#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {14482#false} is VALID [2022-02-20 18:04:29,121 INFO L290 TraceCheckUtils]: 79: Hoare triple {14482#false} assume !(0 != ~pubkey~0#1); {14482#false} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 80: Hoare triple {14482#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {14482#false} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 81: Hoare triple {14482#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {14482#false} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 82: Hoare triple {14482#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {14482#false} is VALID [2022-02-20 18:04:29,122 INFO L272 TraceCheckUtils]: 83: Hoare triple {14482#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {14535#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 84: Hoare triple {14535#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14481#true} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 85: Hoare triple {14481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14481#true} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 86: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,122 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {14481#true} {14482#false} #790#return; {14482#false} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 88: Hoare triple {14482#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {14482#false} is VALID [2022-02-20 18:04:29,122 INFO L290 TraceCheckUtils]: 89: Hoare triple {14482#false} assume 0 != ~in_encrypted~0; {14482#false} is VALID [2022-02-20 18:04:29,123 INFO L272 TraceCheckUtils]: 90: Hoare triple {14482#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {14481#true} is VALID [2022-02-20 18:04:29,123 INFO L290 TraceCheckUtils]: 91: Hoare triple {14481#true} ~handle := #in~handle;havoc ~retValue_acc~14; {14481#true} is VALID [2022-02-20 18:04:29,123 INFO L290 TraceCheckUtils]: 92: Hoare triple {14481#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {14481#true} is VALID [2022-02-20 18:04:29,123 INFO L290 TraceCheckUtils]: 93: Hoare triple {14481#true} assume true; {14481#true} is VALID [2022-02-20 18:04:29,123 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {14481#true} {14482#false} #792#return; {14482#false} is VALID [2022-02-20 18:04:29,123 INFO L290 TraceCheckUtils]: 95: Hoare triple {14482#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {14482#false} is VALID [2022-02-20 18:04:29,123 INFO L290 TraceCheckUtils]: 96: Hoare triple {14482#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {14482#false} is VALID [2022-02-20 18:04:29,123 INFO L290 TraceCheckUtils]: 97: Hoare triple {14482#false} assume !false; {14482#false} is VALID [2022-02-20 18:04:29,124 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:29,124 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:29,124 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [131963419] [2022-02-20 18:04:29,124 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [131963419] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:29,124 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:29,124 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:04:29,124 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1263674979] [2022-02-20 18:04:29,124 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:29,125 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 98 [2022-02-20 18:04:29,125 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:29,125 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:29,174 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:29,174 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:04:29,174 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:29,175 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:04:29,175 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:04:29,175 INFO L87 Difference]: Start difference. First operand 307 states and 475 transitions. Second operand has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:33,863 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:33,864 INFO L93 Difference]: Finished difference Result 640 states and 996 transitions. [2022-02-20 18:04:33,864 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:04:33,864 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 98 [2022-02-20 18:04:33,864 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:33,864 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:33,869 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 830 transitions. [2022-02-20 18:04:33,870 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:33,875 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 830 transitions. [2022-02-20 18:04:33,875 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 830 transitions. [2022-02-20 18:04:34,475 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 830 edges. 830 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:34,483 INFO L225 Difference]: With dead ends: 640 [2022-02-20 18:04:34,483 INFO L226 Difference]: Without dead ends: 360 [2022-02-20 18:04:34,484 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:04:34,484 INFO L933 BasicCegarLoop]: 403 mSDtfsCounter, 778 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2166 mSolverCounterSat, 238 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 778 SdHoareTripleChecker+Valid, 1355 SdHoareTripleChecker+Invalid, 2404 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 238 IncrementalHoareTripleChecker+Valid, 2166 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:34,485 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [778 Valid, 1355 Invalid, 2404 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [238 Valid, 2166 Invalid, 0 Unknown, 0 Unchecked, 2.1s Time] [2022-02-20 18:04:34,485 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 360 states. [2022-02-20 18:04:34,554 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 360 to 307. [2022-02-20 18:04:34,554 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:34,556 INFO L82 GeneralOperation]: Start isEquivalent. First operand 360 states. Second operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:34,556 INFO L74 IsIncluded]: Start isIncluded. First operand 360 states. Second operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:34,557 INFO L87 Difference]: Start difference. First operand 360 states. Second operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:34,564 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:34,564 INFO L93 Difference]: Finished difference Result 360 states and 558 transitions. [2022-02-20 18:04:34,564 INFO L276 IsEmpty]: Start isEmpty. Operand 360 states and 558 transitions. [2022-02-20 18:04:34,565 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:34,565 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:34,567 INFO L74 IsIncluded]: Start isIncluded. First operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 360 states. [2022-02-20 18:04:34,567 INFO L87 Difference]: Start difference. First operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 360 states. [2022-02-20 18:04:34,579 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:34,579 INFO L93 Difference]: Finished difference Result 360 states and 558 transitions. [2022-02-20 18:04:34,580 INFO L276 IsEmpty]: Start isEmpty. Operand 360 states and 558 transitions. [2022-02-20 18:04:34,581 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:34,581 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:34,581 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:34,581 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:34,582 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 307 states, 238 states have (on average 1.546218487394958) internal successors, (368), 244 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 18:04:34,588 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 307 states to 307 states and 474 transitions. [2022-02-20 18:04:34,588 INFO L78 Accepts]: Start accepts. Automaton has 307 states and 474 transitions. Word has length 98 [2022-02-20 18:04:34,588 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:34,588 INFO L470 AbstractCegarLoop]: Abstraction has 307 states and 474 transitions. [2022-02-20 18:04:34,589 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:34,589 INFO L276 IsEmpty]: Start isEmpty. Operand 307 states and 474 transitions. [2022-02-20 18:04:34,590 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 18:04:34,590 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:34,590 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:34,590 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:04:34,590 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:34,591 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:34,591 INFO L85 PathProgramCache]: Analyzing trace with hash 749423346, now seen corresponding path program 2 times [2022-02-20 18:04:34,591 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:34,591 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1298265544] [2022-02-20 18:04:34,591 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:34,591 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:34,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:34,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,643 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16622#true} {16622#true} #818#return; {16622#true} is VALID [2022-02-20 18:04:34,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:34,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,652 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,652 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16622#true} {16622#true} #820#return; {16622#true} is VALID [2022-02-20 18:04:34,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:34,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume !(1 == ~handle); {16622#true} is VALID [2022-02-20 18:04:34,655 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,655 INFO L290 TraceCheckUtils]: 3: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,655 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16622#true} {16622#true} #822#return; {16622#true} is VALID [2022-02-20 18:04:34,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:34,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume !(1 == ~handle); {16622#true} is VALID [2022-02-20 18:04:34,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,663 INFO L290 TraceCheckUtils]: 3: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,663 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16622#true} {16622#true} #824#return; {16622#true} is VALID [2022-02-20 18:04:34,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:34,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {16673#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {16673#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {16673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,679 INFO L290 TraceCheckUtils]: 3: Hoare triple {16673#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {16674#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,680 INFO L290 TraceCheckUtils]: 4: Hoare triple {16674#(= 3 |setClientId_#in~handle|)} assume true; {16674#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,680 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {16674#(= 3 |setClientId_#in~handle|)} {16642#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:34,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:34,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16676#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,695 INFO L290 TraceCheckUtils]: 3: Hoare triple {16676#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {16676#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,696 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16676#(= 2 |setClientPrivateKey_#in~handle|)} {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #828#return; {16623#false} is VALID [2022-02-20 18:04:34,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:04:34,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {16677#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,705 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16622#true} {16623#false} #814#return; {16623#false} is VALID [2022-02-20 18:04:34,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:04:34,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {16622#true} ~handle := #in~handle;havoc ~retValue_acc~11; {16622#true} is VALID [2022-02-20 18:04:34,707 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {16622#true} is VALID [2022-02-20 18:04:34,707 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,707 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16622#true} {16623#false} #784#return; {16623#false} is VALID [2022-02-20 18:04:34,708 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:04:34,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {16677#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,709 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16622#true} {16623#false} #790#return; {16623#false} is VALID [2022-02-20 18:04:34,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:04:34,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:34,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {16622#true} ~handle := #in~handle;havoc ~retValue_acc~14; {16622#true} is VALID [2022-02-20 18:04:34,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16622#true} {16623#false} #792#return; {16623#false} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {16622#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {16622#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {16622#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 3: Hoare triple {16622#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 4: Hoare triple {16622#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {16622#true} is VALID [2022-02-20 18:04:34,713 INFO L290 TraceCheckUtils]: 5: Hoare triple {16622#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16622#true} is VALID [2022-02-20 18:04:34,714 INFO L272 TraceCheckUtils]: 6: Hoare triple {16622#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:34,714 INFO L290 TraceCheckUtils]: 7: Hoare triple {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,714 INFO L290 TraceCheckUtils]: 8: Hoare triple {16622#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,714 INFO L290 TraceCheckUtils]: 9: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,714 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16622#true} {16622#true} #818#return; {16622#true} is VALID [2022-02-20 18:04:34,715 INFO L290 TraceCheckUtils]: 11: Hoare triple {16622#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16622#true} is VALID [2022-02-20 18:04:34,715 INFO L272 TraceCheckUtils]: 12: Hoare triple {16622#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:34,715 INFO L290 TraceCheckUtils]: 13: Hoare triple {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,715 INFO L290 TraceCheckUtils]: 14: Hoare triple {16622#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,715 INFO L290 TraceCheckUtils]: 15: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,715 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16622#true} {16622#true} #820#return; {16622#true} is VALID [2022-02-20 18:04:34,716 INFO L290 TraceCheckUtils]: 17: Hoare triple {16622#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16622#true} is VALID [2022-02-20 18:04:34,716 INFO L272 TraceCheckUtils]: 18: Hoare triple {16622#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:34,716 INFO L290 TraceCheckUtils]: 19: Hoare triple {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,716 INFO L290 TraceCheckUtils]: 20: Hoare triple {16622#true} assume !(1 == ~handle); {16622#true} is VALID [2022-02-20 18:04:34,716 INFO L290 TraceCheckUtils]: 21: Hoare triple {16622#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,716 INFO L290 TraceCheckUtils]: 22: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,717 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16622#true} {16622#true} #822#return; {16622#true} is VALID [2022-02-20 18:04:34,717 INFO L290 TraceCheckUtils]: 24: Hoare triple {16622#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16622#true} is VALID [2022-02-20 18:04:34,717 INFO L272 TraceCheckUtils]: 25: Hoare triple {16622#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:34,717 INFO L290 TraceCheckUtils]: 26: Hoare triple {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,717 INFO L290 TraceCheckUtils]: 27: Hoare triple {16622#true} assume !(1 == ~handle); {16622#true} is VALID [2022-02-20 18:04:34,717 INFO L290 TraceCheckUtils]: 28: Hoare triple {16622#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,718 INFO L290 TraceCheckUtils]: 29: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,718 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16622#true} {16622#true} #824#return; {16622#true} is VALID [2022-02-20 18:04:34,718 INFO L290 TraceCheckUtils]: 31: Hoare triple {16622#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16642#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:34,719 INFO L272 TraceCheckUtils]: 32: Hoare triple {16642#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:34,719 INFO L290 TraceCheckUtils]: 33: Hoare triple {16671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,719 INFO L290 TraceCheckUtils]: 34: Hoare triple {16673#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,719 INFO L290 TraceCheckUtils]: 35: Hoare triple {16673#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {16673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,720 INFO L290 TraceCheckUtils]: 36: Hoare triple {16673#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {16674#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,720 INFO L290 TraceCheckUtils]: 37: Hoare triple {16674#(= 3 |setClientId_#in~handle|)} assume true; {16674#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:34,720 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {16674#(= 3 |setClientId_#in~handle|)} {16642#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #826#return; {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:34,721 INFO L290 TraceCheckUtils]: 39: Hoare triple {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:34,721 INFO L272 TraceCheckUtils]: 40: Hoare triple {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:34,721 INFO L290 TraceCheckUtils]: 41: Hoare triple {16672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,722 INFO L290 TraceCheckUtils]: 42: Hoare triple {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,722 INFO L290 TraceCheckUtils]: 43: Hoare triple {16675#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16676#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,722 INFO L290 TraceCheckUtils]: 44: Hoare triple {16676#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {16676#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:34,723 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {16676#(= 2 |setClientPrivateKey_#in~handle|)} {16649#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #828#return; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 46: Hoare triple {16623#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 47: Hoare triple {16623#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 48: Hoare triple {16623#false} assume !false; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 49: Hoare triple {16623#false} assume test_~splverifierCounter~0#1 < 4; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 50: Hoare triple {16623#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 51: Hoare triple {16623#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 52: Hoare triple {16623#false} assume !(0 != test_~tmp___9~0#1); {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 53: Hoare triple {16623#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {16623#false} is VALID [2022-02-20 18:04:34,723 INFO L290 TraceCheckUtils]: 54: Hoare triple {16623#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {16623#false} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 55: Hoare triple {16623#false} assume !false; {16623#false} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 56: Hoare triple {16623#false} assume !(test_~splverifierCounter~0#1 < 4); {16623#false} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 57: Hoare triple {16623#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {16623#false} is VALID [2022-02-20 18:04:34,724 INFO L272 TraceCheckUtils]: 58: Hoare triple {16623#false} call sendEmail(~bob~0, ~rjh~0); {16623#false} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 59: Hoare triple {16623#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16623#false} is VALID [2022-02-20 18:04:34,724 INFO L272 TraceCheckUtils]: 60: Hoare triple {16623#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16677#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 61: Hoare triple {16677#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 62: Hoare triple {16622#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,724 INFO L290 TraceCheckUtils]: 63: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,724 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {16622#true} {16623#false} #814#return; {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 65: Hoare triple {16623#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 66: Hoare triple {16623#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 67: Hoare triple {16623#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 68: Hoare triple {16623#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L272 TraceCheckUtils]: 69: Hoare triple {16623#false} call outgoing(~sender#1, ~email~0#1); {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 70: Hoare triple {16623#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {16623#false} is VALID [2022-02-20 18:04:34,725 INFO L272 TraceCheckUtils]: 71: Hoare triple {16623#false} call #t~ret15#1 := getEmailTo(~msg#1); {16622#true} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 72: Hoare triple {16622#true} ~handle := #in~handle;havoc ~retValue_acc~11; {16622#true} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 73: Hoare triple {16622#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {16622#true} is VALID [2022-02-20 18:04:34,725 INFO L290 TraceCheckUtils]: 74: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,726 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {16622#true} {16623#false} #784#return; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 76: Hoare triple {16623#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 77: Hoare triple {16623#false} assume 1 == findPublicKey_~handle#1; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 78: Hoare triple {16623#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 79: Hoare triple {16623#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 80: Hoare triple {16623#false} assume !(0 != ~pubkey~0#1); {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 81: Hoare triple {16623#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 82: Hoare triple {16623#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {16623#false} is VALID [2022-02-20 18:04:34,726 INFO L290 TraceCheckUtils]: 83: Hoare triple {16623#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {16623#false} is VALID [2022-02-20 18:04:34,727 INFO L272 TraceCheckUtils]: 84: Hoare triple {16623#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {16677#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 85: Hoare triple {16677#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16622#true} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 86: Hoare triple {16622#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16622#true} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 87: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,727 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {16622#true} {16623#false} #790#return; {16623#false} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 89: Hoare triple {16623#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {16623#false} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 90: Hoare triple {16623#false} assume 0 != ~in_encrypted~0; {16623#false} is VALID [2022-02-20 18:04:34,727 INFO L272 TraceCheckUtils]: 91: Hoare triple {16623#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {16622#true} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 92: Hoare triple {16622#true} ~handle := #in~handle;havoc ~retValue_acc~14; {16622#true} is VALID [2022-02-20 18:04:34,727 INFO L290 TraceCheckUtils]: 93: Hoare triple {16622#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {16622#true} is VALID [2022-02-20 18:04:34,728 INFO L290 TraceCheckUtils]: 94: Hoare triple {16622#true} assume true; {16622#true} is VALID [2022-02-20 18:04:34,728 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {16622#true} {16623#false} #792#return; {16623#false} is VALID [2022-02-20 18:04:34,728 INFO L290 TraceCheckUtils]: 96: Hoare triple {16623#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {16623#false} is VALID [2022-02-20 18:04:34,728 INFO L290 TraceCheckUtils]: 97: Hoare triple {16623#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {16623#false} is VALID [2022-02-20 18:04:34,728 INFO L290 TraceCheckUtils]: 98: Hoare triple {16623#false} assume !false; {16623#false} is VALID [2022-02-20 18:04:34,728 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:34,728 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:34,728 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1298265544] [2022-02-20 18:04:34,729 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1298265544] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:34,729 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:34,729 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:04:34,729 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [717520395] [2022-02-20 18:04:34,729 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:34,729 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 99 [2022-02-20 18:04:34,730 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:34,730 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:34,779 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:34,780 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:04:34,780 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:34,780 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:04:34,780 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:04:34,780 INFO L87 Difference]: Start difference. First operand 307 states and 474 transitions. Second operand has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:39,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:39,422 INFO L93 Difference]: Finished difference Result 642 states and 1002 transitions. [2022-02-20 18:04:39,422 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:04:39,422 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 99 [2022-02-20 18:04:39,422 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:39,422 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:39,426 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 831 transitions. [2022-02-20 18:04:39,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:39,431 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 831 transitions. [2022-02-20 18:04:39,431 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 831 transitions. [2022-02-20 18:04:39,999 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 831 edges. 831 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:40,006 INFO L225 Difference]: With dead ends: 642 [2022-02-20 18:04:40,006 INFO L226 Difference]: Without dead ends: 362 [2022-02-20 18:04:40,007 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:04:40,009 INFO L933 BasicCegarLoop]: 404 mSDtfsCounter, 774 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2204 mSolverCounterSat, 232 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 774 SdHoareTripleChecker+Valid, 1356 SdHoareTripleChecker+Invalid, 2436 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 232 IncrementalHoareTripleChecker+Valid, 2204 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:40,009 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [774 Valid, 1356 Invalid, 2436 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [232 Valid, 2204 Invalid, 0 Unknown, 0 Unchecked, 2.0s Time] [2022-02-20 18:04:40,010 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 362 states. [2022-02-20 18:04:40,078 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 362 to 309. [2022-02-20 18:04:40,078 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:40,079 INFO L82 GeneralOperation]: Start isEquivalent. First operand 362 states. Second operand has 309 states, 239 states have (on average 1.5439330543933054) internal successors, (369), 246 states have internal predecessors, (369), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 18:04:40,079 INFO L74 IsIncluded]: Start isIncluded. First operand 362 states. Second operand has 309 states, 239 states have (on average 1.5439330543933054) internal successors, (369), 246 states have internal predecessors, (369), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 18:04:40,079 INFO L87 Difference]: Start difference. First operand 362 states. Second operand has 309 states, 239 states have (on average 1.5439330543933054) internal successors, (369), 246 states have internal predecessors, (369), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 18:04:40,087 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:40,087 INFO L93 Difference]: Finished difference Result 362 states and 564 transitions. [2022-02-20 18:04:40,087 INFO L276 IsEmpty]: Start isEmpty. Operand 362 states and 564 transitions. [2022-02-20 18:04:40,091 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:40,091 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:40,092 INFO L74 IsIncluded]: Start isIncluded. First operand has 309 states, 239 states have (on average 1.5439330543933054) internal successors, (369), 246 states have internal predecessors, (369), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) Second operand 362 states. [2022-02-20 18:04:40,092 INFO L87 Difference]: Start difference. First operand has 309 states, 239 states have (on average 1.5439330543933054) internal successors, (369), 246 states have internal predecessors, (369), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) Second operand 362 states. [2022-02-20 18:04:40,119 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:40,120 INFO L93 Difference]: Finished difference Result 362 states and 564 transitions. [2022-02-20 18:04:40,120 INFO L276 IsEmpty]: Start isEmpty. Operand 362 states and 564 transitions. [2022-02-20 18:04:40,122 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:40,123 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:40,123 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:40,123 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:40,123 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 309 states, 239 states have (on average 1.5439330543933054) internal successors, (369), 246 states have internal predecessors, (369), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 18:04:40,129 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 309 states to 309 states and 480 transitions. [2022-02-20 18:04:40,129 INFO L78 Accepts]: Start accepts. Automaton has 309 states and 480 transitions. Word has length 99 [2022-02-20 18:04:40,129 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:40,129 INFO L470 AbstractCegarLoop]: Abstraction has 309 states and 480 transitions. [2022-02-20 18:04:40,130 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 18:04:40,130 INFO L276 IsEmpty]: Start isEmpty. Operand 309 states and 480 transitions. [2022-02-20 18:04:40,131 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 101 [2022-02-20 18:04:40,131 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:40,131 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:40,131 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:04:40,131 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:40,131 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:40,131 INFO L85 PathProgramCache]: Analyzing trace with hash 961117165, now seen corresponding path program 1 times [2022-02-20 18:04:40,132 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:40,132 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [795862846] [2022-02-20 18:04:40,132 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:40,132 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:40,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,173 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:40,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18772#true} {18772#true} #818#return; {18772#true} is VALID [2022-02-20 18:04:40,181 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:40,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,185 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18772#true} {18772#true} #820#return; {18772#true} is VALID [2022-02-20 18:04:40,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:40,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,188 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,188 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18772#true} {18772#true} #822#return; {18772#true} is VALID [2022-02-20 18:04:40,189 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:40,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,193 INFO L290 TraceCheckUtils]: 0: Hoare triple {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,193 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,193 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,193 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,193 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18772#true} {18772#true} #824#return; {18772#true} is VALID [2022-02-20 18:04:40,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:40,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,196 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,196 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,196 INFO L290 TraceCheckUtils]: 4: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,196 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18772#true} {18772#true} #826#return; {18772#true} is VALID [2022-02-20 18:04:40,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:40,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,199 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,199 INFO L290 TraceCheckUtils]: 4: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,199 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18772#true} {18772#true} #828#return; {18772#true} is VALID [2022-02-20 18:04:40,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:04:40,204 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {18824#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18772#true} {18773#false} #814#return; {18773#false} is VALID [2022-02-20 18:04:40,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:04:40,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {18772#true} ~handle := #in~handle;havoc ~retValue_acc~11; {18772#true} is VALID [2022-02-20 18:04:40,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {18772#true} is VALID [2022-02-20 18:04:40,208 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,208 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18772#true} {18773#false} #784#return; {18773#false} is VALID [2022-02-20 18:04:40,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:04:40,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,210 INFO L290 TraceCheckUtils]: 0: Hoare triple {18824#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,210 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,210 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18772#true} {18773#false} #790#return; {18773#false} is VALID [2022-02-20 18:04:40,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:40,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {18772#true} ~handle := #in~handle;havoc ~retValue_acc~14; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18772#true} {18773#false} #792#return; {18773#false} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {18772#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {18772#true} is VALID [2022-02-20 18:04:40,212 INFO L290 TraceCheckUtils]: 4: Hoare triple {18772#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {18772#true} is VALID [2022-02-20 18:04:40,213 INFO L290 TraceCheckUtils]: 5: Hoare triple {18772#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18772#true} is VALID [2022-02-20 18:04:40,213 INFO L272 TraceCheckUtils]: 6: Hoare triple {18772#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,213 INFO L290 TraceCheckUtils]: 7: Hoare triple {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,213 INFO L290 TraceCheckUtils]: 8: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,213 INFO L290 TraceCheckUtils]: 9: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,213 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18772#true} {18772#true} #818#return; {18772#true} is VALID [2022-02-20 18:04:40,214 INFO L290 TraceCheckUtils]: 11: Hoare triple {18772#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,214 INFO L272 TraceCheckUtils]: 12: Hoare triple {18772#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:40,214 INFO L290 TraceCheckUtils]: 13: Hoare triple {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,214 INFO L290 TraceCheckUtils]: 14: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,214 INFO L290 TraceCheckUtils]: 15: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,214 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18772#true} {18772#true} #820#return; {18772#true} is VALID [2022-02-20 18:04:40,215 INFO L290 TraceCheckUtils]: 17: Hoare triple {18772#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18772#true} is VALID [2022-02-20 18:04:40,215 INFO L272 TraceCheckUtils]: 18: Hoare triple {18772#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,215 INFO L290 TraceCheckUtils]: 19: Hoare triple {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,215 INFO L290 TraceCheckUtils]: 20: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,215 INFO L290 TraceCheckUtils]: 21: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,215 INFO L290 TraceCheckUtils]: 22: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,216 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18772#true} {18772#true} #822#return; {18772#true} is VALID [2022-02-20 18:04:40,216 INFO L290 TraceCheckUtils]: 24: Hoare triple {18772#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,216 INFO L272 TraceCheckUtils]: 25: Hoare triple {18772#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:40,216 INFO L290 TraceCheckUtils]: 26: Hoare triple {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,216 INFO L290 TraceCheckUtils]: 27: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,216 INFO L290 TraceCheckUtils]: 28: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,216 INFO L290 TraceCheckUtils]: 29: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,217 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18772#true} {18772#true} #824#return; {18772#true} is VALID [2022-02-20 18:04:40,217 INFO L290 TraceCheckUtils]: 31: Hoare triple {18772#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18772#true} is VALID [2022-02-20 18:04:40,217 INFO L272 TraceCheckUtils]: 32: Hoare triple {18772#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,217 INFO L290 TraceCheckUtils]: 33: Hoare triple {18822#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,217 INFO L290 TraceCheckUtils]: 34: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,217 INFO L290 TraceCheckUtils]: 35: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,218 INFO L290 TraceCheckUtils]: 36: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,218 INFO L290 TraceCheckUtils]: 37: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,218 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18772#true} {18772#true} #826#return; {18772#true} is VALID [2022-02-20 18:04:40,218 INFO L290 TraceCheckUtils]: 39: Hoare triple {18772#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,218 INFO L272 TraceCheckUtils]: 40: Hoare triple {18772#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:40,218 INFO L290 TraceCheckUtils]: 41: Hoare triple {18823#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L290 TraceCheckUtils]: 42: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L290 TraceCheckUtils]: 43: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L290 TraceCheckUtils]: 44: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L290 TraceCheckUtils]: 45: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18772#true} {18772#true} #828#return; {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L290 TraceCheckUtils]: 47: Hoare triple {18772#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {18772#true} is VALID [2022-02-20 18:04:40,219 INFO L290 TraceCheckUtils]: 48: Hoare triple {18772#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18804#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:40,220 INFO L290 TraceCheckUtils]: 49: Hoare triple {18804#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {18804#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:40,220 INFO L290 TraceCheckUtils]: 50: Hoare triple {18804#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {18804#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:40,220 INFO L290 TraceCheckUtils]: 51: Hoare triple {18804#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,220 INFO L290 TraceCheckUtils]: 52: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,221 INFO L290 TraceCheckUtils]: 53: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,221 INFO L290 TraceCheckUtils]: 54: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,221 INFO L290 TraceCheckUtils]: 55: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,221 INFO L290 TraceCheckUtils]: 56: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,222 INFO L290 TraceCheckUtils]: 57: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {18773#false} is VALID [2022-02-20 18:04:40,222 INFO L290 TraceCheckUtils]: 58: Hoare triple {18773#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {18773#false} is VALID [2022-02-20 18:04:40,222 INFO L272 TraceCheckUtils]: 59: Hoare triple {18773#false} call sendEmail(~bob~0, ~rjh~0); {18773#false} is VALID [2022-02-20 18:04:40,222 INFO L290 TraceCheckUtils]: 60: Hoare triple {18773#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18773#false} is VALID [2022-02-20 18:04:40,222 INFO L272 TraceCheckUtils]: 61: Hoare triple {18773#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18824#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:40,222 INFO L290 TraceCheckUtils]: 62: Hoare triple {18824#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,222 INFO L290 TraceCheckUtils]: 63: Hoare triple {18772#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,222 INFO L290 TraceCheckUtils]: 64: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,223 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18772#true} {18773#false} #814#return; {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L290 TraceCheckUtils]: 66: Hoare triple {18773#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L290 TraceCheckUtils]: 67: Hoare triple {18773#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L290 TraceCheckUtils]: 68: Hoare triple {18773#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L290 TraceCheckUtils]: 69: Hoare triple {18773#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L272 TraceCheckUtils]: 70: Hoare triple {18773#false} call outgoing(~sender#1, ~email~0#1); {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L290 TraceCheckUtils]: 71: Hoare triple {18773#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {18773#false} is VALID [2022-02-20 18:04:40,223 INFO L272 TraceCheckUtils]: 72: Hoare triple {18773#false} call #t~ret15#1 := getEmailTo(~msg#1); {18772#true} is VALID [2022-02-20 18:04:40,223 INFO L290 TraceCheckUtils]: 73: Hoare triple {18772#true} ~handle := #in~handle;havoc ~retValue_acc~11; {18772#true} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 74: Hoare triple {18772#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {18772#true} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 75: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,224 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18772#true} {18773#false} #784#return; {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 77: Hoare triple {18773#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 78: Hoare triple {18773#false} assume 1 == findPublicKey_~handle#1; {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 79: Hoare triple {18773#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 80: Hoare triple {18773#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 81: Hoare triple {18773#false} assume !(0 != ~pubkey~0#1); {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 82: Hoare triple {18773#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {18773#false} is VALID [2022-02-20 18:04:40,224 INFO L290 TraceCheckUtils]: 83: Hoare triple {18773#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {18773#false} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 84: Hoare triple {18773#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {18773#false} is VALID [2022-02-20 18:04:40,225 INFO L272 TraceCheckUtils]: 85: Hoare triple {18773#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {18824#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 86: Hoare triple {18824#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 87: Hoare triple {18772#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 88: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,225 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {18772#true} {18773#false} #790#return; {18773#false} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 90: Hoare triple {18773#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {18773#false} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 91: Hoare triple {18773#false} assume 0 != ~in_encrypted~0; {18773#false} is VALID [2022-02-20 18:04:40,225 INFO L272 TraceCheckUtils]: 92: Hoare triple {18773#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {18772#true} is VALID [2022-02-20 18:04:40,225 INFO L290 TraceCheckUtils]: 93: Hoare triple {18772#true} ~handle := #in~handle;havoc ~retValue_acc~14; {18772#true} is VALID [2022-02-20 18:04:40,226 INFO L290 TraceCheckUtils]: 94: Hoare triple {18772#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {18772#true} is VALID [2022-02-20 18:04:40,226 INFO L290 TraceCheckUtils]: 95: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,226 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {18772#true} {18773#false} #792#return; {18773#false} is VALID [2022-02-20 18:04:40,226 INFO L290 TraceCheckUtils]: 97: Hoare triple {18773#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {18773#false} is VALID [2022-02-20 18:04:40,226 INFO L290 TraceCheckUtils]: 98: Hoare triple {18773#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {18773#false} is VALID [2022-02-20 18:04:40,226 INFO L290 TraceCheckUtils]: 99: Hoare triple {18773#false} assume !false; {18773#false} is VALID [2022-02-20 18:04:40,226 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:40,226 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:40,227 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [795862846] [2022-02-20 18:04:40,227 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [795862846] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:40,227 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [899424193] [2022-02-20 18:04:40,227 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:40,227 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:40,227 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:40,228 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:40,229 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:04:40,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,410 INFO L263 TraceCheckSpWp]: Trace formula consists of 941 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:04:40,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,436 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:40,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {18772#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 4: Hoare triple {18772#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 5: Hoare triple {18772#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L272 TraceCheckUtils]: 6: Hoare triple {18772#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 7: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,615 INFO L290 TraceCheckUtils]: 8: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L290 TraceCheckUtils]: 9: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18772#true} {18772#true} #818#return; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L290 TraceCheckUtils]: 11: Hoare triple {18772#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L272 TraceCheckUtils]: 12: Hoare triple {18772#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L290 TraceCheckUtils]: 13: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L290 TraceCheckUtils]: 14: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L290 TraceCheckUtils]: 15: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18772#true} {18772#true} #820#return; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L290 TraceCheckUtils]: 17: Hoare triple {18772#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18772#true} is VALID [2022-02-20 18:04:40,616 INFO L272 TraceCheckUtils]: 18: Hoare triple {18772#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 19: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 20: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 21: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 22: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18772#true} {18772#true} #822#return; {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 24: Hoare triple {18772#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L272 TraceCheckUtils]: 25: Hoare triple {18772#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 26: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 27: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,617 INFO L290 TraceCheckUtils]: 28: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 29: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18772#true} {18772#true} #824#return; {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 31: Hoare triple {18772#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L272 TraceCheckUtils]: 32: Hoare triple {18772#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 33: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 34: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 35: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 36: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,618 INFO L290 TraceCheckUtils]: 37: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18772#true} {18772#true} #826#return; {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L290 TraceCheckUtils]: 39: Hoare triple {18772#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L272 TraceCheckUtils]: 40: Hoare triple {18772#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L290 TraceCheckUtils]: 41: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L290 TraceCheckUtils]: 42: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L290 TraceCheckUtils]: 43: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L290 TraceCheckUtils]: 44: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,619 INFO L290 TraceCheckUtils]: 45: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,620 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18772#true} {18772#true} #828#return; {18772#true} is VALID [2022-02-20 18:04:40,620 INFO L290 TraceCheckUtils]: 47: Hoare triple {18772#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {18772#true} is VALID [2022-02-20 18:04:40,620 INFO L290 TraceCheckUtils]: 48: Hoare triple {18772#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18972#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:40,621 INFO L290 TraceCheckUtils]: 49: Hoare triple {18972#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {18972#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:40,621 INFO L290 TraceCheckUtils]: 50: Hoare triple {18972#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {18972#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:40,621 INFO L290 TraceCheckUtils]: 51: Hoare triple {18972#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,622 INFO L290 TraceCheckUtils]: 52: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,622 INFO L290 TraceCheckUtils]: 53: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,622 INFO L290 TraceCheckUtils]: 54: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,622 INFO L290 TraceCheckUtils]: 55: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,623 INFO L290 TraceCheckUtils]: 56: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:04:40,623 INFO L290 TraceCheckUtils]: 57: Hoare triple {18805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {18773#false} is VALID [2022-02-20 18:04:40,623 INFO L290 TraceCheckUtils]: 58: Hoare triple {18773#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {18773#false} is VALID [2022-02-20 18:04:40,623 INFO L272 TraceCheckUtils]: 59: Hoare triple {18773#false} call sendEmail(~bob~0, ~rjh~0); {18773#false} is VALID [2022-02-20 18:04:40,623 INFO L290 TraceCheckUtils]: 60: Hoare triple {18773#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18773#false} is VALID [2022-02-20 18:04:40,623 INFO L272 TraceCheckUtils]: 61: Hoare triple {18773#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18773#false} is VALID [2022-02-20 18:04:40,623 INFO L290 TraceCheckUtils]: 62: Hoare triple {18773#false} ~handle := #in~handle;~value := #in~value; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 63: Hoare triple {18773#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 64: Hoare triple {18773#false} assume true; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18773#false} {18773#false} #814#return; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 66: Hoare triple {18773#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 67: Hoare triple {18773#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 68: Hoare triple {18773#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 69: Hoare triple {18773#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L272 TraceCheckUtils]: 70: Hoare triple {18773#false} call outgoing(~sender#1, ~email~0#1); {18773#false} is VALID [2022-02-20 18:04:40,624 INFO L290 TraceCheckUtils]: 71: Hoare triple {18773#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L272 TraceCheckUtils]: 72: Hoare triple {18773#false} call #t~ret15#1 := getEmailTo(~msg#1); {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 73: Hoare triple {18773#false} ~handle := #in~handle;havoc ~retValue_acc~11; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 74: Hoare triple {18773#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 75: Hoare triple {18773#false} assume true; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18773#false} {18773#false} #784#return; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 77: Hoare triple {18773#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 78: Hoare triple {18773#false} assume 1 == findPublicKey_~handle#1; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 79: Hoare triple {18773#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 80: Hoare triple {18773#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {18773#false} is VALID [2022-02-20 18:04:40,625 INFO L290 TraceCheckUtils]: 81: Hoare triple {18773#false} assume !(0 != ~pubkey~0#1); {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 82: Hoare triple {18773#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 83: Hoare triple {18773#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 84: Hoare triple {18773#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L272 TraceCheckUtils]: 85: Hoare triple {18773#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 86: Hoare triple {18773#false} ~handle := #in~handle;~value := #in~value; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 87: Hoare triple {18773#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 88: Hoare triple {18773#false} assume true; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {18773#false} {18773#false} #790#return; {18773#false} is VALID [2022-02-20 18:04:40,626 INFO L290 TraceCheckUtils]: 90: Hoare triple {18773#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 91: Hoare triple {18773#false} assume 0 != ~in_encrypted~0; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L272 TraceCheckUtils]: 92: Hoare triple {18773#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 93: Hoare triple {18773#false} ~handle := #in~handle;havoc ~retValue_acc~14; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 94: Hoare triple {18773#false} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 95: Hoare triple {18773#false} assume true; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {18773#false} {18773#false} #792#return; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 97: Hoare triple {18773#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 98: Hoare triple {18773#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {18773#false} is VALID [2022-02-20 18:04:40,627 INFO L290 TraceCheckUtils]: 99: Hoare triple {18773#false} assume !false; {18773#false} is VALID [2022-02-20 18:04:40,628 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:40,628 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:04:40,866 INFO L290 TraceCheckUtils]: 99: Hoare triple {18773#false} assume !false; {18773#false} is VALID [2022-02-20 18:04:40,867 INFO L290 TraceCheckUtils]: 98: Hoare triple {18773#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {18773#false} is VALID [2022-02-20 18:04:40,867 INFO L290 TraceCheckUtils]: 97: Hoare triple {18773#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {18773#false} is VALID [2022-02-20 18:04:40,867 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {18772#true} {18773#false} #792#return; {18773#false} is VALID [2022-02-20 18:04:40,867 INFO L290 TraceCheckUtils]: 95: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,867 INFO L290 TraceCheckUtils]: 94: Hoare triple {18772#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {18772#true} is VALID [2022-02-20 18:04:40,867 INFO L290 TraceCheckUtils]: 93: Hoare triple {18772#true} ~handle := #in~handle;havoc ~retValue_acc~14; {18772#true} is VALID [2022-02-20 18:04:40,867 INFO L272 TraceCheckUtils]: 92: Hoare triple {18773#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {18772#true} is VALID [2022-02-20 18:04:40,867 INFO L290 TraceCheckUtils]: 91: Hoare triple {18773#false} assume 0 != ~in_encrypted~0; {18773#false} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 90: Hoare triple {18773#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {18773#false} is VALID [2022-02-20 18:04:40,868 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {18772#true} {18773#false} #790#return; {18773#false} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 88: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 87: Hoare triple {18772#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 86: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,868 INFO L272 TraceCheckUtils]: 85: Hoare triple {18773#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {18772#true} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 84: Hoare triple {18773#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {18773#false} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 83: Hoare triple {18773#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {18773#false} is VALID [2022-02-20 18:04:40,868 INFO L290 TraceCheckUtils]: 82: Hoare triple {18773#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 81: Hoare triple {18773#false} assume !(0 != ~pubkey~0#1); {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 80: Hoare triple {18773#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 79: Hoare triple {18773#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 78: Hoare triple {18773#false} assume 1 == findPublicKey_~handle#1; {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 77: Hoare triple {18773#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18772#true} {18773#false} #784#return; {18773#false} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 75: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 74: Hoare triple {18772#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {18772#true} is VALID [2022-02-20 18:04:40,869 INFO L290 TraceCheckUtils]: 73: Hoare triple {18772#true} ~handle := #in~handle;havoc ~retValue_acc~11; {18772#true} is VALID [2022-02-20 18:04:40,869 INFO L272 TraceCheckUtils]: 72: Hoare triple {18773#false} call #t~ret15#1 := getEmailTo(~msg#1); {18772#true} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 71: Hoare triple {18773#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L272 TraceCheckUtils]: 70: Hoare triple {18773#false} call outgoing(~sender#1, ~email~0#1); {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 69: Hoare triple {18773#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 68: Hoare triple {18773#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 67: Hoare triple {18773#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 66: Hoare triple {18773#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18772#true} {18773#false} #814#return; {18773#false} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 64: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,870 INFO L290 TraceCheckUtils]: 63: Hoare triple {18772#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,871 INFO L290 TraceCheckUtils]: 62: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,871 INFO L272 TraceCheckUtils]: 61: Hoare triple {18773#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18772#true} is VALID [2022-02-20 18:04:40,871 INFO L290 TraceCheckUtils]: 60: Hoare triple {18773#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18773#false} is VALID [2022-02-20 18:04:40,871 INFO L272 TraceCheckUtils]: 59: Hoare triple {18773#false} call sendEmail(~bob~0, ~rjh~0); {18773#false} is VALID [2022-02-20 18:04:40,871 INFO L290 TraceCheckUtils]: 58: Hoare triple {18773#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {18773#false} is VALID [2022-02-20 18:04:40,871 INFO L290 TraceCheckUtils]: 57: Hoare triple {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {18773#false} is VALID [2022-02-20 18:04:40,872 INFO L290 TraceCheckUtils]: 56: Hoare triple {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:40,872 INFO L290 TraceCheckUtils]: 55: Hoare triple {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:40,872 INFO L290 TraceCheckUtils]: 54: Hoare triple {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:40,872 INFO L290 TraceCheckUtils]: 53: Hoare triple {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:40,873 INFO L290 TraceCheckUtils]: 52: Hoare triple {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:40,873 INFO L290 TraceCheckUtils]: 51: Hoare triple {19271#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19252#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:04:40,873 INFO L290 TraceCheckUtils]: 50: Hoare triple {19271#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {19271#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:04:40,874 INFO L290 TraceCheckUtils]: 49: Hoare triple {19271#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {19271#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:04:40,874 INFO L290 TraceCheckUtils]: 48: Hoare triple {18772#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19271#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:04:40,874 INFO L290 TraceCheckUtils]: 47: Hoare triple {18772#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {18772#true} is VALID [2022-02-20 18:04:40,874 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18772#true} {18772#true} #828#return; {18772#true} is VALID [2022-02-20 18:04:40,874 INFO L290 TraceCheckUtils]: 45: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 44: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 43: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 42: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 41: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L272 TraceCheckUtils]: 40: Hoare triple {18772#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 39: Hoare triple {18772#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18772#true} {18772#true} #826#return; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 37: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 36: Hoare triple {18772#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,875 INFO L290 TraceCheckUtils]: 35: Hoare triple {18772#true} assume !(2 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 34: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 33: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L272 TraceCheckUtils]: 32: Hoare triple {18772#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 31: Hoare triple {18772#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18772#true} {18772#true} #824#return; {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 29: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 28: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 27: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L290 TraceCheckUtils]: 26: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,876 INFO L272 TraceCheckUtils]: 25: Hoare triple {18772#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L290 TraceCheckUtils]: 24: Hoare triple {18772#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18772#true} {18772#true} #822#return; {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L290 TraceCheckUtils]: 22: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L290 TraceCheckUtils]: 21: Hoare triple {18772#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L290 TraceCheckUtils]: 20: Hoare triple {18772#true} assume !(1 == ~handle); {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L290 TraceCheckUtils]: 19: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L272 TraceCheckUtils]: 18: Hoare triple {18772#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L290 TraceCheckUtils]: 17: Hoare triple {18772#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18772#true} is VALID [2022-02-20 18:04:40,877 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18772#true} {18772#true} #820#return; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 15: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 14: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 13: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L272 TraceCheckUtils]: 12: Hoare triple {18772#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 11: Hoare triple {18772#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18772#true} {18772#true} #818#return; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 9: Hoare triple {18772#true} assume true; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 8: Hoare triple {18772#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L290 TraceCheckUtils]: 7: Hoare triple {18772#true} ~handle := #in~handle;~value := #in~value; {18772#true} is VALID [2022-02-20 18:04:40,878 INFO L272 TraceCheckUtils]: 6: Hoare triple {18772#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L290 TraceCheckUtils]: 5: Hoare triple {18772#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L290 TraceCheckUtils]: 4: Hoare triple {18772#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L290 TraceCheckUtils]: 3: Hoare triple {18772#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L290 TraceCheckUtils]: 2: Hoare triple {18772#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L290 TraceCheckUtils]: 1: Hoare triple {18772#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L290 TraceCheckUtils]: 0: Hoare triple {18772#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {18772#true} is VALID [2022-02-20 18:04:40,879 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:40,880 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [899424193] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:04:40,880 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:04:40,880 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 18:04:40,880 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [998297570] [2022-02-20 18:04:40,880 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:04:40,881 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 100 [2022-02-20 18:04:40,947 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:40,948 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:04:41,014 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 129 edges. 129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:41,014 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:04:41,014 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:41,014 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:04:41,015 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:41,015 INFO L87 Difference]: Start difference. First operand 309 states and 480 transitions. Second operand has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:04:44,864 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:44,864 INFO L93 Difference]: Finished difference Result 796 states and 1300 transitions. [2022-02-20 18:04:44,864 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:04:44,864 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 100 [2022-02-20 18:04:44,865 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:44,865 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:04:44,872 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1034 transitions. [2022-02-20 18:04:44,872 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:04:44,880 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1034 transitions. [2022-02-20 18:04:44,880 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1034 transitions. [2022-02-20 18:04:45,579 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1034 edges. 1034 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:45,599 INFO L225 Difference]: With dead ends: 796 [2022-02-20 18:04:45,599 INFO L226 Difference]: Without dead ends: 689 [2022-02-20 18:04:45,600 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 229 GetRequests, 217 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=135, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:04:45,600 INFO L933 BasicCegarLoop]: 506 mSDtfsCounter, 958 mSDsluCounter, 992 mSDsCounter, 0 mSdLazyCounter, 1144 mSolverCounterSat, 305 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1003 SdHoareTripleChecker+Valid, 1498 SdHoareTripleChecker+Invalid, 1449 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 305 IncrementalHoareTripleChecker+Valid, 1144 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:45,601 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1003 Valid, 1498 Invalid, 1449 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [305 Valid, 1144 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 18:04:45,601 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 689 states. [2022-02-20 18:04:45,889 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 689 to 612. [2022-02-20 18:04:45,889 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:45,890 INFO L82 GeneralOperation]: Start isEquivalent. First operand 689 states. Second operand has 612 states, 478 states have (on average 1.604602510460251) internal successors, (767), 485 states have internal predecessors, (767), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 18:04:45,891 INFO L74 IsIncluded]: Start isIncluded. First operand 689 states. Second operand has 612 states, 478 states have (on average 1.604602510460251) internal successors, (767), 485 states have internal predecessors, (767), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 18:04:45,891 INFO L87 Difference]: Start difference. First operand 689 states. Second operand has 612 states, 478 states have (on average 1.604602510460251) internal successors, (767), 485 states have internal predecessors, (767), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 18:04:45,909 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:45,909 INFO L93 Difference]: Finished difference Result 689 states and 1145 transitions. [2022-02-20 18:04:45,909 INFO L276 IsEmpty]: Start isEmpty. Operand 689 states and 1145 transitions. [2022-02-20 18:04:45,911 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:45,912 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:45,913 INFO L74 IsIncluded]: Start isIncluded. First operand has 612 states, 478 states have (on average 1.604602510460251) internal successors, (767), 485 states have internal predecessors, (767), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) Second operand 689 states. [2022-02-20 18:04:45,913 INFO L87 Difference]: Start difference. First operand has 612 states, 478 states have (on average 1.604602510460251) internal successors, (767), 485 states have internal predecessors, (767), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) Second operand 689 states. [2022-02-20 18:04:45,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:45,931 INFO L93 Difference]: Finished difference Result 689 states and 1145 transitions. [2022-02-20 18:04:45,932 INFO L276 IsEmpty]: Start isEmpty. Operand 689 states and 1145 transitions. [2022-02-20 18:04:45,934 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:45,934 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:45,934 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:45,935 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:45,936 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 612 states, 478 states have (on average 1.604602510460251) internal successors, (767), 485 states have internal predecessors, (767), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 18:04:45,954 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 612 states to 612 states and 1016 transitions. [2022-02-20 18:04:45,954 INFO L78 Accepts]: Start accepts. Automaton has 612 states and 1016 transitions. Word has length 100 [2022-02-20 18:04:45,954 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:45,954 INFO L470 AbstractCegarLoop]: Abstraction has 612 states and 1016 transitions. [2022-02-20 18:04:45,955 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:04:45,955 INFO L276 IsEmpty]: Start isEmpty. Operand 612 states and 1016 transitions. [2022-02-20 18:04:45,957 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 18:04:45,957 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:45,957 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:45,989 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:46,174 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:46,174 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:46,175 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:46,175 INFO L85 PathProgramCache]: Analyzing trace with hash 1027284112, now seen corresponding path program 1 times [2022-02-20 18:04:46,175 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:46,175 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1813713443] [2022-02-20 18:04:46,175 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:46,175 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:46,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,222 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:46,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,226 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22864#true} {22864#true} #818#return; {22864#true} is VALID [2022-02-20 18:04:46,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:46,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22864#true} {22864#true} #820#return; {22864#true} is VALID [2022-02-20 18:04:46,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:46,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,242 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,243 INFO L290 TraceCheckUtils]: 3: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,243 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22864#true} {22864#true} #822#return; {22864#true} is VALID [2022-02-20 18:04:46,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:46,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,247 INFO L290 TraceCheckUtils]: 3: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,247 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22864#true} {22864#true} #824#return; {22864#true} is VALID [2022-02-20 18:04:46,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:46,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume !(2 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,250 INFO L290 TraceCheckUtils]: 3: Hoare triple {22864#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,250 INFO L290 TraceCheckUtils]: 4: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,251 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22864#true} {22864#true} #826#return; {22864#true} is VALID [2022-02-20 18:04:46,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:46,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,261 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume !(2 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,261 INFO L290 TraceCheckUtils]: 3: Hoare triple {22864#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,261 INFO L290 TraceCheckUtils]: 4: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,261 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22864#true} {22864#true} #828#return; {22864#true} is VALID [2022-02-20 18:04:46,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:46,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {22915#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22864#true} {22865#false} #814#return; {22865#false} is VALID [2022-02-20 18:04:46,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:04:46,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {22864#true} ~handle := #in~handle;havoc ~retValue_acc~11; {22864#true} is VALID [2022-02-20 18:04:46,270 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {22864#true} is VALID [2022-02-20 18:04:46,270 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,270 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22864#true} {22865#false} #784#return; {22865#false} is VALID [2022-02-20 18:04:46,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:04:46,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,273 INFO L290 TraceCheckUtils]: 0: Hoare triple {22915#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,273 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22864#true} {22865#false} #790#return; {22865#false} is VALID [2022-02-20 18:04:46,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:04:46,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:46,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {22864#true} ~handle := #in~handle;havoc ~retValue_acc~14; {22864#true} is VALID [2022-02-20 18:04:46,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {22864#true} is VALID [2022-02-20 18:04:46,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,276 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22864#true} {22865#false} #792#return; {22865#false} is VALID [2022-02-20 18:04:46,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {22864#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {22864#true} is VALID [2022-02-20 18:04:46,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {22864#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {22864#true} is VALID [2022-02-20 18:04:46,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {22864#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22864#true} is VALID [2022-02-20 18:04:46,276 INFO L290 TraceCheckUtils]: 3: Hoare triple {22864#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {22864#true} is VALID [2022-02-20 18:04:46,276 INFO L290 TraceCheckUtils]: 4: Hoare triple {22864#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {22864#true} is VALID [2022-02-20 18:04:46,276 INFO L290 TraceCheckUtils]: 5: Hoare triple {22864#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22864#true} is VALID [2022-02-20 18:04:46,277 INFO L272 TraceCheckUtils]: 6: Hoare triple {22864#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:46,277 INFO L290 TraceCheckUtils]: 7: Hoare triple {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,277 INFO L290 TraceCheckUtils]: 8: Hoare triple {22864#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,277 INFO L290 TraceCheckUtils]: 9: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,277 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22864#true} {22864#true} #818#return; {22864#true} is VALID [2022-02-20 18:04:46,277 INFO L290 TraceCheckUtils]: 11: Hoare triple {22864#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22864#true} is VALID [2022-02-20 18:04:46,278 INFO L272 TraceCheckUtils]: 12: Hoare triple {22864#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:46,278 INFO L290 TraceCheckUtils]: 13: Hoare triple {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,278 INFO L290 TraceCheckUtils]: 14: Hoare triple {22864#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,278 INFO L290 TraceCheckUtils]: 15: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,278 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22864#true} {22864#true} #820#return; {22864#true} is VALID [2022-02-20 18:04:46,278 INFO L290 TraceCheckUtils]: 17: Hoare triple {22864#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22864#true} is VALID [2022-02-20 18:04:46,279 INFO L272 TraceCheckUtils]: 18: Hoare triple {22864#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:46,279 INFO L290 TraceCheckUtils]: 19: Hoare triple {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,279 INFO L290 TraceCheckUtils]: 20: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,279 INFO L290 TraceCheckUtils]: 21: Hoare triple {22864#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,279 INFO L290 TraceCheckUtils]: 22: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,279 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22864#true} {22864#true} #822#return; {22864#true} is VALID [2022-02-20 18:04:46,280 INFO L290 TraceCheckUtils]: 24: Hoare triple {22864#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22864#true} is VALID [2022-02-20 18:04:46,280 INFO L272 TraceCheckUtils]: 25: Hoare triple {22864#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:46,280 INFO L290 TraceCheckUtils]: 26: Hoare triple {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,280 INFO L290 TraceCheckUtils]: 27: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,280 INFO L290 TraceCheckUtils]: 28: Hoare triple {22864#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,280 INFO L290 TraceCheckUtils]: 29: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,281 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22864#true} {22864#true} #824#return; {22864#true} is VALID [2022-02-20 18:04:46,281 INFO L290 TraceCheckUtils]: 31: Hoare triple {22864#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22864#true} is VALID [2022-02-20 18:04:46,281 INFO L272 TraceCheckUtils]: 32: Hoare triple {22864#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:46,281 INFO L290 TraceCheckUtils]: 33: Hoare triple {22913#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,281 INFO L290 TraceCheckUtils]: 34: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,281 INFO L290 TraceCheckUtils]: 35: Hoare triple {22864#true} assume !(2 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,282 INFO L290 TraceCheckUtils]: 36: Hoare triple {22864#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,282 INFO L290 TraceCheckUtils]: 37: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,282 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22864#true} {22864#true} #826#return; {22864#true} is VALID [2022-02-20 18:04:46,282 INFO L290 TraceCheckUtils]: 39: Hoare triple {22864#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22864#true} is VALID [2022-02-20 18:04:46,282 INFO L272 TraceCheckUtils]: 40: Hoare triple {22864#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 41: Hoare triple {22914#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 42: Hoare triple {22864#true} assume !(1 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 43: Hoare triple {22864#true} assume !(2 == ~handle); {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 44: Hoare triple {22864#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 45: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22864#true} {22864#true} #828#return; {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 47: Hoare triple {22864#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {22864#true} is VALID [2022-02-20 18:04:46,283 INFO L290 TraceCheckUtils]: 48: Hoare triple {22864#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:04:46,284 INFO L290 TraceCheckUtils]: 49: Hoare triple {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:04:46,284 INFO L290 TraceCheckUtils]: 50: Hoare triple {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:04:46,284 INFO L290 TraceCheckUtils]: 51: Hoare triple {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:04:46,284 INFO L290 TraceCheckUtils]: 52: Hoare triple {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 53: Hoare triple {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 54: Hoare triple {22896#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {22865#false} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 55: Hoare triple {22865#false} assume !(0 == test_~op3~0#1); {22865#false} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 56: Hoare triple {22865#false} assume !(0 == test_~op4~0#1); {22865#false} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 57: Hoare triple {22865#false} assume !(0 == test_~op5~0#1); {22865#false} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 58: Hoare triple {22865#false} assume !(0 == test_~op6~0#1); {22865#false} is VALID [2022-02-20 18:04:46,285 INFO L290 TraceCheckUtils]: 59: Hoare triple {22865#false} assume !(0 == test_~op7~0#1); {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 60: Hoare triple {22865#false} assume !(0 == test_~op8~0#1); {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 61: Hoare triple {22865#false} assume !(0 == test_~op9~0#1); {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 62: Hoare triple {22865#false} assume !(0 == test_~op10~0#1); {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 63: Hoare triple {22865#false} assume !(0 == test_~op11~0#1); {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 64: Hoare triple {22865#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L272 TraceCheckUtils]: 65: Hoare triple {22865#false} call sendEmail(~bob~0, ~rjh~0); {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 66: Hoare triple {22865#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22865#false} is VALID [2022-02-20 18:04:46,286 INFO L272 TraceCheckUtils]: 67: Hoare triple {22865#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22915#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:46,286 INFO L290 TraceCheckUtils]: 68: Hoare triple {22915#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 69: Hoare triple {22864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 70: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,287 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {22864#true} {22865#false} #814#return; {22865#false} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 72: Hoare triple {22865#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22865#false} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 73: Hoare triple {22865#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22865#false} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 74: Hoare triple {22865#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {22865#false} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 75: Hoare triple {22865#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {22865#false} is VALID [2022-02-20 18:04:46,287 INFO L272 TraceCheckUtils]: 76: Hoare triple {22865#false} call outgoing(~sender#1, ~email~0#1); {22865#false} is VALID [2022-02-20 18:04:46,287 INFO L290 TraceCheckUtils]: 77: Hoare triple {22865#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {22865#false} is VALID [2022-02-20 18:04:46,288 INFO L272 TraceCheckUtils]: 78: Hoare triple {22865#false} call #t~ret15#1 := getEmailTo(~msg#1); {22864#true} is VALID [2022-02-20 18:04:46,288 INFO L290 TraceCheckUtils]: 79: Hoare triple {22864#true} ~handle := #in~handle;havoc ~retValue_acc~11; {22864#true} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 80: Hoare triple {22864#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {22864#true} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 81: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,289 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {22864#true} {22865#false} #784#return; {22865#false} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 83: Hoare triple {22865#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {22865#false} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 84: Hoare triple {22865#false} assume 1 == findPublicKey_~handle#1; {22865#false} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 85: Hoare triple {22865#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {22865#false} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 86: Hoare triple {22865#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {22865#false} is VALID [2022-02-20 18:04:46,289 INFO L290 TraceCheckUtils]: 87: Hoare triple {22865#false} assume !(0 != ~pubkey~0#1); {22865#false} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 88: Hoare triple {22865#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {22865#false} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 89: Hoare triple {22865#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {22865#false} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 90: Hoare triple {22865#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {22865#false} is VALID [2022-02-20 18:04:46,290 INFO L272 TraceCheckUtils]: 91: Hoare triple {22865#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {22915#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 92: Hoare triple {22915#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22864#true} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 93: Hoare triple {22864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22864#true} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 94: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,290 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {22864#true} {22865#false} #790#return; {22865#false} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 96: Hoare triple {22865#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {22865#false} is VALID [2022-02-20 18:04:46,290 INFO L290 TraceCheckUtils]: 97: Hoare triple {22865#false} assume 0 != ~in_encrypted~0; {22865#false} is VALID [2022-02-20 18:04:46,291 INFO L272 TraceCheckUtils]: 98: Hoare triple {22865#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {22864#true} is VALID [2022-02-20 18:04:46,291 INFO L290 TraceCheckUtils]: 99: Hoare triple {22864#true} ~handle := #in~handle;havoc ~retValue_acc~14; {22864#true} is VALID [2022-02-20 18:04:46,291 INFO L290 TraceCheckUtils]: 100: Hoare triple {22864#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {22864#true} is VALID [2022-02-20 18:04:46,291 INFO L290 TraceCheckUtils]: 101: Hoare triple {22864#true} assume true; {22864#true} is VALID [2022-02-20 18:04:46,291 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {22864#true} {22865#false} #792#return; {22865#false} is VALID [2022-02-20 18:04:46,291 INFO L290 TraceCheckUtils]: 103: Hoare triple {22865#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {22865#false} is VALID [2022-02-20 18:04:46,291 INFO L290 TraceCheckUtils]: 104: Hoare triple {22865#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {22865#false} is VALID [2022-02-20 18:04:46,291 INFO L290 TraceCheckUtils]: 105: Hoare triple {22865#false} assume !false; {22865#false} is VALID [2022-02-20 18:04:46,292 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:46,293 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:46,293 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1813713443] [2022-02-20 18:04:46,293 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1813713443] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:46,293 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:46,293 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:04:46,293 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [247001409] [2022-02-20 18:04:46,293 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:46,294 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 106 [2022-02-20 18:04:46,294 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:46,294 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:46,346 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:46,346 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:46,346 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:46,347 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:46,347 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:04:46,347 INFO L87 Difference]: Start difference. First operand 612 states and 1016 transitions. Second operand has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:48,806 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:48,807 INFO L93 Difference]: Finished difference Result 1517 states and 2579 transitions. [2022-02-20 18:04:48,807 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:04:48,807 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 106 [2022-02-20 18:04:48,807 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:48,807 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:48,813 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 957 transitions. [2022-02-20 18:04:48,813 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:48,818 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 957 transitions. [2022-02-20 18:04:48,818 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 957 transitions. [2022-02-20 18:04:49,452 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 957 edges. 957 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:49,494 INFO L225 Difference]: With dead ends: 1517 [2022-02-20 18:04:49,494 INFO L226 Difference]: Without dead ends: 973 [2022-02-20 18:04:49,496 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:49,496 INFO L933 BasicCegarLoop]: 452 mSDtfsCounter, 665 mSDsluCounter, 493 mSDsCounter, 0 mSdLazyCounter, 595 mSolverCounterSat, 223 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 680 SdHoareTripleChecker+Valid, 945 SdHoareTripleChecker+Invalid, 818 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 223 IncrementalHoareTripleChecker+Valid, 595 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:49,496 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [680 Valid, 945 Invalid, 818 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [223 Valid, 595 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 18:04:49,497 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 973 states. [2022-02-20 18:04:49,957 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 973 to 912. [2022-02-20 18:04:49,957 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:49,958 INFO L82 GeneralOperation]: Start isEquivalent. First operand 973 states. Second operand has 912 states, 714 states have (on average 1.6134453781512605) internal successors, (1152), 721 states have internal predecessors, (1152), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 18:04:49,959 INFO L74 IsIncluded]: Start isIncluded. First operand 973 states. Second operand has 912 states, 714 states have (on average 1.6134453781512605) internal successors, (1152), 721 states have internal predecessors, (1152), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 18:04:49,960 INFO L87 Difference]: Start difference. First operand 973 states. Second operand has 912 states, 714 states have (on average 1.6134453781512605) internal successors, (1152), 721 states have internal predecessors, (1152), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 18:04:49,993 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:49,993 INFO L93 Difference]: Finished difference Result 973 states and 1663 transitions. [2022-02-20 18:04:49,993 INFO L276 IsEmpty]: Start isEmpty. Operand 973 states and 1663 transitions. [2022-02-20 18:04:49,996 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:49,996 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:49,997 INFO L74 IsIncluded]: Start isIncluded. First operand has 912 states, 714 states have (on average 1.6134453781512605) internal successors, (1152), 721 states have internal predecessors, (1152), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) Second operand 973 states. [2022-02-20 18:04:49,998 INFO L87 Difference]: Start difference. First operand has 912 states, 714 states have (on average 1.6134453781512605) internal successors, (1152), 721 states have internal predecessors, (1152), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) Second operand 973 states. [2022-02-20 18:04:50,031 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:50,032 INFO L93 Difference]: Finished difference Result 973 states and 1663 transitions. [2022-02-20 18:04:50,032 INFO L276 IsEmpty]: Start isEmpty. Operand 973 states and 1663 transitions. [2022-02-20 18:04:50,035 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:50,035 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:50,035 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:50,035 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:50,036 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 912 states, 714 states have (on average 1.6134453781512605) internal successors, (1152), 721 states have internal predecessors, (1152), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 18:04:50,073 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 912 states to 912 states and 1539 transitions. [2022-02-20 18:04:50,074 INFO L78 Accepts]: Start accepts. Automaton has 912 states and 1539 transitions. Word has length 106 [2022-02-20 18:04:50,074 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:50,074 INFO L470 AbstractCegarLoop]: Abstraction has 912 states and 1539 transitions. [2022-02-20 18:04:50,074 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:50,074 INFO L276 IsEmpty]: Start isEmpty. Operand 912 states and 1539 transitions. [2022-02-20 18:04:50,077 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 18:04:50,077 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:50,077 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:50,077 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 18:04:50,078 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:50,078 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:50,078 INFO L85 PathProgramCache]: Analyzing trace with hash -1707978199, now seen corresponding path program 1 times [2022-02-20 18:04:50,078 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:50,078 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1401599043] [2022-02-20 18:04:50,078 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:50,078 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:50,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:50,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,126 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,126 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,126 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28461#true} {28461#true} #818#return; {28461#true} is VALID [2022-02-20 18:04:50,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:50,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,138 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,138 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28461#true} {28461#true} #820#return; {28461#true} is VALID [2022-02-20 18:04:50,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:50,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,142 INFO L290 TraceCheckUtils]: 3: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,142 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28461#true} {28461#true} #822#return; {28461#true} is VALID [2022-02-20 18:04:50,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:50,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,145 INFO L290 TraceCheckUtils]: 3: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,145 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28461#true} {28461#true} #824#return; {28461#true} is VALID [2022-02-20 18:04:50,146 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:50,146 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,148 INFO L290 TraceCheckUtils]: 0: Hoare triple {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,148 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,148 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume !(2 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,148 INFO L290 TraceCheckUtils]: 3: Hoare triple {28461#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,148 INFO L290 TraceCheckUtils]: 4: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,148 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28461#true} {28461#true} #826#return; {28461#true} is VALID [2022-02-20 18:04:50,148 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:50,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,152 INFO L290 TraceCheckUtils]: 0: Hoare triple {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,152 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,152 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume !(2 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,152 INFO L290 TraceCheckUtils]: 3: Hoare triple {28461#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,152 INFO L290 TraceCheckUtils]: 4: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,152 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28461#true} {28461#true} #828#return; {28461#true} is VALID [2022-02-20 18:04:50,157 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:04:50,157 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {28512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,159 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28461#true} {28462#false} #814#return; {28462#false} is VALID [2022-02-20 18:04:50,159 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:04:50,160 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,161 INFO L290 TraceCheckUtils]: 0: Hoare triple {28461#true} ~handle := #in~handle;havoc ~retValue_acc~11; {28461#true} is VALID [2022-02-20 18:04:50,161 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {28461#true} is VALID [2022-02-20 18:04:50,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,162 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28461#true} {28462#false} #784#return; {28462#false} is VALID [2022-02-20 18:04:50,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:50,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {28512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,164 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,164 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28461#true} {28462#false} #790#return; {28462#false} is VALID [2022-02-20 18:04:50,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:04:50,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:50,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {28461#true} ~handle := #in~handle;havoc ~retValue_acc~14; {28461#true} is VALID [2022-02-20 18:04:50,166 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {28461#true} is VALID [2022-02-20 18:04:50,166 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,166 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28461#true} {28462#false} #792#return; {28462#false} is VALID [2022-02-20 18:04:50,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {28461#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {28461#true} is VALID [2022-02-20 18:04:50,167 INFO L290 TraceCheckUtils]: 1: Hoare triple {28461#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {28461#true} is VALID [2022-02-20 18:04:50,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {28461#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {28461#true} is VALID [2022-02-20 18:04:50,167 INFO L290 TraceCheckUtils]: 3: Hoare triple {28461#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {28461#true} is VALID [2022-02-20 18:04:50,167 INFO L290 TraceCheckUtils]: 4: Hoare triple {28461#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {28461#true} is VALID [2022-02-20 18:04:50,167 INFO L290 TraceCheckUtils]: 5: Hoare triple {28461#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {28461#true} is VALID [2022-02-20 18:04:50,168 INFO L272 TraceCheckUtils]: 6: Hoare triple {28461#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:50,168 INFO L290 TraceCheckUtils]: 7: Hoare triple {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,168 INFO L290 TraceCheckUtils]: 8: Hoare triple {28461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,168 INFO L290 TraceCheckUtils]: 9: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,168 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {28461#true} {28461#true} #818#return; {28461#true} is VALID [2022-02-20 18:04:50,168 INFO L290 TraceCheckUtils]: 11: Hoare triple {28461#true} assume { :end_inline_setup_bob__wrappee__Base } true; {28461#true} is VALID [2022-02-20 18:04:50,169 INFO L272 TraceCheckUtils]: 12: Hoare triple {28461#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:50,169 INFO L290 TraceCheckUtils]: 13: Hoare triple {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,169 INFO L290 TraceCheckUtils]: 14: Hoare triple {28461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,169 INFO L290 TraceCheckUtils]: 15: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,169 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28461#true} {28461#true} #820#return; {28461#true} is VALID [2022-02-20 18:04:50,169 INFO L290 TraceCheckUtils]: 17: Hoare triple {28461#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {28461#true} is VALID [2022-02-20 18:04:50,170 INFO L272 TraceCheckUtils]: 18: Hoare triple {28461#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:50,170 INFO L290 TraceCheckUtils]: 19: Hoare triple {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,170 INFO L290 TraceCheckUtils]: 20: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,170 INFO L290 TraceCheckUtils]: 21: Hoare triple {28461#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,170 INFO L290 TraceCheckUtils]: 22: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,170 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {28461#true} {28461#true} #822#return; {28461#true} is VALID [2022-02-20 18:04:50,170 INFO L290 TraceCheckUtils]: 24: Hoare triple {28461#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {28461#true} is VALID [2022-02-20 18:04:50,171 INFO L272 TraceCheckUtils]: 25: Hoare triple {28461#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:50,171 INFO L290 TraceCheckUtils]: 26: Hoare triple {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,171 INFO L290 TraceCheckUtils]: 27: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,171 INFO L290 TraceCheckUtils]: 28: Hoare triple {28461#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,171 INFO L290 TraceCheckUtils]: 29: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,171 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {28461#true} {28461#true} #824#return; {28461#true} is VALID [2022-02-20 18:04:50,171 INFO L290 TraceCheckUtils]: 31: Hoare triple {28461#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L272 TraceCheckUtils]: 32: Hoare triple {28461#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:50,172 INFO L290 TraceCheckUtils]: 33: Hoare triple {28510#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L290 TraceCheckUtils]: 34: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L290 TraceCheckUtils]: 35: Hoare triple {28461#true} assume !(2 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L290 TraceCheckUtils]: 36: Hoare triple {28461#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L290 TraceCheckUtils]: 37: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {28461#true} {28461#true} #826#return; {28461#true} is VALID [2022-02-20 18:04:50,172 INFO L290 TraceCheckUtils]: 39: Hoare triple {28461#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {28461#true} is VALID [2022-02-20 18:04:50,173 INFO L272 TraceCheckUtils]: 40: Hoare triple {28461#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:50,173 INFO L290 TraceCheckUtils]: 41: Hoare triple {28511#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,173 INFO L290 TraceCheckUtils]: 42: Hoare triple {28461#true} assume !(1 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,173 INFO L290 TraceCheckUtils]: 43: Hoare triple {28461#true} assume !(2 == ~handle); {28461#true} is VALID [2022-02-20 18:04:50,173 INFO L290 TraceCheckUtils]: 44: Hoare triple {28461#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,173 INFO L290 TraceCheckUtils]: 45: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,174 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {28461#true} {28461#true} #828#return; {28461#true} is VALID [2022-02-20 18:04:50,174 INFO L290 TraceCheckUtils]: 47: Hoare triple {28461#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {28461#true} is VALID [2022-02-20 18:04:50,174 INFO L290 TraceCheckUtils]: 48: Hoare triple {28461#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,174 INFO L290 TraceCheckUtils]: 49: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,174 INFO L290 TraceCheckUtils]: 50: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,175 INFO L290 TraceCheckUtils]: 51: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,175 INFO L290 TraceCheckUtils]: 52: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,175 INFO L290 TraceCheckUtils]: 53: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 54: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 55: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 56: Hoare triple {28493#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {28462#false} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 57: Hoare triple {28462#false} assume !(0 == test_~op4~0#1); {28462#false} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 58: Hoare triple {28462#false} assume !(0 == test_~op5~0#1); {28462#false} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 59: Hoare triple {28462#false} assume !(0 == test_~op6~0#1); {28462#false} is VALID [2022-02-20 18:04:50,176 INFO L290 TraceCheckUtils]: 60: Hoare triple {28462#false} assume !(0 == test_~op7~0#1); {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 61: Hoare triple {28462#false} assume !(0 == test_~op8~0#1); {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 62: Hoare triple {28462#false} assume !(0 == test_~op9~0#1); {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 63: Hoare triple {28462#false} assume !(0 == test_~op10~0#1); {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 64: Hoare triple {28462#false} assume !(0 == test_~op11~0#1); {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 65: Hoare triple {28462#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L272 TraceCheckUtils]: 66: Hoare triple {28462#false} call sendEmail(~bob~0, ~rjh~0); {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 67: Hoare triple {28462#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28462#false} is VALID [2022-02-20 18:04:50,177 INFO L272 TraceCheckUtils]: 68: Hoare triple {28462#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 69: Hoare triple {28512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,177 INFO L290 TraceCheckUtils]: 70: Hoare triple {28461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 71: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,178 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {28461#true} {28462#false} #814#return; {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 73: Hoare triple {28462#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 74: Hoare triple {28462#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 75: Hoare triple {28462#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 76: Hoare triple {28462#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L272 TraceCheckUtils]: 77: Hoare triple {28462#false} call outgoing(~sender#1, ~email~0#1); {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 78: Hoare triple {28462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {28462#false} is VALID [2022-02-20 18:04:50,178 INFO L272 TraceCheckUtils]: 79: Hoare triple {28462#false} call #t~ret15#1 := getEmailTo(~msg#1); {28461#true} is VALID [2022-02-20 18:04:50,178 INFO L290 TraceCheckUtils]: 80: Hoare triple {28461#true} ~handle := #in~handle;havoc ~retValue_acc~11; {28461#true} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 81: Hoare triple {28461#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {28461#true} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 82: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,179 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {28461#true} {28462#false} #784#return; {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 84: Hoare triple {28462#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 85: Hoare triple {28462#false} assume 1 == findPublicKey_~handle#1; {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 86: Hoare triple {28462#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 87: Hoare triple {28462#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 88: Hoare triple {28462#false} assume !(0 != ~pubkey~0#1); {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 89: Hoare triple {28462#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {28462#false} is VALID [2022-02-20 18:04:50,179 INFO L290 TraceCheckUtils]: 90: Hoare triple {28462#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {28462#false} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 91: Hoare triple {28462#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {28462#false} is VALID [2022-02-20 18:04:50,180 INFO L272 TraceCheckUtils]: 92: Hoare triple {28462#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {28512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 93: Hoare triple {28512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28461#true} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 94: Hoare triple {28461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28461#true} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 95: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,180 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {28461#true} {28462#false} #790#return; {28462#false} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 97: Hoare triple {28462#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {28462#false} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 98: Hoare triple {28462#false} assume 0 != ~in_encrypted~0; {28462#false} is VALID [2022-02-20 18:04:50,180 INFO L272 TraceCheckUtils]: 99: Hoare triple {28462#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {28461#true} is VALID [2022-02-20 18:04:50,180 INFO L290 TraceCheckUtils]: 100: Hoare triple {28461#true} ~handle := #in~handle;havoc ~retValue_acc~14; {28461#true} is VALID [2022-02-20 18:04:50,181 INFO L290 TraceCheckUtils]: 101: Hoare triple {28461#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {28461#true} is VALID [2022-02-20 18:04:50,181 INFO L290 TraceCheckUtils]: 102: Hoare triple {28461#true} assume true; {28461#true} is VALID [2022-02-20 18:04:50,181 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {28461#true} {28462#false} #792#return; {28462#false} is VALID [2022-02-20 18:04:50,181 INFO L290 TraceCheckUtils]: 104: Hoare triple {28462#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {28462#false} is VALID [2022-02-20 18:04:50,181 INFO L290 TraceCheckUtils]: 105: Hoare triple {28462#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {28462#false} is VALID [2022-02-20 18:04:50,181 INFO L290 TraceCheckUtils]: 106: Hoare triple {28462#false} assume !false; {28462#false} is VALID [2022-02-20 18:04:50,181 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:50,181 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:50,182 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1401599043] [2022-02-20 18:04:50,182 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1401599043] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:50,182 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:50,182 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:04:50,182 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [789774738] [2022-02-20 18:04:50,182 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:50,183 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 107 [2022-02-20 18:04:50,183 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:50,183 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:50,234 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:50,235 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:50,235 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:50,235 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:50,235 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:04:50,236 INFO L87 Difference]: Start difference. First operand 912 states and 1539 transitions. Second operand has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:53,053 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:53,053 INFO L93 Difference]: Finished difference Result 2232 states and 3824 transitions. [2022-02-20 18:04:53,053 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:04:53,053 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 107 [2022-02-20 18:04:53,053 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:53,053 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:53,058 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 953 transitions. [2022-02-20 18:04:53,059 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:53,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 953 transitions. [2022-02-20 18:04:53,064 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 953 transitions. [2022-02-20 18:04:53,708 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 953 edges. 953 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:53,801 INFO L225 Difference]: With dead ends: 2232 [2022-02-20 18:04:53,801 INFO L226 Difference]: Without dead ends: 1441 [2022-02-20 18:04:53,803 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:53,803 INFO L933 BasicCegarLoop]: 444 mSDtfsCounter, 663 mSDsluCounter, 484 mSDsCounter, 0 mSdLazyCounter, 579 mSolverCounterSat, 226 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 678 SdHoareTripleChecker+Valid, 928 SdHoareTripleChecker+Invalid, 805 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 226 IncrementalHoareTripleChecker+Valid, 579 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:53,803 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [678 Valid, 928 Invalid, 805 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [226 Valid, 579 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 18:04:53,804 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1441 states. [2022-02-20 18:04:54,462 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1441 to 1380. [2022-02-20 18:04:54,462 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:54,464 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1441 states. Second operand has 1380 states, 1087 states have (on average 1.6182152713891444) internal successors, (1759), 1094 states have internal predecessors, (1759), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 18:04:54,466 INFO L74 IsIncluded]: Start isIncluded. First operand 1441 states. Second operand has 1380 states, 1087 states have (on average 1.6182152713891444) internal successors, (1759), 1094 states have internal predecessors, (1759), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 18:04:54,467 INFO L87 Difference]: Start difference. First operand 1441 states. Second operand has 1380 states, 1087 states have (on average 1.6182152713891444) internal successors, (1759), 1094 states have internal predecessors, (1759), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 18:04:54,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:54,539 INFO L93 Difference]: Finished difference Result 1441 states and 2476 transitions. [2022-02-20 18:04:54,540 INFO L276 IsEmpty]: Start isEmpty. Operand 1441 states and 2476 transitions. [2022-02-20 18:04:54,544 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:54,544 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:54,546 INFO L74 IsIncluded]: Start isIncluded. First operand has 1380 states, 1087 states have (on average 1.6182152713891444) internal successors, (1759), 1094 states have internal predecessors, (1759), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) Second operand 1441 states. [2022-02-20 18:04:54,547 INFO L87 Difference]: Start difference. First operand has 1380 states, 1087 states have (on average 1.6182152713891444) internal successors, (1759), 1094 states have internal predecessors, (1759), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) Second operand 1441 states. [2022-02-20 18:04:54,611 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:54,611 INFO L93 Difference]: Finished difference Result 1441 states and 2476 transitions. [2022-02-20 18:04:54,611 INFO L276 IsEmpty]: Start isEmpty. Operand 1441 states and 2476 transitions. [2022-02-20 18:04:54,615 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:54,615 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:54,615 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:54,615 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:54,617 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1380 states, 1087 states have (on average 1.6182152713891444) internal successors, (1759), 1094 states have internal predecessors, (1759), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 18:04:54,695 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1380 states to 1380 states and 2336 transitions. [2022-02-20 18:04:54,696 INFO L78 Accepts]: Start accepts. Automaton has 1380 states and 2336 transitions. Word has length 107 [2022-02-20 18:04:54,696 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:54,696 INFO L470 AbstractCegarLoop]: Abstraction has 1380 states and 2336 transitions. [2022-02-20 18:04:54,696 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:54,696 INFO L276 IsEmpty]: Start isEmpty. Operand 1380 states and 2336 transitions. [2022-02-20 18:04:54,700 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 18:04:54,700 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:54,700 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:54,700 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 18:04:54,701 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:54,701 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:54,701 INFO L85 PathProgramCache]: Analyzing trace with hash -1136510194, now seen corresponding path program 1 times [2022-02-20 18:04:54,701 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:54,701 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [389885987] [2022-02-20 18:04:54,701 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:54,701 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:54,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:54,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,741 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36778#true} {36778#true} #818#return; {36778#true} is VALID [2022-02-20 18:04:54,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:54,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36778#true} {36778#true} #820#return; {36778#true} is VALID [2022-02-20 18:04:54,748 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:54,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,751 INFO L290 TraceCheckUtils]: 3: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,751 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {36778#true} {36778#true} #822#return; {36778#true} is VALID [2022-02-20 18:04:54,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:54,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,754 INFO L290 TraceCheckUtils]: 0: Hoare triple {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,754 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,754 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,754 INFO L290 TraceCheckUtils]: 3: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,754 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {36778#true} {36778#true} #824#return; {36778#true} is VALID [2022-02-20 18:04:54,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:54,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume !(2 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,758 INFO L290 TraceCheckUtils]: 3: Hoare triple {36778#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,758 INFO L290 TraceCheckUtils]: 4: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,758 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36778#true} {36778#true} #826#return; {36778#true} is VALID [2022-02-20 18:04:54,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:54,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume !(2 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,761 INFO L290 TraceCheckUtils]: 3: Hoare triple {36778#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,761 INFO L290 TraceCheckUtils]: 4: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,761 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36778#true} {36778#true} #828#return; {36778#true} is VALID [2022-02-20 18:04:54,765 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:04:54,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,767 INFO L290 TraceCheckUtils]: 0: Hoare triple {36829#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,768 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36778#true} {36779#false} #814#return; {36779#false} is VALID [2022-02-20 18:04:54,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:04:54,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {36778#true} ~handle := #in~handle;havoc ~retValue_acc~11; {36778#true} is VALID [2022-02-20 18:04:54,770 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {36778#true} is VALID [2022-02-20 18:04:54,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,770 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36778#true} {36779#false} #784#return; {36779#false} is VALID [2022-02-20 18:04:54,770 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:04:54,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {36829#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,772 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36778#true} {36779#false} #790#return; {36779#false} is VALID [2022-02-20 18:04:54,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:04:54,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:54,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {36778#true} ~handle := #in~handle;havoc ~retValue_acc~14; {36778#true} is VALID [2022-02-20 18:04:54,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {36778#true} is VALID [2022-02-20 18:04:54,774 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,774 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36778#true} {36779#false} #792#return; {36779#false} is VALID [2022-02-20 18:04:54,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {36778#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {36778#true} is VALID [2022-02-20 18:04:54,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {36778#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {36778#true} is VALID [2022-02-20 18:04:54,774 INFO L290 TraceCheckUtils]: 2: Hoare triple {36778#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {36778#true} is VALID [2022-02-20 18:04:54,775 INFO L290 TraceCheckUtils]: 3: Hoare triple {36778#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {36778#true} is VALID [2022-02-20 18:04:54,775 INFO L290 TraceCheckUtils]: 4: Hoare triple {36778#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {36778#true} is VALID [2022-02-20 18:04:54,775 INFO L290 TraceCheckUtils]: 5: Hoare triple {36778#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {36778#true} is VALID [2022-02-20 18:04:54,775 INFO L272 TraceCheckUtils]: 6: Hoare triple {36778#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:54,775 INFO L290 TraceCheckUtils]: 7: Hoare triple {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,776 INFO L290 TraceCheckUtils]: 8: Hoare triple {36778#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,776 INFO L290 TraceCheckUtils]: 9: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,776 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {36778#true} {36778#true} #818#return; {36778#true} is VALID [2022-02-20 18:04:54,776 INFO L290 TraceCheckUtils]: 11: Hoare triple {36778#true} assume { :end_inline_setup_bob__wrappee__Base } true; {36778#true} is VALID [2022-02-20 18:04:54,776 INFO L272 TraceCheckUtils]: 12: Hoare triple {36778#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:54,776 INFO L290 TraceCheckUtils]: 13: Hoare triple {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,777 INFO L290 TraceCheckUtils]: 14: Hoare triple {36778#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,777 INFO L290 TraceCheckUtils]: 15: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,777 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {36778#true} {36778#true} #820#return; {36778#true} is VALID [2022-02-20 18:04:54,777 INFO L290 TraceCheckUtils]: 17: Hoare triple {36778#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {36778#true} is VALID [2022-02-20 18:04:54,777 INFO L272 TraceCheckUtils]: 18: Hoare triple {36778#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:54,777 INFO L290 TraceCheckUtils]: 19: Hoare triple {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,778 INFO L290 TraceCheckUtils]: 20: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,778 INFO L290 TraceCheckUtils]: 21: Hoare triple {36778#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,778 INFO L290 TraceCheckUtils]: 22: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,778 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {36778#true} {36778#true} #822#return; {36778#true} is VALID [2022-02-20 18:04:54,778 INFO L290 TraceCheckUtils]: 24: Hoare triple {36778#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {36778#true} is VALID [2022-02-20 18:04:54,778 INFO L272 TraceCheckUtils]: 25: Hoare triple {36778#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:54,778 INFO L290 TraceCheckUtils]: 26: Hoare triple {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,779 INFO L290 TraceCheckUtils]: 27: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,779 INFO L290 TraceCheckUtils]: 28: Hoare triple {36778#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,779 INFO L290 TraceCheckUtils]: 29: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,779 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {36778#true} {36778#true} #824#return; {36778#true} is VALID [2022-02-20 18:04:54,779 INFO L290 TraceCheckUtils]: 31: Hoare triple {36778#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {36778#true} is VALID [2022-02-20 18:04:54,779 INFO L272 TraceCheckUtils]: 32: Hoare triple {36778#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:54,780 INFO L290 TraceCheckUtils]: 33: Hoare triple {36827#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,780 INFO L290 TraceCheckUtils]: 34: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,780 INFO L290 TraceCheckUtils]: 35: Hoare triple {36778#true} assume !(2 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,780 INFO L290 TraceCheckUtils]: 36: Hoare triple {36778#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,780 INFO L290 TraceCheckUtils]: 37: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,780 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {36778#true} {36778#true} #826#return; {36778#true} is VALID [2022-02-20 18:04:54,780 INFO L290 TraceCheckUtils]: 39: Hoare triple {36778#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L272 TraceCheckUtils]: 40: Hoare triple {36778#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:54,781 INFO L290 TraceCheckUtils]: 41: Hoare triple {36828#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L290 TraceCheckUtils]: 42: Hoare triple {36778#true} assume !(1 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L290 TraceCheckUtils]: 43: Hoare triple {36778#true} assume !(2 == ~handle); {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L290 TraceCheckUtils]: 44: Hoare triple {36778#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L290 TraceCheckUtils]: 45: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {36778#true} {36778#true} #828#return; {36778#true} is VALID [2022-02-20 18:04:54,781 INFO L290 TraceCheckUtils]: 47: Hoare triple {36778#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {36778#true} is VALID [2022-02-20 18:04:54,782 INFO L290 TraceCheckUtils]: 48: Hoare triple {36778#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,782 INFO L290 TraceCheckUtils]: 49: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !false; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,782 INFO L290 TraceCheckUtils]: 50: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,782 INFO L290 TraceCheckUtils]: 51: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,783 INFO L290 TraceCheckUtils]: 52: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,783 INFO L290 TraceCheckUtils]: 53: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,783 INFO L290 TraceCheckUtils]: 54: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,783 INFO L290 TraceCheckUtils]: 55: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,784 INFO L290 TraceCheckUtils]: 56: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,784 INFO L290 TraceCheckUtils]: 57: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:04:54,784 INFO L290 TraceCheckUtils]: 58: Hoare triple {36810#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 == test_~op4~0#1); {36779#false} is VALID [2022-02-20 18:04:54,784 INFO L290 TraceCheckUtils]: 59: Hoare triple {36779#false} assume !(0 == test_~op5~0#1); {36779#false} is VALID [2022-02-20 18:04:54,784 INFO L290 TraceCheckUtils]: 60: Hoare triple {36779#false} assume !(0 == test_~op6~0#1); {36779#false} is VALID [2022-02-20 18:04:54,784 INFO L290 TraceCheckUtils]: 61: Hoare triple {36779#false} assume !(0 == test_~op7~0#1); {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 62: Hoare triple {36779#false} assume !(0 == test_~op8~0#1); {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 63: Hoare triple {36779#false} assume !(0 == test_~op9~0#1); {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 64: Hoare triple {36779#false} assume !(0 == test_~op10~0#1); {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 65: Hoare triple {36779#false} assume !(0 == test_~op11~0#1); {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 66: Hoare triple {36779#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L272 TraceCheckUtils]: 67: Hoare triple {36779#false} call sendEmail(~bob~0, ~rjh~0); {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 68: Hoare triple {36779#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {36779#false} is VALID [2022-02-20 18:04:54,785 INFO L272 TraceCheckUtils]: 69: Hoare triple {36779#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {36829#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 70: Hoare triple {36829#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,785 INFO L290 TraceCheckUtils]: 71: Hoare triple {36778#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 72: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,786 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {36778#true} {36779#false} #814#return; {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 74: Hoare triple {36779#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 75: Hoare triple {36779#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 76: Hoare triple {36779#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 77: Hoare triple {36779#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L272 TraceCheckUtils]: 78: Hoare triple {36779#false} call outgoing(~sender#1, ~email~0#1); {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 79: Hoare triple {36779#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {36779#false} is VALID [2022-02-20 18:04:54,786 INFO L272 TraceCheckUtils]: 80: Hoare triple {36779#false} call #t~ret15#1 := getEmailTo(~msg#1); {36778#true} is VALID [2022-02-20 18:04:54,786 INFO L290 TraceCheckUtils]: 81: Hoare triple {36778#true} ~handle := #in~handle;havoc ~retValue_acc~11; {36778#true} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 82: Hoare triple {36778#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {36778#true} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 83: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,787 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {36778#true} {36779#false} #784#return; {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 85: Hoare triple {36779#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 86: Hoare triple {36779#false} assume 1 == findPublicKey_~handle#1; {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 87: Hoare triple {36779#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 88: Hoare triple {36779#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 89: Hoare triple {36779#false} assume !(0 != ~pubkey~0#1); {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 90: Hoare triple {36779#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {36779#false} is VALID [2022-02-20 18:04:54,787 INFO L290 TraceCheckUtils]: 91: Hoare triple {36779#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {36779#false} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 92: Hoare triple {36779#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {36779#false} is VALID [2022-02-20 18:04:54,788 INFO L272 TraceCheckUtils]: 93: Hoare triple {36779#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {36829#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 94: Hoare triple {36829#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36778#true} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 95: Hoare triple {36778#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36778#true} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 96: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,788 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {36778#true} {36779#false} #790#return; {36779#false} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 98: Hoare triple {36779#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {36779#false} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 99: Hoare triple {36779#false} assume 0 != ~in_encrypted~0; {36779#false} is VALID [2022-02-20 18:04:54,788 INFO L272 TraceCheckUtils]: 100: Hoare triple {36779#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {36778#true} is VALID [2022-02-20 18:04:54,788 INFO L290 TraceCheckUtils]: 101: Hoare triple {36778#true} ~handle := #in~handle;havoc ~retValue_acc~14; {36778#true} is VALID [2022-02-20 18:04:54,789 INFO L290 TraceCheckUtils]: 102: Hoare triple {36778#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {36778#true} is VALID [2022-02-20 18:04:54,789 INFO L290 TraceCheckUtils]: 103: Hoare triple {36778#true} assume true; {36778#true} is VALID [2022-02-20 18:04:54,789 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {36778#true} {36779#false} #792#return; {36779#false} is VALID [2022-02-20 18:04:54,789 INFO L290 TraceCheckUtils]: 105: Hoare triple {36779#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {36779#false} is VALID [2022-02-20 18:04:54,789 INFO L290 TraceCheckUtils]: 106: Hoare triple {36779#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {36779#false} is VALID [2022-02-20 18:04:54,789 INFO L290 TraceCheckUtils]: 107: Hoare triple {36779#false} assume !false; {36779#false} is VALID [2022-02-20 18:04:54,789 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:04:54,789 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:54,790 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [389885987] [2022-02-20 18:04:54,790 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [389885987] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:54,790 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:54,790 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:04:54,790 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [386606814] [2022-02-20 18:04:54,790 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:54,791 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 108 [2022-02-20 18:04:54,791 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:54,791 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:54,842 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:54,843 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:54,843 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:54,843 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:54,843 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:04:54,843 INFO L87 Difference]: Start difference. First operand 1380 states and 2336 transitions. Second operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:58,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:58,209 INFO L93 Difference]: Finished difference Result 3279 states and 5665 transitions. [2022-02-20 18:04:58,209 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:04:58,209 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 108 [2022-02-20 18:04:58,209 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:58,209 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:58,214 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 949 transitions. [2022-02-20 18:04:58,214 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:04:58,219 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 949 transitions. [2022-02-20 18:04:58,220 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 949 transitions. [2022-02-20 18:04:58,860 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 949 edges. 949 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:59,053 INFO L225 Difference]: With dead ends: 3279 [2022-02-20 18:04:59,054 INFO L226 Difference]: Without dead ends: 2145 [2022-02-20 18:04:59,056 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:04:59,056 INFO L933 BasicCegarLoop]: 443 mSDtfsCounter, 661 mSDsluCounter, 477 mSDsCounter, 0 mSdLazyCounter, 583 mSolverCounterSat, 220 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 676 SdHoareTripleChecker+Valid, 920 SdHoareTripleChecker+Invalid, 803 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 220 IncrementalHoareTripleChecker+Valid, 583 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:59,057 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [676 Valid, 920 Invalid, 803 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [220 Valid, 583 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 18:04:59,058 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2145 states. [2022-02-20 18:05:00,106 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2145 to 2084. [2022-02-20 18:05:00,107 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:00,110 INFO L82 GeneralOperation]: Start isEquivalent. First operand 2145 states. Second operand has 2084 states, 1668 states have (on average 1.6223021582733812) internal successors, (2706), 1675 states have internal predecessors, (2706), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 18:05:00,112 INFO L74 IsIncluded]: Start isIncluded. First operand 2145 states. Second operand has 2084 states, 1668 states have (on average 1.6223021582733812) internal successors, (2706), 1675 states have internal predecessors, (2706), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 18:05:00,114 INFO L87 Difference]: Start difference. First operand 2145 states. Second operand has 2084 states, 1668 states have (on average 1.6223021582733812) internal successors, (2706), 1675 states have internal predecessors, (2706), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 18:05:00,254 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:00,254 INFO L93 Difference]: Finished difference Result 2145 states and 3719 transitions. [2022-02-20 18:05:00,254 INFO L276 IsEmpty]: Start isEmpty. Operand 2145 states and 3719 transitions. [2022-02-20 18:05:00,260 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:00,260 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:00,263 INFO L74 IsIncluded]: Start isIncluded. First operand has 2084 states, 1668 states have (on average 1.6223021582733812) internal successors, (2706), 1675 states have internal predecessors, (2706), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) Second operand 2145 states. [2022-02-20 18:05:00,266 INFO L87 Difference]: Start difference. First operand has 2084 states, 1668 states have (on average 1.6223021582733812) internal successors, (2706), 1675 states have internal predecessors, (2706), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) Second operand 2145 states. [2022-02-20 18:05:00,413 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:00,413 INFO L93 Difference]: Finished difference Result 2145 states and 3719 transitions. [2022-02-20 18:05:00,413 INFO L276 IsEmpty]: Start isEmpty. Operand 2145 states and 3719 transitions. [2022-02-20 18:05:00,418 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:00,419 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:00,419 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:00,419 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:00,422 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2084 states, 1668 states have (on average 1.6223021582733812) internal successors, (2706), 1675 states have internal predecessors, (2706), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 18:05:00,602 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2084 states to 2084 states and 3545 transitions. [2022-02-20 18:05:00,603 INFO L78 Accepts]: Start accepts. Automaton has 2084 states and 3545 transitions. Word has length 108 [2022-02-20 18:05:00,603 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:00,603 INFO L470 AbstractCegarLoop]: Abstraction has 2084 states and 3545 transitions. [2022-02-20 18:05:00,603 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:05:00,603 INFO L276 IsEmpty]: Start isEmpty. Operand 2084 states and 3545 transitions. [2022-02-20 18:05:00,607 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 18:05:00,608 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:00,608 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:00,608 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2022-02-20 18:05:00,608 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:00,608 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:00,608 INFO L85 PathProgramCache]: Analyzing trace with hash -665915704, now seen corresponding path program 1 times [2022-02-20 18:05:00,608 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:00,609 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1662799322] [2022-02-20 18:05:00,609 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:00,609 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:00,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:00,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49119#true} {49119#true} #818#return; {49119#true} is VALID [2022-02-20 18:05:00,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:00,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,676 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,676 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49119#true} {49119#true} #820#return; {49119#true} is VALID [2022-02-20 18:05:00,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:00,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,679 INFO L290 TraceCheckUtils]: 3: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,679 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {49119#true} {49119#true} #822#return; {49119#true} is VALID [2022-02-20 18:05:00,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:00,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,683 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,683 INFO L290 TraceCheckUtils]: 3: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,683 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {49119#true} {49119#true} #824#return; {49119#true} is VALID [2022-02-20 18:05:00,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:00,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume !(2 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,686 INFO L290 TraceCheckUtils]: 3: Hoare triple {49119#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,686 INFO L290 TraceCheckUtils]: 4: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,687 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {49119#true} {49119#true} #826#return; {49119#true} is VALID [2022-02-20 18:05:00,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:00,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume !(2 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,689 INFO L290 TraceCheckUtils]: 3: Hoare triple {49119#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,689 INFO L290 TraceCheckUtils]: 4: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,690 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {49119#true} {49119#true} #828#return; {49119#true} is VALID [2022-02-20 18:05:00,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:05:00,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {49170#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,695 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49119#true} {49120#false} #814#return; {49120#false} is VALID [2022-02-20 18:05:00,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:05:00,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {49119#true} ~handle := #in~handle;havoc ~retValue_acc~11; {49119#true} is VALID [2022-02-20 18:05:00,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {49119#true} is VALID [2022-02-20 18:05:00,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49119#true} {49120#false} #784#return; {49120#false} is VALID [2022-02-20 18:05:00,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:05:00,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {49170#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,699 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49119#true} {49120#false} #790#return; {49120#false} is VALID [2022-02-20 18:05:00,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:05:00,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {49119#true} ~handle := #in~handle;havoc ~retValue_acc~14; {49119#true} is VALID [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {49119#true} is VALID [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,701 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49119#true} {49120#false} #792#return; {49120#false} is VALID [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {49119#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {49119#true} is VALID [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {49119#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet33#1, main_#t~ret34#1, main_~retValue_acc~19#1, main_~tmp~8#1;assume -2147483648 <= main_#t~nondet33#1 && main_#t~nondet33#1 <= 2147483647;main_~retValue_acc~19#1 := main_#t~nondet33#1;havoc main_#t~nondet33#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {49119#true} is VALID [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {49119#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {49119#true} is VALID [2022-02-20 18:05:00,701 INFO L290 TraceCheckUtils]: 3: Hoare triple {49119#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {49119#true} is VALID [2022-02-20 18:05:00,702 INFO L290 TraceCheckUtils]: 4: Hoare triple {49119#true} main_#t~ret34#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {49119#true} is VALID [2022-02-20 18:05:00,702 INFO L290 TraceCheckUtils]: 5: Hoare triple {49119#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet30#1, setup_#t~nondet31#1, setup_#t~nondet32#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {49119#true} is VALID [2022-02-20 18:05:00,702 INFO L272 TraceCheckUtils]: 6: Hoare triple {49119#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,702 INFO L290 TraceCheckUtils]: 7: Hoare triple {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,702 INFO L290 TraceCheckUtils]: 8: Hoare triple {49119#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,702 INFO L290 TraceCheckUtils]: 9: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,703 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {49119#true} {49119#true} #818#return; {49119#true} is VALID [2022-02-20 18:05:00,703 INFO L290 TraceCheckUtils]: 11: Hoare triple {49119#true} assume { :end_inline_setup_bob__wrappee__Base } true; {49119#true} is VALID [2022-02-20 18:05:00,703 INFO L272 TraceCheckUtils]: 12: Hoare triple {49119#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:00,703 INFO L290 TraceCheckUtils]: 13: Hoare triple {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,703 INFO L290 TraceCheckUtils]: 14: Hoare triple {49119#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,703 INFO L290 TraceCheckUtils]: 15: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,703 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {49119#true} {49119#true} #820#return; {49119#true} is VALID [2022-02-20 18:05:00,704 INFO L290 TraceCheckUtils]: 17: Hoare triple {49119#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet30#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {49119#true} is VALID [2022-02-20 18:05:00,704 INFO L272 TraceCheckUtils]: 18: Hoare triple {49119#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,704 INFO L290 TraceCheckUtils]: 19: Hoare triple {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,704 INFO L290 TraceCheckUtils]: 20: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,704 INFO L290 TraceCheckUtils]: 21: Hoare triple {49119#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,704 INFO L290 TraceCheckUtils]: 22: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,704 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {49119#true} {49119#true} #822#return; {49119#true} is VALID [2022-02-20 18:05:00,705 INFO L290 TraceCheckUtils]: 24: Hoare triple {49119#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {49119#true} is VALID [2022-02-20 18:05:00,705 INFO L272 TraceCheckUtils]: 25: Hoare triple {49119#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:00,705 INFO L290 TraceCheckUtils]: 26: Hoare triple {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,705 INFO L290 TraceCheckUtils]: 27: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,705 INFO L290 TraceCheckUtils]: 28: Hoare triple {49119#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,705 INFO L290 TraceCheckUtils]: 29: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,706 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {49119#true} {49119#true} #824#return; {49119#true} is VALID [2022-02-20 18:05:00,706 INFO L290 TraceCheckUtils]: 31: Hoare triple {49119#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 15, 0;havoc setup_#t~nondet31#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {49119#true} is VALID [2022-02-20 18:05:00,706 INFO L272 TraceCheckUtils]: 32: Hoare triple {49119#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,706 INFO L290 TraceCheckUtils]: 33: Hoare triple {49168#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,706 INFO L290 TraceCheckUtils]: 34: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,706 INFO L290 TraceCheckUtils]: 35: Hoare triple {49119#true} assume !(2 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,706 INFO L290 TraceCheckUtils]: 36: Hoare triple {49119#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,707 INFO L290 TraceCheckUtils]: 37: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,707 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {49119#true} {49119#true} #826#return; {49119#true} is VALID [2022-02-20 18:05:00,707 INFO L290 TraceCheckUtils]: 39: Hoare triple {49119#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {49119#true} is VALID [2022-02-20 18:05:00,707 INFO L272 TraceCheckUtils]: 40: Hoare triple {49119#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:00,707 INFO L290 TraceCheckUtils]: 41: Hoare triple {49169#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,707 INFO L290 TraceCheckUtils]: 42: Hoare triple {49119#true} assume !(1 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,707 INFO L290 TraceCheckUtils]: 43: Hoare triple {49119#true} assume !(2 == ~handle); {49119#true} is VALID [2022-02-20 18:05:00,708 INFO L290 TraceCheckUtils]: 44: Hoare triple {49119#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,708 INFO L290 TraceCheckUtils]: 45: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,708 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {49119#true} {49119#true} #828#return; {49119#true} is VALID [2022-02-20 18:05:00,708 INFO L290 TraceCheckUtils]: 47: Hoare triple {49119#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet32#1; {49119#true} is VALID [2022-02-20 18:05:00,708 INFO L290 TraceCheckUtils]: 48: Hoare triple {49119#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,708 INFO L290 TraceCheckUtils]: 49: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !false; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,709 INFO L290 TraceCheckUtils]: 50: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,709 INFO L290 TraceCheckUtils]: 51: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,709 INFO L290 TraceCheckUtils]: 52: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,709 INFO L290 TraceCheckUtils]: 53: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,710 INFO L290 TraceCheckUtils]: 54: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,710 INFO L290 TraceCheckUtils]: 55: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,710 INFO L290 TraceCheckUtils]: 56: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet87#1 && test_#t~nondet87#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet87#1;havoc test_#t~nondet87#1; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,710 INFO L290 TraceCheckUtils]: 57: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 58: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet88#1 && test_#t~nondet88#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet88#1;havoc test_#t~nondet88#1; {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 59: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 60: Hoare triple {49151#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 == test_~op5~0#1); {49120#false} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 61: Hoare triple {49120#false} assume !(0 == test_~op6~0#1); {49120#false} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 62: Hoare triple {49120#false} assume !(0 == test_~op7~0#1); {49120#false} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 63: Hoare triple {49120#false} assume !(0 == test_~op8~0#1); {49120#false} is VALID [2022-02-20 18:05:00,711 INFO L290 TraceCheckUtils]: 64: Hoare triple {49120#false} assume !(0 == test_~op9~0#1); {49120#false} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 65: Hoare triple {49120#false} assume !(0 == test_~op10~0#1); {49120#false} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 66: Hoare triple {49120#false} assume !(0 == test_~op11~0#1); {49120#false} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 67: Hoare triple {49120#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret25#1, bobToRjh_#t~ret26#1, bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_~tmp~7#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~7#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret25#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret25#1 && bobToRjh_#t~ret25#1 <= 2147483647;havoc bobToRjh_#t~ret25#1; {49120#false} is VALID [2022-02-20 18:05:00,712 INFO L272 TraceCheckUtils]: 68: Hoare triple {49120#false} call sendEmail(~bob~0, ~rjh~0); {49120#false} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 69: Hoare triple {49120#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {49120#false} is VALID [2022-02-20 18:05:00,712 INFO L272 TraceCheckUtils]: 70: Hoare triple {49120#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {49170#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 71: Hoare triple {49170#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 72: Hoare triple {49119#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,712 INFO L290 TraceCheckUtils]: 73: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,712 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {49119#true} {49120#false} #814#return; {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 75: Hoare triple {49120#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 76: Hoare triple {49120#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 77: Hoare triple {49120#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 78: Hoare triple {49120#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L272 TraceCheckUtils]: 79: Hoare triple {49120#false} call outgoing(~sender#1, ~email~0#1); {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 80: Hoare triple {49120#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {49120#false} is VALID [2022-02-20 18:05:00,713 INFO L272 TraceCheckUtils]: 81: Hoare triple {49120#false} call #t~ret15#1 := getEmailTo(~msg#1); {49119#true} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 82: Hoare triple {49119#true} ~handle := #in~handle;havoc ~retValue_acc~11; {49119#true} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 83: Hoare triple {49119#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_email_to0~0;#res := ~retValue_acc~11; {49119#true} is VALID [2022-02-20 18:05:00,713 INFO L290 TraceCheckUtils]: 84: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,714 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {49119#true} {49120#false} #784#return; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 86: Hoare triple {49120#false} assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~3#1 := #t~ret15#1;havoc #t~ret15#1;~receiver~0#1 := ~tmp~3#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 87: Hoare triple {49120#false} assume 1 == findPublicKey_~handle#1; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 88: Hoare triple {49120#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 89: Hoare triple {49120#false} #t~ret16#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp___0~0#1 := #t~ret16#1;havoc #t~ret16#1;~pubkey~0#1 := ~tmp___0~0#1; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 90: Hoare triple {49120#false} assume !(0 != ~pubkey~0#1); {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 91: Hoare triple {49120#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 92: Hoare triple {49120#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {49120#false} is VALID [2022-02-20 18:05:00,714 INFO L290 TraceCheckUtils]: 93: Hoare triple {49120#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {49120#false} is VALID [2022-02-20 18:05:00,715 INFO L272 TraceCheckUtils]: 94: Hoare triple {49120#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {49170#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 95: Hoare triple {49170#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49119#true} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 96: Hoare triple {49119#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49119#true} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 97: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,715 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {49119#true} {49120#false} #790#return; {49120#false} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 99: Hoare triple {49120#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {49120#false} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 100: Hoare triple {49120#false} assume 0 != ~in_encrypted~0; {49120#false} is VALID [2022-02-20 18:05:00,715 INFO L272 TraceCheckUtils]: 101: Hoare triple {49120#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {49119#true} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 102: Hoare triple {49119#true} ~handle := #in~handle;havoc ~retValue_acc~14; {49119#true} is VALID [2022-02-20 18:05:00,715 INFO L290 TraceCheckUtils]: 103: Hoare triple {49119#true} assume 1 == ~handle;~retValue_acc~14 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~14; {49119#true} is VALID [2022-02-20 18:05:00,716 INFO L290 TraceCheckUtils]: 104: Hoare triple {49119#true} assume true; {49119#true} is VALID [2022-02-20 18:05:00,716 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {49119#true} {49120#false} #792#return; {49120#false} is VALID [2022-02-20 18:05:00,716 INFO L290 TraceCheckUtils]: 106: Hoare triple {49120#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {49120#false} is VALID [2022-02-20 18:05:00,716 INFO L290 TraceCheckUtils]: 107: Hoare triple {49120#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {49120#false} is VALID [2022-02-20 18:05:00,716 INFO L290 TraceCheckUtils]: 108: Hoare triple {49120#false} assume !false; {49120#false} is VALID [2022-02-20 18:05:00,716 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:00,716 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:00,716 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1662799322] [2022-02-20 18:05:00,717 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1662799322] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:00,717 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:00,717 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:05:00,717 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1992348821] [2022-02-20 18:05:00,717 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:00,717 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 109 [2022-02-20 18:05:00,718 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:00,718 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:05:00,768 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:00,768 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:05:00,768 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:00,769 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:05:00,769 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:05:00,769 INFO L87 Difference]: Start difference. First operand 2084 states and 3545 transitions. Second operand has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:05:05,214 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:05,214 INFO L93 Difference]: Finished difference Result 4898 states and 8519 transitions. [2022-02-20 18:05:05,214 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:05:05,214 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 109 [2022-02-20 18:05:05,215 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:05,215 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:05:05,228 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 949 transitions. [2022-02-20 18:05:05,228 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 18:05:05,233 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 949 transitions. [2022-02-20 18:05:05,234 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 949 transitions. [2022-02-20 18:05:05,866 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 949 edges. 949 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:06,331 INFO L225 Difference]: With dead ends: 4898 [2022-02-20 18:05:06,331 INFO L226 Difference]: Without dead ends: 3264 [2022-02-20 18:05:06,334 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:06,334 INFO L933 BasicCegarLoop]: 441 mSDtfsCounter, 659 mSDsluCounter, 477 mSDsCounter, 0 mSdLazyCounter, 577 mSolverCounterSat, 218 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 674 SdHoareTripleChecker+Valid, 918 SdHoareTripleChecker+Invalid, 795 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 218 IncrementalHoareTripleChecker+Valid, 577 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:06,335 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [674 Valid, 918 Invalid, 795 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [218 Valid, 577 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 18:05:06,337 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 3264 states. [2022-02-20 18:05:07,944 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 3264 to 3203. [2022-02-20 18:05:07,944 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:07,950 INFO L82 GeneralOperation]: Start isEquivalent. First operand 3264 states. Second operand has 3203 states, 2608 states have (on average 1.624616564417178) internal successors, (4237), 2615 states have internal predecessors, (4237), 575 states have call successors, (575), 15 states have call predecessors, (575), 19 states have return successors, (648), 574 states have call predecessors, (648), 574 states have call successors, (648) [2022-02-20 18:05:07,955 INFO L74 IsIncluded]: Start isIncluded. First operand 3264 states. Second operand has 3203 states, 2608 states have (on average 1.624616564417178) internal successors, (4237), 2615 states have internal predecessors, (4237), 575 states have call successors, (575), 15 states have call predecessors, (575), 19 states have return successors, (648), 574 states have call predecessors, (648), 574 states have call successors, (648) [2022-02-20 18:05:07,960 INFO L87 Difference]: Start difference. First operand 3264 states. Second operand has 3203 states, 2608 states have (on average 1.624616564417178) internal successors, (4237), 2615 states have internal predecessors, (4237), 575 states have call successors, (575), 15 states have call predecessors, (575), 19 states have return successors, (648), 574 states have call predecessors, (648), 574 states have call successors, (648)