./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec9_product14.cil.c --full-output -ea --architecture 32bit


--------------------------------------------------------------------------------


Checking for ERROR reachability
Using default analysis
Version 03d7b7b3
Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec9_product14.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) )

 --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash b949d09d593112e13964b4b5b0eef0c6cd05359df7437e0305220f7a663828f7
--- Real Ultimate output ---
This is Ultimate 0.2.2-dev-03d7b7b
[2022-02-20 18:04:09,932 INFO  L177        SettingsManager]: Resetting all preferences to default values...
[2022-02-20 18:04:09,934 INFO  L181        SettingsManager]: Resetting UltimateCore preferences to default values
[2022-02-20 18:04:09,956 INFO  L184        SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring...
[2022-02-20 18:04:09,957 INFO  L181        SettingsManager]: Resetting Boogie Preprocessor preferences to default values
[2022-02-20 18:04:09,958 INFO  L181        SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values
[2022-02-20 18:04:09,959 INFO  L181        SettingsManager]: Resetting Abstract Interpretation preferences to default values
[2022-02-20 18:04:09,960 INFO  L181        SettingsManager]: Resetting LassoRanker preferences to default values
[2022-02-20 18:04:09,962 INFO  L181        SettingsManager]: Resetting Reaching Definitions preferences to default values
[2022-02-20 18:04:09,962 INFO  L181        SettingsManager]: Resetting SyntaxChecker preferences to default values
[2022-02-20 18:04:09,963 INFO  L181        SettingsManager]: Resetting Sifa preferences to default values
[2022-02-20 18:04:09,964 INFO  L184        SettingsManager]: Büchi Program Product provides no preferences, ignoring...
[2022-02-20 18:04:09,965 INFO  L181        SettingsManager]: Resetting LTL2Aut preferences to default values
[2022-02-20 18:04:09,965 INFO  L181        SettingsManager]: Resetting PEA to Boogie preferences to default values
[2022-02-20 18:04:09,966 INFO  L181        SettingsManager]: Resetting BlockEncodingV2 preferences to default values
[2022-02-20 18:04:09,967 INFO  L181        SettingsManager]: Resetting ChcToBoogie preferences to default values
[2022-02-20 18:04:09,968 INFO  L181        SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values
[2022-02-20 18:04:09,968 INFO  L181        SettingsManager]: Resetting BuchiAutomizer preferences to default values
[2022-02-20 18:04:09,970 INFO  L181        SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values
[2022-02-20 18:04:09,971 INFO  L181        SettingsManager]: Resetting CodeCheck preferences to default values
[2022-02-20 18:04:09,972 INFO  L181        SettingsManager]: Resetting InvariantSynthesis preferences to default values
[2022-02-20 18:04:09,973 INFO  L181        SettingsManager]: Resetting RCFGBuilder preferences to default values
[2022-02-20 18:04:09,974 INFO  L181        SettingsManager]: Resetting Referee preferences to default values
[2022-02-20 18:04:09,975 INFO  L181        SettingsManager]: Resetting TraceAbstraction preferences to default values
[2022-02-20 18:04:09,977 INFO  L184        SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring...
[2022-02-20 18:04:09,977 INFO  L184        SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring...
[2022-02-20 18:04:09,977 INFO  L181        SettingsManager]: Resetting TreeAutomizer preferences to default values
[2022-02-20 18:04:09,978 INFO  L181        SettingsManager]: Resetting IcfgToChc preferences to default values
[2022-02-20 18:04:09,979 INFO  L181        SettingsManager]: Resetting IcfgTransformer preferences to default values
[2022-02-20 18:04:09,979 INFO  L184        SettingsManager]: ReqToTest provides no preferences, ignoring...
[2022-02-20 18:04:09,980 INFO  L181        SettingsManager]: Resetting Boogie Printer preferences to default values
[2022-02-20 18:04:09,980 INFO  L181        SettingsManager]: Resetting ChcSmtPrinter preferences to default values
[2022-02-20 18:04:09,981 INFO  L181        SettingsManager]: Resetting ReqPrinter preferences to default values
[2022-02-20 18:04:09,982 INFO  L181        SettingsManager]: Resetting Witness Printer preferences to default values
[2022-02-20 18:04:09,982 INFO  L184        SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring...
[2022-02-20 18:04:09,983 INFO  L181        SettingsManager]: Resetting CDTParser preferences to default values
[2022-02-20 18:04:09,983 INFO  L184        SettingsManager]: AutomataScriptParser provides no preferences, ignoring...
[2022-02-20 18:04:09,984 INFO  L184        SettingsManager]: ReqParser provides no preferences, ignoring...
[2022-02-20 18:04:09,984 INFO  L181        SettingsManager]: Resetting SmtParser preferences to default values
[2022-02-20 18:04:09,985 INFO  L181        SettingsManager]: Resetting Witness Parser preferences to default values
[2022-02-20 18:04:09,985 INFO  L188        SettingsManager]: Finished resetting all preferences to default values...
[2022-02-20 18:04:09,986 INFO  L101        SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf
[2022-02-20 18:04:10,010 INFO  L113        SettingsManager]: Loading preferences was successful
[2022-02-20 18:04:10,011 INFO  L115        SettingsManager]: Preferences different from defaults after loading the file:
[2022-02-20 18:04:10,011 INFO  L136        SettingsManager]: Preferences of UltimateCore differ from their defaults:
[2022-02-20 18:04:10,012 INFO  L138        SettingsManager]:  * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR;
[2022-02-20 18:04:10,012 INFO  L136        SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults:
[2022-02-20 18:04:10,013 INFO  L138        SettingsManager]:  * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS
[2022-02-20 18:04:10,013 INFO  L136        SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults:
[2022-02-20 18:04:10,013 INFO  L138        SettingsManager]:  * Create parallel compositions if possible=false
[2022-02-20 18:04:10,014 INFO  L138        SettingsManager]:  * Use SBE=true
[2022-02-20 18:04:10,014 INFO  L136        SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults:
[2022-02-20 18:04:10,014 INFO  L138        SettingsManager]:  * sizeof long=4
[2022-02-20 18:04:10,015 INFO  L138        SettingsManager]:  * Overapproximate operations on floating types=true
[2022-02-20 18:04:10,015 INFO  L138        SettingsManager]:  * sizeof POINTER=4
[2022-02-20 18:04:10,015 INFO  L138        SettingsManager]:  * Check division by zero=IGNORE
[2022-02-20 18:04:10,015 INFO  L138        SettingsManager]:  * Pointer to allocated memory at dereference=IGNORE
[2022-02-20 18:04:10,015 INFO  L138        SettingsManager]:  * If two pointers are subtracted or compared they have the same base address=IGNORE
[2022-02-20 18:04:10,016 INFO  L138        SettingsManager]:  * Check array bounds for arrays that are off heap=IGNORE
[2022-02-20 18:04:10,016 INFO  L138        SettingsManager]:  * sizeof long double=12
[2022-02-20 18:04:10,016 INFO  L138        SettingsManager]:  * Check if freed pointer was valid=false
[2022-02-20 18:04:10,016 INFO  L138        SettingsManager]:  * Use constant arrays=true
[2022-02-20 18:04:10,016 INFO  L138        SettingsManager]:  * Pointer base address is valid at dereference=IGNORE
[2022-02-20 18:04:10,016 INFO  L136        SettingsManager]: Preferences of RCFGBuilder differ from their defaults:
[2022-02-20 18:04:10,017 INFO  L138        SettingsManager]:  * Size of a code block=SequenceOfStatements
[2022-02-20 18:04:10,017 INFO  L138        SettingsManager]:  * SMT solver=External_DefaultMode
[2022-02-20 18:04:10,017 INFO  L138        SettingsManager]:  * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000
[2022-02-20 18:04:10,017 INFO  L136        SettingsManager]: Preferences of TraceAbstraction differ from their defaults:
[2022-02-20 18:04:10,017 INFO  L138        SettingsManager]:  * Compute Interpolants along a Counterexample=FPandBP
[2022-02-20 18:04:10,018 INFO  L138        SettingsManager]:  * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles
[2022-02-20 18:04:10,018 INFO  L138        SettingsManager]:  * Trace refinement strategy=CAMEL
[2022-02-20 18:04:10,018 INFO  L138        SettingsManager]:  * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in
[2022-02-20 18:04:10,018 INFO  L138        SettingsManager]:  * Large block encoding in concurrent analysis=OFF
[2022-02-20 18:04:10,018 INFO  L138        SettingsManager]:  * Automaton type used in concurrency analysis=PETRI_NET
[2022-02-20 18:04:10,019 INFO  L138        SettingsManager]:  * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true
[2022-02-20 18:04:10,019 INFO  L138        SettingsManager]:  * SMT solver=External_ModelsAndUnsatCoreMode
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) )


Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> b949d09d593112e13964b4b5b0eef0c6cd05359df7437e0305220f7a663828f7
[2022-02-20 18:04:10,266 INFO  L75    nceAwareModelManager]: Repository-Root is: /tmp
[2022-02-20 18:04:10,287 INFO  L261   ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized
[2022-02-20 18:04:10,290 INFO  L217   ainManager$Toolchain]: [Toolchain 1]: Toolchain selected.
[2022-02-20 18:04:10,291 INFO  L271        PluginConnector]: Initializing CDTParser...
[2022-02-20 18:04:10,291 INFO  L275        PluginConnector]: CDTParser initialized
[2022-02-20 18:04:10,292 INFO  L432   ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec9_product14.cil.c
[2022-02-20 18:04:10,349 INFO  L220              CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/909cc8057/33ea899cbd674a779e7af1e8299e9a24/FLAG5b48bb063
[2022-02-20 18:04:10,929 INFO  L306              CDTParser]: Found 1 translation units.
[2022-02-20 18:04:10,930 INFO  L160              CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product14.cil.c
[2022-02-20 18:04:10,955 INFO  L349              CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/909cc8057/33ea899cbd674a779e7af1e8299e9a24/FLAG5b48bb063
[2022-02-20 18:04:11,348 INFO  L357              CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/909cc8057/33ea899cbd674a779e7af1e8299e9a24
[2022-02-20 18:04:11,350 INFO  L299   ainManager$Toolchain]: ####################### [Toolchain 1] #######################
[2022-02-20 18:04:11,351 INFO  L131        ToolchainWalker]: Walking toolchain with 6 elements.
[2022-02-20 18:04:11,352 INFO  L113        PluginConnector]: ------------------------CACSL2BoogieTranslator----------------------------
[2022-02-20 18:04:11,352 INFO  L271        PluginConnector]: Initializing CACSL2BoogieTranslator...
[2022-02-20 18:04:11,355 INFO  L275        PluginConnector]: CACSL2BoogieTranslator initialized
[2022-02-20 18:04:11,356 INFO  L185        PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:11" (1/1) ...
[2022-02-20 18:04:11,357 INFO  L205        PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@66dba990 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:11, skipping insertion in model container
[2022-02-20 18:04:11,357 INFO  L185        PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:11" (1/1) ...
[2022-02-20 18:04:11,365 INFO  L145         MainTranslator]: Starting translation in SV-COMP mode 
[2022-02-20 18:04:11,424 INFO  L178         MainTranslator]: Built tables and reachable declarations
[2022-02-20 18:04:11,712 WARN  L230   ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product14.cil.c[8145,8158]
[2022-02-20 18:04:12,002 INFO  L210          PostProcessor]: Analyzing one entry point: main
[2022-02-20 18:04:12,015 INFO  L203         MainTranslator]: Completed pre-run
[2022-02-20 18:04:12,047 WARN  L230   ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product14.cil.c[8145,8158]
[2022-02-20 18:04:12,158 INFO  L210          PostProcessor]: Analyzing one entry point: main
[2022-02-20 18:04:12,189 INFO  L208         MainTranslator]: Completed translation
[2022-02-20 18:04:12,189 INFO  L202        PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12 WrapperNode
[2022-02-20 18:04:12,190 INFO  L132        PluginConnector]: ------------------------ END CACSL2BoogieTranslator----------------------------
[2022-02-20 18:04:12,191 INFO  L113        PluginConnector]: ------------------------Boogie Procedure Inliner----------------------------
[2022-02-20 18:04:12,191 INFO  L271        PluginConnector]: Initializing Boogie Procedure Inliner...
[2022-02-20 18:04:12,191 INFO  L275        PluginConnector]: Boogie Procedure Inliner initialized
[2022-02-20 18:04:12,197 INFO  L185        PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,242 INFO  L185        PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,304 INFO  L137                Inliner]: procedures = 126, calls = 210, calls flagged for inlining = 51, calls inlined = 43, statements flattened = 905
[2022-02-20 18:04:12,305 INFO  L132        PluginConnector]: ------------------------ END Boogie Procedure Inliner----------------------------
[2022-02-20 18:04:12,306 INFO  L113        PluginConnector]: ------------------------Boogie Preprocessor----------------------------
[2022-02-20 18:04:12,306 INFO  L271        PluginConnector]: Initializing Boogie Preprocessor...
[2022-02-20 18:04:12,306 INFO  L275        PluginConnector]: Boogie Preprocessor initialized
[2022-02-20 18:04:12,313 INFO  L185        PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,314 INFO  L185        PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,323 INFO  L185        PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,326 INFO  L185        PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,346 INFO  L185        PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,360 INFO  L185        PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,364 INFO  L185        PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,371 INFO  L132        PluginConnector]: ------------------------ END Boogie Preprocessor----------------------------
[2022-02-20 18:04:12,372 INFO  L113        PluginConnector]: ------------------------RCFGBuilder----------------------------
[2022-02-20 18:04:12,372 INFO  L271        PluginConnector]: Initializing RCFGBuilder...
[2022-02-20 18:04:12,372 INFO  L275        PluginConnector]: RCFGBuilder initialized
[2022-02-20 18:04:12,373 INFO  L185        PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (1/1) ...
[2022-02-20 18:04:12,380 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000
[2022-02-20 18:04:12,391 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:04:12,412 INFO  L229       MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null)
[2022-02-20 18:04:12,425 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process
[2022-02-20 18:04:12,463 INFO  L130     BoogieDeclarations]: Found specification of procedure getClientAddressBookSize
[2022-02-20 18:04:12,464 INFO  L138     BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize
[2022-02-20 18:04:12,464 INFO  L130     BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey
[2022-02-20 18:04:12,464 INFO  L138     BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey
[2022-02-20 18:04:12,464 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress
[2022-02-20 18:04:12,464 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress
[2022-02-20 18:04:12,465 INFO  L130     BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey
[2022-02-20 18:04:12,465 INFO  L138     BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey
[2022-02-20 18:04:12,466 INFO  L130     BoogieDeclarations]: Found specification of procedure getEmailTo
[2022-02-20 18:04:12,466 INFO  L138     BoogieDeclarations]: Found implementation of procedure getEmailTo
[2022-02-20 18:04:12,467 INFO  L130     BoogieDeclarations]: Found specification of procedure setEmailFrom
[2022-02-20 18:04:12,467 INFO  L138     BoogieDeclarations]: Found implementation of procedure setEmailFrom
[2022-02-20 18:04:12,467 INFO  L130     BoogieDeclarations]: Found specification of procedure createClientKeyringEntry
[2022-02-20 18:04:12,467 INFO  L138     BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry
[2022-02-20 18:04:12,467 INFO  L130     BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted
[2022-02-20 18:04:12,467 INFO  L138     BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted
[2022-02-20 18:04:12,468 INFO  L130     BoogieDeclarations]: Found specification of procedure chuckKeyAdd
[2022-02-20 18:04:12,468 INFO  L138     BoogieDeclarations]: Found implementation of procedure chuckKeyAdd
[2022-02-20 18:04:12,468 INFO  L130     BoogieDeclarations]: Found specification of procedure puts
[2022-02-20 18:04:12,468 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientId
[2022-02-20 18:04:12,468 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientId
[2022-02-20 18:04:12,468 INFO  L130     BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit
[2022-02-20 18:04:12,469 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientAddressBookSize
[2022-02-20 18:04:12,469 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize
[2022-02-20 18:04:12,469 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientKeyringUser
[2022-02-20 18:04:12,469 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientKeyringUser
[2022-02-20 18:04:12,469 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey
[2022-02-20 18:04:12,469 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey
[2022-02-20 18:04:12,470 INFO  L130     BoogieDeclarations]: Found specification of procedure outgoing
[2022-02-20 18:04:12,470 INFO  L138     BoogieDeclarations]: Found implementation of procedure outgoing
[2022-02-20 18:04:12,470 INFO  L130     BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Encrypt
[2022-02-20 18:04:12,470 INFO  L138     BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Encrypt
[2022-02-20 18:04:12,470 INFO  L130     BoogieDeclarations]: Found specification of procedure sendEmail
[2022-02-20 18:04:12,470 INFO  L138     BoogieDeclarations]: Found implementation of procedure sendEmail
[2022-02-20 18:04:12,471 INFO  L130     BoogieDeclarations]: Found specification of procedure isEncrypted
[2022-02-20 18:04:12,471 INFO  L138     BoogieDeclarations]: Found implementation of procedure isEncrypted
[2022-02-20 18:04:12,471 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientPrivateKey
[2022-02-20 18:04:12,471 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientPrivateKey
[2022-02-20 18:04:12,471 INFO  L130     BoogieDeclarations]: Found specification of procedure setEmailTo
[2022-02-20 18:04:12,471 INFO  L138     BoogieDeclarations]: Found implementation of procedure setEmailTo
[2022-02-20 18:04:12,471 INFO  L130     BoogieDeclarations]: Found specification of procedure write~init~int
[2022-02-20 18:04:12,472 INFO  L130     BoogieDeclarations]: Found specification of procedure generateKeyPair
[2022-02-20 18:04:12,472 INFO  L138     BoogieDeclarations]: Found implementation of procedure generateKeyPair
[2022-02-20 18:04:12,472 INFO  L130     BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress
[2022-02-20 18:04:12,472 INFO  L138     BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress
[2022-02-20 18:04:12,473 INFO  L130     BoogieDeclarations]: Found specification of procedure ULTIMATE.start
[2022-02-20 18:04:12,473 INFO  L138     BoogieDeclarations]: Found implementation of procedure ULTIMATE.start
[2022-02-20 18:04:12,716 INFO  L234             CfgBuilder]: Building ICFG
[2022-02-20 18:04:12,718 INFO  L260             CfgBuilder]: Building CFG for each procedure with an implementation
[2022-02-20 18:04:13,563 INFO  L275             CfgBuilder]: Performing block encoding
[2022-02-20 18:04:13,575 INFO  L294             CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start)
[2022-02-20 18:04:13,576 INFO  L299             CfgBuilder]: Removed 1 assume(true) statements.
[2022-02-20 18:04:13,578 INFO  L202        PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:13 BoogieIcfgContainer
[2022-02-20 18:04:13,578 INFO  L132        PluginConnector]: ------------------------ END RCFGBuilder----------------------------
[2022-02-20 18:04:13,579 INFO  L113        PluginConnector]: ------------------------TraceAbstraction----------------------------
[2022-02-20 18:04:13,579 INFO  L271        PluginConnector]: Initializing TraceAbstraction...
[2022-02-20 18:04:13,582 INFO  L275        PluginConnector]: TraceAbstraction initialized
[2022-02-20 18:04:13,583 INFO  L185        PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:04:11" (1/3) ...
[2022-02-20 18:04:13,583 INFO  L205        PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@48ed7ea9 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:13, skipping insertion in model container
[2022-02-20 18:04:13,583 INFO  L185        PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:12" (2/3) ...
[2022-02-20 18:04:13,584 INFO  L205        PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@48ed7ea9 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:13, skipping insertion in model container
[2022-02-20 18:04:13,584 INFO  L185        PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:13" (3/3) ...
[2022-02-20 18:04:13,585 INFO  L111   eAbstractionObserver]: Analyzing ICFG email_spec9_product14.cil.c
[2022-02-20 18:04:13,589 INFO  L205   ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION
[2022-02-20 18:04:13,589 INFO  L164   ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations.
[2022-02-20 18:04:13,643 INFO  L338      AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ========
[2022-02-20 18:04:13,649 INFO  L339      AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR
[2022-02-20 18:04:13,649 INFO  L340      AbstractCegarLoop]: Starting to check reachability of 1 error locations.
[2022-02-20 18:04:13,681 INFO  L276                IsEmpty]: Start isEmpty. Operand  has 343 states, 268 states have (on average 1.585820895522388) internal successors, (425), 273 states have internal predecessors, (425), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (52), 51 states have call predecessors, (52), 52 states have call successors, (52)
[2022-02-20 18:04:13,701 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 99
[2022-02-20 18:04:13,702 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:13,702 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:13,702 INFO  L402      AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:13,706 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:13,707 INFO  L85        PathProgramCache]: Analyzing trace with hash 363460128, now seen corresponding path program 1 times
[2022-02-20 18:04:13,713 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:13,714 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2029978419]
[2022-02-20 18:04:13,714 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:13,715 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:13,921 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,055 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:14,058 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,069 INFO  L290        TraceCheckUtils]: 0: Hoare triple {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,070 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,070 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,070 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {346#true} #1082#return; {346#true} is VALID
[2022-02-20 18:04:14,078 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:14,085 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,092 INFO  L290        TraceCheckUtils]: 0: Hoare triple {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,093 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,093 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,093 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {346#true} #1084#return; {346#true} is VALID
[2022-02-20 18:04:14,095 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:14,106 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,134 INFO  L290        TraceCheckUtils]: 0: Hoare triple {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {399#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:14,135 INFO  L290        TraceCheckUtils]: 1: Hoare triple {399#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {400#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:14,135 INFO  L290        TraceCheckUtils]: 2: Hoare triple {400#(= |setClientId_#in~handle| 1)} assume true; {400#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:14,136 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {400#(= |setClientId_#in~handle| 1)} {356#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {347#false} is VALID
[2022-02-20 18:04:14,137 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 18:04:14,142 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,148 INFO  L290        TraceCheckUtils]: 0: Hoare triple {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,148 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,148 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,149 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1088#return; {347#false} is VALID
[2022-02-20 18:04:14,149 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 18:04:14,152 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,159 INFO  L290        TraceCheckUtils]: 0: Hoare triple {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,160 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,161 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,161 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1090#return; {347#false} is VALID
[2022-02-20 18:04:14,161 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 18:04:14,175 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,184 INFO  L290        TraceCheckUtils]: 0: Hoare triple {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,184 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,186 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,186 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1092#return; {347#false} is VALID
[2022-02-20 18:04:14,195 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47
[2022-02-20 18:04:14,197 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,206 INFO  L290        TraceCheckUtils]: 0: Hoare triple {401#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,206 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,207 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,207 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1068#return; {347#false} is VALID
[2022-02-20 18:04:14,217 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52
[2022-02-20 18:04:14,219 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,229 INFO  L290        TraceCheckUtils]: 0: Hoare triple {402#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,230 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,230 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,231 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1070#return; {347#false} is VALID
[2022-02-20 18:04:14,231 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61
[2022-02-20 18:04:14,233 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,236 INFO  L290        TraceCheckUtils]: 0: Hoare triple {346#true} ~handle := #in~handle;havoc ~retValue_acc~19; {346#true} is VALID
[2022-02-20 18:04:14,237 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {346#true} is VALID
[2022-02-20 18:04:14,237 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,237 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1028#return; {347#false} is VALID
[2022-02-20 18:04:14,238 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70
[2022-02-20 18:04:14,240 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,244 INFO  L290        TraceCheckUtils]: 0: Hoare triple {346#true} ~handle := #in~handle;havoc ~retValue_acc~36; {346#true} is VALID
[2022-02-20 18:04:14,244 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {346#true} is VALID
[2022-02-20 18:04:14,245 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,245 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1046#return; {347#false} is VALID
[2022-02-20 18:04:14,246 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83
[2022-02-20 18:04:14,249 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,252 INFO  L290        TraceCheckUtils]: 0: Hoare triple {401#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,253 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,253 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,253 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1052#return; {347#false} is VALID
[2022-02-20 18:04:14,254 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90
[2022-02-20 18:04:14,255 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,261 INFO  L290        TraceCheckUtils]: 0: Hoare triple {346#true} ~handle := #in~handle;havoc ~retValue_acc~39; {346#true} is VALID
[2022-02-20 18:04:14,262 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {346#true} is VALID
[2022-02-20 18:04:14,262 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,265 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {346#true} {347#false} #1054#return; {347#false} is VALID
[2022-02-20 18:04:14,270 INFO  L290        TraceCheckUtils]: 0: Hoare triple {346#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {346#true} is VALID
[2022-02-20 18:04:14,270 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {346#true} is VALID
[2022-02-20 18:04:14,270 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {346#true} is VALID
[2022-02-20 18:04:14,271 INFO  L290        TraceCheckUtils]: 3: Hoare triple {346#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {346#true} is VALID
[2022-02-20 18:04:14,271 INFO  L290        TraceCheckUtils]: 4: Hoare triple {346#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {346#true} is VALID
[2022-02-20 18:04:14,271 INFO  L290        TraceCheckUtils]: 5: Hoare triple {346#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {346#true} is VALID
[2022-02-20 18:04:14,273 INFO  L272        TraceCheckUtils]: 6: Hoare triple {346#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:14,273 INFO  L290        TraceCheckUtils]: 7: Hoare triple {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,274 INFO  L290        TraceCheckUtils]: 8: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,274 INFO  L290        TraceCheckUtils]: 9: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,274 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {346#true} {346#true} #1082#return; {346#true} is VALID
[2022-02-20 18:04:14,274 INFO  L290        TraceCheckUtils]: 11: Hoare triple {346#true} assume { :end_inline_setup_bob__wrappee__Base } true; {346#true} is VALID
[2022-02-20 18:04:14,276 INFO  L272        TraceCheckUtils]: 12: Hoare triple {346#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:14,277 INFO  L290        TraceCheckUtils]: 13: Hoare triple {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,277 INFO  L290        TraceCheckUtils]: 14: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,277 INFO  L290        TraceCheckUtils]: 15: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,277 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {346#true} {346#true} #1084#return; {346#true} is VALID
[2022-02-20 18:04:14,279 INFO  L290        TraceCheckUtils]: 17: Hoare triple {346#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {356#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 18:04:14,280 INFO  L272        TraceCheckUtils]: 18: Hoare triple {356#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:14,280 INFO  L290        TraceCheckUtils]: 19: Hoare triple {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {399#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:14,281 INFO  L290        TraceCheckUtils]: 20: Hoare triple {399#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {400#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:14,281 INFO  L290        TraceCheckUtils]: 21: Hoare triple {400#(= |setClientId_#in~handle| 1)} assume true; {400#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:14,282 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {400#(= |setClientId_#in~handle| 1)} {356#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {347#false} is VALID
[2022-02-20 18:04:14,282 INFO  L290        TraceCheckUtils]: 23: Hoare triple {347#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {347#false} is VALID
[2022-02-20 18:04:14,282 INFO  L272        TraceCheckUtils]: 24: Hoare triple {347#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:14,283 INFO  L290        TraceCheckUtils]: 25: Hoare triple {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,283 INFO  L290        TraceCheckUtils]: 26: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,283 INFO  L290        TraceCheckUtils]: 27: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,283 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {346#true} {347#false} #1088#return; {347#false} is VALID
[2022-02-20 18:04:14,284 INFO  L290        TraceCheckUtils]: 29: Hoare triple {347#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {347#false} is VALID
[2022-02-20 18:04:14,285 INFO  L272        TraceCheckUtils]: 30: Hoare triple {347#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:14,285 INFO  L290        TraceCheckUtils]: 31: Hoare triple {397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,285 INFO  L290        TraceCheckUtils]: 32: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,285 INFO  L290        TraceCheckUtils]: 33: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,286 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {346#true} {347#false} #1090#return; {347#false} is VALID
[2022-02-20 18:04:14,286 INFO  L290        TraceCheckUtils]: 35: Hoare triple {347#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {347#false} is VALID
[2022-02-20 18:04:14,287 INFO  L272        TraceCheckUtils]: 36: Hoare triple {347#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:14,287 INFO  L290        TraceCheckUtils]: 37: Hoare triple {398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,288 INFO  L290        TraceCheckUtils]: 38: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,289 INFO  L290        TraceCheckUtils]: 39: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,289 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {346#true} {347#false} #1092#return; {347#false} is VALID
[2022-02-20 18:04:14,289 INFO  L290        TraceCheckUtils]: 41: Hoare triple {347#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {347#false} is VALID
[2022-02-20 18:04:14,289 INFO  L290        TraceCheckUtils]: 42: Hoare triple {347#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {347#false} is VALID
[2022-02-20 18:04:14,290 INFO  L290        TraceCheckUtils]: 43: Hoare triple {347#false} assume !true; {347#false} is VALID
[2022-02-20 18:04:14,290 INFO  L290        TraceCheckUtils]: 44: Hoare triple {347#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {347#false} is VALID
[2022-02-20 18:04:14,290 INFO  L272        TraceCheckUtils]: 45: Hoare triple {347#false} call sendEmail(~bob~0, ~rjh~0); {347#false} is VALID
[2022-02-20 18:04:14,290 INFO  L290        TraceCheckUtils]: 46: Hoare triple {347#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {347#false} is VALID
[2022-02-20 18:04:14,291 INFO  L272        TraceCheckUtils]: 47: Hoare triple {347#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {401#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:14,291 INFO  L290        TraceCheckUtils]: 48: Hoare triple {401#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,291 INFO  L290        TraceCheckUtils]: 49: Hoare triple {346#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,291 INFO  L290        TraceCheckUtils]: 50: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,292 INFO  L284        TraceCheckUtils]: 51: Hoare quadruple {346#true} {347#false} #1068#return; {347#false} is VALID
[2022-02-20 18:04:14,294 INFO  L272        TraceCheckUtils]: 52: Hoare triple {347#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {402#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:14,294 INFO  L290        TraceCheckUtils]: 53: Hoare triple {402#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,294 INFO  L290        TraceCheckUtils]: 54: Hoare triple {346#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,295 INFO  L290        TraceCheckUtils]: 55: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,295 INFO  L284        TraceCheckUtils]: 56: Hoare quadruple {346#true} {347#false} #1070#return; {347#false} is VALID
[2022-02-20 18:04:14,295 INFO  L290        TraceCheckUtils]: 57: Hoare triple {347#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {347#false} is VALID
[2022-02-20 18:04:14,296 INFO  L290        TraceCheckUtils]: 58: Hoare triple {347#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {347#false} is VALID
[2022-02-20 18:04:14,296 INFO  L272        TraceCheckUtils]: 59: Hoare triple {347#false} call outgoing(~sender#1, ~email~0#1); {347#false} is VALID
[2022-02-20 18:04:14,296 INFO  L290        TraceCheckUtils]: 60: Hoare triple {347#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {347#false} is VALID
[2022-02-20 18:04:14,296 INFO  L272        TraceCheckUtils]: 61: Hoare triple {347#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {346#true} is VALID
[2022-02-20 18:04:14,297 INFO  L290        TraceCheckUtils]: 62: Hoare triple {346#true} ~handle := #in~handle;havoc ~retValue_acc~19; {346#true} is VALID
[2022-02-20 18:04:14,297 INFO  L290        TraceCheckUtils]: 63: Hoare triple {346#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {346#true} is VALID
[2022-02-20 18:04:14,298 INFO  L290        TraceCheckUtils]: 64: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,298 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {346#true} {347#false} #1028#return; {347#false} is VALID
[2022-02-20 18:04:14,298 INFO  L290        TraceCheckUtils]: 66: Hoare triple {347#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {347#false} is VALID
[2022-02-20 18:04:14,298 INFO  L290        TraceCheckUtils]: 67: Hoare triple {347#false} assume !(0 != ~size~0#1); {347#false} is VALID
[2022-02-20 18:04:14,299 INFO  L272        TraceCheckUtils]: 68: Hoare triple {347#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {347#false} is VALID
[2022-02-20 18:04:14,307 INFO  L290        TraceCheckUtils]: 69: Hoare triple {347#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {347#false} is VALID
[2022-02-20 18:04:14,308 INFO  L272        TraceCheckUtils]: 70: Hoare triple {347#false} call #t~ret34#1 := getEmailTo(~msg#1); {346#true} is VALID
[2022-02-20 18:04:14,308 INFO  L290        TraceCheckUtils]: 71: Hoare triple {346#true} ~handle := #in~handle;havoc ~retValue_acc~36; {346#true} is VALID
[2022-02-20 18:04:14,308 INFO  L290        TraceCheckUtils]: 72: Hoare triple {346#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {346#true} is VALID
[2022-02-20 18:04:14,308 INFO  L290        TraceCheckUtils]: 73: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,309 INFO  L284        TraceCheckUtils]: 74: Hoare quadruple {346#true} {347#false} #1046#return; {347#false} is VALID
[2022-02-20 18:04:14,309 INFO  L290        TraceCheckUtils]: 75: Hoare triple {347#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {347#false} is VALID
[2022-02-20 18:04:14,309 INFO  L290        TraceCheckUtils]: 76: Hoare triple {347#false} assume 1 == findPublicKey_~handle#1; {347#false} is VALID
[2022-02-20 18:04:14,309 INFO  L290        TraceCheckUtils]: 77: Hoare triple {347#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {347#false} is VALID
[2022-02-20 18:04:14,310 INFO  L290        TraceCheckUtils]: 78: Hoare triple {347#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {347#false} is VALID
[2022-02-20 18:04:14,310 INFO  L290        TraceCheckUtils]: 79: Hoare triple {347#false} assume !(0 != ~pubkey~0#1); {347#false} is VALID
[2022-02-20 18:04:14,310 INFO  L290        TraceCheckUtils]: 80: Hoare triple {347#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {347#false} is VALID
[2022-02-20 18:04:14,311 INFO  L290        TraceCheckUtils]: 81: Hoare triple {347#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {347#false} is VALID
[2022-02-20 18:04:14,311 INFO  L290        TraceCheckUtils]: 82: Hoare triple {347#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {347#false} is VALID
[2022-02-20 18:04:14,311 INFO  L272        TraceCheckUtils]: 83: Hoare triple {347#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {401#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:14,311 INFO  L290        TraceCheckUtils]: 84: Hoare triple {401#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,312 INFO  L290        TraceCheckUtils]: 85: Hoare triple {346#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,312 INFO  L290        TraceCheckUtils]: 86: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,312 INFO  L284        TraceCheckUtils]: 87: Hoare quadruple {346#true} {347#false} #1052#return; {347#false} is VALID
[2022-02-20 18:04:14,312 INFO  L290        TraceCheckUtils]: 88: Hoare triple {347#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {347#false} is VALID
[2022-02-20 18:04:14,313 INFO  L290        TraceCheckUtils]: 89: Hoare triple {347#false} assume 0 != ~in_encrypted~0; {347#false} is VALID
[2022-02-20 18:04:14,313 INFO  L272        TraceCheckUtils]: 90: Hoare triple {347#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {346#true} is VALID
[2022-02-20 18:04:14,313 INFO  L290        TraceCheckUtils]: 91: Hoare triple {346#true} ~handle := #in~handle;havoc ~retValue_acc~39; {346#true} is VALID
[2022-02-20 18:04:14,313 INFO  L290        TraceCheckUtils]: 92: Hoare triple {346#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {346#true} is VALID
[2022-02-20 18:04:14,314 INFO  L290        TraceCheckUtils]: 93: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,314 INFO  L284        TraceCheckUtils]: 94: Hoare quadruple {346#true} {347#false} #1054#return; {347#false} is VALID
[2022-02-20 18:04:14,314 INFO  L290        TraceCheckUtils]: 95: Hoare triple {347#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {347#false} is VALID
[2022-02-20 18:04:14,314 INFO  L290        TraceCheckUtils]: 96: Hoare triple {347#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {347#false} is VALID
[2022-02-20 18:04:14,315 INFO  L290        TraceCheckUtils]: 97: Hoare triple {347#false} assume !false; {347#false} is VALID
[2022-02-20 18:04:14,316 INFO  L134       CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked.
[2022-02-20 18:04:14,316 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:14,317 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2029978419]
[2022-02-20 18:04:14,317 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2029978419] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 18:04:14,318 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [662591859]
[2022-02-20 18:04:14,318 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:14,318 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:14,318 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:04:14,320 INFO  L229       MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 18:04:14,329 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process
[2022-02-20 18:04:14,593 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,598 INFO  L263         TraceCheckSpWp]: Trace formula consists of 998 conjuncts, 1 conjunts are in the unsatisfiable core
[2022-02-20 18:04:14,649 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:14,655 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 18:04:14,858 INFO  L290        TraceCheckUtils]: 0: Hoare triple {346#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {346#true} is VALID
[2022-02-20 18:04:14,859 INFO  L290        TraceCheckUtils]: 1: Hoare triple {346#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {346#true} is VALID
[2022-02-20 18:04:14,859 INFO  L290        TraceCheckUtils]: 2: Hoare triple {346#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {346#true} is VALID
[2022-02-20 18:04:14,859 INFO  L290        TraceCheckUtils]: 3: Hoare triple {346#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {346#true} is VALID
[2022-02-20 18:04:14,860 INFO  L290        TraceCheckUtils]: 4: Hoare triple {346#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {346#true} is VALID
[2022-02-20 18:04:14,860 INFO  L290        TraceCheckUtils]: 5: Hoare triple {346#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {346#true} is VALID
[2022-02-20 18:04:14,860 INFO  L272        TraceCheckUtils]: 6: Hoare triple {346#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {346#true} is VALID
[2022-02-20 18:04:14,860 INFO  L290        TraceCheckUtils]: 7: Hoare triple {346#true} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,861 INFO  L290        TraceCheckUtils]: 8: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,861 INFO  L290        TraceCheckUtils]: 9: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,861 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {346#true} {346#true} #1082#return; {346#true} is VALID
[2022-02-20 18:04:14,861 INFO  L290        TraceCheckUtils]: 11: Hoare triple {346#true} assume { :end_inline_setup_bob__wrappee__Base } true; {346#true} is VALID
[2022-02-20 18:04:14,861 INFO  L272        TraceCheckUtils]: 12: Hoare triple {346#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {346#true} is VALID
[2022-02-20 18:04:14,862 INFO  L290        TraceCheckUtils]: 13: Hoare triple {346#true} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,862 INFO  L290        TraceCheckUtils]: 14: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,862 INFO  L290        TraceCheckUtils]: 15: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,862 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {346#true} {346#true} #1084#return; {346#true} is VALID
[2022-02-20 18:04:14,862 INFO  L290        TraceCheckUtils]: 17: Hoare triple {346#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {346#true} is VALID
[2022-02-20 18:04:14,863 INFO  L272        TraceCheckUtils]: 18: Hoare triple {346#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {346#true} is VALID
[2022-02-20 18:04:14,863 INFO  L290        TraceCheckUtils]: 19: Hoare triple {346#true} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,863 INFO  L290        TraceCheckUtils]: 20: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,863 INFO  L290        TraceCheckUtils]: 21: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,864 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {346#true} {346#true} #1086#return; {346#true} is VALID
[2022-02-20 18:04:14,864 INFO  L290        TraceCheckUtils]: 23: Hoare triple {346#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {346#true} is VALID
[2022-02-20 18:04:14,864 INFO  L272        TraceCheckUtils]: 24: Hoare triple {346#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {346#true} is VALID
[2022-02-20 18:04:14,864 INFO  L290        TraceCheckUtils]: 25: Hoare triple {346#true} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,865 INFO  L290        TraceCheckUtils]: 26: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,865 INFO  L290        TraceCheckUtils]: 27: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,865 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {346#true} {346#true} #1088#return; {346#true} is VALID
[2022-02-20 18:04:14,865 INFO  L290        TraceCheckUtils]: 29: Hoare triple {346#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {346#true} is VALID
[2022-02-20 18:04:14,865 INFO  L272        TraceCheckUtils]: 30: Hoare triple {346#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {346#true} is VALID
[2022-02-20 18:04:14,866 INFO  L290        TraceCheckUtils]: 31: Hoare triple {346#true} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,866 INFO  L290        TraceCheckUtils]: 32: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,866 INFO  L290        TraceCheckUtils]: 33: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,866 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {346#true} {346#true} #1090#return; {346#true} is VALID
[2022-02-20 18:04:14,866 INFO  L290        TraceCheckUtils]: 35: Hoare triple {346#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {346#true} is VALID
[2022-02-20 18:04:14,867 INFO  L272        TraceCheckUtils]: 36: Hoare triple {346#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {346#true} is VALID
[2022-02-20 18:04:14,867 INFO  L290        TraceCheckUtils]: 37: Hoare triple {346#true} ~handle := #in~handle;~value := #in~value; {346#true} is VALID
[2022-02-20 18:04:14,867 INFO  L290        TraceCheckUtils]: 38: Hoare triple {346#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {346#true} is VALID
[2022-02-20 18:04:14,867 INFO  L290        TraceCheckUtils]: 39: Hoare triple {346#true} assume true; {346#true} is VALID
[2022-02-20 18:04:14,868 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {346#true} {346#true} #1092#return; {346#true} is VALID
[2022-02-20 18:04:14,868 INFO  L290        TraceCheckUtils]: 41: Hoare triple {346#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {346#true} is VALID
[2022-02-20 18:04:14,868 INFO  L290        TraceCheckUtils]: 42: Hoare triple {346#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {346#true} is VALID
[2022-02-20 18:04:14,869 INFO  L290        TraceCheckUtils]: 43: Hoare triple {346#true} assume !true; {347#false} is VALID
[2022-02-20 18:04:14,869 INFO  L290        TraceCheckUtils]: 44: Hoare triple {347#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {347#false} is VALID
[2022-02-20 18:04:14,869 INFO  L272        TraceCheckUtils]: 45: Hoare triple {347#false} call sendEmail(~bob~0, ~rjh~0); {347#false} is VALID
[2022-02-20 18:04:14,869 INFO  L290        TraceCheckUtils]: 46: Hoare triple {347#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {347#false} is VALID
[2022-02-20 18:04:14,869 INFO  L272        TraceCheckUtils]: 47: Hoare triple {347#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {347#false} is VALID
[2022-02-20 18:04:14,870 INFO  L290        TraceCheckUtils]: 48: Hoare triple {347#false} ~handle := #in~handle;~value := #in~value; {347#false} is VALID
[2022-02-20 18:04:14,870 INFO  L290        TraceCheckUtils]: 49: Hoare triple {347#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {347#false} is VALID
[2022-02-20 18:04:14,870 INFO  L290        TraceCheckUtils]: 50: Hoare triple {347#false} assume true; {347#false} is VALID
[2022-02-20 18:04:14,870 INFO  L284        TraceCheckUtils]: 51: Hoare quadruple {347#false} {347#false} #1068#return; {347#false} is VALID
[2022-02-20 18:04:14,871 INFO  L272        TraceCheckUtils]: 52: Hoare triple {347#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {347#false} is VALID
[2022-02-20 18:04:14,871 INFO  L290        TraceCheckUtils]: 53: Hoare triple {347#false} ~handle := #in~handle;~value := #in~value; {347#false} is VALID
[2022-02-20 18:04:14,871 INFO  L290        TraceCheckUtils]: 54: Hoare triple {347#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {347#false} is VALID
[2022-02-20 18:04:14,871 INFO  L290        TraceCheckUtils]: 55: Hoare triple {347#false} assume true; {347#false} is VALID
[2022-02-20 18:04:14,871 INFO  L284        TraceCheckUtils]: 56: Hoare quadruple {347#false} {347#false} #1070#return; {347#false} is VALID
[2022-02-20 18:04:14,872 INFO  L290        TraceCheckUtils]: 57: Hoare triple {347#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {347#false} is VALID
[2022-02-20 18:04:14,872 INFO  L290        TraceCheckUtils]: 58: Hoare triple {347#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {347#false} is VALID
[2022-02-20 18:04:14,872 INFO  L272        TraceCheckUtils]: 59: Hoare triple {347#false} call outgoing(~sender#1, ~email~0#1); {347#false} is VALID
[2022-02-20 18:04:14,872 INFO  L290        TraceCheckUtils]: 60: Hoare triple {347#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {347#false} is VALID
[2022-02-20 18:04:14,873 INFO  L272        TraceCheckUtils]: 61: Hoare triple {347#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {347#false} is VALID
[2022-02-20 18:04:14,873 INFO  L290        TraceCheckUtils]: 62: Hoare triple {347#false} ~handle := #in~handle;havoc ~retValue_acc~19; {347#false} is VALID
[2022-02-20 18:04:14,873 INFO  L290        TraceCheckUtils]: 63: Hoare triple {347#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {347#false} is VALID
[2022-02-20 18:04:14,873 INFO  L290        TraceCheckUtils]: 64: Hoare triple {347#false} assume true; {347#false} is VALID
[2022-02-20 18:04:14,873 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {347#false} {347#false} #1028#return; {347#false} is VALID
[2022-02-20 18:04:14,874 INFO  L290        TraceCheckUtils]: 66: Hoare triple {347#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {347#false} is VALID
[2022-02-20 18:04:14,874 INFO  L290        TraceCheckUtils]: 67: Hoare triple {347#false} assume !(0 != ~size~0#1); {347#false} is VALID
[2022-02-20 18:04:14,874 INFO  L272        TraceCheckUtils]: 68: Hoare triple {347#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {347#false} is VALID
[2022-02-20 18:04:14,874 INFO  L290        TraceCheckUtils]: 69: Hoare triple {347#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {347#false} is VALID
[2022-02-20 18:04:14,874 INFO  L272        TraceCheckUtils]: 70: Hoare triple {347#false} call #t~ret34#1 := getEmailTo(~msg#1); {347#false} is VALID
[2022-02-20 18:04:14,875 INFO  L290        TraceCheckUtils]: 71: Hoare triple {347#false} ~handle := #in~handle;havoc ~retValue_acc~36; {347#false} is VALID
[2022-02-20 18:04:14,875 INFO  L290        TraceCheckUtils]: 72: Hoare triple {347#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {347#false} is VALID
[2022-02-20 18:04:14,875 INFO  L290        TraceCheckUtils]: 73: Hoare triple {347#false} assume true; {347#false} is VALID
[2022-02-20 18:04:14,875 INFO  L284        TraceCheckUtils]: 74: Hoare quadruple {347#false} {347#false} #1046#return; {347#false} is VALID
[2022-02-20 18:04:14,876 INFO  L290        TraceCheckUtils]: 75: Hoare triple {347#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {347#false} is VALID
[2022-02-20 18:04:14,876 INFO  L290        TraceCheckUtils]: 76: Hoare triple {347#false} assume 1 == findPublicKey_~handle#1; {347#false} is VALID
[2022-02-20 18:04:14,876 INFO  L290        TraceCheckUtils]: 77: Hoare triple {347#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {347#false} is VALID
[2022-02-20 18:04:14,876 INFO  L290        TraceCheckUtils]: 78: Hoare triple {347#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {347#false} is VALID
[2022-02-20 18:04:14,876 INFO  L290        TraceCheckUtils]: 79: Hoare triple {347#false} assume !(0 != ~pubkey~0#1); {347#false} is VALID
[2022-02-20 18:04:14,877 INFO  L290        TraceCheckUtils]: 80: Hoare triple {347#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {347#false} is VALID
[2022-02-20 18:04:14,877 INFO  L290        TraceCheckUtils]: 81: Hoare triple {347#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {347#false} is VALID
[2022-02-20 18:04:14,877 INFO  L290        TraceCheckUtils]: 82: Hoare triple {347#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {347#false} is VALID
[2022-02-20 18:04:14,877 INFO  L272        TraceCheckUtils]: 83: Hoare triple {347#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {347#false} is VALID
[2022-02-20 18:04:14,877 INFO  L290        TraceCheckUtils]: 84: Hoare triple {347#false} ~handle := #in~handle;~value := #in~value; {347#false} is VALID
[2022-02-20 18:04:14,878 INFO  L290        TraceCheckUtils]: 85: Hoare triple {347#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {347#false} is VALID
[2022-02-20 18:04:14,878 INFO  L290        TraceCheckUtils]: 86: Hoare triple {347#false} assume true; {347#false} is VALID
[2022-02-20 18:04:14,878 INFO  L284        TraceCheckUtils]: 87: Hoare quadruple {347#false} {347#false} #1052#return; {347#false} is VALID
[2022-02-20 18:04:14,878 INFO  L290        TraceCheckUtils]: 88: Hoare triple {347#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {347#false} is VALID
[2022-02-20 18:04:14,879 INFO  L290        TraceCheckUtils]: 89: Hoare triple {347#false} assume 0 != ~in_encrypted~0; {347#false} is VALID
[2022-02-20 18:04:14,879 INFO  L272        TraceCheckUtils]: 90: Hoare triple {347#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {347#false} is VALID
[2022-02-20 18:04:14,879 INFO  L290        TraceCheckUtils]: 91: Hoare triple {347#false} ~handle := #in~handle;havoc ~retValue_acc~39; {347#false} is VALID
[2022-02-20 18:04:14,879 INFO  L290        TraceCheckUtils]: 92: Hoare triple {347#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {347#false} is VALID
[2022-02-20 18:04:14,879 INFO  L290        TraceCheckUtils]: 93: Hoare triple {347#false} assume true; {347#false} is VALID
[2022-02-20 18:04:14,880 INFO  L284        TraceCheckUtils]: 94: Hoare quadruple {347#false} {347#false} #1054#return; {347#false} is VALID
[2022-02-20 18:04:14,880 INFO  L290        TraceCheckUtils]: 95: Hoare triple {347#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {347#false} is VALID
[2022-02-20 18:04:14,880 INFO  L290        TraceCheckUtils]: 96: Hoare triple {347#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {347#false} is VALID
[2022-02-20 18:04:14,880 INFO  L290        TraceCheckUtils]: 97: Hoare triple {347#false} assume !false; {347#false} is VALID
[2022-02-20 18:04:14,881 INFO  L134       CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 18:04:14,881 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 18:04:14,881 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [662591859] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:14,882 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 18:04:14,882 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9
[2022-02-20 18:04:14,884 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1087748246]
[2022-02-20 18:04:14,884 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:14,889 INFO  L78                 Accepts]: Start accepts. Automaton has  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98
[2022-02-20 18:04:14,891 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:14,893 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:14,974 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:14,977 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 2 states
[2022-02-20 18:04:14,977 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:14,996 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants.
[2022-02-20 18:04:14,998 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 18:04:15,003 INFO  L87              Difference]: Start difference. First operand  has 343 states, 268 states have (on average 1.585820895522388) internal successors, (425), 273 states have internal predecessors, (425), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (52), 51 states have call predecessors, (52), 52 states have call successors, (52) Second operand  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:15,364 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:15,365 INFO  L93              Difference]: Finished difference Result 498 states and 756 transitions.
[2022-02-20 18:04:15,365 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. 
[2022-02-20 18:04:15,366 INFO  L78                 Accepts]: Start accepts. Automaton has  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98
[2022-02-20 18:04:15,372 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:15,373 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:15,405 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 756 transitions.
[2022-02-20 18:04:15,406 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:15,421 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 756 transitions.
[2022-02-20 18:04:15,422 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 756 transitions.
[2022-02-20 18:04:16,116 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 756 edges. 756 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:16,140 INFO  L225             Difference]: With dead ends: 498
[2022-02-20 18:04:16,141 INFO  L226             Difference]: Without dead ends: 336
[2022-02-20 18:04:16,145 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 125 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 18:04:16,148 INFO  L933         BasicCegarLoop]: 525 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 525 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:16,149 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 525 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 18:04:16,164 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 336 states.
[2022-02-20 18:04:16,193 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 336 to 336.
[2022-02-20 18:04:16,193 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:16,196 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 336 states. Second operand  has 336 states, 262 states have (on average 1.5801526717557253) internal successors, (414), 266 states have internal predecessors, (414), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:16,197 INFO  L74              IsIncluded]: Start isIncluded. First operand 336 states. Second operand  has 336 states, 262 states have (on average 1.5801526717557253) internal successors, (414), 266 states have internal predecessors, (414), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:16,199 INFO  L87              Difference]: Start difference. First operand 336 states. Second operand  has 336 states, 262 states have (on average 1.5801526717557253) internal successors, (414), 266 states have internal predecessors, (414), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:16,221 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:16,221 INFO  L93              Difference]: Finished difference Result 336 states and 517 transitions.
[2022-02-20 18:04:16,221 INFO  L276                IsEmpty]: Start isEmpty. Operand 336 states and 517 transitions.
[2022-02-20 18:04:16,224 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:16,224 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:16,226 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 336 states, 262 states have (on average 1.5801526717557253) internal successors, (414), 266 states have internal predecessors, (414), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 336 states.
[2022-02-20 18:04:16,227 INFO  L87              Difference]: Start difference. First operand  has 336 states, 262 states have (on average 1.5801526717557253) internal successors, (414), 266 states have internal predecessors, (414), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 336 states.
[2022-02-20 18:04:16,246 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:16,246 INFO  L93              Difference]: Finished difference Result 336 states and 517 transitions.
[2022-02-20 18:04:16,247 INFO  L276                IsEmpty]: Start isEmpty. Operand 336 states and 517 transitions.
[2022-02-20 18:04:16,248 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:16,248 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:16,249 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:16,249 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:16,250 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 336 states, 262 states have (on average 1.5801526717557253) internal successors, (414), 266 states have internal predecessors, (414), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:16,269 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 336 states to 336 states and 517 transitions.
[2022-02-20 18:04:16,271 INFO  L78                 Accepts]: Start accepts. Automaton has 336 states and 517 transitions. Word has length 98
[2022-02-20 18:04:16,271 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:16,271 INFO  L470      AbstractCegarLoop]: Abstraction has 336 states and 517 transitions.
[2022-02-20 18:04:16,272 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:16,272 INFO  L276                IsEmpty]: Start isEmpty. Operand 336 states and 517 transitions.
[2022-02-20 18:04:16,275 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 100
[2022-02-20 18:04:16,275 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:16,275 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:16,301 INFO  L552       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0
[2022-02-20 18:04:16,494 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0
[2022-02-20 18:04:16,495 INFO  L402      AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:16,495 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:16,495 INFO  L85        PathProgramCache]: Analyzing trace with hash 1382784013, now seen corresponding path program 1 times
[2022-02-20 18:04:16,496 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:16,496 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [820874775]
[2022-02-20 18:04:16,496 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:16,496 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:16,549 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,586 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:16,589 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,592 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,592 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,592 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,592 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2507#true} #1082#return; {2507#true} is VALID
[2022-02-20 18:04:16,599 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:16,600 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,603 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,603 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,604 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,604 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2507#true} #1084#return; {2507#true} is VALID
[2022-02-20 18:04:16,604 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:16,606 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,647 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:16,648 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2560#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2561#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:16,655 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2561#(= |setClientId_#in~handle| 1)} assume true; {2561#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:16,656 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2561#(= |setClientId_#in~handle| 1)} {2517#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {2508#false} is VALID
[2022-02-20 18:04:16,656 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 18:04:16,658 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,660 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,661 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,661 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,661 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1088#return; {2508#false} is VALID
[2022-02-20 18:04:16,661 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 18:04:16,663 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,683 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,683 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,683 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,683 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1090#return; {2508#false} is VALID
[2022-02-20 18:04:16,683 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 18:04:16,686 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,689 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,689 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,689 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,689 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1092#return; {2508#false} is VALID
[2022-02-20 18:04:16,709 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48
[2022-02-20 18:04:16,711 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,713 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2562#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,713 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,714 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,714 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1068#return; {2508#false} is VALID
[2022-02-20 18:04:16,721 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53
[2022-02-20 18:04:16,723 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,725 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2563#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,725 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,725 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,725 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1070#return; {2508#false} is VALID
[2022-02-20 18:04:16,726 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62
[2022-02-20 18:04:16,727 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,729 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2507#true} ~handle := #in~handle;havoc ~retValue_acc~19; {2507#true} is VALID
[2022-02-20 18:04:16,729 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {2507#true} is VALID
[2022-02-20 18:04:16,729 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,729 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1028#return; {2508#false} is VALID
[2022-02-20 18:04:16,729 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71
[2022-02-20 18:04:16,730 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,733 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2507#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2507#true} is VALID
[2022-02-20 18:04:16,733 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2507#true} is VALID
[2022-02-20 18:04:16,733 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,733 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1046#return; {2508#false} is VALID
[2022-02-20 18:04:16,733 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84
[2022-02-20 18:04:16,734 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,738 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2562#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,738 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,738 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,738 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1052#return; {2508#false} is VALID
[2022-02-20 18:04:16,740 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91
[2022-02-20 18:04:16,741 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:16,743 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2507#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2507#true} is VALID
[2022-02-20 18:04:16,743 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2507#true} is VALID
[2022-02-20 18:04:16,744 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,744 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2507#true} {2508#false} #1054#return; {2508#false} is VALID
[2022-02-20 18:04:16,744 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2507#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2507#true} is VALID
[2022-02-20 18:04:16,744 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2507#true} is VALID
[2022-02-20 18:04:16,744 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2507#true} is VALID
[2022-02-20 18:04:16,745 INFO  L290        TraceCheckUtils]: 3: Hoare triple {2507#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {2507#true} is VALID
[2022-02-20 18:04:16,745 INFO  L290        TraceCheckUtils]: 4: Hoare triple {2507#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {2507#true} is VALID
[2022-02-20 18:04:16,746 INFO  L290        TraceCheckUtils]: 5: Hoare triple {2507#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2507#true} is VALID
[2022-02-20 18:04:16,746 INFO  L272        TraceCheckUtils]: 6: Hoare triple {2507#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:16,747 INFO  L290        TraceCheckUtils]: 7: Hoare triple {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,747 INFO  L290        TraceCheckUtils]: 8: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,747 INFO  L290        TraceCheckUtils]: 9: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,748 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {2507#true} {2507#true} #1082#return; {2507#true} is VALID
[2022-02-20 18:04:16,748 INFO  L290        TraceCheckUtils]: 11: Hoare triple {2507#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2507#true} is VALID
[2022-02-20 18:04:16,749 INFO  L272        TraceCheckUtils]: 12: Hoare triple {2507#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:16,749 INFO  L290        TraceCheckUtils]: 13: Hoare triple {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,749 INFO  L290        TraceCheckUtils]: 14: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,750 INFO  L290        TraceCheckUtils]: 15: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,750 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {2507#true} {2507#true} #1084#return; {2507#true} is VALID
[2022-02-20 18:04:16,750 INFO  L290        TraceCheckUtils]: 17: Hoare triple {2507#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2517#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 18:04:16,751 INFO  L272        TraceCheckUtils]: 18: Hoare triple {2517#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:16,752 INFO  L290        TraceCheckUtils]: 19: Hoare triple {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2560#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:16,752 INFO  L290        TraceCheckUtils]: 20: Hoare triple {2560#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2561#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:16,752 INFO  L290        TraceCheckUtils]: 21: Hoare triple {2561#(= |setClientId_#in~handle| 1)} assume true; {2561#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:16,753 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {2561#(= |setClientId_#in~handle| 1)} {2517#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {2508#false} is VALID
[2022-02-20 18:04:16,754 INFO  L290        TraceCheckUtils]: 23: Hoare triple {2508#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2508#false} is VALID
[2022-02-20 18:04:16,754 INFO  L272        TraceCheckUtils]: 24: Hoare triple {2508#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:16,754 INFO  L290        TraceCheckUtils]: 25: Hoare triple {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,754 INFO  L290        TraceCheckUtils]: 26: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,754 INFO  L290        TraceCheckUtils]: 27: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,754 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {2507#true} {2508#false} #1088#return; {2508#false} is VALID
[2022-02-20 18:04:16,755 INFO  L290        TraceCheckUtils]: 29: Hoare triple {2508#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2508#false} is VALID
[2022-02-20 18:04:16,755 INFO  L272        TraceCheckUtils]: 30: Hoare triple {2508#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:16,755 INFO  L290        TraceCheckUtils]: 31: Hoare triple {2558#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,755 INFO  L290        TraceCheckUtils]: 32: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,755 INFO  L290        TraceCheckUtils]: 33: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,760 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {2507#true} {2508#false} #1090#return; {2508#false} is VALID
[2022-02-20 18:04:16,761 INFO  L290        TraceCheckUtils]: 35: Hoare triple {2508#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2508#false} is VALID
[2022-02-20 18:04:16,761 INFO  L272        TraceCheckUtils]: 36: Hoare triple {2508#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:16,761 INFO  L290        TraceCheckUtils]: 37: Hoare triple {2559#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,761 INFO  L290        TraceCheckUtils]: 38: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,761 INFO  L290        TraceCheckUtils]: 39: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,762 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {2507#true} {2508#false} #1092#return; {2508#false} is VALID
[2022-02-20 18:04:16,762 INFO  L290        TraceCheckUtils]: 41: Hoare triple {2508#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2508#false} is VALID
[2022-02-20 18:04:16,762 INFO  L290        TraceCheckUtils]: 42: Hoare triple {2508#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2508#false} is VALID
[2022-02-20 18:04:16,762 INFO  L290        TraceCheckUtils]: 43: Hoare triple {2508#false} assume !false; {2508#false} is VALID
[2022-02-20 18:04:16,762 INFO  L290        TraceCheckUtils]: 44: Hoare triple {2508#false} assume !(test_~splverifierCounter~0#1 < 4); {2508#false} is VALID
[2022-02-20 18:04:16,763 INFO  L290        TraceCheckUtils]: 45: Hoare triple {2508#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2508#false} is VALID
[2022-02-20 18:04:16,763 INFO  L272        TraceCheckUtils]: 46: Hoare triple {2508#false} call sendEmail(~bob~0, ~rjh~0); {2508#false} is VALID
[2022-02-20 18:04:16,763 INFO  L290        TraceCheckUtils]: 47: Hoare triple {2508#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2508#false} is VALID
[2022-02-20 18:04:16,764 INFO  L272        TraceCheckUtils]: 48: Hoare triple {2508#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2562#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:16,764 INFO  L290        TraceCheckUtils]: 49: Hoare triple {2562#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,764 INFO  L290        TraceCheckUtils]: 50: Hoare triple {2507#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,764 INFO  L290        TraceCheckUtils]: 51: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,764 INFO  L284        TraceCheckUtils]: 52: Hoare quadruple {2507#true} {2508#false} #1068#return; {2508#false} is VALID
[2022-02-20 18:04:16,764 INFO  L272        TraceCheckUtils]: 53: Hoare triple {2508#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2563#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:16,765 INFO  L290        TraceCheckUtils]: 54: Hoare triple {2563#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,765 INFO  L290        TraceCheckUtils]: 55: Hoare triple {2507#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,765 INFO  L290        TraceCheckUtils]: 56: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,765 INFO  L284        TraceCheckUtils]: 57: Hoare quadruple {2507#true} {2508#false} #1070#return; {2508#false} is VALID
[2022-02-20 18:04:16,766 INFO  L290        TraceCheckUtils]: 58: Hoare triple {2508#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {2508#false} is VALID
[2022-02-20 18:04:16,766 INFO  L290        TraceCheckUtils]: 59: Hoare triple {2508#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {2508#false} is VALID
[2022-02-20 18:04:16,766 INFO  L272        TraceCheckUtils]: 60: Hoare triple {2508#false} call outgoing(~sender#1, ~email~0#1); {2508#false} is VALID
[2022-02-20 18:04:16,766 INFO  L290        TraceCheckUtils]: 61: Hoare triple {2508#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {2508#false} is VALID
[2022-02-20 18:04:16,767 INFO  L272        TraceCheckUtils]: 62: Hoare triple {2508#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {2507#true} is VALID
[2022-02-20 18:04:16,767 INFO  L290        TraceCheckUtils]: 63: Hoare triple {2507#true} ~handle := #in~handle;havoc ~retValue_acc~19; {2507#true} is VALID
[2022-02-20 18:04:16,767 INFO  L290        TraceCheckUtils]: 64: Hoare triple {2507#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {2507#true} is VALID
[2022-02-20 18:04:16,767 INFO  L290        TraceCheckUtils]: 65: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,767 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {2507#true} {2508#false} #1028#return; {2508#false} is VALID
[2022-02-20 18:04:16,767 INFO  L290        TraceCheckUtils]: 67: Hoare triple {2508#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {2508#false} is VALID
[2022-02-20 18:04:16,768 INFO  L290        TraceCheckUtils]: 68: Hoare triple {2508#false} assume !(0 != ~size~0#1); {2508#false} is VALID
[2022-02-20 18:04:16,768 INFO  L272        TraceCheckUtils]: 69: Hoare triple {2508#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {2508#false} is VALID
[2022-02-20 18:04:16,768 INFO  L290        TraceCheckUtils]: 70: Hoare triple {2508#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {2508#false} is VALID
[2022-02-20 18:04:16,768 INFO  L272        TraceCheckUtils]: 71: Hoare triple {2508#false} call #t~ret34#1 := getEmailTo(~msg#1); {2507#true} is VALID
[2022-02-20 18:04:16,768 INFO  L290        TraceCheckUtils]: 72: Hoare triple {2507#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2507#true} is VALID
[2022-02-20 18:04:16,768 INFO  L290        TraceCheckUtils]: 73: Hoare triple {2507#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2507#true} is VALID
[2022-02-20 18:04:16,769 INFO  L290        TraceCheckUtils]: 74: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,769 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {2507#true} {2508#false} #1046#return; {2508#false} is VALID
[2022-02-20 18:04:16,769 INFO  L290        TraceCheckUtils]: 76: Hoare triple {2508#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {2508#false} is VALID
[2022-02-20 18:04:16,770 INFO  L290        TraceCheckUtils]: 77: Hoare triple {2508#false} assume 1 == findPublicKey_~handle#1; {2508#false} is VALID
[2022-02-20 18:04:16,771 INFO  L290        TraceCheckUtils]: 78: Hoare triple {2508#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {2508#false} is VALID
[2022-02-20 18:04:16,774 INFO  L290        TraceCheckUtils]: 79: Hoare triple {2508#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {2508#false} is VALID
[2022-02-20 18:04:16,775 INFO  L290        TraceCheckUtils]: 80: Hoare triple {2508#false} assume !(0 != ~pubkey~0#1); {2508#false} is VALID
[2022-02-20 18:04:16,775 INFO  L290        TraceCheckUtils]: 81: Hoare triple {2508#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {2508#false} is VALID
[2022-02-20 18:04:16,776 INFO  L290        TraceCheckUtils]: 82: Hoare triple {2508#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {2508#false} is VALID
[2022-02-20 18:04:16,777 INFO  L290        TraceCheckUtils]: 83: Hoare triple {2508#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {2508#false} is VALID
[2022-02-20 18:04:16,778 INFO  L272        TraceCheckUtils]: 84: Hoare triple {2508#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {2562#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:16,778 INFO  L290        TraceCheckUtils]: 85: Hoare triple {2562#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:16,779 INFO  L290        TraceCheckUtils]: 86: Hoare triple {2507#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:16,780 INFO  L290        TraceCheckUtils]: 87: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,780 INFO  L284        TraceCheckUtils]: 88: Hoare quadruple {2507#true} {2508#false} #1052#return; {2508#false} is VALID
[2022-02-20 18:04:16,780 INFO  L290        TraceCheckUtils]: 89: Hoare triple {2508#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {2508#false} is VALID
[2022-02-20 18:04:16,780 INFO  L290        TraceCheckUtils]: 90: Hoare triple {2508#false} assume 0 != ~in_encrypted~0; {2508#false} is VALID
[2022-02-20 18:04:16,780 INFO  L272        TraceCheckUtils]: 91: Hoare triple {2508#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {2507#true} is VALID
[2022-02-20 18:04:16,783 INFO  L290        TraceCheckUtils]: 92: Hoare triple {2507#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2507#true} is VALID
[2022-02-20 18:04:16,784 INFO  L290        TraceCheckUtils]: 93: Hoare triple {2507#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2507#true} is VALID
[2022-02-20 18:04:16,784 INFO  L290        TraceCheckUtils]: 94: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:16,784 INFO  L284        TraceCheckUtils]: 95: Hoare quadruple {2507#true} {2508#false} #1054#return; {2508#false} is VALID
[2022-02-20 18:04:16,784 INFO  L290        TraceCheckUtils]: 96: Hoare triple {2508#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {2508#false} is VALID
[2022-02-20 18:04:16,784 INFO  L290        TraceCheckUtils]: 97: Hoare triple {2508#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {2508#false} is VALID
[2022-02-20 18:04:16,785 INFO  L290        TraceCheckUtils]: 98: Hoare triple {2508#false} assume !false; {2508#false} is VALID
[2022-02-20 18:04:16,785 INFO  L134       CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked.
[2022-02-20 18:04:16,786 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:16,786 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [820874775]
[2022-02-20 18:04:16,787 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [820874775] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 18:04:16,787 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1516066011]
[2022-02-20 18:04:16,788 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:16,789 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:16,789 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:04:16,792 INFO  L229       MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 18:04:16,793 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process
[2022-02-20 18:04:17,055 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:17,059 INFO  L263         TraceCheckSpWp]: Trace formula consists of 999 conjuncts, 2 conjunts are in the unsatisfiable core
[2022-02-20 18:04:17,101 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:17,104 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 18:04:17,344 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2507#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2507#true} is VALID
[2022-02-20 18:04:17,344 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2507#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2507#true} is VALID
[2022-02-20 18:04:17,345 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2507#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2507#true} is VALID
[2022-02-20 18:04:17,345 INFO  L290        TraceCheckUtils]: 3: Hoare triple {2507#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {2507#true} is VALID
[2022-02-20 18:04:17,345 INFO  L290        TraceCheckUtils]: 4: Hoare triple {2507#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {2507#true} is VALID
[2022-02-20 18:04:17,349 INFO  L290        TraceCheckUtils]: 5: Hoare triple {2507#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2507#true} is VALID
[2022-02-20 18:04:17,349 INFO  L272        TraceCheckUtils]: 6: Hoare triple {2507#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2507#true} is VALID
[2022-02-20 18:04:17,349 INFO  L290        TraceCheckUtils]: 7: Hoare triple {2507#true} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:17,349 INFO  L290        TraceCheckUtils]: 8: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:17,350 INFO  L290        TraceCheckUtils]: 9: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:17,350 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {2507#true} {2507#true} #1082#return; {2507#true} is VALID
[2022-02-20 18:04:17,350 INFO  L290        TraceCheckUtils]: 11: Hoare triple {2507#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2507#true} is VALID
[2022-02-20 18:04:17,350 INFO  L272        TraceCheckUtils]: 12: Hoare triple {2507#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2507#true} is VALID
[2022-02-20 18:04:17,351 INFO  L290        TraceCheckUtils]: 13: Hoare triple {2507#true} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:17,351 INFO  L290        TraceCheckUtils]: 14: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:17,351 INFO  L290        TraceCheckUtils]: 15: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:17,351 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {2507#true} {2507#true} #1084#return; {2507#true} is VALID
[2022-02-20 18:04:17,351 INFO  L290        TraceCheckUtils]: 17: Hoare triple {2507#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2507#true} is VALID
[2022-02-20 18:04:17,351 INFO  L272        TraceCheckUtils]: 18: Hoare triple {2507#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2507#true} is VALID
[2022-02-20 18:04:17,352 INFO  L290        TraceCheckUtils]: 19: Hoare triple {2507#true} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:17,352 INFO  L290        TraceCheckUtils]: 20: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:17,352 INFO  L290        TraceCheckUtils]: 21: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:17,352 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {2507#true} {2507#true} #1086#return; {2507#true} is VALID
[2022-02-20 18:04:17,352 INFO  L290        TraceCheckUtils]: 23: Hoare triple {2507#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2507#true} is VALID
[2022-02-20 18:04:17,353 INFO  L272        TraceCheckUtils]: 24: Hoare triple {2507#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2507#true} is VALID
[2022-02-20 18:04:17,353 INFO  L290        TraceCheckUtils]: 25: Hoare triple {2507#true} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:17,353 INFO  L290        TraceCheckUtils]: 26: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:17,353 INFO  L290        TraceCheckUtils]: 27: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:17,353 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {2507#true} {2507#true} #1088#return; {2507#true} is VALID
[2022-02-20 18:04:17,353 INFO  L290        TraceCheckUtils]: 29: Hoare triple {2507#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2507#true} is VALID
[2022-02-20 18:04:17,354 INFO  L272        TraceCheckUtils]: 30: Hoare triple {2507#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2507#true} is VALID
[2022-02-20 18:04:17,354 INFO  L290        TraceCheckUtils]: 31: Hoare triple {2507#true} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:17,354 INFO  L290        TraceCheckUtils]: 32: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:17,354 INFO  L290        TraceCheckUtils]: 33: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:17,354 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {2507#true} {2507#true} #1090#return; {2507#true} is VALID
[2022-02-20 18:04:17,355 INFO  L290        TraceCheckUtils]: 35: Hoare triple {2507#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2507#true} is VALID
[2022-02-20 18:04:17,355 INFO  L272        TraceCheckUtils]: 36: Hoare triple {2507#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2507#true} is VALID
[2022-02-20 18:04:17,355 INFO  L290        TraceCheckUtils]: 37: Hoare triple {2507#true} ~handle := #in~handle;~value := #in~value; {2507#true} is VALID
[2022-02-20 18:04:17,355 INFO  L290        TraceCheckUtils]: 38: Hoare triple {2507#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2507#true} is VALID
[2022-02-20 18:04:17,356 INFO  L290        TraceCheckUtils]: 39: Hoare triple {2507#true} assume true; {2507#true} is VALID
[2022-02-20 18:04:17,356 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {2507#true} {2507#true} #1092#return; {2507#true} is VALID
[2022-02-20 18:04:17,356 INFO  L290        TraceCheckUtils]: 41: Hoare triple {2507#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2507#true} is VALID
[2022-02-20 18:04:17,357 INFO  L290        TraceCheckUtils]: 42: Hoare triple {2507#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2693#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 18:04:17,357 INFO  L290        TraceCheckUtils]: 43: Hoare triple {2693#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2693#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 18:04:17,357 INFO  L290        TraceCheckUtils]: 44: Hoare triple {2693#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2508#false} is VALID
[2022-02-20 18:04:17,358 INFO  L290        TraceCheckUtils]: 45: Hoare triple {2508#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2508#false} is VALID
[2022-02-20 18:04:17,359 INFO  L272        TraceCheckUtils]: 46: Hoare triple {2508#false} call sendEmail(~bob~0, ~rjh~0); {2508#false} is VALID
[2022-02-20 18:04:17,360 INFO  L290        TraceCheckUtils]: 47: Hoare triple {2508#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2508#false} is VALID
[2022-02-20 18:04:17,360 INFO  L272        TraceCheckUtils]: 48: Hoare triple {2508#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2508#false} is VALID
[2022-02-20 18:04:17,360 INFO  L290        TraceCheckUtils]: 49: Hoare triple {2508#false} ~handle := #in~handle;~value := #in~value; {2508#false} is VALID
[2022-02-20 18:04:17,360 INFO  L290        TraceCheckUtils]: 50: Hoare triple {2508#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2508#false} is VALID
[2022-02-20 18:04:17,360 INFO  L290        TraceCheckUtils]: 51: Hoare triple {2508#false} assume true; {2508#false} is VALID
[2022-02-20 18:04:17,360 INFO  L284        TraceCheckUtils]: 52: Hoare quadruple {2508#false} {2508#false} #1068#return; {2508#false} is VALID
[2022-02-20 18:04:17,361 INFO  L272        TraceCheckUtils]: 53: Hoare triple {2508#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2508#false} is VALID
[2022-02-20 18:04:17,361 INFO  L290        TraceCheckUtils]: 54: Hoare triple {2508#false} ~handle := #in~handle;~value := #in~value; {2508#false} is VALID
[2022-02-20 18:04:17,361 INFO  L290        TraceCheckUtils]: 55: Hoare triple {2508#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2508#false} is VALID
[2022-02-20 18:04:17,361 INFO  L290        TraceCheckUtils]: 56: Hoare triple {2508#false} assume true; {2508#false} is VALID
[2022-02-20 18:04:17,361 INFO  L284        TraceCheckUtils]: 57: Hoare quadruple {2508#false} {2508#false} #1070#return; {2508#false} is VALID
[2022-02-20 18:04:17,361 INFO  L290        TraceCheckUtils]: 58: Hoare triple {2508#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {2508#false} is VALID
[2022-02-20 18:04:17,362 INFO  L290        TraceCheckUtils]: 59: Hoare triple {2508#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {2508#false} is VALID
[2022-02-20 18:04:17,362 INFO  L272        TraceCheckUtils]: 60: Hoare triple {2508#false} call outgoing(~sender#1, ~email~0#1); {2508#false} is VALID
[2022-02-20 18:04:17,362 INFO  L290        TraceCheckUtils]: 61: Hoare triple {2508#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {2508#false} is VALID
[2022-02-20 18:04:17,362 INFO  L272        TraceCheckUtils]: 62: Hoare triple {2508#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {2508#false} is VALID
[2022-02-20 18:04:17,362 INFO  L290        TraceCheckUtils]: 63: Hoare triple {2508#false} ~handle := #in~handle;havoc ~retValue_acc~19; {2508#false} is VALID
[2022-02-20 18:04:17,363 INFO  L290        TraceCheckUtils]: 64: Hoare triple {2508#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {2508#false} is VALID
[2022-02-20 18:04:17,363 INFO  L290        TraceCheckUtils]: 65: Hoare triple {2508#false} assume true; {2508#false} is VALID
[2022-02-20 18:04:17,363 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {2508#false} {2508#false} #1028#return; {2508#false} is VALID
[2022-02-20 18:04:17,363 INFO  L290        TraceCheckUtils]: 67: Hoare triple {2508#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {2508#false} is VALID
[2022-02-20 18:04:17,364 INFO  L290        TraceCheckUtils]: 68: Hoare triple {2508#false} assume !(0 != ~size~0#1); {2508#false} is VALID
[2022-02-20 18:04:17,364 INFO  L272        TraceCheckUtils]: 69: Hoare triple {2508#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {2508#false} is VALID
[2022-02-20 18:04:17,365 INFO  L290        TraceCheckUtils]: 70: Hoare triple {2508#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {2508#false} is VALID
[2022-02-20 18:04:17,365 INFO  L272        TraceCheckUtils]: 71: Hoare triple {2508#false} call #t~ret34#1 := getEmailTo(~msg#1); {2508#false} is VALID
[2022-02-20 18:04:17,365 INFO  L290        TraceCheckUtils]: 72: Hoare triple {2508#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2508#false} is VALID
[2022-02-20 18:04:17,365 INFO  L290        TraceCheckUtils]: 73: Hoare triple {2508#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2508#false} is VALID
[2022-02-20 18:04:17,365 INFO  L290        TraceCheckUtils]: 74: Hoare triple {2508#false} assume true; {2508#false} is VALID
[2022-02-20 18:04:17,365 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {2508#false} {2508#false} #1046#return; {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 76: Hoare triple {2508#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 77: Hoare triple {2508#false} assume 1 == findPublicKey_~handle#1; {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 78: Hoare triple {2508#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 79: Hoare triple {2508#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 80: Hoare triple {2508#false} assume !(0 != ~pubkey~0#1); {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 81: Hoare triple {2508#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {2508#false} is VALID
[2022-02-20 18:04:17,366 INFO  L290        TraceCheckUtils]: 82: Hoare triple {2508#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {2508#false} is VALID
[2022-02-20 18:04:17,367 INFO  L290        TraceCheckUtils]: 83: Hoare triple {2508#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {2508#false} is VALID
[2022-02-20 18:04:17,367 INFO  L272        TraceCheckUtils]: 84: Hoare triple {2508#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {2508#false} is VALID
[2022-02-20 18:04:17,367 INFO  L290        TraceCheckUtils]: 85: Hoare triple {2508#false} ~handle := #in~handle;~value := #in~value; {2508#false} is VALID
[2022-02-20 18:04:17,367 INFO  L290        TraceCheckUtils]: 86: Hoare triple {2508#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2508#false} is VALID
[2022-02-20 18:04:17,367 INFO  L290        TraceCheckUtils]: 87: Hoare triple {2508#false} assume true; {2508#false} is VALID
[2022-02-20 18:04:17,367 INFO  L284        TraceCheckUtils]: 88: Hoare quadruple {2508#false} {2508#false} #1052#return; {2508#false} is VALID
[2022-02-20 18:04:17,368 INFO  L290        TraceCheckUtils]: 89: Hoare triple {2508#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {2508#false} is VALID
[2022-02-20 18:04:17,368 INFO  L290        TraceCheckUtils]: 90: Hoare triple {2508#false} assume 0 != ~in_encrypted~0; {2508#false} is VALID
[2022-02-20 18:04:17,368 INFO  L272        TraceCheckUtils]: 91: Hoare triple {2508#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {2508#false} is VALID
[2022-02-20 18:04:17,368 INFO  L290        TraceCheckUtils]: 92: Hoare triple {2508#false} ~handle := #in~handle;havoc ~retValue_acc~39; {2508#false} is VALID
[2022-02-20 18:04:17,368 INFO  L290        TraceCheckUtils]: 93: Hoare triple {2508#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2508#false} is VALID
[2022-02-20 18:04:17,368 INFO  L290        TraceCheckUtils]: 94: Hoare triple {2508#false} assume true; {2508#false} is VALID
[2022-02-20 18:04:17,369 INFO  L284        TraceCheckUtils]: 95: Hoare quadruple {2508#false} {2508#false} #1054#return; {2508#false} is VALID
[2022-02-20 18:04:17,369 INFO  L290        TraceCheckUtils]: 96: Hoare triple {2508#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {2508#false} is VALID
[2022-02-20 18:04:17,369 INFO  L290        TraceCheckUtils]: 97: Hoare triple {2508#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {2508#false} is VALID
[2022-02-20 18:04:17,369 INFO  L290        TraceCheckUtils]: 98: Hoare triple {2508#false} assume !false; {2508#false} is VALID
[2022-02-20 18:04:17,371 INFO  L134       CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 18:04:17,371 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 18:04:17,371 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [1516066011] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:17,371 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 18:04:17,371 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10
[2022-02-20 18:04:17,372 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [969789371]
[2022-02-20 18:04:17,372 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:17,373 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99
[2022-02-20 18:04:17,375 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:17,376 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:17,459 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:17,460 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 3 states
[2022-02-20 18:04:17,460 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:17,461 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants.
[2022-02-20 18:04:17,461 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 18:04:17,461 INFO  L87              Difference]: Start difference. First operand 336 states and 517 transitions. Second operand  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:17,972 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:17,973 INFO  L93              Difference]: Finished difference Result 488 states and 734 transitions.
[2022-02-20 18:04:17,973 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. 
[2022-02-20 18:04:17,973 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99
[2022-02-20 18:04:17,974 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:17,974 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:17,985 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 734 transitions.
[2022-02-20 18:04:17,985 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:17,996 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 734 transitions.
[2022-02-20 18:04:17,997 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 734 transitions.
[2022-02-20 18:04:18,569 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 734 edges. 734 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:18,582 INFO  L225             Difference]: With dead ends: 488
[2022-02-20 18:04:18,582 INFO  L226             Difference]: Without dead ends: 339
[2022-02-20 18:04:18,584 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 18:04:18,586 INFO  L933         BasicCegarLoop]: 515 mSDtfsCounter, 1 mSDsluCounter, 513 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1028 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:18,591 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1028 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 18:04:18,594 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 339 states.
[2022-02-20 18:04:18,624 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 339 to 338.
[2022-02-20 18:04:18,624 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:18,625 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 339 states. Second operand  has 338 states, 264 states have (on average 1.5757575757575757) internal successors, (416), 268 states have internal predecessors, (416), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:18,626 INFO  L74              IsIncluded]: Start isIncluded. First operand 339 states. Second operand  has 338 states, 264 states have (on average 1.5757575757575757) internal successors, (416), 268 states have internal predecessors, (416), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:18,628 INFO  L87              Difference]: Start difference. First operand 339 states. Second operand  has 338 states, 264 states have (on average 1.5757575757575757) internal successors, (416), 268 states have internal predecessors, (416), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:18,644 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:18,645 INFO  L93              Difference]: Finished difference Result 339 states and 520 transitions.
[2022-02-20 18:04:18,645 INFO  L276                IsEmpty]: Start isEmpty. Operand 339 states and 520 transitions.
[2022-02-20 18:04:18,648 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:18,648 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:18,650 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 338 states, 264 states have (on average 1.5757575757575757) internal successors, (416), 268 states have internal predecessors, (416), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 339 states.
[2022-02-20 18:04:18,650 INFO  L87              Difference]: Start difference. First operand  has 338 states, 264 states have (on average 1.5757575757575757) internal successors, (416), 268 states have internal predecessors, (416), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 339 states.
[2022-02-20 18:04:18,678 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:18,678 INFO  L93              Difference]: Finished difference Result 339 states and 520 transitions.
[2022-02-20 18:04:18,679 INFO  L276                IsEmpty]: Start isEmpty. Operand 339 states and 520 transitions.
[2022-02-20 18:04:18,681 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:18,681 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:18,681 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:18,681 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:18,682 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 338 states, 264 states have (on average 1.5757575757575757) internal successors, (416), 268 states have internal predecessors, (416), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51)
[2022-02-20 18:04:18,695 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 338 states to 338 states and 519 transitions.
[2022-02-20 18:04:18,695 INFO  L78                 Accepts]: Start accepts. Automaton has 338 states and 519 transitions. Word has length 99
[2022-02-20 18:04:18,696 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:18,696 INFO  L470      AbstractCegarLoop]: Abstraction has 338 states and 519 transitions.
[2022-02-20 18:04:18,696 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:18,696 INFO  L276                IsEmpty]: Start isEmpty. Operand 338 states and 519 transitions.
[2022-02-20 18:04:18,699 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 106
[2022-02-20 18:04:18,699 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:18,699 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:18,725 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0
[2022-02-20 18:04:18,924 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1
[2022-02-20 18:04:18,924 INFO  L402      AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:18,925 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:18,925 INFO  L85        PathProgramCache]: Analyzing trace with hash 1526113252, now seen corresponding path program 1 times
[2022-02-20 18:04:18,925 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:18,925 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [616790863]
[2022-02-20 18:04:18,925 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:18,925 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:18,969 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,018 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:19,020 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,023 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,023 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,023 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,023 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4665#true} #1082#return; {4665#true} is VALID
[2022-02-20 18:04:19,029 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:19,031 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,034 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,035 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,035 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,035 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4665#true} #1084#return; {4665#true} is VALID
[2022-02-20 18:04:19,035 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:19,038 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,052 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4718#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:19,052 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4718#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4719#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:19,053 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4719#(= |setClientId_#in~handle| 1)} assume true; {4719#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:19,053 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4719#(= |setClientId_#in~handle| 1)} {4675#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {4666#false} is VALID
[2022-02-20 18:04:19,053 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 18:04:19,056 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,059 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,059 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,059 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,059 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1088#return; {4666#false} is VALID
[2022-02-20 18:04:19,060 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 18:04:19,062 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,065 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,065 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,065 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,066 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1090#return; {4666#false} is VALID
[2022-02-20 18:04:19,066 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 18:04:19,068 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,071 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,071 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,071 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,072 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1092#return; {4666#false} is VALID
[2022-02-20 18:04:19,078 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54
[2022-02-20 18:04:19,080 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,082 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4720#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,083 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,083 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,083 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1068#return; {4666#false} is VALID
[2022-02-20 18:04:19,091 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59
[2022-02-20 18:04:19,092 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,095 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4721#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,095 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,095 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,096 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1070#return; {4666#false} is VALID
[2022-02-20 18:04:19,096 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68
[2022-02-20 18:04:19,097 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,099 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4665#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4665#true} is VALID
[2022-02-20 18:04:19,100 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {4665#true} is VALID
[2022-02-20 18:04:19,100 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,103 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1028#return; {4666#false} is VALID
[2022-02-20 18:04:19,104 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77
[2022-02-20 18:04:19,105 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,111 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4665#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4665#true} is VALID
[2022-02-20 18:04:19,112 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4665#true} is VALID
[2022-02-20 18:04:19,112 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,112 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1046#return; {4666#false} is VALID
[2022-02-20 18:04:19,112 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90
[2022-02-20 18:04:19,114 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,116 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4720#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,116 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,117 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,117 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1052#return; {4666#false} is VALID
[2022-02-20 18:04:19,117 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97
[2022-02-20 18:04:19,118 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,120 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4665#true} ~handle := #in~handle;havoc ~retValue_acc~39; {4665#true} is VALID
[2022-02-20 18:04:19,120 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4665#true} is VALID
[2022-02-20 18:04:19,121 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,121 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4665#true} {4666#false} #1054#return; {4666#false} is VALID
[2022-02-20 18:04:19,121 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4665#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4665#true} is VALID
[2022-02-20 18:04:19,121 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {4665#true} is VALID
[2022-02-20 18:04:19,121 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4665#true} is VALID
[2022-02-20 18:04:19,122 INFO  L290        TraceCheckUtils]: 3: Hoare triple {4665#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {4665#true} is VALID
[2022-02-20 18:04:19,122 INFO  L290        TraceCheckUtils]: 4: Hoare triple {4665#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {4665#true} is VALID
[2022-02-20 18:04:19,122 INFO  L290        TraceCheckUtils]: 5: Hoare triple {4665#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4665#true} is VALID
[2022-02-20 18:04:19,123 INFO  L272        TraceCheckUtils]: 6: Hoare triple {4665#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:19,123 INFO  L290        TraceCheckUtils]: 7: Hoare triple {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,123 INFO  L290        TraceCheckUtils]: 8: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,123 INFO  L290        TraceCheckUtils]: 9: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,124 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {4665#true} {4665#true} #1082#return; {4665#true} is VALID
[2022-02-20 18:04:19,124 INFO  L290        TraceCheckUtils]: 11: Hoare triple {4665#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4665#true} is VALID
[2022-02-20 18:04:19,124 INFO  L272        TraceCheckUtils]: 12: Hoare triple {4665#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:19,125 INFO  L290        TraceCheckUtils]: 13: Hoare triple {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,125 INFO  L290        TraceCheckUtils]: 14: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,125 INFO  L290        TraceCheckUtils]: 15: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,125 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {4665#true} {4665#true} #1084#return; {4665#true} is VALID
[2022-02-20 18:04:19,126 INFO  L290        TraceCheckUtils]: 17: Hoare triple {4665#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4675#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 18:04:19,126 INFO  L272        TraceCheckUtils]: 18: Hoare triple {4675#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:19,127 INFO  L290        TraceCheckUtils]: 19: Hoare triple {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4718#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:19,127 INFO  L290        TraceCheckUtils]: 20: Hoare triple {4718#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4719#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:19,127 INFO  L290        TraceCheckUtils]: 21: Hoare triple {4719#(= |setClientId_#in~handle| 1)} assume true; {4719#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:19,128 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {4719#(= |setClientId_#in~handle| 1)} {4675#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {4666#false} is VALID
[2022-02-20 18:04:19,128 INFO  L290        TraceCheckUtils]: 23: Hoare triple {4666#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4666#false} is VALID
[2022-02-20 18:04:19,128 INFO  L272        TraceCheckUtils]: 24: Hoare triple {4666#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:19,129 INFO  L290        TraceCheckUtils]: 25: Hoare triple {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,129 INFO  L290        TraceCheckUtils]: 26: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,129 INFO  L290        TraceCheckUtils]: 27: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,129 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {4665#true} {4666#false} #1088#return; {4666#false} is VALID
[2022-02-20 18:04:19,129 INFO  L290        TraceCheckUtils]: 29: Hoare triple {4666#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4666#false} is VALID
[2022-02-20 18:04:19,129 INFO  L272        TraceCheckUtils]: 30: Hoare triple {4666#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:19,129 INFO  L290        TraceCheckUtils]: 31: Hoare triple {4716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,130 INFO  L290        TraceCheckUtils]: 32: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,130 INFO  L290        TraceCheckUtils]: 33: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,130 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {4665#true} {4666#false} #1090#return; {4666#false} is VALID
[2022-02-20 18:04:19,130 INFO  L290        TraceCheckUtils]: 35: Hoare triple {4666#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4666#false} is VALID
[2022-02-20 18:04:19,130 INFO  L272        TraceCheckUtils]: 36: Hoare triple {4666#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:19,130 INFO  L290        TraceCheckUtils]: 37: Hoare triple {4717#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,131 INFO  L290        TraceCheckUtils]: 38: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,131 INFO  L290        TraceCheckUtils]: 39: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,131 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {4665#true} {4666#false} #1092#return; {4666#false} is VALID
[2022-02-20 18:04:19,131 INFO  L290        TraceCheckUtils]: 41: Hoare triple {4666#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {4666#false} is VALID
[2022-02-20 18:04:19,131 INFO  L290        TraceCheckUtils]: 42: Hoare triple {4666#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4666#false} is VALID
[2022-02-20 18:04:19,131 INFO  L290        TraceCheckUtils]: 43: Hoare triple {4666#false} assume !false; {4666#false} is VALID
[2022-02-20 18:04:19,131 INFO  L290        TraceCheckUtils]: 44: Hoare triple {4666#false} assume test_~splverifierCounter~0#1 < 4; {4666#false} is VALID
[2022-02-20 18:04:19,132 INFO  L290        TraceCheckUtils]: 45: Hoare triple {4666#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4666#false} is VALID
[2022-02-20 18:04:19,132 INFO  L290        TraceCheckUtils]: 46: Hoare triple {4666#false} assume !(0 == test_~op1~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,132 INFO  L290        TraceCheckUtils]: 47: Hoare triple {4666#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {4666#false} is VALID
[2022-02-20 18:04:19,132 INFO  L290        TraceCheckUtils]: 48: Hoare triple {4666#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4666#false} is VALID
[2022-02-20 18:04:19,132 INFO  L290        TraceCheckUtils]: 49: Hoare triple {4666#false} assume !false; {4666#false} is VALID
[2022-02-20 18:04:19,132 INFO  L290        TraceCheckUtils]: 50: Hoare triple {4666#false} assume !(test_~splverifierCounter~0#1 < 4); {4666#false} is VALID
[2022-02-20 18:04:19,133 INFO  L290        TraceCheckUtils]: 51: Hoare triple {4666#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {4666#false} is VALID
[2022-02-20 18:04:19,133 INFO  L272        TraceCheckUtils]: 52: Hoare triple {4666#false} call sendEmail(~bob~0, ~rjh~0); {4666#false} is VALID
[2022-02-20 18:04:19,133 INFO  L290        TraceCheckUtils]: 53: Hoare triple {4666#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4666#false} is VALID
[2022-02-20 18:04:19,133 INFO  L272        TraceCheckUtils]: 54: Hoare triple {4666#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4720#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:19,133 INFO  L290        TraceCheckUtils]: 55: Hoare triple {4720#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,133 INFO  L290        TraceCheckUtils]: 56: Hoare triple {4665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,133 INFO  L290        TraceCheckUtils]: 57: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,134 INFO  L284        TraceCheckUtils]: 58: Hoare quadruple {4665#true} {4666#false} #1068#return; {4666#false} is VALID
[2022-02-20 18:04:19,134 INFO  L272        TraceCheckUtils]: 59: Hoare triple {4666#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4721#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:19,134 INFO  L290        TraceCheckUtils]: 60: Hoare triple {4721#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,134 INFO  L290        TraceCheckUtils]: 61: Hoare triple {4665#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,134 INFO  L290        TraceCheckUtils]: 62: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,134 INFO  L284        TraceCheckUtils]: 63: Hoare quadruple {4665#true} {4666#false} #1070#return; {4666#false} is VALID
[2022-02-20 18:04:19,134 INFO  L290        TraceCheckUtils]: 64: Hoare triple {4666#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {4666#false} is VALID
[2022-02-20 18:04:19,135 INFO  L290        TraceCheckUtils]: 65: Hoare triple {4666#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {4666#false} is VALID
[2022-02-20 18:04:19,135 INFO  L272        TraceCheckUtils]: 66: Hoare triple {4666#false} call outgoing(~sender#1, ~email~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,135 INFO  L290        TraceCheckUtils]: 67: Hoare triple {4666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {4666#false} is VALID
[2022-02-20 18:04:19,135 INFO  L272        TraceCheckUtils]: 68: Hoare triple {4666#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {4665#true} is VALID
[2022-02-20 18:04:19,135 INFO  L290        TraceCheckUtils]: 69: Hoare triple {4665#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4665#true} is VALID
[2022-02-20 18:04:19,135 INFO  L290        TraceCheckUtils]: 70: Hoare triple {4665#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {4665#true} is VALID
[2022-02-20 18:04:19,135 INFO  L290        TraceCheckUtils]: 71: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,136 INFO  L284        TraceCheckUtils]: 72: Hoare quadruple {4665#true} {4666#false} #1028#return; {4666#false} is VALID
[2022-02-20 18:04:19,136 INFO  L290        TraceCheckUtils]: 73: Hoare triple {4666#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {4666#false} is VALID
[2022-02-20 18:04:19,136 INFO  L290        TraceCheckUtils]: 74: Hoare triple {4666#false} assume !(0 != ~size~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,136 INFO  L272        TraceCheckUtils]: 75: Hoare triple {4666#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {4666#false} is VALID
[2022-02-20 18:04:19,136 INFO  L290        TraceCheckUtils]: 76: Hoare triple {4666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {4666#false} is VALID
[2022-02-20 18:04:19,136 INFO  L272        TraceCheckUtils]: 77: Hoare triple {4666#false} call #t~ret34#1 := getEmailTo(~msg#1); {4665#true} is VALID
[2022-02-20 18:04:19,137 INFO  L290        TraceCheckUtils]: 78: Hoare triple {4665#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4665#true} is VALID
[2022-02-20 18:04:19,137 INFO  L290        TraceCheckUtils]: 79: Hoare triple {4665#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4665#true} is VALID
[2022-02-20 18:04:19,137 INFO  L290        TraceCheckUtils]: 80: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,137 INFO  L284        TraceCheckUtils]: 81: Hoare quadruple {4665#true} {4666#false} #1046#return; {4666#false} is VALID
[2022-02-20 18:04:19,137 INFO  L290        TraceCheckUtils]: 82: Hoare triple {4666#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {4666#false} is VALID
[2022-02-20 18:04:19,137 INFO  L290        TraceCheckUtils]: 83: Hoare triple {4666#false} assume 1 == findPublicKey_~handle#1; {4666#false} is VALID
[2022-02-20 18:04:19,137 INFO  L290        TraceCheckUtils]: 84: Hoare triple {4666#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {4666#false} is VALID
[2022-02-20 18:04:19,138 INFO  L290        TraceCheckUtils]: 85: Hoare triple {4666#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {4666#false} is VALID
[2022-02-20 18:04:19,138 INFO  L290        TraceCheckUtils]: 86: Hoare triple {4666#false} assume !(0 != ~pubkey~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,138 INFO  L290        TraceCheckUtils]: 87: Hoare triple {4666#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {4666#false} is VALID
[2022-02-20 18:04:19,138 INFO  L290        TraceCheckUtils]: 88: Hoare triple {4666#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {4666#false} is VALID
[2022-02-20 18:04:19,138 INFO  L290        TraceCheckUtils]: 89: Hoare triple {4666#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {4666#false} is VALID
[2022-02-20 18:04:19,138 INFO  L272        TraceCheckUtils]: 90: Hoare triple {4666#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {4720#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:19,138 INFO  L290        TraceCheckUtils]: 91: Hoare triple {4720#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,139 INFO  L290        TraceCheckUtils]: 92: Hoare triple {4665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,139 INFO  L290        TraceCheckUtils]: 93: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,139 INFO  L284        TraceCheckUtils]: 94: Hoare quadruple {4665#true} {4666#false} #1052#return; {4666#false} is VALID
[2022-02-20 18:04:19,139 INFO  L290        TraceCheckUtils]: 95: Hoare triple {4666#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {4666#false} is VALID
[2022-02-20 18:04:19,139 INFO  L290        TraceCheckUtils]: 96: Hoare triple {4666#false} assume 0 != ~in_encrypted~0; {4666#false} is VALID
[2022-02-20 18:04:19,139 INFO  L272        TraceCheckUtils]: 97: Hoare triple {4666#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4665#true} is VALID
[2022-02-20 18:04:19,140 INFO  L290        TraceCheckUtils]: 98: Hoare triple {4665#true} ~handle := #in~handle;havoc ~retValue_acc~39; {4665#true} is VALID
[2022-02-20 18:04:19,140 INFO  L290        TraceCheckUtils]: 99: Hoare triple {4665#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4665#true} is VALID
[2022-02-20 18:04:19,140 INFO  L290        TraceCheckUtils]: 100: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,140 INFO  L284        TraceCheckUtils]: 101: Hoare quadruple {4665#true} {4666#false} #1054#return; {4666#false} is VALID
[2022-02-20 18:04:19,140 INFO  L290        TraceCheckUtils]: 102: Hoare triple {4666#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {4666#false} is VALID
[2022-02-20 18:04:19,140 INFO  L290        TraceCheckUtils]: 103: Hoare triple {4666#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {4666#false} is VALID
[2022-02-20 18:04:19,140 INFO  L290        TraceCheckUtils]: 104: Hoare triple {4666#false} assume !false; {4666#false} is VALID
[2022-02-20 18:04:19,141 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked.
[2022-02-20 18:04:19,141 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:19,141 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [616790863]
[2022-02-20 18:04:19,142 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [616790863] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 18:04:19,142 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1365496848]
[2022-02-20 18:04:19,142 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:19,142 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:19,142 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:04:19,143 INFO  L229       MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 18:04:19,145 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process
[2022-02-20 18:04:19,389 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,393 INFO  L263         TraceCheckSpWp]: Trace formula consists of 1013 conjuncts, 3 conjunts are in the unsatisfiable core
[2022-02-20 18:04:19,442 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:19,446 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 18:04:19,655 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4665#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4665#true} is VALID
[2022-02-20 18:04:19,655 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4665#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {4665#true} is VALID
[2022-02-20 18:04:19,655 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4665#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4665#true} is VALID
[2022-02-20 18:04:19,656 INFO  L290        TraceCheckUtils]: 3: Hoare triple {4665#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {4665#true} is VALID
[2022-02-20 18:04:19,656 INFO  L290        TraceCheckUtils]: 4: Hoare triple {4665#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {4665#true} is VALID
[2022-02-20 18:04:19,656 INFO  L290        TraceCheckUtils]: 5: Hoare triple {4665#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4665#true} is VALID
[2022-02-20 18:04:19,656 INFO  L272        TraceCheckUtils]: 6: Hoare triple {4665#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4665#true} is VALID
[2022-02-20 18:04:19,656 INFO  L290        TraceCheckUtils]: 7: Hoare triple {4665#true} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,656 INFO  L290        TraceCheckUtils]: 8: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L290        TraceCheckUtils]: 9: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {4665#true} {4665#true} #1082#return; {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L290        TraceCheckUtils]: 11: Hoare triple {4665#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L272        TraceCheckUtils]: 12: Hoare triple {4665#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L290        TraceCheckUtils]: 13: Hoare triple {4665#true} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L290        TraceCheckUtils]: 14: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,657 INFO  L290        TraceCheckUtils]: 15: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {4665#true} {4665#true} #1084#return; {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L290        TraceCheckUtils]: 17: Hoare triple {4665#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L272        TraceCheckUtils]: 18: Hoare triple {4665#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L290        TraceCheckUtils]: 19: Hoare triple {4665#true} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L290        TraceCheckUtils]: 20: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L290        TraceCheckUtils]: 21: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,658 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {4665#true} {4665#true} #1086#return; {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L290        TraceCheckUtils]: 23: Hoare triple {4665#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L272        TraceCheckUtils]: 24: Hoare triple {4665#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L290        TraceCheckUtils]: 25: Hoare triple {4665#true} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L290        TraceCheckUtils]: 26: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L290        TraceCheckUtils]: 27: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {4665#true} {4665#true} #1088#return; {4665#true} is VALID
[2022-02-20 18:04:19,659 INFO  L290        TraceCheckUtils]: 29: Hoare triple {4665#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L272        TraceCheckUtils]: 30: Hoare triple {4665#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L290        TraceCheckUtils]: 31: Hoare triple {4665#true} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L290        TraceCheckUtils]: 32: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L290        TraceCheckUtils]: 33: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {4665#true} {4665#true} #1090#return; {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L290        TraceCheckUtils]: 35: Hoare triple {4665#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4665#true} is VALID
[2022-02-20 18:04:19,660 INFO  L272        TraceCheckUtils]: 36: Hoare triple {4665#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4665#true} is VALID
[2022-02-20 18:04:19,661 INFO  L290        TraceCheckUtils]: 37: Hoare triple {4665#true} ~handle := #in~handle;~value := #in~value; {4665#true} is VALID
[2022-02-20 18:04:19,661 INFO  L290        TraceCheckUtils]: 38: Hoare triple {4665#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4665#true} is VALID
[2022-02-20 18:04:19,661 INFO  L290        TraceCheckUtils]: 39: Hoare triple {4665#true} assume true; {4665#true} is VALID
[2022-02-20 18:04:19,661 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {4665#true} {4665#true} #1092#return; {4665#true} is VALID
[2022-02-20 18:04:19,661 INFO  L290        TraceCheckUtils]: 41: Hoare triple {4665#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {4665#true} is VALID
[2022-02-20 18:04:19,662 INFO  L290        TraceCheckUtils]: 42: Hoare triple {4665#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 18:04:19,662 INFO  L290        TraceCheckUtils]: 43: Hoare triple {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 18:04:19,663 INFO  L290        TraceCheckUtils]: 44: Hoare triple {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 18:04:19,663 INFO  L290        TraceCheckUtils]: 45: Hoare triple {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 18:04:19,664 INFO  L290        TraceCheckUtils]: 46: Hoare triple {4851#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,664 INFO  L290        TraceCheckUtils]: 47: Hoare triple {4666#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {4666#false} is VALID
[2022-02-20 18:04:19,664 INFO  L290        TraceCheckUtils]: 48: Hoare triple {4666#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4666#false} is VALID
[2022-02-20 18:04:19,664 INFO  L290        TraceCheckUtils]: 49: Hoare triple {4666#false} assume !false; {4666#false} is VALID
[2022-02-20 18:04:19,664 INFO  L290        TraceCheckUtils]: 50: Hoare triple {4666#false} assume !(test_~splverifierCounter~0#1 < 4); {4666#false} is VALID
[2022-02-20 18:04:19,664 INFO  L290        TraceCheckUtils]: 51: Hoare triple {4666#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {4666#false} is VALID
[2022-02-20 18:04:19,664 INFO  L272        TraceCheckUtils]: 52: Hoare triple {4666#false} call sendEmail(~bob~0, ~rjh~0); {4666#false} is VALID
[2022-02-20 18:04:19,665 INFO  L290        TraceCheckUtils]: 53: Hoare triple {4666#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4666#false} is VALID
[2022-02-20 18:04:19,665 INFO  L272        TraceCheckUtils]: 54: Hoare triple {4666#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4666#false} is VALID
[2022-02-20 18:04:19,665 INFO  L290        TraceCheckUtils]: 55: Hoare triple {4666#false} ~handle := #in~handle;~value := #in~value; {4666#false} is VALID
[2022-02-20 18:04:19,665 INFO  L290        TraceCheckUtils]: 56: Hoare triple {4666#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4666#false} is VALID
[2022-02-20 18:04:19,665 INFO  L290        TraceCheckUtils]: 57: Hoare triple {4666#false} assume true; {4666#false} is VALID
[2022-02-20 18:04:19,665 INFO  L284        TraceCheckUtils]: 58: Hoare quadruple {4666#false} {4666#false} #1068#return; {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L272        TraceCheckUtils]: 59: Hoare triple {4666#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L290        TraceCheckUtils]: 60: Hoare triple {4666#false} ~handle := #in~handle;~value := #in~value; {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L290        TraceCheckUtils]: 61: Hoare triple {4666#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L290        TraceCheckUtils]: 62: Hoare triple {4666#false} assume true; {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L284        TraceCheckUtils]: 63: Hoare quadruple {4666#false} {4666#false} #1070#return; {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L290        TraceCheckUtils]: 64: Hoare triple {4666#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {4666#false} is VALID
[2022-02-20 18:04:19,666 INFO  L290        TraceCheckUtils]: 65: Hoare triple {4666#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L272        TraceCheckUtils]: 66: Hoare triple {4666#false} call outgoing(~sender#1, ~email~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L290        TraceCheckUtils]: 67: Hoare triple {4666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L272        TraceCheckUtils]: 68: Hoare triple {4666#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L290        TraceCheckUtils]: 69: Hoare triple {4666#false} ~handle := #in~handle;havoc ~retValue_acc~19; {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L290        TraceCheckUtils]: 70: Hoare triple {4666#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L290        TraceCheckUtils]: 71: Hoare triple {4666#false} assume true; {4666#false} is VALID
[2022-02-20 18:04:19,667 INFO  L284        TraceCheckUtils]: 72: Hoare quadruple {4666#false} {4666#false} #1028#return; {4666#false} is VALID
[2022-02-20 18:04:19,668 INFO  L290        TraceCheckUtils]: 73: Hoare triple {4666#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {4666#false} is VALID
[2022-02-20 18:04:19,668 INFO  L290        TraceCheckUtils]: 74: Hoare triple {4666#false} assume !(0 != ~size~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,668 INFO  L272        TraceCheckUtils]: 75: Hoare triple {4666#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {4666#false} is VALID
[2022-02-20 18:04:19,668 INFO  L290        TraceCheckUtils]: 76: Hoare triple {4666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {4666#false} is VALID
[2022-02-20 18:04:19,668 INFO  L272        TraceCheckUtils]: 77: Hoare triple {4666#false} call #t~ret34#1 := getEmailTo(~msg#1); {4666#false} is VALID
[2022-02-20 18:04:19,668 INFO  L290        TraceCheckUtils]: 78: Hoare triple {4666#false} ~handle := #in~handle;havoc ~retValue_acc~36; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L290        TraceCheckUtils]: 79: Hoare triple {4666#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L290        TraceCheckUtils]: 80: Hoare triple {4666#false} assume true; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L284        TraceCheckUtils]: 81: Hoare quadruple {4666#false} {4666#false} #1046#return; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L290        TraceCheckUtils]: 82: Hoare triple {4666#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L290        TraceCheckUtils]: 83: Hoare triple {4666#false} assume 1 == findPublicKey_~handle#1; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L290        TraceCheckUtils]: 84: Hoare triple {4666#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {4666#false} is VALID
[2022-02-20 18:04:19,669 INFO  L290        TraceCheckUtils]: 85: Hoare triple {4666#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L290        TraceCheckUtils]: 86: Hoare triple {4666#false} assume !(0 != ~pubkey~0#1); {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L290        TraceCheckUtils]: 87: Hoare triple {4666#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L290        TraceCheckUtils]: 88: Hoare triple {4666#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L290        TraceCheckUtils]: 89: Hoare triple {4666#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L272        TraceCheckUtils]: 90: Hoare triple {4666#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L290        TraceCheckUtils]: 91: Hoare triple {4666#false} ~handle := #in~handle;~value := #in~value; {4666#false} is VALID
[2022-02-20 18:04:19,670 INFO  L290        TraceCheckUtils]: 92: Hoare triple {4666#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4666#false} is VALID
[2022-02-20 18:04:19,671 INFO  L290        TraceCheckUtils]: 93: Hoare triple {4666#false} assume true; {4666#false} is VALID
[2022-02-20 18:04:19,671 INFO  L284        TraceCheckUtils]: 94: Hoare quadruple {4666#false} {4666#false} #1052#return; {4666#false} is VALID
[2022-02-20 18:04:19,671 INFO  L290        TraceCheckUtils]: 95: Hoare triple {4666#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {4666#false} is VALID
[2022-02-20 18:04:19,671 INFO  L290        TraceCheckUtils]: 96: Hoare triple {4666#false} assume 0 != ~in_encrypted~0; {4666#false} is VALID
[2022-02-20 18:04:19,671 INFO  L272        TraceCheckUtils]: 97: Hoare triple {4666#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4666#false} is VALID
[2022-02-20 18:04:19,671 INFO  L290        TraceCheckUtils]: 98: Hoare triple {4666#false} ~handle := #in~handle;havoc ~retValue_acc~39; {4666#false} is VALID
[2022-02-20 18:04:19,672 INFO  L290        TraceCheckUtils]: 99: Hoare triple {4666#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4666#false} is VALID
[2022-02-20 18:04:19,672 INFO  L290        TraceCheckUtils]: 100: Hoare triple {4666#false} assume true; {4666#false} is VALID
[2022-02-20 18:04:19,672 INFO  L284        TraceCheckUtils]: 101: Hoare quadruple {4666#false} {4666#false} #1054#return; {4666#false} is VALID
[2022-02-20 18:04:19,672 INFO  L290        TraceCheckUtils]: 102: Hoare triple {4666#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {4666#false} is VALID
[2022-02-20 18:04:19,672 INFO  L290        TraceCheckUtils]: 103: Hoare triple {4666#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {4666#false} is VALID
[2022-02-20 18:04:19,672 INFO  L290        TraceCheckUtils]: 104: Hoare triple {4666#false} assume !false; {4666#false} is VALID
[2022-02-20 18:04:19,673 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 18:04:19,673 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 18:04:19,673 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [1365496848] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:19,673 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 18:04:19,673 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10
[2022-02-20 18:04:19,674 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1710018604]
[2022-02-20 18:04:19,674 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:19,674 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105
[2022-02-20 18:04:19,675 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:19,675 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:19,746 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:19,747 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 3 states
[2022-02-20 18:04:19,747 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:19,747 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants.
[2022-02-20 18:04:19,748 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 18:04:19,748 INFO  L87              Difference]: Start difference. First operand 338 states and 519 transitions. Second operand  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:20,310 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:20,310 INFO  L93              Difference]: Finished difference Result 719 states and 1122 transitions.
[2022-02-20 18:04:20,310 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. 
[2022-02-20 18:04:20,311 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105
[2022-02-20 18:04:20,311 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:20,311 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:20,323 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1120 transitions.
[2022-02-20 18:04:20,324 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:20,336 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1120 transitions.
[2022-02-20 18:04:20,336 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1120 transitions.
[2022-02-20 18:04:21,114 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1120 edges. 1120 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:21,130 INFO  L225             Difference]: With dead ends: 719
[2022-02-20 18:04:21,130 INFO  L226             Difference]: Without dead ends: 408
[2022-02-20 18:04:21,131 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 132 GetRequests, 124 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 18:04:21,132 INFO  L933         BasicCegarLoop]: 540 mSDtfsCounter, 126 mSDsluCounter, 472 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1012 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:21,132 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1012 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 18:04:21,133 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 408 states.
[2022-02-20 18:04:21,146 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 408 to 400.
[2022-02-20 18:04:21,147 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:21,148 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 408 states. Second operand  has 400 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 316 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65)
[2022-02-20 18:04:21,149 INFO  L74              IsIncluded]: Start isIncluded. First operand 408 states. Second operand  has 400 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 316 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65)
[2022-02-20 18:04:21,150 INFO  L87              Difference]: Start difference. First operand 408 states. Second operand  has 400 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 316 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65)
[2022-02-20 18:04:21,174 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:21,174 INFO  L93              Difference]: Finished difference Result 408 states and 637 transitions.
[2022-02-20 18:04:21,174 INFO  L276                IsEmpty]: Start isEmpty. Operand 408 states and 637 transitions.
[2022-02-20 18:04:21,176 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:21,176 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:21,178 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 400 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 316 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 408 states.
[2022-02-20 18:04:21,179 INFO  L87              Difference]: Start difference. First operand  has 400 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 316 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 408 states.
[2022-02-20 18:04:21,195 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:21,195 INFO  L93              Difference]: Finished difference Result 408 states and 637 transitions.
[2022-02-20 18:04:21,196 INFO  L276                IsEmpty]: Start isEmpty. Operand 408 states and 637 transitions.
[2022-02-20 18:04:21,197 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:21,197 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:21,197 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:21,198 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:21,199 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 400 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 316 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65)
[2022-02-20 18:04:21,217 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 400 states to 400 states and 628 transitions.
[2022-02-20 18:04:21,217 INFO  L78                 Accepts]: Start accepts. Automaton has 400 states and 628 transitions. Word has length 105
[2022-02-20 18:04:21,218 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:21,218 INFO  L470      AbstractCegarLoop]: Abstraction has 400 states and 628 transitions.
[2022-02-20 18:04:21,218 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 18:04:21,218 INFO  L276                IsEmpty]: Start isEmpty. Operand 400 states and 628 transitions.
[2022-02-20 18:04:21,220 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 107
[2022-02-20 18:04:21,221 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:21,221 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:21,253 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0
[2022-02-20 18:04:21,431 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:21,432 INFO  L402      AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:21,432 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:21,432 INFO  L85        PathProgramCache]: Analyzing trace with hash 1151846179, now seen corresponding path program 1 times
[2022-02-20 18:04:21,432 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:21,432 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1873670486]
[2022-02-20 18:04:21,432 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:21,433 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:21,463 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,494 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:21,496 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,499 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,499 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,499 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,499 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7393#true} #1082#return; {7393#true} is VALID
[2022-02-20 18:04:21,505 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:21,507 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,509 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,509 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,510 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,510 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7393#true} #1084#return; {7393#true} is VALID
[2022-02-20 18:04:21,510 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:21,512 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,527 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7446#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:21,528 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7446#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7447#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:21,528 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7447#(= |setClientId_#in~handle| 1)} assume true; {7447#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:21,529 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7447#(= |setClientId_#in~handle| 1)} {7403#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {7394#false} is VALID
[2022-02-20 18:04:21,529 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 18:04:21,531 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,533 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,534 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,534 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,534 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1088#return; {7394#false} is VALID
[2022-02-20 18:04:21,534 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 18:04:21,537 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,540 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,540 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,540 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,540 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1090#return; {7394#false} is VALID
[2022-02-20 18:04:21,541 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 18:04:21,543 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,548 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,548 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,548 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,548 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1092#return; {7394#false} is VALID
[2022-02-20 18:04:21,555 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55
[2022-02-20 18:04:21,556 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,559 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,560 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,560 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,560 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1068#return; {7394#false} is VALID
[2022-02-20 18:04:21,568 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60
[2022-02-20 18:04:21,569 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,572 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7449#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,572 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,573 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,573 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1070#return; {7394#false} is VALID
[2022-02-20 18:04:21,573 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69
[2022-02-20 18:04:21,576 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,578 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7393#true} ~handle := #in~handle;havoc ~retValue_acc~19; {7393#true} is VALID
[2022-02-20 18:04:21,578 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {7393#true} is VALID
[2022-02-20 18:04:21,578 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,578 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1028#return; {7394#false} is VALID
[2022-02-20 18:04:21,578 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78
[2022-02-20 18:04:21,580 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,583 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7393#true} is VALID
[2022-02-20 18:04:21,583 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7393#true} is VALID
[2022-02-20 18:04:21,583 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,583 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1046#return; {7394#false} is VALID
[2022-02-20 18:04:21,584 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91
[2022-02-20 18:04:21,589 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,591 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,592 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,592 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,592 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1052#return; {7394#false} is VALID
[2022-02-20 18:04:21,592 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98
[2022-02-20 18:04:21,593 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,594 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7393#true} ~handle := #in~handle;havoc ~retValue_acc~39; {7393#true} is VALID
[2022-02-20 18:04:21,595 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7393#true} is VALID
[2022-02-20 18:04:21,595 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,595 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7393#true} {7394#false} #1054#return; {7394#false} is VALID
[2022-02-20 18:04:21,595 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7393#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7393#true} is VALID
[2022-02-20 18:04:21,595 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7393#true} is VALID
[2022-02-20 18:04:21,596 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7393#true} is VALID
[2022-02-20 18:04:21,596 INFO  L290        TraceCheckUtils]: 3: Hoare triple {7393#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {7393#true} is VALID
[2022-02-20 18:04:21,596 INFO  L290        TraceCheckUtils]: 4: Hoare triple {7393#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {7393#true} is VALID
[2022-02-20 18:04:21,596 INFO  L290        TraceCheckUtils]: 5: Hoare triple {7393#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7393#true} is VALID
[2022-02-20 18:04:21,597 INFO  L272        TraceCheckUtils]: 6: Hoare triple {7393#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:21,597 INFO  L290        TraceCheckUtils]: 7: Hoare triple {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,597 INFO  L290        TraceCheckUtils]: 8: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,597 INFO  L290        TraceCheckUtils]: 9: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,597 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {7393#true} {7393#true} #1082#return; {7393#true} is VALID
[2022-02-20 18:04:21,598 INFO  L290        TraceCheckUtils]: 11: Hoare triple {7393#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7393#true} is VALID
[2022-02-20 18:04:21,598 INFO  L272        TraceCheckUtils]: 12: Hoare triple {7393#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:21,598 INFO  L290        TraceCheckUtils]: 13: Hoare triple {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,599 INFO  L290        TraceCheckUtils]: 14: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,599 INFO  L290        TraceCheckUtils]: 15: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,599 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {7393#true} {7393#true} #1084#return; {7393#true} is VALID
[2022-02-20 18:04:21,599 INFO  L290        TraceCheckUtils]: 17: Hoare triple {7393#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7403#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 18:04:21,600 INFO  L272        TraceCheckUtils]: 18: Hoare triple {7403#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:21,600 INFO  L290        TraceCheckUtils]: 19: Hoare triple {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7446#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:21,601 INFO  L290        TraceCheckUtils]: 20: Hoare triple {7446#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7447#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:21,601 INFO  L290        TraceCheckUtils]: 21: Hoare triple {7447#(= |setClientId_#in~handle| 1)} assume true; {7447#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:21,602 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {7447#(= |setClientId_#in~handle| 1)} {7403#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1086#return; {7394#false} is VALID
[2022-02-20 18:04:21,602 INFO  L290        TraceCheckUtils]: 23: Hoare triple {7394#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7394#false} is VALID
[2022-02-20 18:04:21,602 INFO  L272        TraceCheckUtils]: 24: Hoare triple {7394#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:21,602 INFO  L290        TraceCheckUtils]: 25: Hoare triple {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,602 INFO  L290        TraceCheckUtils]: 26: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,602 INFO  L290        TraceCheckUtils]: 27: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,603 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {7393#true} {7394#false} #1088#return; {7394#false} is VALID
[2022-02-20 18:04:21,603 INFO  L290        TraceCheckUtils]: 29: Hoare triple {7394#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7394#false} is VALID
[2022-02-20 18:04:21,603 INFO  L272        TraceCheckUtils]: 30: Hoare triple {7394#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:21,603 INFO  L290        TraceCheckUtils]: 31: Hoare triple {7444#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,603 INFO  L290        TraceCheckUtils]: 32: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,603 INFO  L290        TraceCheckUtils]: 33: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,603 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {7393#true} {7394#false} #1090#return; {7394#false} is VALID
[2022-02-20 18:04:21,604 INFO  L290        TraceCheckUtils]: 35: Hoare triple {7394#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7394#false} is VALID
[2022-02-20 18:04:21,604 INFO  L272        TraceCheckUtils]: 36: Hoare triple {7394#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:21,604 INFO  L290        TraceCheckUtils]: 37: Hoare triple {7445#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,604 INFO  L290        TraceCheckUtils]: 38: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,604 INFO  L290        TraceCheckUtils]: 39: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,604 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {7393#true} {7394#false} #1092#return; {7394#false} is VALID
[2022-02-20 18:04:21,605 INFO  L290        TraceCheckUtils]: 41: Hoare triple {7394#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {7394#false} is VALID
[2022-02-20 18:04:21,605 INFO  L290        TraceCheckUtils]: 42: Hoare triple {7394#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7394#false} is VALID
[2022-02-20 18:04:21,605 INFO  L290        TraceCheckUtils]: 43: Hoare triple {7394#false} assume !false; {7394#false} is VALID
[2022-02-20 18:04:21,605 INFO  L290        TraceCheckUtils]: 44: Hoare triple {7394#false} assume test_~splverifierCounter~0#1 < 4; {7394#false} is VALID
[2022-02-20 18:04:21,605 INFO  L290        TraceCheckUtils]: 45: Hoare triple {7394#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7394#false} is VALID
[2022-02-20 18:04:21,605 INFO  L290        TraceCheckUtils]: 46: Hoare triple {7394#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L290        TraceCheckUtils]: 47: Hoare triple {7394#false} assume !(0 != test_~tmp___9~0#1); {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L290        TraceCheckUtils]: 48: Hoare triple {7394#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L290        TraceCheckUtils]: 49: Hoare triple {7394#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L290        TraceCheckUtils]: 50: Hoare triple {7394#false} assume !false; {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L290        TraceCheckUtils]: 51: Hoare triple {7394#false} assume !(test_~splverifierCounter~0#1 < 4); {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L290        TraceCheckUtils]: 52: Hoare triple {7394#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {7394#false} is VALID
[2022-02-20 18:04:21,606 INFO  L272        TraceCheckUtils]: 53: Hoare triple {7394#false} call sendEmail(~bob~0, ~rjh~0); {7394#false} is VALID
[2022-02-20 18:04:21,607 INFO  L290        TraceCheckUtils]: 54: Hoare triple {7394#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7394#false} is VALID
[2022-02-20 18:04:21,607 INFO  L272        TraceCheckUtils]: 55: Hoare triple {7394#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:21,607 INFO  L290        TraceCheckUtils]: 56: Hoare triple {7448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,607 INFO  L290        TraceCheckUtils]: 57: Hoare triple {7393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,607 INFO  L290        TraceCheckUtils]: 58: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,607 INFO  L284        TraceCheckUtils]: 59: Hoare quadruple {7393#true} {7394#false} #1068#return; {7394#false} is VALID
[2022-02-20 18:04:21,607 INFO  L272        TraceCheckUtils]: 60: Hoare triple {7394#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7449#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:21,608 INFO  L290        TraceCheckUtils]: 61: Hoare triple {7449#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,608 INFO  L290        TraceCheckUtils]: 62: Hoare triple {7393#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,608 INFO  L290        TraceCheckUtils]: 63: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,608 INFO  L284        TraceCheckUtils]: 64: Hoare quadruple {7393#true} {7394#false} #1070#return; {7394#false} is VALID
[2022-02-20 18:04:21,608 INFO  L290        TraceCheckUtils]: 65: Hoare triple {7394#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {7394#false} is VALID
[2022-02-20 18:04:21,608 INFO  L290        TraceCheckUtils]: 66: Hoare triple {7394#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {7394#false} is VALID
[2022-02-20 18:04:21,608 INFO  L272        TraceCheckUtils]: 67: Hoare triple {7394#false} call outgoing(~sender#1, ~email~0#1); {7394#false} is VALID
[2022-02-20 18:04:21,609 INFO  L290        TraceCheckUtils]: 68: Hoare triple {7394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {7394#false} is VALID
[2022-02-20 18:04:21,609 INFO  L272        TraceCheckUtils]: 69: Hoare triple {7394#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {7393#true} is VALID
[2022-02-20 18:04:21,609 INFO  L290        TraceCheckUtils]: 70: Hoare triple {7393#true} ~handle := #in~handle;havoc ~retValue_acc~19; {7393#true} is VALID
[2022-02-20 18:04:21,609 INFO  L290        TraceCheckUtils]: 71: Hoare triple {7393#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {7393#true} is VALID
[2022-02-20 18:04:21,609 INFO  L290        TraceCheckUtils]: 72: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,609 INFO  L284        TraceCheckUtils]: 73: Hoare quadruple {7393#true} {7394#false} #1028#return; {7394#false} is VALID
[2022-02-20 18:04:21,609 INFO  L290        TraceCheckUtils]: 74: Hoare triple {7394#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {7394#false} is VALID
[2022-02-20 18:04:21,610 INFO  L290        TraceCheckUtils]: 75: Hoare triple {7394#false} assume !(0 != ~size~0#1); {7394#false} is VALID
[2022-02-20 18:04:21,610 INFO  L272        TraceCheckUtils]: 76: Hoare triple {7394#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {7394#false} is VALID
[2022-02-20 18:04:21,610 INFO  L290        TraceCheckUtils]: 77: Hoare triple {7394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {7394#false} is VALID
[2022-02-20 18:04:21,610 INFO  L272        TraceCheckUtils]: 78: Hoare triple {7394#false} call #t~ret34#1 := getEmailTo(~msg#1); {7393#true} is VALID
[2022-02-20 18:04:21,610 INFO  L290        TraceCheckUtils]: 79: Hoare triple {7393#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7393#true} is VALID
[2022-02-20 18:04:21,610 INFO  L290        TraceCheckUtils]: 80: Hoare triple {7393#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7393#true} is VALID
[2022-02-20 18:04:21,610 INFO  L290        TraceCheckUtils]: 81: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,611 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {7393#true} {7394#false} #1046#return; {7394#false} is VALID
[2022-02-20 18:04:21,611 INFO  L290        TraceCheckUtils]: 83: Hoare triple {7394#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {7394#false} is VALID
[2022-02-20 18:04:21,611 INFO  L290        TraceCheckUtils]: 84: Hoare triple {7394#false} assume 1 == findPublicKey_~handle#1; {7394#false} is VALID
[2022-02-20 18:04:21,611 INFO  L290        TraceCheckUtils]: 85: Hoare triple {7394#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {7394#false} is VALID
[2022-02-20 18:04:21,611 INFO  L290        TraceCheckUtils]: 86: Hoare triple {7394#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {7394#false} is VALID
[2022-02-20 18:04:21,611 INFO  L290        TraceCheckUtils]: 87: Hoare triple {7394#false} assume !(0 != ~pubkey~0#1); {7394#false} is VALID
[2022-02-20 18:04:21,611 INFO  L290        TraceCheckUtils]: 88: Hoare triple {7394#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {7394#false} is VALID
[2022-02-20 18:04:21,612 INFO  L290        TraceCheckUtils]: 89: Hoare triple {7394#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {7394#false} is VALID
[2022-02-20 18:04:21,612 INFO  L290        TraceCheckUtils]: 90: Hoare triple {7394#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {7394#false} is VALID
[2022-02-20 18:04:21,612 INFO  L272        TraceCheckUtils]: 91: Hoare triple {7394#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {7448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:21,612 INFO  L290        TraceCheckUtils]: 92: Hoare triple {7448#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:21,612 INFO  L290        TraceCheckUtils]: 93: Hoare triple {7393#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:21,612 INFO  L290        TraceCheckUtils]: 94: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,612 INFO  L284        TraceCheckUtils]: 95: Hoare quadruple {7393#true} {7394#false} #1052#return; {7394#false} is VALID
[2022-02-20 18:04:21,613 INFO  L290        TraceCheckUtils]: 96: Hoare triple {7394#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {7394#false} is VALID
[2022-02-20 18:04:21,613 INFO  L290        TraceCheckUtils]: 97: Hoare triple {7394#false} assume 0 != ~in_encrypted~0; {7394#false} is VALID
[2022-02-20 18:04:21,613 INFO  L272        TraceCheckUtils]: 98: Hoare triple {7394#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7393#true} is VALID
[2022-02-20 18:04:21,613 INFO  L290        TraceCheckUtils]: 99: Hoare triple {7393#true} ~handle := #in~handle;havoc ~retValue_acc~39; {7393#true} is VALID
[2022-02-20 18:04:21,613 INFO  L290        TraceCheckUtils]: 100: Hoare triple {7393#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7393#true} is VALID
[2022-02-20 18:04:21,613 INFO  L290        TraceCheckUtils]: 101: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:21,614 INFO  L284        TraceCheckUtils]: 102: Hoare quadruple {7393#true} {7394#false} #1054#return; {7394#false} is VALID
[2022-02-20 18:04:21,614 INFO  L290        TraceCheckUtils]: 103: Hoare triple {7394#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {7394#false} is VALID
[2022-02-20 18:04:21,614 INFO  L290        TraceCheckUtils]: 104: Hoare triple {7394#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {7394#false} is VALID
[2022-02-20 18:04:21,614 INFO  L290        TraceCheckUtils]: 105: Hoare triple {7394#false} assume !false; {7394#false} is VALID
[2022-02-20 18:04:21,614 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked.
[2022-02-20 18:04:21,615 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:21,615 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1873670486]
[2022-02-20 18:04:21,615 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1873670486] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 18:04:21,615 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1110849486]
[2022-02-20 18:04:21,615 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:21,616 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:21,616 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:04:21,617 INFO  L229       MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 18:04:21,618 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process
[2022-02-20 18:04:21,830 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,833 INFO  L263         TraceCheckSpWp]: Trace formula consists of 1020 conjuncts, 8 conjunts are in the unsatisfiable core
[2022-02-20 18:04:21,893 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:21,895 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 18:04:22,224 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7393#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7393#true} is VALID
[2022-02-20 18:04:22,224 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7393#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7393#true} is VALID
[2022-02-20 18:04:22,224 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7393#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L290        TraceCheckUtils]: 3: Hoare triple {7393#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L290        TraceCheckUtils]: 4: Hoare triple {7393#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L290        TraceCheckUtils]: 5: Hoare triple {7393#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L272        TraceCheckUtils]: 6: Hoare triple {7393#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L290        TraceCheckUtils]: 7: Hoare triple {7393#true} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L290        TraceCheckUtils]: 8: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:22,225 INFO  L290        TraceCheckUtils]: 9: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {7393#true} {7393#true} #1082#return; {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L290        TraceCheckUtils]: 11: Hoare triple {7393#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L272        TraceCheckUtils]: 12: Hoare triple {7393#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L290        TraceCheckUtils]: 13: Hoare triple {7393#true} ~handle := #in~handle;~value := #in~value; {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L290        TraceCheckUtils]: 14: Hoare triple {7393#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L290        TraceCheckUtils]: 15: Hoare triple {7393#true} assume true; {7393#true} is VALID
[2022-02-20 18:04:22,226 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {7393#true} {7393#true} #1084#return; {7393#true} is VALID
[2022-02-20 18:04:22,227 INFO  L290        TraceCheckUtils]: 17: Hoare triple {7393#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7504#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID
[2022-02-20 18:04:22,227 INFO  L272        TraceCheckUtils]: 18: Hoare triple {7504#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7393#true} is VALID
[2022-02-20 18:04:22,228 INFO  L290        TraceCheckUtils]: 19: Hoare triple {7393#true} ~handle := #in~handle;~value := #in~value; {7511#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID
[2022-02-20 18:04:22,228 INFO  L290        TraceCheckUtils]: 20: Hoare triple {7511#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7515#(<= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:22,229 INFO  L290        TraceCheckUtils]: 21: Hoare triple {7515#(<= |setClientId_#in~handle| 1)} assume true; {7515#(<= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:22,229 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {7515#(<= |setClientId_#in~handle| 1)} {7504#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1086#return; {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L290        TraceCheckUtils]: 23: Hoare triple {7394#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L272        TraceCheckUtils]: 24: Hoare triple {7394#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L290        TraceCheckUtils]: 25: Hoare triple {7394#false} ~handle := #in~handle;~value := #in~value; {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L290        TraceCheckUtils]: 26: Hoare triple {7394#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L290        TraceCheckUtils]: 27: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {7394#false} {7394#false} #1088#return; {7394#false} is VALID
[2022-02-20 18:04:22,230 INFO  L290        TraceCheckUtils]: 29: Hoare triple {7394#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L272        TraceCheckUtils]: 30: Hoare triple {7394#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L290        TraceCheckUtils]: 31: Hoare triple {7394#false} ~handle := #in~handle;~value := #in~value; {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L290        TraceCheckUtils]: 32: Hoare triple {7394#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L290        TraceCheckUtils]: 33: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {7394#false} {7394#false} #1090#return; {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L290        TraceCheckUtils]: 35: Hoare triple {7394#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7394#false} is VALID
[2022-02-20 18:04:22,231 INFO  L272        TraceCheckUtils]: 36: Hoare triple {7394#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L290        TraceCheckUtils]: 37: Hoare triple {7394#false} ~handle := #in~handle;~value := #in~value; {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L290        TraceCheckUtils]: 38: Hoare triple {7394#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L290        TraceCheckUtils]: 39: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {7394#false} {7394#false} #1092#return; {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L290        TraceCheckUtils]: 41: Hoare triple {7394#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L290        TraceCheckUtils]: 42: Hoare triple {7394#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7394#false} is VALID
[2022-02-20 18:04:22,232 INFO  L290        TraceCheckUtils]: 43: Hoare triple {7394#false} assume !false; {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 44: Hoare triple {7394#false} assume test_~splverifierCounter~0#1 < 4; {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 45: Hoare triple {7394#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 46: Hoare triple {7394#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 47: Hoare triple {7394#false} assume !(0 != test_~tmp___9~0#1); {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 48: Hoare triple {7394#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 49: Hoare triple {7394#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7394#false} is VALID
[2022-02-20 18:04:22,233 INFO  L290        TraceCheckUtils]: 50: Hoare triple {7394#false} assume !false; {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L290        TraceCheckUtils]: 51: Hoare triple {7394#false} assume !(test_~splverifierCounter~0#1 < 4); {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L290        TraceCheckUtils]: 52: Hoare triple {7394#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L272        TraceCheckUtils]: 53: Hoare triple {7394#false} call sendEmail(~bob~0, ~rjh~0); {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L290        TraceCheckUtils]: 54: Hoare triple {7394#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L272        TraceCheckUtils]: 55: Hoare triple {7394#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L290        TraceCheckUtils]: 56: Hoare triple {7394#false} ~handle := #in~handle;~value := #in~value; {7394#false} is VALID
[2022-02-20 18:04:22,234 INFO  L290        TraceCheckUtils]: 57: Hoare triple {7394#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7394#false} is VALID
[2022-02-20 18:04:22,235 INFO  L290        TraceCheckUtils]: 58: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,235 INFO  L284        TraceCheckUtils]: 59: Hoare quadruple {7394#false} {7394#false} #1068#return; {7394#false} is VALID
[2022-02-20 18:04:22,235 INFO  L272        TraceCheckUtils]: 60: Hoare triple {7394#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7394#false} is VALID
[2022-02-20 18:04:22,235 INFO  L290        TraceCheckUtils]: 61: Hoare triple {7394#false} ~handle := #in~handle;~value := #in~value; {7394#false} is VALID
[2022-02-20 18:04:22,235 INFO  L290        TraceCheckUtils]: 62: Hoare triple {7394#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7394#false} is VALID
[2022-02-20 18:04:22,235 INFO  L290        TraceCheckUtils]: 63: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L284        TraceCheckUtils]: 64: Hoare quadruple {7394#false} {7394#false} #1070#return; {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L290        TraceCheckUtils]: 65: Hoare triple {7394#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L290        TraceCheckUtils]: 66: Hoare triple {7394#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L272        TraceCheckUtils]: 67: Hoare triple {7394#false} call outgoing(~sender#1, ~email~0#1); {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L290        TraceCheckUtils]: 68: Hoare triple {7394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L272        TraceCheckUtils]: 69: Hoare triple {7394#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {7394#false} is VALID
[2022-02-20 18:04:22,236 INFO  L290        TraceCheckUtils]: 70: Hoare triple {7394#false} ~handle := #in~handle;havoc ~retValue_acc~19; {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L290        TraceCheckUtils]: 71: Hoare triple {7394#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L290        TraceCheckUtils]: 72: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L284        TraceCheckUtils]: 73: Hoare quadruple {7394#false} {7394#false} #1028#return; {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L290        TraceCheckUtils]: 74: Hoare triple {7394#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L290        TraceCheckUtils]: 75: Hoare triple {7394#false} assume !(0 != ~size~0#1); {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L272        TraceCheckUtils]: 76: Hoare triple {7394#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {7394#false} is VALID
[2022-02-20 18:04:22,237 INFO  L290        TraceCheckUtils]: 77: Hoare triple {7394#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L272        TraceCheckUtils]: 78: Hoare triple {7394#false} call #t~ret34#1 := getEmailTo(~msg#1); {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L290        TraceCheckUtils]: 79: Hoare triple {7394#false} ~handle := #in~handle;havoc ~retValue_acc~36; {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L290        TraceCheckUtils]: 80: Hoare triple {7394#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L290        TraceCheckUtils]: 81: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {7394#false} {7394#false} #1046#return; {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L290        TraceCheckUtils]: 83: Hoare triple {7394#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {7394#false} is VALID
[2022-02-20 18:04:22,238 INFO  L290        TraceCheckUtils]: 84: Hoare triple {7394#false} assume 1 == findPublicKey_~handle#1; {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L290        TraceCheckUtils]: 85: Hoare triple {7394#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L290        TraceCheckUtils]: 86: Hoare triple {7394#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L290        TraceCheckUtils]: 87: Hoare triple {7394#false} assume !(0 != ~pubkey~0#1); {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L290        TraceCheckUtils]: 88: Hoare triple {7394#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L290        TraceCheckUtils]: 89: Hoare triple {7394#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L290        TraceCheckUtils]: 90: Hoare triple {7394#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {7394#false} is VALID
[2022-02-20 18:04:22,239 INFO  L272        TraceCheckUtils]: 91: Hoare triple {7394#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L290        TraceCheckUtils]: 92: Hoare triple {7394#false} ~handle := #in~handle;~value := #in~value; {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L290        TraceCheckUtils]: 93: Hoare triple {7394#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L290        TraceCheckUtils]: 94: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L284        TraceCheckUtils]: 95: Hoare quadruple {7394#false} {7394#false} #1052#return; {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L290        TraceCheckUtils]: 96: Hoare triple {7394#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L290        TraceCheckUtils]: 97: Hoare triple {7394#false} assume 0 != ~in_encrypted~0; {7394#false} is VALID
[2022-02-20 18:04:22,240 INFO  L272        TraceCheckUtils]: 98: Hoare triple {7394#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7394#false} is VALID
[2022-02-20 18:04:22,241 INFO  L290        TraceCheckUtils]: 99: Hoare triple {7394#false} ~handle := #in~handle;havoc ~retValue_acc~39; {7394#false} is VALID
[2022-02-20 18:04:22,241 INFO  L290        TraceCheckUtils]: 100: Hoare triple {7394#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7394#false} is VALID
[2022-02-20 18:04:22,241 INFO  L290        TraceCheckUtils]: 101: Hoare triple {7394#false} assume true; {7394#false} is VALID
[2022-02-20 18:04:22,241 INFO  L284        TraceCheckUtils]: 102: Hoare quadruple {7394#false} {7394#false} #1054#return; {7394#false} is VALID
[2022-02-20 18:04:22,241 INFO  L290        TraceCheckUtils]: 103: Hoare triple {7394#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {7394#false} is VALID
[2022-02-20 18:04:22,241 INFO  L290        TraceCheckUtils]: 104: Hoare triple {7394#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {7394#false} is VALID
[2022-02-20 18:04:22,242 INFO  L290        TraceCheckUtils]: 105: Hoare triple {7394#false} assume !false; {7394#false} is VALID
[2022-02-20 18:04:22,242 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked.
[2022-02-20 18:04:22,242 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 18:04:22,242 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [1110849486] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:22,242 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 18:04:22,243 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12
[2022-02-20 18:04:22,243 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [810721013]
[2022-02-20 18:04:22,243 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:22,244 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106
[2022-02-20 18:04:22,244 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:22,244 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:22,319 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:22,319 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 5 states
[2022-02-20 18:04:22,319 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:22,320 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants.
[2022-02-20 18:04:22,320 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132
[2022-02-20 18:04:22,320 INFO  L87              Difference]: Start difference. First operand 400 states and 628 transitions. Second operand  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:23,404 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:23,404 INFO  L93              Difference]: Finished difference Result 791 states and 1246 transitions.
[2022-02-20 18:04:23,404 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. 
[2022-02-20 18:04:23,405 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106
[2022-02-20 18:04:23,405 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:23,405 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:23,416 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1024 transitions.
[2022-02-20 18:04:23,416 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:23,427 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1024 transitions.
[2022-02-20 18:04:23,427 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1024 transitions.
[2022-02-20 18:04:24,104 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1024 edges. 1024 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:24,116 INFO  L225             Difference]: With dead ends: 791
[2022-02-20 18:04:24,116 INFO  L226             Difference]: Without dead ends: 402
[2022-02-20 18:04:24,118 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156
[2022-02-20 18:04:24,118 INFO  L933         BasicCegarLoop]: 508 mSDtfsCounter, 144 mSDsluCounter, 1358 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 167 SdHoareTripleChecker+Valid, 1866 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:24,119 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [167 Valid, 1866 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 18:04:24,120 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 402 states.
[2022-02-20 18:04:24,187 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 402 to 402.
[2022-02-20 18:04:24,188 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:24,189 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 402 states. Second operand  has 402 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 318 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67)
[2022-02-20 18:04:24,190 INFO  L74              IsIncluded]: Start isIncluded. First operand 402 states. Second operand  has 402 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 318 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67)
[2022-02-20 18:04:24,191 INFO  L87              Difference]: Start difference. First operand 402 states. Second operand  has 402 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 318 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67)
[2022-02-20 18:04:24,205 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:24,206 INFO  L93              Difference]: Finished difference Result 402 states and 631 transitions.
[2022-02-20 18:04:24,206 INFO  L276                IsEmpty]: Start isEmpty. Operand 402 states and 631 transitions.
[2022-02-20 18:04:24,207 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:24,207 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:24,209 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 402 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 318 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) Second operand 402 states.
[2022-02-20 18:04:24,210 INFO  L87              Difference]: Start difference. First operand  has 402 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 318 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) Second operand 402 states.
[2022-02-20 18:04:24,223 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:24,224 INFO  L93              Difference]: Finished difference Result 402 states and 631 transitions.
[2022-02-20 18:04:24,224 INFO  L276                IsEmpty]: Start isEmpty. Operand 402 states and 631 transitions.
[2022-02-20 18:04:24,225 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:24,226 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:24,226 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:24,226 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:24,227 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 402 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 318 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67)
[2022-02-20 18:04:24,242 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 402 states to 402 states and 631 transitions.
[2022-02-20 18:04:24,243 INFO  L78                 Accepts]: Start accepts. Automaton has 402 states and 631 transitions. Word has length 106
[2022-02-20 18:04:24,243 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:24,243 INFO  L470      AbstractCegarLoop]: Abstraction has 402 states and 631 transitions.
[2022-02-20 18:04:24,243 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:24,244 INFO  L276                IsEmpty]: Start isEmpty. Operand 402 states and 631 transitions.
[2022-02-20 18:04:24,245 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 108
[2022-02-20 18:04:24,245 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:24,246 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:24,274 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0
[2022-02-20 18:04:24,471 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:24,471 INFO  L402      AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:24,472 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:24,472 INFO  L85        PathProgramCache]: Analyzing trace with hash 800636676, now seen corresponding path program 1 times
[2022-02-20 18:04:24,472 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:24,472 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1104507810]
[2022-02-20 18:04:24,472 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:24,472 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:24,509 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,542 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:24,544 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,546 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,546 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,547 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,547 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10226#true} #1082#return; {10226#true} is VALID
[2022-02-20 18:04:24,553 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:24,555 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,558 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,558 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,558 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,558 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10226#true} #1084#return; {10226#true} is VALID
[2022-02-20 18:04:24,558 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:24,561 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,575 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10281#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,576 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10281#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10281#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,576 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10281#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10282#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,577 INFO  L290        TraceCheckUtils]: 3: Hoare triple {10282#(= 2 |setClientId_#in~handle|)} assume true; {10282#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,577 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {10282#(= 2 |setClientId_#in~handle|)} {10236#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1086#return; {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID
[2022-02-20 18:04:24,577 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:04:24,580 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,597 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10283#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:04:24,598 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10283#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10284#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:24,598 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10284#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10284#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:24,599 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10284#(= |setClientPrivateKey_#in~handle| 1)} {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1088#return; {10227#false} is VALID
[2022-02-20 18:04:24,599 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31
[2022-02-20 18:04:24,601 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,603 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,603 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,603 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,603 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1090#return; {10227#false} is VALID
[2022-02-20 18:04:24,604 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37
[2022-02-20 18:04:24,605 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,608 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,608 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,608 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,608 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1092#return; {10227#false} is VALID
[2022-02-20 18:04:24,616 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56
[2022-02-20 18:04:24,617 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,624 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10285#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,624 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,624 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,625 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1068#return; {10227#false} is VALID
[2022-02-20 18:04:24,633 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61
[2022-02-20 18:04:24,635 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,637 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10286#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,637 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,637 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,637 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1070#return; {10227#false} is VALID
[2022-02-20 18:04:24,637 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70
[2022-02-20 18:04:24,638 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,641 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~19; {10226#true} is VALID
[2022-02-20 18:04:24,641 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {10226#true} is VALID
[2022-02-20 18:04:24,641 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,641 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1028#return; {10227#false} is VALID
[2022-02-20 18:04:24,641 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79
[2022-02-20 18:04:24,642 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,644 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10226#true} is VALID
[2022-02-20 18:04:24,644 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10226#true} is VALID
[2022-02-20 18:04:24,644 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,644 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1046#return; {10227#false} is VALID
[2022-02-20 18:04:24,645 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92
[2022-02-20 18:04:24,645 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,647 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10285#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,648 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,648 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,648 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1052#return; {10227#false} is VALID
[2022-02-20 18:04:24,648 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99
[2022-02-20 18:04:24,649 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,651 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~39; {10226#true} is VALID
[2022-02-20 18:04:24,651 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10226#true} is VALID
[2022-02-20 18:04:24,651 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,651 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {10226#true} {10227#false} #1054#return; {10227#false} is VALID
[2022-02-20 18:04:24,651 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10226#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10226#true} is VALID
[2022-02-20 18:04:24,651 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10226#true} is VALID
[2022-02-20 18:04:24,652 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10226#true} is VALID
[2022-02-20 18:04:24,652 INFO  L290        TraceCheckUtils]: 3: Hoare triple {10226#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {10226#true} is VALID
[2022-02-20 18:04:24,652 INFO  L290        TraceCheckUtils]: 4: Hoare triple {10226#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {10226#true} is VALID
[2022-02-20 18:04:24,652 INFO  L290        TraceCheckUtils]: 5: Hoare triple {10226#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10226#true} is VALID
[2022-02-20 18:04:24,653 INFO  L272        TraceCheckUtils]: 6: Hoare triple {10226#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:24,653 INFO  L290        TraceCheckUtils]: 7: Hoare triple {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,653 INFO  L290        TraceCheckUtils]: 8: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,653 INFO  L290        TraceCheckUtils]: 9: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,653 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {10226#true} {10226#true} #1082#return; {10226#true} is VALID
[2022-02-20 18:04:24,653 INFO  L290        TraceCheckUtils]: 11: Hoare triple {10226#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10226#true} is VALID
[2022-02-20 18:04:24,654 INFO  L272        TraceCheckUtils]: 12: Hoare triple {10226#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:24,655 INFO  L290        TraceCheckUtils]: 13: Hoare triple {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,655 INFO  L290        TraceCheckUtils]: 14: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,655 INFO  L290        TraceCheckUtils]: 15: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,655 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {10226#true} {10226#true} #1084#return; {10226#true} is VALID
[2022-02-20 18:04:24,655 INFO  L290        TraceCheckUtils]: 17: Hoare triple {10226#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10236#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID
[2022-02-20 18:04:24,656 INFO  L272        TraceCheckUtils]: 18: Hoare triple {10236#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:24,657 INFO  L290        TraceCheckUtils]: 19: Hoare triple {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10281#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,657 INFO  L290        TraceCheckUtils]: 20: Hoare triple {10281#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10281#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,657 INFO  L290        TraceCheckUtils]: 21: Hoare triple {10281#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10282#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,658 INFO  L290        TraceCheckUtils]: 22: Hoare triple {10282#(= 2 |setClientId_#in~handle|)} assume true; {10282#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:24,658 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {10282#(= 2 |setClientId_#in~handle|)} {10236#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1086#return; {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID
[2022-02-20 18:04:24,658 INFO  L290        TraceCheckUtils]: 24: Hoare triple {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID
[2022-02-20 18:04:24,659 INFO  L272        TraceCheckUtils]: 25: Hoare triple {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:24,659 INFO  L290        TraceCheckUtils]: 26: Hoare triple {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10283#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:04:24,660 INFO  L290        TraceCheckUtils]: 27: Hoare triple {10283#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10284#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:24,660 INFO  L290        TraceCheckUtils]: 28: Hoare triple {10284#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10284#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:24,661 INFO  L284        TraceCheckUtils]: 29: Hoare quadruple {10284#(= |setClientPrivateKey_#in~handle| 1)} {10242#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1088#return; {10227#false} is VALID
[2022-02-20 18:04:24,661 INFO  L290        TraceCheckUtils]: 30: Hoare triple {10227#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10227#false} is VALID
[2022-02-20 18:04:24,661 INFO  L272        TraceCheckUtils]: 31: Hoare triple {10227#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:24,661 INFO  L290        TraceCheckUtils]: 32: Hoare triple {10279#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,661 INFO  L290        TraceCheckUtils]: 33: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,661 INFO  L290        TraceCheckUtils]: 34: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,662 INFO  L284        TraceCheckUtils]: 35: Hoare quadruple {10226#true} {10227#false} #1090#return; {10227#false} is VALID
[2022-02-20 18:04:24,662 INFO  L290        TraceCheckUtils]: 36: Hoare triple {10227#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10227#false} is VALID
[2022-02-20 18:04:24,662 INFO  L272        TraceCheckUtils]: 37: Hoare triple {10227#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:24,662 INFO  L290        TraceCheckUtils]: 38: Hoare triple {10280#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,662 INFO  L290        TraceCheckUtils]: 39: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,662 INFO  L290        TraceCheckUtils]: 40: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,662 INFO  L284        TraceCheckUtils]: 41: Hoare quadruple {10226#true} {10227#false} #1092#return; {10227#false} is VALID
[2022-02-20 18:04:24,663 INFO  L290        TraceCheckUtils]: 42: Hoare triple {10227#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10227#false} is VALID
[2022-02-20 18:04:24,663 INFO  L290        TraceCheckUtils]: 43: Hoare triple {10227#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10227#false} is VALID
[2022-02-20 18:04:24,663 INFO  L290        TraceCheckUtils]: 44: Hoare triple {10227#false} assume !false; {10227#false} is VALID
[2022-02-20 18:04:24,663 INFO  L290        TraceCheckUtils]: 45: Hoare triple {10227#false} assume test_~splverifierCounter~0#1 < 4; {10227#false} is VALID
[2022-02-20 18:04:24,663 INFO  L290        TraceCheckUtils]: 46: Hoare triple {10227#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10227#false} is VALID
[2022-02-20 18:04:24,663 INFO  L290        TraceCheckUtils]: 47: Hoare triple {10227#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 48: Hoare triple {10227#false} assume !(0 != test_~tmp___9~0#1); {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 49: Hoare triple {10227#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 50: Hoare triple {10227#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 51: Hoare triple {10227#false} assume !false; {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 52: Hoare triple {10227#false} assume !(test_~splverifierCounter~0#1 < 4); {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 53: Hoare triple {10227#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L272        TraceCheckUtils]: 54: Hoare triple {10227#false} call sendEmail(~bob~0, ~rjh~0); {10227#false} is VALID
[2022-02-20 18:04:24,664 INFO  L290        TraceCheckUtils]: 55: Hoare triple {10227#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10227#false} is VALID
[2022-02-20 18:04:24,665 INFO  L272        TraceCheckUtils]: 56: Hoare triple {10227#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10285#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:24,665 INFO  L290        TraceCheckUtils]: 57: Hoare triple {10285#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,665 INFO  L290        TraceCheckUtils]: 58: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,665 INFO  L290        TraceCheckUtils]: 59: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,665 INFO  L284        TraceCheckUtils]: 60: Hoare quadruple {10226#true} {10227#false} #1068#return; {10227#false} is VALID
[2022-02-20 18:04:24,665 INFO  L272        TraceCheckUtils]: 61: Hoare triple {10227#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10286#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:24,665 INFO  L290        TraceCheckUtils]: 62: Hoare triple {10286#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,666 INFO  L290        TraceCheckUtils]: 63: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,666 INFO  L290        TraceCheckUtils]: 64: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,666 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {10226#true} {10227#false} #1070#return; {10227#false} is VALID
[2022-02-20 18:04:24,666 INFO  L290        TraceCheckUtils]: 66: Hoare triple {10227#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {10227#false} is VALID
[2022-02-20 18:04:24,666 INFO  L290        TraceCheckUtils]: 67: Hoare triple {10227#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {10227#false} is VALID
[2022-02-20 18:04:24,666 INFO  L272        TraceCheckUtils]: 68: Hoare triple {10227#false} call outgoing(~sender#1, ~email~0#1); {10227#false} is VALID
[2022-02-20 18:04:24,666 INFO  L290        TraceCheckUtils]: 69: Hoare triple {10227#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {10227#false} is VALID
[2022-02-20 18:04:24,667 INFO  L272        TraceCheckUtils]: 70: Hoare triple {10227#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {10226#true} is VALID
[2022-02-20 18:04:24,667 INFO  L290        TraceCheckUtils]: 71: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~19; {10226#true} is VALID
[2022-02-20 18:04:24,667 INFO  L290        TraceCheckUtils]: 72: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {10226#true} is VALID
[2022-02-20 18:04:24,667 INFO  L290        TraceCheckUtils]: 73: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,667 INFO  L284        TraceCheckUtils]: 74: Hoare quadruple {10226#true} {10227#false} #1028#return; {10227#false} is VALID
[2022-02-20 18:04:24,667 INFO  L290        TraceCheckUtils]: 75: Hoare triple {10227#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {10227#false} is VALID
[2022-02-20 18:04:24,667 INFO  L290        TraceCheckUtils]: 76: Hoare triple {10227#false} assume !(0 != ~size~0#1); {10227#false} is VALID
[2022-02-20 18:04:24,668 INFO  L272        TraceCheckUtils]: 77: Hoare triple {10227#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {10227#false} is VALID
[2022-02-20 18:04:24,668 INFO  L290        TraceCheckUtils]: 78: Hoare triple {10227#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {10227#false} is VALID
[2022-02-20 18:04:24,668 INFO  L272        TraceCheckUtils]: 79: Hoare triple {10227#false} call #t~ret34#1 := getEmailTo(~msg#1); {10226#true} is VALID
[2022-02-20 18:04:24,668 INFO  L290        TraceCheckUtils]: 80: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10226#true} is VALID
[2022-02-20 18:04:24,668 INFO  L290        TraceCheckUtils]: 81: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10226#true} is VALID
[2022-02-20 18:04:24,668 INFO  L290        TraceCheckUtils]: 82: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,668 INFO  L284        TraceCheckUtils]: 83: Hoare quadruple {10226#true} {10227#false} #1046#return; {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 84: Hoare triple {10227#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 85: Hoare triple {10227#false} assume 1 == findPublicKey_~handle#1; {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 86: Hoare triple {10227#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 87: Hoare triple {10227#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 88: Hoare triple {10227#false} assume !(0 != ~pubkey~0#1); {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 89: Hoare triple {10227#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {10227#false} is VALID
[2022-02-20 18:04:24,669 INFO  L290        TraceCheckUtils]: 90: Hoare triple {10227#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {10227#false} is VALID
[2022-02-20 18:04:24,670 INFO  L290        TraceCheckUtils]: 91: Hoare triple {10227#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {10227#false} is VALID
[2022-02-20 18:04:24,670 INFO  L272        TraceCheckUtils]: 92: Hoare triple {10227#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {10285#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:24,670 INFO  L290        TraceCheckUtils]: 93: Hoare triple {10285#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:24,670 INFO  L290        TraceCheckUtils]: 94: Hoare triple {10226#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:24,670 INFO  L290        TraceCheckUtils]: 95: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,670 INFO  L284        TraceCheckUtils]: 96: Hoare quadruple {10226#true} {10227#false} #1052#return; {10227#false} is VALID
[2022-02-20 18:04:24,670 INFO  L290        TraceCheckUtils]: 97: Hoare triple {10227#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {10227#false} is VALID
[2022-02-20 18:04:24,671 INFO  L290        TraceCheckUtils]: 98: Hoare triple {10227#false} assume 0 != ~in_encrypted~0; {10227#false} is VALID
[2022-02-20 18:04:24,671 INFO  L272        TraceCheckUtils]: 99: Hoare triple {10227#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10226#true} is VALID
[2022-02-20 18:04:24,671 INFO  L290        TraceCheckUtils]: 100: Hoare triple {10226#true} ~handle := #in~handle;havoc ~retValue_acc~39; {10226#true} is VALID
[2022-02-20 18:04:24,671 INFO  L290        TraceCheckUtils]: 101: Hoare triple {10226#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10226#true} is VALID
[2022-02-20 18:04:24,671 INFO  L290        TraceCheckUtils]: 102: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:24,671 INFO  L284        TraceCheckUtils]: 103: Hoare quadruple {10226#true} {10227#false} #1054#return; {10227#false} is VALID
[2022-02-20 18:04:24,672 INFO  L290        TraceCheckUtils]: 104: Hoare triple {10227#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {10227#false} is VALID
[2022-02-20 18:04:24,672 INFO  L290        TraceCheckUtils]: 105: Hoare triple {10227#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {10227#false} is VALID
[2022-02-20 18:04:24,672 INFO  L290        TraceCheckUtils]: 106: Hoare triple {10227#false} assume !false; {10227#false} is VALID
[2022-02-20 18:04:24,672 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked.
[2022-02-20 18:04:24,672 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:24,673 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1104507810]
[2022-02-20 18:04:24,673 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1104507810] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 18:04:24,673 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1350134476]
[2022-02-20 18:04:24,673 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:24,673 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:24,673 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:04:24,675 INFO  L229       MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 18:04:24,699 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process
[2022-02-20 18:04:24,899 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,903 INFO  L263         TraceCheckSpWp]: Trace formula consists of 1021 conjuncts, 6 conjunts are in the unsatisfiable core
[2022-02-20 18:04:24,949 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:24,952 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 18:04:25,262 INFO  L290        TraceCheckUtils]: 0: Hoare triple {10226#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L290        TraceCheckUtils]: 1: Hoare triple {10226#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L290        TraceCheckUtils]: 2: Hoare triple {10226#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L290        TraceCheckUtils]: 3: Hoare triple {10226#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L290        TraceCheckUtils]: 4: Hoare triple {10226#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L290        TraceCheckUtils]: 5: Hoare triple {10226#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L272        TraceCheckUtils]: 6: Hoare triple {10226#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10226#true} is VALID
[2022-02-20 18:04:25,263 INFO  L290        TraceCheckUtils]: 7: Hoare triple {10226#true} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L290        TraceCheckUtils]: 8: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L290        TraceCheckUtils]: 9: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {10226#true} {10226#true} #1082#return; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L290        TraceCheckUtils]: 11: Hoare triple {10226#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L272        TraceCheckUtils]: 12: Hoare triple {10226#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L290        TraceCheckUtils]: 13: Hoare triple {10226#true} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L290        TraceCheckUtils]: 14: Hoare triple {10226#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:25,264 INFO  L290        TraceCheckUtils]: 15: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:25,265 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {10226#true} {10226#true} #1084#return; {10226#true} is VALID
[2022-02-20 18:04:25,265 INFO  L290        TraceCheckUtils]: 17: Hoare triple {10226#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID
[2022-02-20 18:04:25,265 INFO  L272        TraceCheckUtils]: 18: Hoare triple {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10226#true} is VALID
[2022-02-20 18:04:25,266 INFO  L290        TraceCheckUtils]: 19: Hoare triple {10226#true} ~handle := #in~handle;~value := #in~value; {10226#true} is VALID
[2022-02-20 18:04:25,266 INFO  L290        TraceCheckUtils]: 20: Hoare triple {10226#true} assume !(1 == ~handle); {10226#true} is VALID
[2022-02-20 18:04:25,266 INFO  L290        TraceCheckUtils]: 21: Hoare triple {10226#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10226#true} is VALID
[2022-02-20 18:04:25,266 INFO  L290        TraceCheckUtils]: 22: Hoare triple {10226#true} assume true; {10226#true} is VALID
[2022-02-20 18:04:25,267 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {10226#true} {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1086#return; {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID
[2022-02-20 18:04:25,267 INFO  L290        TraceCheckUtils]: 24: Hoare triple {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID
[2022-02-20 18:04:25,267 INFO  L272        TraceCheckUtils]: 25: Hoare triple {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10226#true} is VALID
[2022-02-20 18:04:25,268 INFO  L290        TraceCheckUtils]: 26: Hoare triple {10226#true} ~handle := #in~handle;~value := #in~value; {10369#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID
[2022-02-20 18:04:25,268 INFO  L290        TraceCheckUtils]: 27: Hoare triple {10369#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10373#(<= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:25,269 INFO  L290        TraceCheckUtils]: 28: Hoare triple {10373#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10373#(<= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:25,269 INFO  L284        TraceCheckUtils]: 29: Hoare quadruple {10373#(<= |setClientPrivateKey_#in~handle| 1)} {10341#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1088#return; {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L290        TraceCheckUtils]: 30: Hoare triple {10227#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L272        TraceCheckUtils]: 31: Hoare triple {10227#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L290        TraceCheckUtils]: 32: Hoare triple {10227#false} ~handle := #in~handle;~value := #in~value; {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L290        TraceCheckUtils]: 33: Hoare triple {10227#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L290        TraceCheckUtils]: 34: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L284        TraceCheckUtils]: 35: Hoare quadruple {10227#false} {10227#false} #1090#return; {10227#false} is VALID
[2022-02-20 18:04:25,270 INFO  L290        TraceCheckUtils]: 36: Hoare triple {10227#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L272        TraceCheckUtils]: 37: Hoare triple {10227#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L290        TraceCheckUtils]: 38: Hoare triple {10227#false} ~handle := #in~handle;~value := #in~value; {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L290        TraceCheckUtils]: 39: Hoare triple {10227#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L290        TraceCheckUtils]: 40: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L284        TraceCheckUtils]: 41: Hoare quadruple {10227#false} {10227#false} #1092#return; {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L290        TraceCheckUtils]: 42: Hoare triple {10227#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10227#false} is VALID
[2022-02-20 18:04:25,271 INFO  L290        TraceCheckUtils]: 43: Hoare triple {10227#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 44: Hoare triple {10227#false} assume !false; {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 45: Hoare triple {10227#false} assume test_~splverifierCounter~0#1 < 4; {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 46: Hoare triple {10227#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 47: Hoare triple {10227#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 48: Hoare triple {10227#false} assume !(0 != test_~tmp___9~0#1); {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 49: Hoare triple {10227#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {10227#false} is VALID
[2022-02-20 18:04:25,272 INFO  L290        TraceCheckUtils]: 50: Hoare triple {10227#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L290        TraceCheckUtils]: 51: Hoare triple {10227#false} assume !false; {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L290        TraceCheckUtils]: 52: Hoare triple {10227#false} assume !(test_~splverifierCounter~0#1 < 4); {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L290        TraceCheckUtils]: 53: Hoare triple {10227#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L272        TraceCheckUtils]: 54: Hoare triple {10227#false} call sendEmail(~bob~0, ~rjh~0); {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L290        TraceCheckUtils]: 55: Hoare triple {10227#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L272        TraceCheckUtils]: 56: Hoare triple {10227#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L290        TraceCheckUtils]: 57: Hoare triple {10227#false} ~handle := #in~handle;~value := #in~value; {10227#false} is VALID
[2022-02-20 18:04:25,273 INFO  L290        TraceCheckUtils]: 58: Hoare triple {10227#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L290        TraceCheckUtils]: 59: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L284        TraceCheckUtils]: 60: Hoare quadruple {10227#false} {10227#false} #1068#return; {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L272        TraceCheckUtils]: 61: Hoare triple {10227#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L290        TraceCheckUtils]: 62: Hoare triple {10227#false} ~handle := #in~handle;~value := #in~value; {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L290        TraceCheckUtils]: 63: Hoare triple {10227#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L290        TraceCheckUtils]: 64: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,274 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {10227#false} {10227#false} #1070#return; {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L290        TraceCheckUtils]: 66: Hoare triple {10227#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L290        TraceCheckUtils]: 67: Hoare triple {10227#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L272        TraceCheckUtils]: 68: Hoare triple {10227#false} call outgoing(~sender#1, ~email~0#1); {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L290        TraceCheckUtils]: 69: Hoare triple {10227#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L272        TraceCheckUtils]: 70: Hoare triple {10227#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L290        TraceCheckUtils]: 71: Hoare triple {10227#false} ~handle := #in~handle;havoc ~retValue_acc~19; {10227#false} is VALID
[2022-02-20 18:04:25,275 INFO  L290        TraceCheckUtils]: 72: Hoare triple {10227#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L290        TraceCheckUtils]: 73: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L284        TraceCheckUtils]: 74: Hoare quadruple {10227#false} {10227#false} #1028#return; {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L290        TraceCheckUtils]: 75: Hoare triple {10227#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L290        TraceCheckUtils]: 76: Hoare triple {10227#false} assume !(0 != ~size~0#1); {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L272        TraceCheckUtils]: 77: Hoare triple {10227#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L290        TraceCheckUtils]: 78: Hoare triple {10227#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {10227#false} is VALID
[2022-02-20 18:04:25,276 INFO  L272        TraceCheckUtils]: 79: Hoare triple {10227#false} call #t~ret34#1 := getEmailTo(~msg#1); {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 80: Hoare triple {10227#false} ~handle := #in~handle;havoc ~retValue_acc~36; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 81: Hoare triple {10227#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 82: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L284        TraceCheckUtils]: 83: Hoare quadruple {10227#false} {10227#false} #1046#return; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 84: Hoare triple {10227#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 85: Hoare triple {10227#false} assume 1 == findPublicKey_~handle#1; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 86: Hoare triple {10227#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {10227#false} is VALID
[2022-02-20 18:04:25,277 INFO  L290        TraceCheckUtils]: 87: Hoare triple {10227#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L290        TraceCheckUtils]: 88: Hoare triple {10227#false} assume !(0 != ~pubkey~0#1); {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L290        TraceCheckUtils]: 89: Hoare triple {10227#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L290        TraceCheckUtils]: 90: Hoare triple {10227#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L290        TraceCheckUtils]: 91: Hoare triple {10227#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L272        TraceCheckUtils]: 92: Hoare triple {10227#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L290        TraceCheckUtils]: 93: Hoare triple {10227#false} ~handle := #in~handle;~value := #in~value; {10227#false} is VALID
[2022-02-20 18:04:25,278 INFO  L290        TraceCheckUtils]: 94: Hoare triple {10227#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L290        TraceCheckUtils]: 95: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L284        TraceCheckUtils]: 96: Hoare quadruple {10227#false} {10227#false} #1052#return; {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L290        TraceCheckUtils]: 97: Hoare triple {10227#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L290        TraceCheckUtils]: 98: Hoare triple {10227#false} assume 0 != ~in_encrypted~0; {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L272        TraceCheckUtils]: 99: Hoare triple {10227#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L290        TraceCheckUtils]: 100: Hoare triple {10227#false} ~handle := #in~handle;havoc ~retValue_acc~39; {10227#false} is VALID
[2022-02-20 18:04:25,279 INFO  L290        TraceCheckUtils]: 101: Hoare triple {10227#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10227#false} is VALID
[2022-02-20 18:04:25,280 INFO  L290        TraceCheckUtils]: 102: Hoare triple {10227#false} assume true; {10227#false} is VALID
[2022-02-20 18:04:25,280 INFO  L284        TraceCheckUtils]: 103: Hoare quadruple {10227#false} {10227#false} #1054#return; {10227#false} is VALID
[2022-02-20 18:04:25,280 INFO  L290        TraceCheckUtils]: 104: Hoare triple {10227#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {10227#false} is VALID
[2022-02-20 18:04:25,280 INFO  L290        TraceCheckUtils]: 105: Hoare triple {10227#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {10227#false} is VALID
[2022-02-20 18:04:25,280 INFO  L290        TraceCheckUtils]: 106: Hoare triple {10227#false} assume !false; {10227#false} is VALID
[2022-02-20 18:04:25,281 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked.
[2022-02-20 18:04:25,281 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 18:04:25,281 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [1350134476] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:25,281 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 18:04:25,281 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15
[2022-02-20 18:04:25,281 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1388609216]
[2022-02-20 18:04:25,282 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:25,282 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107
[2022-02-20 18:04:25,282 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:25,283 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:25,360 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:25,360 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 5 states
[2022-02-20 18:04:25,360 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:25,360 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants.
[2022-02-20 18:04:25,361 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210
[2022-02-20 18:04:25,361 INFO  L87              Difference]: Start difference. First operand 402 states and 631 transitions. Second operand  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:26,433 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:26,433 INFO  L93              Difference]: Finished difference Result 793 states and 1251 transitions.
[2022-02-20 18:04:26,433 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. 
[2022-02-20 18:04:26,434 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107
[2022-02-20 18:04:26,434 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:26,434 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:26,443 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1023 transitions.
[2022-02-20 18:04:26,444 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:26,453 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1023 transitions.
[2022-02-20 18:04:26,453 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1023 transitions.
[2022-02-20 18:04:27,143 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1023 edges. 1023 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:27,157 INFO  L225             Difference]: With dead ends: 793
[2022-02-20 18:04:27,157 INFO  L226             Difference]: Without dead ends: 404
[2022-02-20 18:04:27,159 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240
[2022-02-20 18:04:27,160 INFO  L933         BasicCegarLoop]: 506 mSDtfsCounter, 143 mSDsluCounter, 1349 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 166 SdHoareTripleChecker+Valid, 1855 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:27,160 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [166 Valid, 1855 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time]
[2022-02-20 18:04:27,161 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 404 states.
[2022-02-20 18:04:27,248 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 404 to 404.
[2022-02-20 18:04:27,248 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:27,250 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 404 states. Second operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:04:27,251 INFO  L74              IsIncluded]: Start isIncluded. First operand 404 states. Second operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:04:27,252 INFO  L87              Difference]: Start difference. First operand 404 states. Second operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:04:27,266 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:27,266 INFO  L93              Difference]: Finished difference Result 404 states and 637 transitions.
[2022-02-20 18:04:27,266 INFO  L276                IsEmpty]: Start isEmpty. Operand 404 states and 637 transitions.
[2022-02-20 18:04:27,268 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:27,268 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:27,269 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 404 states.
[2022-02-20 18:04:27,270 INFO  L87              Difference]: Start difference. First operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 404 states.
[2022-02-20 18:04:27,285 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:27,286 INFO  L93              Difference]: Finished difference Result 404 states and 637 transitions.
[2022-02-20 18:04:27,286 INFO  L276                IsEmpty]: Start isEmpty. Operand 404 states and 637 transitions.
[2022-02-20 18:04:27,287 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:27,287 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:27,288 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:27,288 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:27,289 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:04:27,315 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 404 states to 404 states and 637 transitions.
[2022-02-20 18:04:27,315 INFO  L78                 Accepts]: Start accepts. Automaton has 404 states and 637 transitions. Word has length 107
[2022-02-20 18:04:27,315 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:27,316 INFO  L470      AbstractCegarLoop]: Abstraction has 404 states and 637 transitions.
[2022-02-20 18:04:27,316 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:27,316 INFO  L276                IsEmpty]: Start isEmpty. Operand 404 states and 637 transitions.
[2022-02-20 18:04:27,318 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 109
[2022-02-20 18:04:27,318 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:27,318 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:27,344 INFO  L552       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0
[2022-02-20 18:04:27,543 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:04:27,543 INFO  L402      AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:27,544 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:27,544 INFO  L85        PathProgramCache]: Analyzing trace with hash 1770342286, now seen corresponding path program 1 times
[2022-02-20 18:04:27,544 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:27,544 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [527780864]
[2022-02-20 18:04:27,544 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:27,544 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:27,581 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,621 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:27,623 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,628 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,629 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,629 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,629 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13072#true} #1082#return; {13072#true} is VALID
[2022-02-20 18:04:27,634 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:27,636 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,638 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,638 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,639 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,639 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13072#true} #1084#return; {13072#true} is VALID
[2022-02-20 18:04:27,639 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:27,641 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,643 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,643 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume !(1 == ~handle); {13072#true} is VALID
[2022-02-20 18:04:27,643 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,643 INFO  L290        TraceCheckUtils]: 3: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,644 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {13072#true} {13072#true} #1086#return; {13072#true} is VALID
[2022-02-20 18:04:27,644 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:04:27,647 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,649 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,650 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume !(1 == ~handle); {13072#true} is VALID
[2022-02-20 18:04:27,650 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,650 INFO  L290        TraceCheckUtils]: 3: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,650 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {13072#true} {13072#true} #1088#return; {13072#true} is VALID
[2022-02-20 18:04:27,651 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 18:04:27,653 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,666 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13127#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:27,667 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13127#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13128#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:27,667 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13128#(= |setClientId_#in~handle| 1)} assume true; {13128#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:27,668 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13128#(= |setClientId_#in~handle| 1)} {13092#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {13073#false} is VALID
[2022-02-20 18:04:27,668 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38
[2022-02-20 18:04:27,670 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,673 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,673 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,673 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,674 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1092#return; {13073#false} is VALID
[2022-02-20 18:04:27,680 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57
[2022-02-20 18:04:27,682 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,684 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13129#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,685 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,685 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,685 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1068#return; {13073#false} is VALID
[2022-02-20 18:04:27,692 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62
[2022-02-20 18:04:27,694 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,696 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13130#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,696 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,697 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,697 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1070#return; {13073#false} is VALID
[2022-02-20 18:04:27,697 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71
[2022-02-20 18:04:27,698 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,700 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13072#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13072#true} is VALID
[2022-02-20 18:04:27,700 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {13072#true} is VALID
[2022-02-20 18:04:27,700 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,700 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1028#return; {13073#false} is VALID
[2022-02-20 18:04:27,701 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80
[2022-02-20 18:04:27,702 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,704 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13072#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13072#true} is VALID
[2022-02-20 18:04:27,704 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13072#true} is VALID
[2022-02-20 18:04:27,704 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,704 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1046#return; {13073#false} is VALID
[2022-02-20 18:04:27,705 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93
[2022-02-20 18:04:27,706 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,708 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13129#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,708 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,708 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,708 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1052#return; {13073#false} is VALID
[2022-02-20 18:04:27,708 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100
[2022-02-20 18:04:27,711 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:27,714 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13072#true} ~handle := #in~handle;havoc ~retValue_acc~39; {13072#true} is VALID
[2022-02-20 18:04:27,714 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13072#true} is VALID
[2022-02-20 18:04:27,714 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,714 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {13072#true} {13073#false} #1054#return; {13073#false} is VALID
[2022-02-20 18:04:27,714 INFO  L290        TraceCheckUtils]: 0: Hoare triple {13072#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {13072#true} is VALID
[2022-02-20 18:04:27,715 INFO  L290        TraceCheckUtils]: 1: Hoare triple {13072#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {13072#true} is VALID
[2022-02-20 18:04:27,715 INFO  L290        TraceCheckUtils]: 2: Hoare triple {13072#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13072#true} is VALID
[2022-02-20 18:04:27,715 INFO  L290        TraceCheckUtils]: 3: Hoare triple {13072#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {13072#true} is VALID
[2022-02-20 18:04:27,715 INFO  L290        TraceCheckUtils]: 4: Hoare triple {13072#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {13072#true} is VALID
[2022-02-20 18:04:27,715 INFO  L290        TraceCheckUtils]: 5: Hoare triple {13072#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13072#true} is VALID
[2022-02-20 18:04:27,716 INFO  L272        TraceCheckUtils]: 6: Hoare triple {13072#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:27,716 INFO  L290        TraceCheckUtils]: 7: Hoare triple {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,716 INFO  L290        TraceCheckUtils]: 8: Hoare triple {13072#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,716 INFO  L290        TraceCheckUtils]: 9: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,716 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {13072#true} {13072#true} #1082#return; {13072#true} is VALID
[2022-02-20 18:04:27,717 INFO  L290        TraceCheckUtils]: 11: Hoare triple {13072#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13072#true} is VALID
[2022-02-20 18:04:27,717 INFO  L272        TraceCheckUtils]: 12: Hoare triple {13072#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:27,717 INFO  L290        TraceCheckUtils]: 13: Hoare triple {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,718 INFO  L290        TraceCheckUtils]: 14: Hoare triple {13072#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,718 INFO  L290        TraceCheckUtils]: 15: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,718 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {13072#true} {13072#true} #1084#return; {13072#true} is VALID
[2022-02-20 18:04:27,718 INFO  L290        TraceCheckUtils]: 17: Hoare triple {13072#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13072#true} is VALID
[2022-02-20 18:04:27,719 INFO  L272        TraceCheckUtils]: 18: Hoare triple {13072#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:27,719 INFO  L290        TraceCheckUtils]: 19: Hoare triple {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,719 INFO  L290        TraceCheckUtils]: 20: Hoare triple {13072#true} assume !(1 == ~handle); {13072#true} is VALID
[2022-02-20 18:04:27,719 INFO  L290        TraceCheckUtils]: 21: Hoare triple {13072#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,719 INFO  L290        TraceCheckUtils]: 22: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,719 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {13072#true} {13072#true} #1086#return; {13072#true} is VALID
[2022-02-20 18:04:27,719 INFO  L290        TraceCheckUtils]: 24: Hoare triple {13072#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13072#true} is VALID
[2022-02-20 18:04:27,720 INFO  L272        TraceCheckUtils]: 25: Hoare triple {13072#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:27,720 INFO  L290        TraceCheckUtils]: 26: Hoare triple {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,720 INFO  L290        TraceCheckUtils]: 27: Hoare triple {13072#true} assume !(1 == ~handle); {13072#true} is VALID
[2022-02-20 18:04:27,721 INFO  L290        TraceCheckUtils]: 28: Hoare triple {13072#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,721 INFO  L290        TraceCheckUtils]: 29: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,721 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {13072#true} {13072#true} #1088#return; {13072#true} is VALID
[2022-02-20 18:04:27,721 INFO  L290        TraceCheckUtils]: 31: Hoare triple {13072#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13092#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 18:04:27,722 INFO  L272        TraceCheckUtils]: 32: Hoare triple {13092#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:27,722 INFO  L290        TraceCheckUtils]: 33: Hoare triple {13125#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13127#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:27,723 INFO  L290        TraceCheckUtils]: 34: Hoare triple {13127#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13128#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:27,723 INFO  L290        TraceCheckUtils]: 35: Hoare triple {13128#(= |setClientId_#in~handle| 1)} assume true; {13128#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 18:04:27,724 INFO  L284        TraceCheckUtils]: 36: Hoare quadruple {13128#(= |setClientId_#in~handle| 1)} {13092#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {13073#false} is VALID
[2022-02-20 18:04:27,724 INFO  L290        TraceCheckUtils]: 37: Hoare triple {13073#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13073#false} is VALID
[2022-02-20 18:04:27,724 INFO  L272        TraceCheckUtils]: 38: Hoare triple {13073#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:27,724 INFO  L290        TraceCheckUtils]: 39: Hoare triple {13126#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,724 INFO  L290        TraceCheckUtils]: 40: Hoare triple {13072#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,724 INFO  L290        TraceCheckUtils]: 41: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,724 INFO  L284        TraceCheckUtils]: 42: Hoare quadruple {13072#true} {13073#false} #1092#return; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 43: Hoare triple {13073#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 44: Hoare triple {13073#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 45: Hoare triple {13073#false} assume !false; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 46: Hoare triple {13073#false} assume test_~splverifierCounter~0#1 < 4; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 47: Hoare triple {13073#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 48: Hoare triple {13073#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 49: Hoare triple {13073#false} assume !(0 != test_~tmp___9~0#1); {13073#false} is VALID
[2022-02-20 18:04:27,725 INFO  L290        TraceCheckUtils]: 50: Hoare triple {13073#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L290        TraceCheckUtils]: 51: Hoare triple {13073#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L290        TraceCheckUtils]: 52: Hoare triple {13073#false} assume !false; {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L290        TraceCheckUtils]: 53: Hoare triple {13073#false} assume !(test_~splverifierCounter~0#1 < 4); {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L290        TraceCheckUtils]: 54: Hoare triple {13073#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L272        TraceCheckUtils]: 55: Hoare triple {13073#false} call sendEmail(~bob~0, ~rjh~0); {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L290        TraceCheckUtils]: 56: Hoare triple {13073#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13073#false} is VALID
[2022-02-20 18:04:27,726 INFO  L272        TraceCheckUtils]: 57: Hoare triple {13073#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13129#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:27,727 INFO  L290        TraceCheckUtils]: 58: Hoare triple {13129#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,727 INFO  L290        TraceCheckUtils]: 59: Hoare triple {13072#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,727 INFO  L290        TraceCheckUtils]: 60: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,727 INFO  L284        TraceCheckUtils]: 61: Hoare quadruple {13072#true} {13073#false} #1068#return; {13073#false} is VALID
[2022-02-20 18:04:27,727 INFO  L272        TraceCheckUtils]: 62: Hoare triple {13073#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13130#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:27,727 INFO  L290        TraceCheckUtils]: 63: Hoare triple {13130#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,727 INFO  L290        TraceCheckUtils]: 64: Hoare triple {13072#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,728 INFO  L290        TraceCheckUtils]: 65: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,728 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {13072#true} {13073#false} #1070#return; {13073#false} is VALID
[2022-02-20 18:04:27,728 INFO  L290        TraceCheckUtils]: 67: Hoare triple {13073#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {13073#false} is VALID
[2022-02-20 18:04:27,728 INFO  L290        TraceCheckUtils]: 68: Hoare triple {13073#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {13073#false} is VALID
[2022-02-20 18:04:27,728 INFO  L272        TraceCheckUtils]: 69: Hoare triple {13073#false} call outgoing(~sender#1, ~email~0#1); {13073#false} is VALID
[2022-02-20 18:04:27,728 INFO  L290        TraceCheckUtils]: 70: Hoare triple {13073#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {13073#false} is VALID
[2022-02-20 18:04:27,728 INFO  L272        TraceCheckUtils]: 71: Hoare triple {13073#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {13072#true} is VALID
[2022-02-20 18:04:27,729 INFO  L290        TraceCheckUtils]: 72: Hoare triple {13072#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13072#true} is VALID
[2022-02-20 18:04:27,729 INFO  L290        TraceCheckUtils]: 73: Hoare triple {13072#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {13072#true} is VALID
[2022-02-20 18:04:27,729 INFO  L290        TraceCheckUtils]: 74: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,729 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {13072#true} {13073#false} #1028#return; {13073#false} is VALID
[2022-02-20 18:04:27,729 INFO  L290        TraceCheckUtils]: 76: Hoare triple {13073#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {13073#false} is VALID
[2022-02-20 18:04:27,729 INFO  L290        TraceCheckUtils]: 77: Hoare triple {13073#false} assume !(0 != ~size~0#1); {13073#false} is VALID
[2022-02-20 18:04:27,729 INFO  L272        TraceCheckUtils]: 78: Hoare triple {13073#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {13073#false} is VALID
[2022-02-20 18:04:27,729 INFO  L290        TraceCheckUtils]: 79: Hoare triple {13073#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {13073#false} is VALID
[2022-02-20 18:04:27,730 INFO  L272        TraceCheckUtils]: 80: Hoare triple {13073#false} call #t~ret34#1 := getEmailTo(~msg#1); {13072#true} is VALID
[2022-02-20 18:04:27,730 INFO  L290        TraceCheckUtils]: 81: Hoare triple {13072#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13072#true} is VALID
[2022-02-20 18:04:27,730 INFO  L290        TraceCheckUtils]: 82: Hoare triple {13072#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13072#true} is VALID
[2022-02-20 18:04:27,730 INFO  L290        TraceCheckUtils]: 83: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,730 INFO  L284        TraceCheckUtils]: 84: Hoare quadruple {13072#true} {13073#false} #1046#return; {13073#false} is VALID
[2022-02-20 18:04:27,730 INFO  L290        TraceCheckUtils]: 85: Hoare triple {13073#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {13073#false} is VALID
[2022-02-20 18:04:27,730 INFO  L290        TraceCheckUtils]: 86: Hoare triple {13073#false} assume 1 == findPublicKey_~handle#1; {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L290        TraceCheckUtils]: 87: Hoare triple {13073#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L290        TraceCheckUtils]: 88: Hoare triple {13073#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L290        TraceCheckUtils]: 89: Hoare triple {13073#false} assume !(0 != ~pubkey~0#1); {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L290        TraceCheckUtils]: 90: Hoare triple {13073#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L290        TraceCheckUtils]: 91: Hoare triple {13073#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L290        TraceCheckUtils]: 92: Hoare triple {13073#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {13073#false} is VALID
[2022-02-20 18:04:27,731 INFO  L272        TraceCheckUtils]: 93: Hoare triple {13073#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {13129#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:27,732 INFO  L290        TraceCheckUtils]: 94: Hoare triple {13129#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13072#true} is VALID
[2022-02-20 18:04:27,732 INFO  L290        TraceCheckUtils]: 95: Hoare triple {13072#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13072#true} is VALID
[2022-02-20 18:04:27,732 INFO  L290        TraceCheckUtils]: 96: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,732 INFO  L284        TraceCheckUtils]: 97: Hoare quadruple {13072#true} {13073#false} #1052#return; {13073#false} is VALID
[2022-02-20 18:04:27,732 INFO  L290        TraceCheckUtils]: 98: Hoare triple {13073#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {13073#false} is VALID
[2022-02-20 18:04:27,732 INFO  L290        TraceCheckUtils]: 99: Hoare triple {13073#false} assume 0 != ~in_encrypted~0; {13073#false} is VALID
[2022-02-20 18:04:27,732 INFO  L272        TraceCheckUtils]: 100: Hoare triple {13073#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {13072#true} is VALID
[2022-02-20 18:04:27,732 INFO  L290        TraceCheckUtils]: 101: Hoare triple {13072#true} ~handle := #in~handle;havoc ~retValue_acc~39; {13072#true} is VALID
[2022-02-20 18:04:27,733 INFO  L290        TraceCheckUtils]: 102: Hoare triple {13072#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13072#true} is VALID
[2022-02-20 18:04:27,733 INFO  L290        TraceCheckUtils]: 103: Hoare triple {13072#true} assume true; {13072#true} is VALID
[2022-02-20 18:04:27,733 INFO  L284        TraceCheckUtils]: 104: Hoare quadruple {13072#true} {13073#false} #1054#return; {13073#false} is VALID
[2022-02-20 18:04:27,733 INFO  L290        TraceCheckUtils]: 105: Hoare triple {13073#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {13073#false} is VALID
[2022-02-20 18:04:27,733 INFO  L290        TraceCheckUtils]: 106: Hoare triple {13073#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {13073#false} is VALID
[2022-02-20 18:04:27,733 INFO  L290        TraceCheckUtils]: 107: Hoare triple {13073#false} assume !false; {13073#false} is VALID
[2022-02-20 18:04:27,734 INFO  L134       CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked.
[2022-02-20 18:04:27,734 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:27,734 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [527780864]
[2022-02-20 18:04:27,734 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [527780864] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:27,734 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 18:04:27,734 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9
[2022-02-20 18:04:27,735 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1069795649]
[2022-02-20 18:04:27,735 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:27,735 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108
[2022-02-20 18:04:27,736 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:27,736 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:27,807 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:27,807 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 9 states
[2022-02-20 18:04:27,807 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:27,808 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants.
[2022-02-20 18:04:27,808 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 18:04:27,808 INFO  L87              Difference]: Start difference. First operand 404 states and 637 transitions. Second operand  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:34,614 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:34,615 INFO  L93              Difference]: Finished difference Result 867 states and 1386 transitions.
[2022-02-20 18:04:34,615 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. 
[2022-02-20 18:04:34,615 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108
[2022-02-20 18:04:34,615 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:34,616 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:34,628 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1150 transitions.
[2022-02-20 18:04:34,628 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:34,640 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1150 transitions.
[2022-02-20 18:04:34,641 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1150 transitions.
[2022-02-20 18:04:35,672 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1150 edges. 1150 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:35,710 INFO  L225             Difference]: With dead ends: 867
[2022-02-20 18:04:35,710 INFO  L226             Difference]: Without dead ends: 486
[2022-02-20 18:04:35,712 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272
[2022-02-20 18:04:35,712 INFO  L933         BasicCegarLoop]: 553 mSDtfsCounter, 1206 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1737 mSolverCounterSat, 411 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1226 SdHoareTripleChecker+Valid, 1491 SdHoareTripleChecker+Invalid, 2148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 411 IncrementalHoareTripleChecker+Valid, 1737 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:35,713 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1226 Valid, 1491 Invalid, 2148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [411 Valid, 1737 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time]
[2022-02-20 18:04:35,713 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 486 states.
[2022-02-20 18:04:35,817 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 486 to 404.
[2022-02-20 18:04:35,817 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:35,819 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 486 states. Second operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71)
[2022-02-20 18:04:35,820 INFO  L74              IsIncluded]: Start isIncluded. First operand 486 states. Second operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71)
[2022-02-20 18:04:35,821 INFO  L87              Difference]: Start difference. First operand 486 states. Second operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71)
[2022-02-20 18:04:35,839 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:35,839 INFO  L93              Difference]: Finished difference Result 486 states and 780 transitions.
[2022-02-20 18:04:35,840 INFO  L276                IsEmpty]: Start isEmpty. Operand 486 states and 780 transitions.
[2022-02-20 18:04:35,842 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:35,843 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:35,844 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) Second operand 486 states.
[2022-02-20 18:04:35,845 INFO  L87              Difference]: Start difference. First operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) Second operand 486 states.
[2022-02-20 18:04:35,864 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:35,864 INFO  L93              Difference]: Finished difference Result 486 states and 780 transitions.
[2022-02-20 18:04:35,864 INFO  L276                IsEmpty]: Start isEmpty. Operand 486 states and 780 transitions.
[2022-02-20 18:04:35,868 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:35,868 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:35,868 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:35,868 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:35,870 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 404 states, 314 states have (on average 1.589171974522293) internal successors, (499), 320 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71)
[2022-02-20 18:04:35,884 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 404 states to 404 states and 636 transitions.
[2022-02-20 18:04:35,885 INFO  L78                 Accepts]: Start accepts. Automaton has 404 states and 636 transitions. Word has length 108
[2022-02-20 18:04:35,885 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:35,886 INFO  L470      AbstractCegarLoop]: Abstraction has 404 states and 636 transitions.
[2022-02-20 18:04:35,886 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:35,886 INFO  L276                IsEmpty]: Start isEmpty. Operand 404 states and 636 transitions.
[2022-02-20 18:04:35,890 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 110
[2022-02-20 18:04:35,890 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:35,890 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:35,890 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5
[2022-02-20 18:04:35,891 INFO  L402      AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:35,891 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:35,891 INFO  L85        PathProgramCache]: Analyzing trace with hash 954565969, now seen corresponding path program 2 times
[2022-02-20 18:04:35,891 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:35,891 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1049989439]
[2022-02-20 18:04:35,892 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:35,892 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:35,924 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:35,952 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:35,954 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:35,956 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:35,956 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:35,956 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:35,957 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15883#true} #1082#return; {15883#true} is VALID
[2022-02-20 18:04:35,962 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:35,966 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:35,970 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:35,970 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:35,970 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:35,970 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15883#true} #1084#return; {15883#true} is VALID
[2022-02-20 18:04:35,971 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:35,973 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:35,975 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:35,975 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume !(1 == ~handle); {15883#true} is VALID
[2022-02-20 18:04:35,975 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:35,988 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:35,989 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {15883#true} {15883#true} #1086#return; {15883#true} is VALID
[2022-02-20 18:04:35,989 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:04:35,991 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:35,993 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:35,994 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume !(1 == ~handle); {15883#true} is VALID
[2022-02-20 18:04:35,994 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:35,994 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:35,994 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {15883#true} {15883#true} #1088#return; {15883#true} is VALID
[2022-02-20 18:04:35,994 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 18:04:35,997 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,011 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15939#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,012 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15939#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15939#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,012 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15939#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15940#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,012 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15940#(= 2 |setClientId_#in~handle|)} assume true; {15940#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,013 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {15940#(= 2 |setClientId_#in~handle|)} {15903#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {15884#false} is VALID
[2022-02-20 18:04:36,013 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39
[2022-02-20 18:04:36,015 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,018 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,019 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,019 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,019 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1092#return; {15884#false} is VALID
[2022-02-20 18:04:36,025 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58
[2022-02-20 18:04:36,026 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,029 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15941#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,029 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,029 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,029 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1068#return; {15884#false} is VALID
[2022-02-20 18:04:36,036 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63
[2022-02-20 18:04:36,037 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,040 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15942#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,041 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,041 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,041 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1070#return; {15884#false} is VALID
[2022-02-20 18:04:36,041 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72
[2022-02-20 18:04:36,042 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,044 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15883#true} ~handle := #in~handle;havoc ~retValue_acc~19; {15883#true} is VALID
[2022-02-20 18:04:36,045 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {15883#true} is VALID
[2022-02-20 18:04:36,045 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,045 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1028#return; {15884#false} is VALID
[2022-02-20 18:04:36,045 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81
[2022-02-20 18:04:36,047 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,049 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15883#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15883#true} is VALID
[2022-02-20 18:04:36,049 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {15883#true} is VALID
[2022-02-20 18:04:36,049 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,049 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1046#return; {15884#false} is VALID
[2022-02-20 18:04:36,050 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94
[2022-02-20 18:04:36,050 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,052 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15941#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,052 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,052 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,053 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1052#return; {15884#false} is VALID
[2022-02-20 18:04:36,053 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101
[2022-02-20 18:04:36,053 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:36,056 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15883#true} ~handle := #in~handle;havoc ~retValue_acc~39; {15883#true} is VALID
[2022-02-20 18:04:36,056 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {15883#true} is VALID
[2022-02-20 18:04:36,056 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,056 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15883#true} {15884#false} #1054#return; {15884#false} is VALID
[2022-02-20 18:04:36,056 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15883#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {15883#true} is VALID
[2022-02-20 18:04:36,057 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15883#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {15883#true} is VALID
[2022-02-20 18:04:36,057 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15883#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15883#true} is VALID
[2022-02-20 18:04:36,057 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15883#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {15883#true} is VALID
[2022-02-20 18:04:36,057 INFO  L290        TraceCheckUtils]: 4: Hoare triple {15883#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {15883#true} is VALID
[2022-02-20 18:04:36,057 INFO  L290        TraceCheckUtils]: 5: Hoare triple {15883#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15883#true} is VALID
[2022-02-20 18:04:36,058 INFO  L272        TraceCheckUtils]: 6: Hoare triple {15883#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:36,058 INFO  L290        TraceCheckUtils]: 7: Hoare triple {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,058 INFO  L290        TraceCheckUtils]: 8: Hoare triple {15883#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,058 INFO  L290        TraceCheckUtils]: 9: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,059 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {15883#true} {15883#true} #1082#return; {15883#true} is VALID
[2022-02-20 18:04:36,059 INFO  L290        TraceCheckUtils]: 11: Hoare triple {15883#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15883#true} is VALID
[2022-02-20 18:04:36,059 INFO  L272        TraceCheckUtils]: 12: Hoare triple {15883#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:36,059 INFO  L290        TraceCheckUtils]: 13: Hoare triple {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,060 INFO  L290        TraceCheckUtils]: 14: Hoare triple {15883#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,060 INFO  L290        TraceCheckUtils]: 15: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,060 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {15883#true} {15883#true} #1084#return; {15883#true} is VALID
[2022-02-20 18:04:36,060 INFO  L290        TraceCheckUtils]: 17: Hoare triple {15883#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15883#true} is VALID
[2022-02-20 18:04:36,061 INFO  L272        TraceCheckUtils]: 18: Hoare triple {15883#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:36,061 INFO  L290        TraceCheckUtils]: 19: Hoare triple {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,061 INFO  L290        TraceCheckUtils]: 20: Hoare triple {15883#true} assume !(1 == ~handle); {15883#true} is VALID
[2022-02-20 18:04:36,061 INFO  L290        TraceCheckUtils]: 21: Hoare triple {15883#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,061 INFO  L290        TraceCheckUtils]: 22: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,061 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {15883#true} {15883#true} #1086#return; {15883#true} is VALID
[2022-02-20 18:04:36,061 INFO  L290        TraceCheckUtils]: 24: Hoare triple {15883#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15883#true} is VALID
[2022-02-20 18:04:36,062 INFO  L272        TraceCheckUtils]: 25: Hoare triple {15883#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:36,062 INFO  L290        TraceCheckUtils]: 26: Hoare triple {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,062 INFO  L290        TraceCheckUtils]: 27: Hoare triple {15883#true} assume !(1 == ~handle); {15883#true} is VALID
[2022-02-20 18:04:36,063 INFO  L290        TraceCheckUtils]: 28: Hoare triple {15883#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,063 INFO  L290        TraceCheckUtils]: 29: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,063 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {15883#true} {15883#true} #1088#return; {15883#true} is VALID
[2022-02-20 18:04:36,063 INFO  L290        TraceCheckUtils]: 31: Hoare triple {15883#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15903#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 18:04:36,064 INFO  L272        TraceCheckUtils]: 32: Hoare triple {15903#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:36,064 INFO  L290        TraceCheckUtils]: 33: Hoare triple {15937#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15939#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,065 INFO  L290        TraceCheckUtils]: 34: Hoare triple {15939#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15939#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,065 INFO  L290        TraceCheckUtils]: 35: Hoare triple {15939#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15940#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,065 INFO  L290        TraceCheckUtils]: 36: Hoare triple {15940#(= 2 |setClientId_#in~handle|)} assume true; {15940#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:36,066 INFO  L284        TraceCheckUtils]: 37: Hoare quadruple {15940#(= 2 |setClientId_#in~handle|)} {15903#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {15884#false} is VALID
[2022-02-20 18:04:36,066 INFO  L290        TraceCheckUtils]: 38: Hoare triple {15884#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15884#false} is VALID
[2022-02-20 18:04:36,066 INFO  L272        TraceCheckUtils]: 39: Hoare triple {15884#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:36,066 INFO  L290        TraceCheckUtils]: 40: Hoare triple {15938#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,066 INFO  L290        TraceCheckUtils]: 41: Hoare triple {15883#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,067 INFO  L290        TraceCheckUtils]: 42: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,067 INFO  L284        TraceCheckUtils]: 43: Hoare quadruple {15883#true} {15884#false} #1092#return; {15884#false} is VALID
[2022-02-20 18:04:36,067 INFO  L290        TraceCheckUtils]: 44: Hoare triple {15884#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {15884#false} is VALID
[2022-02-20 18:04:36,067 INFO  L290        TraceCheckUtils]: 45: Hoare triple {15884#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15884#false} is VALID
[2022-02-20 18:04:36,067 INFO  L290        TraceCheckUtils]: 46: Hoare triple {15884#false} assume !false; {15884#false} is VALID
[2022-02-20 18:04:36,067 INFO  L290        TraceCheckUtils]: 47: Hoare triple {15884#false} assume test_~splverifierCounter~0#1 < 4; {15884#false} is VALID
[2022-02-20 18:04:36,067 INFO  L290        TraceCheckUtils]: 48: Hoare triple {15884#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 49: Hoare triple {15884#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 50: Hoare triple {15884#false} assume !(0 != test_~tmp___9~0#1); {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 51: Hoare triple {15884#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 52: Hoare triple {15884#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 53: Hoare triple {15884#false} assume !false; {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 54: Hoare triple {15884#false} assume !(test_~splverifierCounter~0#1 < 4); {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L290        TraceCheckUtils]: 55: Hoare triple {15884#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {15884#false} is VALID
[2022-02-20 18:04:36,068 INFO  L272        TraceCheckUtils]: 56: Hoare triple {15884#false} call sendEmail(~bob~0, ~rjh~0); {15884#false} is VALID
[2022-02-20 18:04:36,069 INFO  L290        TraceCheckUtils]: 57: Hoare triple {15884#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15884#false} is VALID
[2022-02-20 18:04:36,069 INFO  L272        TraceCheckUtils]: 58: Hoare triple {15884#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15941#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:36,069 INFO  L290        TraceCheckUtils]: 59: Hoare triple {15941#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,069 INFO  L290        TraceCheckUtils]: 60: Hoare triple {15883#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,069 INFO  L290        TraceCheckUtils]: 61: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,069 INFO  L284        TraceCheckUtils]: 62: Hoare quadruple {15883#true} {15884#false} #1068#return; {15884#false} is VALID
[2022-02-20 18:04:36,069 INFO  L272        TraceCheckUtils]: 63: Hoare triple {15884#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15942#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:36,070 INFO  L290        TraceCheckUtils]: 64: Hoare triple {15942#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,070 INFO  L290        TraceCheckUtils]: 65: Hoare triple {15883#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,070 INFO  L290        TraceCheckUtils]: 66: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,070 INFO  L284        TraceCheckUtils]: 67: Hoare quadruple {15883#true} {15884#false} #1070#return; {15884#false} is VALID
[2022-02-20 18:04:36,070 INFO  L290        TraceCheckUtils]: 68: Hoare triple {15884#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {15884#false} is VALID
[2022-02-20 18:04:36,070 INFO  L290        TraceCheckUtils]: 69: Hoare triple {15884#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {15884#false} is VALID
[2022-02-20 18:04:36,070 INFO  L272        TraceCheckUtils]: 70: Hoare triple {15884#false} call outgoing(~sender#1, ~email~0#1); {15884#false} is VALID
[2022-02-20 18:04:36,071 INFO  L290        TraceCheckUtils]: 71: Hoare triple {15884#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {15884#false} is VALID
[2022-02-20 18:04:36,071 INFO  L272        TraceCheckUtils]: 72: Hoare triple {15884#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {15883#true} is VALID
[2022-02-20 18:04:36,071 INFO  L290        TraceCheckUtils]: 73: Hoare triple {15883#true} ~handle := #in~handle;havoc ~retValue_acc~19; {15883#true} is VALID
[2022-02-20 18:04:36,071 INFO  L290        TraceCheckUtils]: 74: Hoare triple {15883#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {15883#true} is VALID
[2022-02-20 18:04:36,071 INFO  L290        TraceCheckUtils]: 75: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,071 INFO  L284        TraceCheckUtils]: 76: Hoare quadruple {15883#true} {15884#false} #1028#return; {15884#false} is VALID
[2022-02-20 18:04:36,071 INFO  L290        TraceCheckUtils]: 77: Hoare triple {15884#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {15884#false} is VALID
[2022-02-20 18:04:36,072 INFO  L290        TraceCheckUtils]: 78: Hoare triple {15884#false} assume !(0 != ~size~0#1); {15884#false} is VALID
[2022-02-20 18:04:36,072 INFO  L272        TraceCheckUtils]: 79: Hoare triple {15884#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {15884#false} is VALID
[2022-02-20 18:04:36,072 INFO  L290        TraceCheckUtils]: 80: Hoare triple {15884#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {15884#false} is VALID
[2022-02-20 18:04:36,072 INFO  L272        TraceCheckUtils]: 81: Hoare triple {15884#false} call #t~ret34#1 := getEmailTo(~msg#1); {15883#true} is VALID
[2022-02-20 18:04:36,072 INFO  L290        TraceCheckUtils]: 82: Hoare triple {15883#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15883#true} is VALID
[2022-02-20 18:04:36,072 INFO  L290        TraceCheckUtils]: 83: Hoare triple {15883#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {15883#true} is VALID
[2022-02-20 18:04:36,072 INFO  L290        TraceCheckUtils]: 84: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,072 INFO  L284        TraceCheckUtils]: 85: Hoare quadruple {15883#true} {15884#false} #1046#return; {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 86: Hoare triple {15884#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 87: Hoare triple {15884#false} assume 1 == findPublicKey_~handle#1; {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 88: Hoare triple {15884#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 89: Hoare triple {15884#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 90: Hoare triple {15884#false} assume !(0 != ~pubkey~0#1); {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 91: Hoare triple {15884#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {15884#false} is VALID
[2022-02-20 18:04:36,073 INFO  L290        TraceCheckUtils]: 92: Hoare triple {15884#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {15884#false} is VALID
[2022-02-20 18:04:36,074 INFO  L290        TraceCheckUtils]: 93: Hoare triple {15884#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {15884#false} is VALID
[2022-02-20 18:04:36,074 INFO  L272        TraceCheckUtils]: 94: Hoare triple {15884#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {15941#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:36,074 INFO  L290        TraceCheckUtils]: 95: Hoare triple {15941#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15883#true} is VALID
[2022-02-20 18:04:36,074 INFO  L290        TraceCheckUtils]: 96: Hoare triple {15883#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15883#true} is VALID
[2022-02-20 18:04:36,074 INFO  L290        TraceCheckUtils]: 97: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,074 INFO  L284        TraceCheckUtils]: 98: Hoare quadruple {15883#true} {15884#false} #1052#return; {15884#false} is VALID
[2022-02-20 18:04:36,074 INFO  L290        TraceCheckUtils]: 99: Hoare triple {15884#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {15884#false} is VALID
[2022-02-20 18:04:36,075 INFO  L290        TraceCheckUtils]: 100: Hoare triple {15884#false} assume 0 != ~in_encrypted~0; {15884#false} is VALID
[2022-02-20 18:04:36,075 INFO  L272        TraceCheckUtils]: 101: Hoare triple {15884#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {15883#true} is VALID
[2022-02-20 18:04:36,075 INFO  L290        TraceCheckUtils]: 102: Hoare triple {15883#true} ~handle := #in~handle;havoc ~retValue_acc~39; {15883#true} is VALID
[2022-02-20 18:04:36,075 INFO  L290        TraceCheckUtils]: 103: Hoare triple {15883#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {15883#true} is VALID
[2022-02-20 18:04:36,075 INFO  L290        TraceCheckUtils]: 104: Hoare triple {15883#true} assume true; {15883#true} is VALID
[2022-02-20 18:04:36,075 INFO  L284        TraceCheckUtils]: 105: Hoare quadruple {15883#true} {15884#false} #1054#return; {15884#false} is VALID
[2022-02-20 18:04:36,075 INFO  L290        TraceCheckUtils]: 106: Hoare triple {15884#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {15884#false} is VALID
[2022-02-20 18:04:36,076 INFO  L290        TraceCheckUtils]: 107: Hoare triple {15884#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {15884#false} is VALID
[2022-02-20 18:04:36,076 INFO  L290        TraceCheckUtils]: 108: Hoare triple {15884#false} assume !false; {15884#false} is VALID
[2022-02-20 18:04:36,076 INFO  L134       CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked.
[2022-02-20 18:04:36,076 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:36,076 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1049989439]
[2022-02-20 18:04:36,076 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1049989439] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:36,077 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 18:04:36,077 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9
[2022-02-20 18:04:36,077 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1673827698]
[2022-02-20 18:04:36,077 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:36,078 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109
[2022-02-20 18:04:36,078 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:36,078 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:36,147 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:36,148 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 9 states
[2022-02-20 18:04:36,148 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:36,148 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants.
[2022-02-20 18:04:36,148 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 18:04:36,149 INFO  L87              Difference]: Start difference. First operand 404 states and 636 transitions. Second operand  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:42,207 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:42,208 INFO  L93              Difference]: Finished difference Result 869 states and 1389 transitions.
[2022-02-20 18:04:42,208 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. 
[2022-02-20 18:04:42,208 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109
[2022-02-20 18:04:42,209 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:42,209 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:42,221 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1151 transitions.
[2022-02-20 18:04:42,221 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:42,233 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1151 transitions.
[2022-02-20 18:04:42,233 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1151 transitions.
[2022-02-20 18:04:43,272 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1151 edges. 1151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:43,294 INFO  L225             Difference]: With dead ends: 869
[2022-02-20 18:04:43,294 INFO  L226             Difference]: Without dead ends: 488
[2022-02-20 18:04:43,296 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272
[2022-02-20 18:04:43,297 INFO  L933         BasicCegarLoop]: 553 mSDtfsCounter, 1205 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1733 mSolverCounterSat, 423 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1226 SdHoareTripleChecker+Valid, 1491 SdHoareTripleChecker+Invalid, 2156 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 423 IncrementalHoareTripleChecker+Valid, 1733 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:43,298 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1226 Valid, 1491 Invalid, 2156 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [423 Valid, 1733 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time]
[2022-02-20 18:04:43,299 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 488 states.
[2022-02-20 18:04:43,401 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 488 to 406.
[2022-02-20 18:04:43,401 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:43,403 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:43,404 INFO  L74              IsIncluded]: Start isIncluded. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:43,406 INFO  L87              Difference]: Start difference. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:43,424 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:43,424 INFO  L93              Difference]: Finished difference Result 488 states and 783 transitions.
[2022-02-20 18:04:43,424 INFO  L276                IsEmpty]: Start isEmpty. Operand 488 states and 783 transitions.
[2022-02-20 18:04:43,427 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:43,427 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:43,429 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) Second operand 488 states.
[2022-02-20 18:04:43,430 INFO  L87              Difference]: Start difference. First operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) Second operand 488 states.
[2022-02-20 18:04:43,448 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:43,448 INFO  L93              Difference]: Finished difference Result 488 states and 783 transitions.
[2022-02-20 18:04:43,449 INFO  L276                IsEmpty]: Start isEmpty. Operand 488 states and 783 transitions.
[2022-02-20 18:04:43,451 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:43,451 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:43,452 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:43,452 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:43,453 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:43,468 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 406 states to 406 states and 639 transitions.
[2022-02-20 18:04:43,468 INFO  L78                 Accepts]: Start accepts. Automaton has 406 states and 639 transitions. Word has length 109
[2022-02-20 18:04:43,468 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:43,469 INFO  L470      AbstractCegarLoop]: Abstraction has 406 states and 639 transitions.
[2022-02-20 18:04:43,469 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:43,469 INFO  L276                IsEmpty]: Start isEmpty. Operand 406 states and 639 transitions.
[2022-02-20 18:04:43,471 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 111
[2022-02-20 18:04:43,471 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:43,471 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:43,471 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6
[2022-02-20 18:04:43,472 INFO  L402      AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:43,472 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:43,472 INFO  L85        PathProgramCache]: Analyzing trace with hash 245616583, now seen corresponding path program 1 times
[2022-02-20 18:04:43,473 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:43,473 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1718025503]
[2022-02-20 18:04:43,473 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:43,473 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:43,506 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,536 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:43,538 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,540 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,540 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,541 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,541 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18703#true} #1082#return; {18703#true} is VALID
[2022-02-20 18:04:43,546 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:43,548 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,554 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,555 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,555 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,555 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18703#true} #1084#return; {18703#true} is VALID
[2022-02-20 18:04:43,555 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:43,557 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,562 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,562 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume !(1 == ~handle); {18703#true} is VALID
[2022-02-20 18:04:43,562 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,562 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,562 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {18703#true} {18703#true} #1086#return; {18703#true} is VALID
[2022-02-20 18:04:43,563 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:04:43,564 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,566 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,566 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume !(1 == ~handle); {18703#true} is VALID
[2022-02-20 18:04:43,567 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,567 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,567 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {18703#true} {18703#true} #1088#return; {18703#true} is VALID
[2022-02-20 18:04:43,567 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 18:04:43,570 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,585 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18760#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:43,586 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18760#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18760#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:43,586 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18760#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18760#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:43,586 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18760#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {18761#(not (= 3 |setClientId_#in~handle|))} is VALID
[2022-02-20 18:04:43,587 INFO  L290        TraceCheckUtils]: 4: Hoare triple {18761#(not (= 3 |setClientId_#in~handle|))} assume true; {18761#(not (= 3 |setClientId_#in~handle|))} is VALID
[2022-02-20 18:04:43,587 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {18761#(not (= 3 |setClientId_#in~handle|))} {18723#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {18704#false} is VALID
[2022-02-20 18:04:43,587 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40
[2022-02-20 18:04:43,589 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,591 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,591 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,592 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,592 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1092#return; {18704#false} is VALID
[2022-02-20 18:04:43,601 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59
[2022-02-20 18:04:43,602 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,621 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18762#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,621 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,622 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,622 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1068#return; {18704#false} is VALID
[2022-02-20 18:04:43,629 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64
[2022-02-20 18:04:43,630 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,632 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18763#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,632 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,632 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,632 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1070#return; {18704#false} is VALID
[2022-02-20 18:04:43,633 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73
[2022-02-20 18:04:43,633 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,635 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18703#true} ~handle := #in~handle;havoc ~retValue_acc~19; {18703#true} is VALID
[2022-02-20 18:04:43,635 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {18703#true} is VALID
[2022-02-20 18:04:43,636 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,636 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1028#return; {18704#false} is VALID
[2022-02-20 18:04:43,636 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82
[2022-02-20 18:04:43,637 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,638 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18703#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18703#true} is VALID
[2022-02-20 18:04:43,639 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {18703#true} is VALID
[2022-02-20 18:04:43,639 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,639 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1046#return; {18704#false} is VALID
[2022-02-20 18:04:43,639 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95
[2022-02-20 18:04:43,640 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,642 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18762#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,642 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,642 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,642 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1052#return; {18704#false} is VALID
[2022-02-20 18:04:43,642 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102
[2022-02-20 18:04:43,643 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:43,645 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18703#true} ~handle := #in~handle;havoc ~retValue_acc~39; {18703#true} is VALID
[2022-02-20 18:04:43,645 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {18703#true} is VALID
[2022-02-20 18:04:43,646 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,646 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18703#true} {18704#false} #1054#return; {18704#false} is VALID
[2022-02-20 18:04:43,646 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18703#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {18703#true} is VALID
[2022-02-20 18:04:43,646 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18703#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {18703#true} is VALID
[2022-02-20 18:04:43,646 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18703#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18703#true} is VALID
[2022-02-20 18:04:43,646 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18703#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {18703#true} is VALID
[2022-02-20 18:04:43,646 INFO  L290        TraceCheckUtils]: 4: Hoare triple {18703#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {18703#true} is VALID
[2022-02-20 18:04:43,647 INFO  L290        TraceCheckUtils]: 5: Hoare triple {18703#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18703#true} is VALID
[2022-02-20 18:04:43,647 INFO  L272        TraceCheckUtils]: 6: Hoare triple {18703#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:43,647 INFO  L290        TraceCheckUtils]: 7: Hoare triple {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,648 INFO  L290        TraceCheckUtils]: 8: Hoare triple {18703#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,648 INFO  L290        TraceCheckUtils]: 9: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,648 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {18703#true} {18703#true} #1082#return; {18703#true} is VALID
[2022-02-20 18:04:43,648 INFO  L290        TraceCheckUtils]: 11: Hoare triple {18703#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18703#true} is VALID
[2022-02-20 18:04:43,649 INFO  L272        TraceCheckUtils]: 12: Hoare triple {18703#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:43,649 INFO  L290        TraceCheckUtils]: 13: Hoare triple {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,649 INFO  L290        TraceCheckUtils]: 14: Hoare triple {18703#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,649 INFO  L290        TraceCheckUtils]: 15: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,649 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {18703#true} {18703#true} #1084#return; {18703#true} is VALID
[2022-02-20 18:04:43,649 INFO  L290        TraceCheckUtils]: 17: Hoare triple {18703#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18703#true} is VALID
[2022-02-20 18:04:43,650 INFO  L272        TraceCheckUtils]: 18: Hoare triple {18703#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:43,650 INFO  L290        TraceCheckUtils]: 19: Hoare triple {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,650 INFO  L290        TraceCheckUtils]: 20: Hoare triple {18703#true} assume !(1 == ~handle); {18703#true} is VALID
[2022-02-20 18:04:43,650 INFO  L290        TraceCheckUtils]: 21: Hoare triple {18703#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,651 INFO  L290        TraceCheckUtils]: 22: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,651 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {18703#true} {18703#true} #1086#return; {18703#true} is VALID
[2022-02-20 18:04:43,651 INFO  L290        TraceCheckUtils]: 24: Hoare triple {18703#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18703#true} is VALID
[2022-02-20 18:04:43,651 INFO  L272        TraceCheckUtils]: 25: Hoare triple {18703#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:43,652 INFO  L290        TraceCheckUtils]: 26: Hoare triple {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,652 INFO  L290        TraceCheckUtils]: 27: Hoare triple {18703#true} assume !(1 == ~handle); {18703#true} is VALID
[2022-02-20 18:04:43,652 INFO  L290        TraceCheckUtils]: 28: Hoare triple {18703#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,652 INFO  L290        TraceCheckUtils]: 29: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,652 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {18703#true} {18703#true} #1088#return; {18703#true} is VALID
[2022-02-20 18:04:43,653 INFO  L290        TraceCheckUtils]: 31: Hoare triple {18703#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18723#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 18:04:43,653 INFO  L272        TraceCheckUtils]: 32: Hoare triple {18723#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:43,654 INFO  L290        TraceCheckUtils]: 33: Hoare triple {18758#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18760#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:43,654 INFO  L290        TraceCheckUtils]: 34: Hoare triple {18760#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18760#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:43,654 INFO  L290        TraceCheckUtils]: 35: Hoare triple {18760#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18760#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:43,655 INFO  L290        TraceCheckUtils]: 36: Hoare triple {18760#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {18761#(not (= 3 |setClientId_#in~handle|))} is VALID
[2022-02-20 18:04:43,655 INFO  L290        TraceCheckUtils]: 37: Hoare triple {18761#(not (= 3 |setClientId_#in~handle|))} assume true; {18761#(not (= 3 |setClientId_#in~handle|))} is VALID
[2022-02-20 18:04:43,656 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {18761#(not (= 3 |setClientId_#in~handle|))} {18723#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {18704#false} is VALID
[2022-02-20 18:04:43,656 INFO  L290        TraceCheckUtils]: 39: Hoare triple {18704#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18704#false} is VALID
[2022-02-20 18:04:43,656 INFO  L272        TraceCheckUtils]: 40: Hoare triple {18704#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:43,656 INFO  L290        TraceCheckUtils]: 41: Hoare triple {18759#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,656 INFO  L290        TraceCheckUtils]: 42: Hoare triple {18703#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,656 INFO  L290        TraceCheckUtils]: 43: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,657 INFO  L284        TraceCheckUtils]: 44: Hoare quadruple {18703#true} {18704#false} #1092#return; {18704#false} is VALID
[2022-02-20 18:04:43,657 INFO  L290        TraceCheckUtils]: 45: Hoare triple {18704#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {18704#false} is VALID
[2022-02-20 18:04:43,657 INFO  L290        TraceCheckUtils]: 46: Hoare triple {18704#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18704#false} is VALID
[2022-02-20 18:04:43,657 INFO  L290        TraceCheckUtils]: 47: Hoare triple {18704#false} assume !false; {18704#false} is VALID
[2022-02-20 18:04:43,657 INFO  L290        TraceCheckUtils]: 48: Hoare triple {18704#false} assume test_~splverifierCounter~0#1 < 4; {18704#false} is VALID
[2022-02-20 18:04:43,657 INFO  L290        TraceCheckUtils]: 49: Hoare triple {18704#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18704#false} is VALID
[2022-02-20 18:04:43,657 INFO  L290        TraceCheckUtils]: 50: Hoare triple {18704#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L290        TraceCheckUtils]: 51: Hoare triple {18704#false} assume !(0 != test_~tmp___9~0#1); {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L290        TraceCheckUtils]: 52: Hoare triple {18704#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L290        TraceCheckUtils]: 53: Hoare triple {18704#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L290        TraceCheckUtils]: 54: Hoare triple {18704#false} assume !false; {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L290        TraceCheckUtils]: 55: Hoare triple {18704#false} assume !(test_~splverifierCounter~0#1 < 4); {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L290        TraceCheckUtils]: 56: Hoare triple {18704#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {18704#false} is VALID
[2022-02-20 18:04:43,658 INFO  L272        TraceCheckUtils]: 57: Hoare triple {18704#false} call sendEmail(~bob~0, ~rjh~0); {18704#false} is VALID
[2022-02-20 18:04:43,659 INFO  L290        TraceCheckUtils]: 58: Hoare triple {18704#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18704#false} is VALID
[2022-02-20 18:04:43,659 INFO  L272        TraceCheckUtils]: 59: Hoare triple {18704#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18762#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:43,659 INFO  L290        TraceCheckUtils]: 60: Hoare triple {18762#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,659 INFO  L290        TraceCheckUtils]: 61: Hoare triple {18703#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,659 INFO  L290        TraceCheckUtils]: 62: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,659 INFO  L284        TraceCheckUtils]: 63: Hoare quadruple {18703#true} {18704#false} #1068#return; {18704#false} is VALID
[2022-02-20 18:04:43,659 INFO  L272        TraceCheckUtils]: 64: Hoare triple {18704#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18763#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:43,660 INFO  L290        TraceCheckUtils]: 65: Hoare triple {18763#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,660 INFO  L290        TraceCheckUtils]: 66: Hoare triple {18703#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,660 INFO  L290        TraceCheckUtils]: 67: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,660 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {18703#true} {18704#false} #1070#return; {18704#false} is VALID
[2022-02-20 18:04:43,660 INFO  L290        TraceCheckUtils]: 69: Hoare triple {18704#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {18704#false} is VALID
[2022-02-20 18:04:43,660 INFO  L290        TraceCheckUtils]: 70: Hoare triple {18704#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {18704#false} is VALID
[2022-02-20 18:04:43,660 INFO  L272        TraceCheckUtils]: 71: Hoare triple {18704#false} call outgoing(~sender#1, ~email~0#1); {18704#false} is VALID
[2022-02-20 18:04:43,661 INFO  L290        TraceCheckUtils]: 72: Hoare triple {18704#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {18704#false} is VALID
[2022-02-20 18:04:43,661 INFO  L272        TraceCheckUtils]: 73: Hoare triple {18704#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {18703#true} is VALID
[2022-02-20 18:04:43,661 INFO  L290        TraceCheckUtils]: 74: Hoare triple {18703#true} ~handle := #in~handle;havoc ~retValue_acc~19; {18703#true} is VALID
[2022-02-20 18:04:43,661 INFO  L290        TraceCheckUtils]: 75: Hoare triple {18703#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {18703#true} is VALID
[2022-02-20 18:04:43,661 INFO  L290        TraceCheckUtils]: 76: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,661 INFO  L284        TraceCheckUtils]: 77: Hoare quadruple {18703#true} {18704#false} #1028#return; {18704#false} is VALID
[2022-02-20 18:04:43,661 INFO  L290        TraceCheckUtils]: 78: Hoare triple {18704#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {18704#false} is VALID
[2022-02-20 18:04:43,662 INFO  L290        TraceCheckUtils]: 79: Hoare triple {18704#false} assume !(0 != ~size~0#1); {18704#false} is VALID
[2022-02-20 18:04:43,662 INFO  L272        TraceCheckUtils]: 80: Hoare triple {18704#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {18704#false} is VALID
[2022-02-20 18:04:43,662 INFO  L290        TraceCheckUtils]: 81: Hoare triple {18704#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {18704#false} is VALID
[2022-02-20 18:04:43,662 INFO  L272        TraceCheckUtils]: 82: Hoare triple {18704#false} call #t~ret34#1 := getEmailTo(~msg#1); {18703#true} is VALID
[2022-02-20 18:04:43,662 INFO  L290        TraceCheckUtils]: 83: Hoare triple {18703#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18703#true} is VALID
[2022-02-20 18:04:43,662 INFO  L290        TraceCheckUtils]: 84: Hoare triple {18703#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {18703#true} is VALID
[2022-02-20 18:04:43,662 INFO  L290        TraceCheckUtils]: 85: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,663 INFO  L284        TraceCheckUtils]: 86: Hoare quadruple {18703#true} {18704#false} #1046#return; {18704#false} is VALID
[2022-02-20 18:04:43,663 INFO  L290        TraceCheckUtils]: 87: Hoare triple {18704#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {18704#false} is VALID
[2022-02-20 18:04:43,663 INFO  L290        TraceCheckUtils]: 88: Hoare triple {18704#false} assume 1 == findPublicKey_~handle#1; {18704#false} is VALID
[2022-02-20 18:04:43,663 INFO  L290        TraceCheckUtils]: 89: Hoare triple {18704#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {18704#false} is VALID
[2022-02-20 18:04:43,663 INFO  L290        TraceCheckUtils]: 90: Hoare triple {18704#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {18704#false} is VALID
[2022-02-20 18:04:43,663 INFO  L290        TraceCheckUtils]: 91: Hoare triple {18704#false} assume !(0 != ~pubkey~0#1); {18704#false} is VALID
[2022-02-20 18:04:43,663 INFO  L290        TraceCheckUtils]: 92: Hoare triple {18704#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {18704#false} is VALID
[2022-02-20 18:04:43,664 INFO  L290        TraceCheckUtils]: 93: Hoare triple {18704#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {18704#false} is VALID
[2022-02-20 18:04:43,664 INFO  L290        TraceCheckUtils]: 94: Hoare triple {18704#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {18704#false} is VALID
[2022-02-20 18:04:43,664 INFO  L272        TraceCheckUtils]: 95: Hoare triple {18704#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {18762#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:43,664 INFO  L290        TraceCheckUtils]: 96: Hoare triple {18762#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18703#true} is VALID
[2022-02-20 18:04:43,664 INFO  L290        TraceCheckUtils]: 97: Hoare triple {18703#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18703#true} is VALID
[2022-02-20 18:04:43,664 INFO  L290        TraceCheckUtils]: 98: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,664 INFO  L284        TraceCheckUtils]: 99: Hoare quadruple {18703#true} {18704#false} #1052#return; {18704#false} is VALID
[2022-02-20 18:04:43,665 INFO  L290        TraceCheckUtils]: 100: Hoare triple {18704#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {18704#false} is VALID
[2022-02-20 18:04:43,665 INFO  L290        TraceCheckUtils]: 101: Hoare triple {18704#false} assume 0 != ~in_encrypted~0; {18704#false} is VALID
[2022-02-20 18:04:43,665 INFO  L272        TraceCheckUtils]: 102: Hoare triple {18704#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {18703#true} is VALID
[2022-02-20 18:04:43,665 INFO  L290        TraceCheckUtils]: 103: Hoare triple {18703#true} ~handle := #in~handle;havoc ~retValue_acc~39; {18703#true} is VALID
[2022-02-20 18:04:43,665 INFO  L290        TraceCheckUtils]: 104: Hoare triple {18703#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {18703#true} is VALID
[2022-02-20 18:04:43,665 INFO  L290        TraceCheckUtils]: 105: Hoare triple {18703#true} assume true; {18703#true} is VALID
[2022-02-20 18:04:43,665 INFO  L284        TraceCheckUtils]: 106: Hoare quadruple {18703#true} {18704#false} #1054#return; {18704#false} is VALID
[2022-02-20 18:04:43,666 INFO  L290        TraceCheckUtils]: 107: Hoare triple {18704#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {18704#false} is VALID
[2022-02-20 18:04:43,666 INFO  L290        TraceCheckUtils]: 108: Hoare triple {18704#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {18704#false} is VALID
[2022-02-20 18:04:43,666 INFO  L290        TraceCheckUtils]: 109: Hoare triple {18704#false} assume !false; {18704#false} is VALID
[2022-02-20 18:04:43,666 INFO  L134       CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked.
[2022-02-20 18:04:43,666 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:43,667 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1718025503]
[2022-02-20 18:04:43,667 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1718025503] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:43,667 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 18:04:43,667 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9
[2022-02-20 18:04:43,667 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1341369020]
[2022-02-20 18:04:43,667 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:43,668 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110
[2022-02-20 18:04:43,668 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:43,682 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:43,754 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:43,754 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 9 states
[2022-02-20 18:04:43,755 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:43,755 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants.
[2022-02-20 18:04:43,756 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 18:04:43,757 INFO  L87              Difference]: Start difference. First operand 406 states and 639 transitions. Second operand  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:49,774 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:49,774 INFO  L93              Difference]: Finished difference Result 869 states and 1388 transitions.
[2022-02-20 18:04:49,774 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. 
[2022-02-20 18:04:49,774 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110
[2022-02-20 18:04:49,775 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:49,775 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:49,786 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1150 transitions.
[2022-02-20 18:04:49,787 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:49,798 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1150 transitions.
[2022-02-20 18:04:49,798 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1150 transitions.
[2022-02-20 18:04:50,769 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1150 edges. 1150 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:50,783 INFO  L225             Difference]: With dead ends: 869
[2022-02-20 18:04:50,783 INFO  L226             Difference]: Without dead ends: 488
[2022-02-20 18:04:50,784 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 28 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 41 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=89, Invalid=217, Unknown=0, NotChecked=0, Total=306
[2022-02-20 18:04:50,785 INFO  L933         BasicCegarLoop]: 545 mSDtfsCounter, 1210 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1711 mSolverCounterSat, 411 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1231 SdHoareTripleChecker+Valid, 1483 SdHoareTripleChecker+Invalid, 2122 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 411 IncrementalHoareTripleChecker+Valid, 1711 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time
[2022-02-20 18:04:50,785 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1231 Valid, 1483 Invalid, 2122 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [411 Valid, 1711 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time]
[2022-02-20 18:04:50,786 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 488 states.
[2022-02-20 18:04:50,907 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 488 to 406.
[2022-02-20 18:04:50,907 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:04:50,912 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:50,913 INFO  L74              IsIncluded]: Start isIncluded. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:50,914 INFO  L87              Difference]: Start difference. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:50,931 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:50,932 INFO  L93              Difference]: Finished difference Result 488 states and 782 transitions.
[2022-02-20 18:04:50,932 INFO  L276                IsEmpty]: Start isEmpty. Operand 488 states and 782 transitions.
[2022-02-20 18:04:50,935 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:50,935 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:50,936 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) Second operand 488 states.
[2022-02-20 18:04:50,937 INFO  L87              Difference]: Start difference. First operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) Second operand 488 states.
[2022-02-20 18:04:50,955 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:50,955 INFO  L93              Difference]: Finished difference Result 488 states and 782 transitions.
[2022-02-20 18:04:50,955 INFO  L276                IsEmpty]: Start isEmpty. Operand 488 states and 782 transitions.
[2022-02-20 18:04:50,958 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:04:50,958 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:04:50,958 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:04:50,958 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:04:50,959 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73)
[2022-02-20 18:04:50,973 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 406 states to 406 states and 639 transitions.
[2022-02-20 18:04:50,974 INFO  L78                 Accepts]: Start accepts. Automaton has 406 states and 639 transitions. Word has length 110
[2022-02-20 18:04:50,974 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:04:50,974 INFO  L470      AbstractCegarLoop]: Abstraction has 406 states and 639 transitions.
[2022-02-20 18:04:50,975 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 9 states, 8 states have (on average 9.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 18:04:50,975 INFO  L276                IsEmpty]: Start isEmpty. Operand 406 states and 639 transitions.
[2022-02-20 18:04:50,976 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 111
[2022-02-20 18:04:50,977 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:04:50,977 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:04:50,977 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7
[2022-02-20 18:04:50,977 INFO  L402      AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:04:50,977 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:04:50,978 INFO  L85        PathProgramCache]: Analyzing trace with hash -641606263, now seen corresponding path program 1 times
[2022-02-20 18:04:50,978 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:04:50,978 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [853254262]
[2022-02-20 18:04:50,978 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:04:50,978 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:04:51,005 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,033 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:04:51,035 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,037 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,038 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,038 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,038 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21527#true} #1082#return; {21527#true} is VALID
[2022-02-20 18:04:51,044 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:04:51,046 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,048 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,048 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,048 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,048 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21527#true} #1084#return; {21527#true} is VALID
[2022-02-20 18:04:51,048 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:04:51,050 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,052 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,052 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume !(1 == ~handle); {21527#true} is VALID
[2022-02-20 18:04:51,053 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,053 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,053 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {21527#true} {21527#true} #1086#return; {21527#true} is VALID
[2022-02-20 18:04:51,053 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:04:51,055 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,058 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,058 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume !(1 == ~handle); {21527#true} is VALID
[2022-02-20 18:04:51,058 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,058 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,058 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {21527#true} {21527#true} #1088#return; {21527#true} is VALID
[2022-02-20 18:04:51,059 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 18:04:51,062 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,078 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21585#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,078 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21585#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21585#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,079 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21585#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21585#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,079 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21585#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21586#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,079 INFO  L290        TraceCheckUtils]: 4: Hoare triple {21586#(= 3 |setClientId_#in~handle|)} assume true; {21586#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,080 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {21586#(= 3 |setClientId_#in~handle|)} {21547#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID
[2022-02-20 18:04:51,080 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40
[2022-02-20 18:04:51,082 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,098 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21587#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:04:51,099 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21587#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21588#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:51,099 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21588#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21588#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:51,100 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21588#(= |setClientPrivateKey_#in~handle| 1)} {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1092#return; {21528#false} is VALID
[2022-02-20 18:04:51,108 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59
[2022-02-20 18:04:51,109 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,111 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21589#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,111 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,112 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,112 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21528#false} #1068#return; {21528#false} is VALID
[2022-02-20 18:04:51,121 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64
[2022-02-20 18:04:51,122 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,124 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21590#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,124 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,124 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,124 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21528#false} #1070#return; {21528#false} is VALID
[2022-02-20 18:04:51,125 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73
[2022-02-20 18:04:51,126 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,127 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21527#true} ~handle := #in~handle;havoc ~retValue_acc~19; {21527#true} is VALID
[2022-02-20 18:04:51,128 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {21527#true} is VALID
[2022-02-20 18:04:51,128 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,128 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21528#false} #1028#return; {21528#false} is VALID
[2022-02-20 18:04:51,128 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82
[2022-02-20 18:04:51,129 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,131 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21527#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21527#true} is VALID
[2022-02-20 18:04:51,131 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21527#true} is VALID
[2022-02-20 18:04:51,131 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,131 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21528#false} #1046#return; {21528#false} is VALID
[2022-02-20 18:04:51,131 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95
[2022-02-20 18:04:51,132 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,134 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21589#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,134 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,134 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,135 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21528#false} #1052#return; {21528#false} is VALID
[2022-02-20 18:04:51,135 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102
[2022-02-20 18:04:51,136 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:04:51,137 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21527#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21527#true} is VALID
[2022-02-20 18:04:51,137 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21527#true} is VALID
[2022-02-20 18:04:51,138 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,138 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21527#true} {21528#false} #1054#return; {21528#false} is VALID
[2022-02-20 18:04:51,138 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21527#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {21527#true} is VALID
[2022-02-20 18:04:51,138 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21527#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {21527#true} is VALID
[2022-02-20 18:04:51,138 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21527#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21527#true} is VALID
[2022-02-20 18:04:51,138 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21527#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {21527#true} is VALID
[2022-02-20 18:04:51,139 INFO  L290        TraceCheckUtils]: 4: Hoare triple {21527#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {21527#true} is VALID
[2022-02-20 18:04:51,139 INFO  L290        TraceCheckUtils]: 5: Hoare triple {21527#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21527#true} is VALID
[2022-02-20 18:04:51,139 INFO  L272        TraceCheckUtils]: 6: Hoare triple {21527#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:51,140 INFO  L290        TraceCheckUtils]: 7: Hoare triple {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,140 INFO  L290        TraceCheckUtils]: 8: Hoare triple {21527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,140 INFO  L290        TraceCheckUtils]: 9: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,140 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {21527#true} {21527#true} #1082#return; {21527#true} is VALID
[2022-02-20 18:04:51,140 INFO  L290        TraceCheckUtils]: 11: Hoare triple {21527#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21527#true} is VALID
[2022-02-20 18:04:51,141 INFO  L272        TraceCheckUtils]: 12: Hoare triple {21527#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:51,141 INFO  L290        TraceCheckUtils]: 13: Hoare triple {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,141 INFO  L290        TraceCheckUtils]: 14: Hoare triple {21527#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,141 INFO  L290        TraceCheckUtils]: 15: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,141 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {21527#true} {21527#true} #1084#return; {21527#true} is VALID
[2022-02-20 18:04:51,141 INFO  L290        TraceCheckUtils]: 17: Hoare triple {21527#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21527#true} is VALID
[2022-02-20 18:04:51,142 INFO  L272        TraceCheckUtils]: 18: Hoare triple {21527#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:51,142 INFO  L290        TraceCheckUtils]: 19: Hoare triple {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,142 INFO  L290        TraceCheckUtils]: 20: Hoare triple {21527#true} assume !(1 == ~handle); {21527#true} is VALID
[2022-02-20 18:04:51,142 INFO  L290        TraceCheckUtils]: 21: Hoare triple {21527#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,143 INFO  L290        TraceCheckUtils]: 22: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,143 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {21527#true} {21527#true} #1086#return; {21527#true} is VALID
[2022-02-20 18:04:51,143 INFO  L290        TraceCheckUtils]: 24: Hoare triple {21527#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21527#true} is VALID
[2022-02-20 18:04:51,143 INFO  L272        TraceCheckUtils]: 25: Hoare triple {21527#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:51,144 INFO  L290        TraceCheckUtils]: 26: Hoare triple {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,144 INFO  L290        TraceCheckUtils]: 27: Hoare triple {21527#true} assume !(1 == ~handle); {21527#true} is VALID
[2022-02-20 18:04:51,144 INFO  L290        TraceCheckUtils]: 28: Hoare triple {21527#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,144 INFO  L290        TraceCheckUtils]: 29: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,144 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {21527#true} {21527#true} #1088#return; {21527#true} is VALID
[2022-02-20 18:04:51,145 INFO  L290        TraceCheckUtils]: 31: Hoare triple {21527#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21547#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 18:04:51,145 INFO  L272        TraceCheckUtils]: 32: Hoare triple {21547#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:04:51,146 INFO  L290        TraceCheckUtils]: 33: Hoare triple {21583#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21585#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,146 INFO  L290        TraceCheckUtils]: 34: Hoare triple {21585#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21585#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,146 INFO  L290        TraceCheckUtils]: 35: Hoare triple {21585#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21585#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,147 INFO  L290        TraceCheckUtils]: 36: Hoare triple {21585#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21586#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,147 INFO  L290        TraceCheckUtils]: 37: Hoare triple {21586#(= 3 |setClientId_#in~handle|)} assume true; {21586#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:04:51,148 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {21586#(= 3 |setClientId_#in~handle|)} {21547#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID
[2022-02-20 18:04:51,148 INFO  L290        TraceCheckUtils]: 39: Hoare triple {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID
[2022-02-20 18:04:51,149 INFO  L272        TraceCheckUtils]: 40: Hoare triple {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:04:51,149 INFO  L290        TraceCheckUtils]: 41: Hoare triple {21584#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21587#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:04:51,149 INFO  L290        TraceCheckUtils]: 42: Hoare triple {21587#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21588#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:51,150 INFO  L290        TraceCheckUtils]: 43: Hoare triple {21588#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21588#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 18:04:51,150 INFO  L284        TraceCheckUtils]: 44: Hoare quadruple {21588#(= |setClientPrivateKey_#in~handle| 1)} {21554#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1092#return; {21528#false} is VALID
[2022-02-20 18:04:51,150 INFO  L290        TraceCheckUtils]: 45: Hoare triple {21528#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {21528#false} is VALID
[2022-02-20 18:04:51,150 INFO  L290        TraceCheckUtils]: 46: Hoare triple {21528#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 47: Hoare triple {21528#false} assume !false; {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 48: Hoare triple {21528#false} assume test_~splverifierCounter~0#1 < 4; {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 49: Hoare triple {21528#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 50: Hoare triple {21528#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 51: Hoare triple {21528#false} assume !(0 != test_~tmp___9~0#1); {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 52: Hoare triple {21528#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {21528#false} is VALID
[2022-02-20 18:04:51,151 INFO  L290        TraceCheckUtils]: 53: Hoare triple {21528#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21528#false} is VALID
[2022-02-20 18:04:51,152 INFO  L290        TraceCheckUtils]: 54: Hoare triple {21528#false} assume !false; {21528#false} is VALID
[2022-02-20 18:04:51,152 INFO  L290        TraceCheckUtils]: 55: Hoare triple {21528#false} assume !(test_~splverifierCounter~0#1 < 4); {21528#false} is VALID
[2022-02-20 18:04:51,152 INFO  L290        TraceCheckUtils]: 56: Hoare triple {21528#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {21528#false} is VALID
[2022-02-20 18:04:51,152 INFO  L272        TraceCheckUtils]: 57: Hoare triple {21528#false} call sendEmail(~bob~0, ~rjh~0); {21528#false} is VALID
[2022-02-20 18:04:51,164 INFO  L290        TraceCheckUtils]: 58: Hoare triple {21528#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21528#false} is VALID
[2022-02-20 18:04:51,164 INFO  L272        TraceCheckUtils]: 59: Hoare triple {21528#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21589#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:51,164 INFO  L290        TraceCheckUtils]: 60: Hoare triple {21589#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,164 INFO  L290        TraceCheckUtils]: 61: Hoare triple {21527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,164 INFO  L290        TraceCheckUtils]: 62: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,165 INFO  L284        TraceCheckUtils]: 63: Hoare quadruple {21527#true} {21528#false} #1068#return; {21528#false} is VALID
[2022-02-20 18:04:51,165 INFO  L272        TraceCheckUtils]: 64: Hoare triple {21528#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21590#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:04:51,165 INFO  L290        TraceCheckUtils]: 65: Hoare triple {21590#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,165 INFO  L290        TraceCheckUtils]: 66: Hoare triple {21527#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,165 INFO  L290        TraceCheckUtils]: 67: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,165 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {21527#true} {21528#false} #1070#return; {21528#false} is VALID
[2022-02-20 18:04:51,165 INFO  L290        TraceCheckUtils]: 69: Hoare triple {21528#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {21528#false} is VALID
[2022-02-20 18:04:51,166 INFO  L290        TraceCheckUtils]: 70: Hoare triple {21528#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {21528#false} is VALID
[2022-02-20 18:04:51,166 INFO  L272        TraceCheckUtils]: 71: Hoare triple {21528#false} call outgoing(~sender#1, ~email~0#1); {21528#false} is VALID
[2022-02-20 18:04:51,166 INFO  L290        TraceCheckUtils]: 72: Hoare triple {21528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {21528#false} is VALID
[2022-02-20 18:04:51,166 INFO  L272        TraceCheckUtils]: 73: Hoare triple {21528#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {21527#true} is VALID
[2022-02-20 18:04:51,166 INFO  L290        TraceCheckUtils]: 74: Hoare triple {21527#true} ~handle := #in~handle;havoc ~retValue_acc~19; {21527#true} is VALID
[2022-02-20 18:04:51,166 INFO  L290        TraceCheckUtils]: 75: Hoare triple {21527#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {21527#true} is VALID
[2022-02-20 18:04:51,166 INFO  L290        TraceCheckUtils]: 76: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,167 INFO  L284        TraceCheckUtils]: 77: Hoare quadruple {21527#true} {21528#false} #1028#return; {21528#false} is VALID
[2022-02-20 18:04:51,167 INFO  L290        TraceCheckUtils]: 78: Hoare triple {21528#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {21528#false} is VALID
[2022-02-20 18:04:51,167 INFO  L290        TraceCheckUtils]: 79: Hoare triple {21528#false} assume !(0 != ~size~0#1); {21528#false} is VALID
[2022-02-20 18:04:51,167 INFO  L272        TraceCheckUtils]: 80: Hoare triple {21528#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {21528#false} is VALID
[2022-02-20 18:04:51,167 INFO  L290        TraceCheckUtils]: 81: Hoare triple {21528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {21528#false} is VALID
[2022-02-20 18:04:51,167 INFO  L272        TraceCheckUtils]: 82: Hoare triple {21528#false} call #t~ret34#1 := getEmailTo(~msg#1); {21527#true} is VALID
[2022-02-20 18:04:51,167 INFO  L290        TraceCheckUtils]: 83: Hoare triple {21527#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21527#true} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 84: Hoare triple {21527#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21527#true} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 85: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,168 INFO  L284        TraceCheckUtils]: 86: Hoare quadruple {21527#true} {21528#false} #1046#return; {21528#false} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 87: Hoare triple {21528#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {21528#false} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 88: Hoare triple {21528#false} assume 1 == findPublicKey_~handle#1; {21528#false} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 89: Hoare triple {21528#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {21528#false} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 90: Hoare triple {21528#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {21528#false} is VALID
[2022-02-20 18:04:51,168 INFO  L290        TraceCheckUtils]: 91: Hoare triple {21528#false} assume !(0 != ~pubkey~0#1); {21528#false} is VALID
[2022-02-20 18:04:51,169 INFO  L290        TraceCheckUtils]: 92: Hoare triple {21528#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {21528#false} is VALID
[2022-02-20 18:04:51,169 INFO  L290        TraceCheckUtils]: 93: Hoare triple {21528#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {21528#false} is VALID
[2022-02-20 18:04:51,169 INFO  L290        TraceCheckUtils]: 94: Hoare triple {21528#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {21528#false} is VALID
[2022-02-20 18:04:51,169 INFO  L272        TraceCheckUtils]: 95: Hoare triple {21528#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {21589#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:04:51,169 INFO  L290        TraceCheckUtils]: 96: Hoare triple {21589#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21527#true} is VALID
[2022-02-20 18:04:51,169 INFO  L290        TraceCheckUtils]: 97: Hoare triple {21527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21527#true} is VALID
[2022-02-20 18:04:51,169 INFO  L290        TraceCheckUtils]: 98: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,170 INFO  L284        TraceCheckUtils]: 99: Hoare quadruple {21527#true} {21528#false} #1052#return; {21528#false} is VALID
[2022-02-20 18:04:51,170 INFO  L290        TraceCheckUtils]: 100: Hoare triple {21528#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {21528#false} is VALID
[2022-02-20 18:04:51,170 INFO  L290        TraceCheckUtils]: 101: Hoare triple {21528#false} assume 0 != ~in_encrypted~0; {21528#false} is VALID
[2022-02-20 18:04:51,170 INFO  L272        TraceCheckUtils]: 102: Hoare triple {21528#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {21527#true} is VALID
[2022-02-20 18:04:51,170 INFO  L290        TraceCheckUtils]: 103: Hoare triple {21527#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21527#true} is VALID
[2022-02-20 18:04:51,170 INFO  L290        TraceCheckUtils]: 104: Hoare triple {21527#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21527#true} is VALID
[2022-02-20 18:04:51,170 INFO  L290        TraceCheckUtils]: 105: Hoare triple {21527#true} assume true; {21527#true} is VALID
[2022-02-20 18:04:51,171 INFO  L284        TraceCheckUtils]: 106: Hoare quadruple {21527#true} {21528#false} #1054#return; {21528#false} is VALID
[2022-02-20 18:04:51,171 INFO  L290        TraceCheckUtils]: 107: Hoare triple {21528#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {21528#false} is VALID
[2022-02-20 18:04:51,171 INFO  L290        TraceCheckUtils]: 108: Hoare triple {21528#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {21528#false} is VALID
[2022-02-20 18:04:51,171 INFO  L290        TraceCheckUtils]: 109: Hoare triple {21528#false} assume !false; {21528#false} is VALID
[2022-02-20 18:04:51,171 INFO  L134       CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked.
[2022-02-20 18:04:51,172 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:04:51,172 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [853254262]
[2022-02-20 18:04:51,172 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [853254262] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:04:51,172 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 18:04:51,172 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12
[2022-02-20 18:04:51,172 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1036998144]
[2022-02-20 18:04:51,172 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:04:51,173 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110
[2022-02-20 18:04:51,173 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:04:51,174 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:04:51,248 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:04:51,248 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 12 states
[2022-02-20 18:04:51,248 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:04:51,249 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants.
[2022-02-20 18:04:51,249 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132
[2022-02-20 18:04:51,249 INFO  L87              Difference]: Start difference. First operand 406 states and 639 transitions. Second operand  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:04:59,827 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:04:59,827 INFO  L93              Difference]: Finished difference Result 867 states and 1383 transitions.
[2022-02-20 18:04:59,828 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. 
[2022-02-20 18:04:59,828 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110
[2022-02-20 18:04:59,828 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:04:59,828 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:04:59,838 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1151 transitions.
[2022-02-20 18:04:59,838 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:04:59,849 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1151 transitions.
[2022-02-20 18:04:59,849 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1151 transitions.
[2022-02-20 18:05:00,800 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1151 edges. 1151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:05:00,816 INFO  L225             Difference]: With dead ends: 867
[2022-02-20 18:05:00,816 INFO  L226             Difference]: Without dead ends: 488
[2022-02-20 18:05:00,817 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552
[2022-02-20 18:05:00,818 INFO  L933         BasicCegarLoop]: 541 mSDtfsCounter, 1332 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 3172 mSolverCounterSat, 463 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1332 SdHoareTripleChecker+Valid, 1843 SdHoareTripleChecker+Invalid, 3635 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 463 IncrementalHoareTripleChecker+Valid, 3172 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time
[2022-02-20 18:05:00,818 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1332 Valid, 1843 Invalid, 3635 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [463 Valid, 3172 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time]
[2022-02-20 18:05:00,819 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 488 states.
[2022-02-20 18:05:00,912 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 488 to 406.
[2022-02-20 18:05:00,913 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:05:00,914 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:05:00,914 INFO  L74              IsIncluded]: Start isIncluded. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:05:00,915 INFO  L87              Difference]: Start difference. First operand 488 states. Second operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:05:00,931 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:05:00,931 INFO  L93              Difference]: Finished difference Result 488 states and 781 transitions.
[2022-02-20 18:05:00,931 INFO  L276                IsEmpty]: Start isEmpty. Operand 488 states and 781 transitions.
[2022-02-20 18:05:00,935 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:05:00,935 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:05:00,936 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 488 states.
[2022-02-20 18:05:00,938 INFO  L87              Difference]: Start difference. First operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 488 states.
[2022-02-20 18:05:00,955 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:05:00,955 INFO  L93              Difference]: Finished difference Result 488 states and 781 transitions.
[2022-02-20 18:05:00,955 INFO  L276                IsEmpty]: Start isEmpty. Operand 488 states and 781 transitions.
[2022-02-20 18:05:00,958 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:05:00,958 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:05:00,958 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:05:00,958 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:05:00,959 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 406 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 322 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72)
[2022-02-20 18:05:00,973 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 406 states to 406 states and 638 transitions.
[2022-02-20 18:05:00,973 INFO  L78                 Accepts]: Start accepts. Automaton has 406 states and 638 transitions. Word has length 110
[2022-02-20 18:05:00,973 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:05:00,973 INFO  L470      AbstractCegarLoop]: Abstraction has 406 states and 638 transitions.
[2022-02-20 18:05:00,974 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:05:00,974 INFO  L276                IsEmpty]: Start isEmpty. Operand 406 states and 638 transitions.
[2022-02-20 18:05:00,977 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 112
[2022-02-20 18:05:00,977 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:05:00,977 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:05:00,977 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8
[2022-02-20 18:05:00,977 INFO  L402      AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:05:00,978 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:05:00,978 INFO  L85        PathProgramCache]: Analyzing trace with hash 78260293, now seen corresponding path program 2 times
[2022-02-20 18:05:00,978 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:05:00,978 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1343875429]
[2022-02-20 18:05:00,978 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:05:00,978 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:05:01,017 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,044 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:05:01,047 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,049 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,049 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,049 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,049 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24356#true} #1082#return; {24356#true} is VALID
[2022-02-20 18:05:01,055 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:05:01,057 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,059 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,059 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,059 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,059 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24356#true} #1084#return; {24356#true} is VALID
[2022-02-20 18:05:01,060 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:05:01,061 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,063 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,063 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume !(1 == ~handle); {24356#true} is VALID
[2022-02-20 18:05:01,063 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,064 INFO  L290        TraceCheckUtils]: 3: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,064 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {24356#true} {24356#true} #1086#return; {24356#true} is VALID
[2022-02-20 18:05:01,064 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:05:01,065 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,067 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,068 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume !(1 == ~handle); {24356#true} is VALID
[2022-02-20 18:05:01,068 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,068 INFO  L290        TraceCheckUtils]: 3: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,068 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {24356#true} {24356#true} #1088#return; {24356#true} is VALID
[2022-02-20 18:05:01,068 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 18:05:01,072 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,087 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24415#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,087 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24415#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24415#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,087 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24415#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24415#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,088 INFO  L290        TraceCheckUtils]: 3: Hoare triple {24415#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24416#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,088 INFO  L290        TraceCheckUtils]: 4: Hoare triple {24416#(= 3 |setClientId_#in~handle|)} assume true; {24416#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,089 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {24416#(= 3 |setClientId_#in~handle|)} {24376#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID
[2022-02-20 18:05:01,089 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40
[2022-02-20 18:05:01,091 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,107 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,108 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,108 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24418#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,108 INFO  L290        TraceCheckUtils]: 3: Hoare triple {24418#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24418#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,109 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {24418#(= 2 |setClientPrivateKey_#in~handle|)} {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1092#return; {24357#false} is VALID
[2022-02-20 18:05:01,117 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60
[2022-02-20 18:05:01,118 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,121 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,122 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,122 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,122 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24357#false} #1068#return; {24357#false} is VALID
[2022-02-20 18:05:01,131 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65
[2022-02-20 18:05:01,132 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,134 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24420#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,134 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,134 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,135 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24357#false} #1070#return; {24357#false} is VALID
[2022-02-20 18:05:01,135 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74
[2022-02-20 18:05:01,135 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,138 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24356#true} ~handle := #in~handle;havoc ~retValue_acc~19; {24356#true} is VALID
[2022-02-20 18:05:01,138 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {24356#true} is VALID
[2022-02-20 18:05:01,139 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,139 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24357#false} #1028#return; {24357#false} is VALID
[2022-02-20 18:05:01,139 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83
[2022-02-20 18:05:01,140 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,145 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24356#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24356#true} is VALID
[2022-02-20 18:05:01,145 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {24356#true} is VALID
[2022-02-20 18:05:01,145 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,145 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24357#false} #1046#return; {24357#false} is VALID
[2022-02-20 18:05:01,146 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96
[2022-02-20 18:05:01,147 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,148 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,149 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,149 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,149 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24357#false} #1052#return; {24357#false} is VALID
[2022-02-20 18:05:01,149 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103
[2022-02-20 18:05:01,150 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:05:01,152 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24356#true} ~handle := #in~handle;havoc ~retValue_acc~39; {24356#true} is VALID
[2022-02-20 18:05:01,152 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {24356#true} is VALID
[2022-02-20 18:05:01,152 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,152 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {24356#true} {24357#false} #1054#return; {24357#false} is VALID
[2022-02-20 18:05:01,153 INFO  L290        TraceCheckUtils]: 0: Hoare triple {24356#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(115, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24356#true} is VALID
[2022-02-20 18:05:01,153 INFO  L290        TraceCheckUtils]: 1: Hoare triple {24356#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {24356#true} is VALID
[2022-02-20 18:05:01,153 INFO  L290        TraceCheckUtils]: 2: Hoare triple {24356#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24356#true} is VALID
[2022-02-20 18:05:01,153 INFO  L290        TraceCheckUtils]: 3: Hoare triple {24356#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {24356#true} is VALID
[2022-02-20 18:05:01,153 INFO  L290        TraceCheckUtils]: 4: Hoare triple {24356#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {24356#true} is VALID
[2022-02-20 18:05:01,153 INFO  L290        TraceCheckUtils]: 5: Hoare triple {24356#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24356#true} is VALID
[2022-02-20 18:05:01,154 INFO  L272        TraceCheckUtils]: 6: Hoare triple {24356#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:05:01,154 INFO  L290        TraceCheckUtils]: 7: Hoare triple {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,154 INFO  L290        TraceCheckUtils]: 8: Hoare triple {24356#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,155 INFO  L290        TraceCheckUtils]: 9: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,155 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {24356#true} {24356#true} #1082#return; {24356#true} is VALID
[2022-02-20 18:05:01,155 INFO  L290        TraceCheckUtils]: 11: Hoare triple {24356#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24356#true} is VALID
[2022-02-20 18:05:01,155 INFO  L272        TraceCheckUtils]: 12: Hoare triple {24356#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:05:01,156 INFO  L290        TraceCheckUtils]: 13: Hoare triple {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,156 INFO  L290        TraceCheckUtils]: 14: Hoare triple {24356#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,156 INFO  L290        TraceCheckUtils]: 15: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,156 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {24356#true} {24356#true} #1084#return; {24356#true} is VALID
[2022-02-20 18:05:01,156 INFO  L290        TraceCheckUtils]: 17: Hoare triple {24356#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24356#true} is VALID
[2022-02-20 18:05:01,157 INFO  L272        TraceCheckUtils]: 18: Hoare triple {24356#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:05:01,157 INFO  L290        TraceCheckUtils]: 19: Hoare triple {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,157 INFO  L290        TraceCheckUtils]: 20: Hoare triple {24356#true} assume !(1 == ~handle); {24356#true} is VALID
[2022-02-20 18:05:01,157 INFO  L290        TraceCheckUtils]: 21: Hoare triple {24356#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,157 INFO  L290        TraceCheckUtils]: 22: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,158 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {24356#true} {24356#true} #1086#return; {24356#true} is VALID
[2022-02-20 18:05:01,158 INFO  L290        TraceCheckUtils]: 24: Hoare triple {24356#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24356#true} is VALID
[2022-02-20 18:05:01,158 INFO  L272        TraceCheckUtils]: 25: Hoare triple {24356#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:05:01,158 INFO  L290        TraceCheckUtils]: 26: Hoare triple {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,159 INFO  L290        TraceCheckUtils]: 27: Hoare triple {24356#true} assume !(1 == ~handle); {24356#true} is VALID
[2022-02-20 18:05:01,159 INFO  L290        TraceCheckUtils]: 28: Hoare triple {24356#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,159 INFO  L290        TraceCheckUtils]: 29: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,159 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {24356#true} {24356#true} #1088#return; {24356#true} is VALID
[2022-02-20 18:05:01,160 INFO  L290        TraceCheckUtils]: 31: Hoare triple {24356#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24376#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 18:05:01,160 INFO  L272        TraceCheckUtils]: 32: Hoare triple {24376#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:05:01,161 INFO  L290        TraceCheckUtils]: 33: Hoare triple {24413#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24415#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,161 INFO  L290        TraceCheckUtils]: 34: Hoare triple {24415#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24415#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,161 INFO  L290        TraceCheckUtils]: 35: Hoare triple {24415#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24415#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,162 INFO  L290        TraceCheckUtils]: 36: Hoare triple {24415#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24416#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,162 INFO  L290        TraceCheckUtils]: 37: Hoare triple {24416#(= 3 |setClientId_#in~handle|)} assume true; {24416#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:05:01,163 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {24416#(= 3 |setClientId_#in~handle|)} {24376#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1090#return; {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID
[2022-02-20 18:05:01,163 INFO  L290        TraceCheckUtils]: 39: Hoare triple {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID
[2022-02-20 18:05:01,164 INFO  L272        TraceCheckUtils]: 40: Hoare triple {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:05:01,164 INFO  L290        TraceCheckUtils]: 41: Hoare triple {24414#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,164 INFO  L290        TraceCheckUtils]: 42: Hoare triple {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,165 INFO  L290        TraceCheckUtils]: 43: Hoare triple {24417#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24418#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,165 INFO  L290        TraceCheckUtils]: 44: Hoare triple {24418#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24418#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 18:05:01,165 INFO  L284        TraceCheckUtils]: 45: Hoare quadruple {24418#(= 2 |setClientPrivateKey_#in~handle|)} {24383#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1092#return; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 46: Hoare triple {24357#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 47: Hoare triple {24357#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 48: Hoare triple {24357#false} assume !false; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 49: Hoare triple {24357#false} assume test_~splverifierCounter~0#1 < 4; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 50: Hoare triple {24357#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 51: Hoare triple {24357#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {24357#false} is VALID
[2022-02-20 18:05:01,166 INFO  L290        TraceCheckUtils]: 52: Hoare triple {24357#false} assume !(0 != test_~tmp___9~0#1); {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L290        TraceCheckUtils]: 53: Hoare triple {24357#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet52#1 && test_#t~nondet52#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet52#1;havoc test_#t~nondet52#1; {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L290        TraceCheckUtils]: 54: Hoare triple {24357#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L290        TraceCheckUtils]: 55: Hoare triple {24357#false} assume !false; {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L290        TraceCheckUtils]: 56: Hoare triple {24357#false} assume !(test_~splverifierCounter~0#1 < 4); {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L290        TraceCheckUtils]: 57: Hoare triple {24357#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L272        TraceCheckUtils]: 58: Hoare triple {24357#false} call sendEmail(~bob~0, ~rjh~0); {24357#false} is VALID
[2022-02-20 18:05:01,167 INFO  L290        TraceCheckUtils]: 59: Hoare triple {24357#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24357#false} is VALID
[2022-02-20 18:05:01,168 INFO  L272        TraceCheckUtils]: 60: Hoare triple {24357#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:05:01,168 INFO  L290        TraceCheckUtils]: 61: Hoare triple {24419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,168 INFO  L290        TraceCheckUtils]: 62: Hoare triple {24356#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,168 INFO  L290        TraceCheckUtils]: 63: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,168 INFO  L284        TraceCheckUtils]: 64: Hoare quadruple {24356#true} {24357#false} #1068#return; {24357#false} is VALID
[2022-02-20 18:05:01,168 INFO  L272        TraceCheckUtils]: 65: Hoare triple {24357#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24420#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:05:01,169 INFO  L290        TraceCheckUtils]: 66: Hoare triple {24420#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,169 INFO  L290        TraceCheckUtils]: 67: Hoare triple {24356#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,169 INFO  L290        TraceCheckUtils]: 68: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,169 INFO  L284        TraceCheckUtils]: 69: Hoare quadruple {24356#true} {24357#false} #1070#return; {24357#false} is VALID
[2022-02-20 18:05:01,169 INFO  L290        TraceCheckUtils]: 70: Hoare triple {24357#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {24357#false} is VALID
[2022-02-20 18:05:01,169 INFO  L290        TraceCheckUtils]: 71: Hoare triple {24357#false} #t~ret48#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret48#1 && #t~ret48#1 <= 2147483647;~tmp~10#1 := #t~ret48#1;havoc #t~ret48#1;~email~0#1 := ~tmp~10#1; {24357#false} is VALID
[2022-02-20 18:05:01,169 INFO  L272        TraceCheckUtils]: 72: Hoare triple {24357#false} call outgoing(~sender#1, ~email~0#1); {24357#false} is VALID
[2022-02-20 18:05:01,170 INFO  L290        TraceCheckUtils]: 73: Hoare triple {24357#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {24357#false} is VALID
[2022-02-20 18:05:01,170 INFO  L272        TraceCheckUtils]: 74: Hoare triple {24357#false} call #t~ret36#1 := getClientAddressBookSize(~client#1); {24356#true} is VALID
[2022-02-20 18:05:01,170 INFO  L290        TraceCheckUtils]: 75: Hoare triple {24356#true} ~handle := #in~handle;havoc ~retValue_acc~19; {24356#true} is VALID
[2022-02-20 18:05:01,170 INFO  L290        TraceCheckUtils]: 76: Hoare triple {24356#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~19; {24356#true} is VALID
[2022-02-20 18:05:01,170 INFO  L290        TraceCheckUtils]: 77: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,170 INFO  L284        TraceCheckUtils]: 78: Hoare quadruple {24356#true} {24357#false} #1028#return; {24357#false} is VALID
[2022-02-20 18:05:01,170 INFO  L290        TraceCheckUtils]: 79: Hoare triple {24357#false} assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~7#1 := #t~ret36#1;havoc #t~ret36#1;~size~0#1 := ~tmp~7#1; {24357#false} is VALID
[2022-02-20 18:05:01,171 INFO  L290        TraceCheckUtils]: 80: Hoare triple {24357#false} assume !(0 != ~size~0#1); {24357#false} is VALID
[2022-02-20 18:05:01,171 INFO  L272        TraceCheckUtils]: 81: Hoare triple {24357#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {24357#false} is VALID
[2022-02-20 18:05:01,171 INFO  L290        TraceCheckUtils]: 82: Hoare triple {24357#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {24357#false} is VALID
[2022-02-20 18:05:01,171 INFO  L272        TraceCheckUtils]: 83: Hoare triple {24357#false} call #t~ret34#1 := getEmailTo(~msg#1); {24356#true} is VALID
[2022-02-20 18:05:01,171 INFO  L290        TraceCheckUtils]: 84: Hoare triple {24356#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24356#true} is VALID
[2022-02-20 18:05:01,171 INFO  L290        TraceCheckUtils]: 85: Hoare triple {24356#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {24356#true} is VALID
[2022-02-20 18:05:01,171 INFO  L290        TraceCheckUtils]: 86: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,171 INFO  L284        TraceCheckUtils]: 87: Hoare quadruple {24356#true} {24357#false} #1046#return; {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 88: Hoare triple {24357#false} assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~6#1 := #t~ret34#1;havoc #t~ret34#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~30#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~30#1; {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 89: Hoare triple {24357#false} assume 1 == findPublicKey_~handle#1; {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 90: Hoare triple {24357#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~30#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~30#1; {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 91: Hoare triple {24357#false} #t~ret35#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp___0~2#1 := #t~ret35#1;havoc #t~ret35#1;~pubkey~0#1 := ~tmp___0~2#1; {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 92: Hoare triple {24357#false} assume !(0 != ~pubkey~0#1); {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 93: Hoare triple {24357#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret33#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~32#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~32#1; {24357#false} is VALID
[2022-02-20 18:05:01,172 INFO  L290        TraceCheckUtils]: 94: Hoare triple {24357#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~32#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~32#1; {24357#false} is VALID
[2022-02-20 18:05:01,173 INFO  L290        TraceCheckUtils]: 95: Hoare triple {24357#false} outgoing__wrappee__Keys_#t~ret33#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret33#1 && outgoing__wrappee__Keys_#t~ret33#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret33#1;havoc outgoing__wrappee__Keys_#t~ret33#1; {24357#false} is VALID
[2022-02-20 18:05:01,173 INFO  L272        TraceCheckUtils]: 96: Hoare triple {24357#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {24419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:05:01,173 INFO  L290        TraceCheckUtils]: 97: Hoare triple {24419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24356#true} is VALID
[2022-02-20 18:05:01,173 INFO  L290        TraceCheckUtils]: 98: Hoare triple {24356#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24356#true} is VALID
[2022-02-20 18:05:01,173 INFO  L290        TraceCheckUtils]: 99: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,173 INFO  L284        TraceCheckUtils]: 100: Hoare quadruple {24356#true} {24357#false} #1052#return; {24357#false} is VALID
[2022-02-20 18:05:01,174 INFO  L290        TraceCheckUtils]: 101: Hoare triple {24357#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret31#1, mail_#t~ret32#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1, __utac_acc__EncryptForward_spec__2_#t~nondet29#1, __utac_acc__EncryptForward_spec__2_#t~ret30#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~3#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~3#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret28#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret28#1 && __utac_acc__EncryptForward_spec__2_#t~ret28#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret28#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet29#1; {24357#false} is VALID
[2022-02-20 18:05:01,174 INFO  L290        TraceCheckUtils]: 102: Hoare triple {24357#false} assume 0 != ~in_encrypted~0; {24357#false} is VALID
[2022-02-20 18:05:01,174 INFO  L272        TraceCheckUtils]: 103: Hoare triple {24357#false} call __utac_acc__EncryptForward_spec__2_#t~ret30#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {24356#true} is VALID
[2022-02-20 18:05:01,174 INFO  L290        TraceCheckUtils]: 104: Hoare triple {24356#true} ~handle := #in~handle;havoc ~retValue_acc~39; {24356#true} is VALID
[2022-02-20 18:05:01,174 INFO  L290        TraceCheckUtils]: 105: Hoare triple {24356#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {24356#true} is VALID
[2022-02-20 18:05:01,174 INFO  L290        TraceCheckUtils]: 106: Hoare triple {24356#true} assume true; {24356#true} is VALID
[2022-02-20 18:05:01,174 INFO  L284        TraceCheckUtils]: 107: Hoare quadruple {24356#true} {24357#false} #1054#return; {24357#false} is VALID
[2022-02-20 18:05:01,174 INFO  L290        TraceCheckUtils]: 108: Hoare triple {24357#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret30#1 && __utac_acc__EncryptForward_spec__2_#t~ret30#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~3#1 := __utac_acc__EncryptForward_spec__2_#t~ret30#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret30#1; {24357#false} is VALID
[2022-02-20 18:05:01,175 INFO  L290        TraceCheckUtils]: 109: Hoare triple {24357#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {24357#false} is VALID
[2022-02-20 18:05:01,175 INFO  L290        TraceCheckUtils]: 110: Hoare triple {24357#false} assume !false; {24357#false} is VALID
[2022-02-20 18:05:01,175 INFO  L134       CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked.
[2022-02-20 18:05:01,175 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:05:01,175 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1343875429]
[2022-02-20 18:05:01,176 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1343875429] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 18:05:01,176 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 18:05:01,176 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12
[2022-02-20 18:05:01,176 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [281016181]
[2022-02-20 18:05:01,176 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 18:05:01,177 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111
[2022-02-20 18:05:01,177 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:05:01,177 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:05:01,246 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:05:01,246 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 12 states
[2022-02-20 18:05:01,246 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:05:01,247 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants.
[2022-02-20 18:05:01,247 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132
[2022-02-20 18:05:01,247 INFO  L87              Difference]: Start difference. First operand 406 states and 638 transitions. Second operand  has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)