./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec9_product28.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec9_product28.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 6fc432013ed2168eea9a323e37470d64fe5b972a8b4d9d4e2e5fdd67cd32ffed --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:05:00,430 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:05:00,432 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:05:00,457 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:05:00,458 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:05:00,459 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:05:00,459 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:05:00,463 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:05:00,465 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:05:00,467 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:05:00,467 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:05:00,468 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:05:00,469 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:05:00,470 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:05:00,471 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:05:00,472 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:05:00,474 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:05:00,476 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:05:00,477 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:05:00,482 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:05:00,482 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:05:00,483 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:05:00,484 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:05:00,485 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:05:00,486 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:05:00,486 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:05:00,487 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:05:00,487 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:05:00,488 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:05:00,488 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:05:00,488 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:05:00,489 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:05:00,489 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:05:00,490 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:05:00,490 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:05:00,491 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:05:00,491 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:05:00,491 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:05:00,491 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:05:00,492 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:05:00,492 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:05:00,493 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:05:00,506 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:05:00,509 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:05:00,510 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:05:00,510 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:05:00,510 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:05:00,511 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:05:00,511 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:05:00,511 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:05:00,512 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:05:00,512 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:05:00,512 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:05:00,512 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:05:00,513 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:05:00,514 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:05:00,514 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:05:00,514 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:05:00,514 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:05:00,514 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:05:00,514 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:00,515 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:05:00,515 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:05:00,516 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:05:00,516 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:05:00,516 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:05:00,516 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:05:00,516 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:05:00,516 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:05:00,517 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 6fc432013ed2168eea9a323e37470d64fe5b972a8b4d9d4e2e5fdd67cd32ffed [2022-02-20 18:05:00,669 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:05:00,682 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:05:00,684 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:05:00,684 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:05:00,685 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:05:00,686 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec9_product28.cil.c [2022-02-20 18:05:00,726 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2065f4354/847c72e84d1e4be2a7015c3fba41d513/FLAGe06583832 [2022-02-20 18:05:01,186 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:05:01,186 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product28.cil.c [2022-02-20 18:05:01,216 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2065f4354/847c72e84d1e4be2a7015c3fba41d513/FLAGe06583832 [2022-02-20 18:05:01,705 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2065f4354/847c72e84d1e4be2a7015c3fba41d513 [2022-02-20 18:05:01,707 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:05:01,709 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:05:01,711 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:01,711 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:05:01,725 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:05:01,726 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:01" (1/1) ... [2022-02-20 18:05:01,726 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@354a1c33 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:01, skipping insertion in model container [2022-02-20 18:05:01,726 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:01" (1/1) ... [2022-02-20 18:05:01,730 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:05:01,775 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:05:02,169 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product28.cil.c[63802,63815] [2022-02-20 18:05:02,171 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:02,185 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:05:02,302 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product28.cil.c[63802,63815] [2022-02-20 18:05:02,302 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:02,326 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:05:02,327 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02 WrapperNode [2022-02-20 18:05:02,327 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:02,328 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:02,328 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:05:02,328 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:05:02,333 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,360 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,426 INFO L137 Inliner]: procedures = 129, calls = 213, calls flagged for inlining = 56, calls inlined = 46, statements flattened = 868 [2022-02-20 18:05:02,426 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:02,443 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:05:02,443 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:05:02,443 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:05:02,461 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,461 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,466 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,474 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,486 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,500 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,502 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,507 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:05:02,508 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:05:02,508 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:05:02,508 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:05:02,515 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (1/1) ... [2022-02-20 18:05:02,520 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:02,529 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:02,539 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:05:02,540 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:05:02,567 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:05:02,568 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:05:02,568 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:05:02,568 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:05:02,568 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:05:02,568 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:05:02,568 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:05:02,568 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:05:02,569 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:05:02,569 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:05:02,569 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:05:02,569 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:05:02,569 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:05:02,569 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:05:02,569 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:05:02,569 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:05:02,570 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:05:02,570 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:05:02,570 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:05:02,570 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:05:02,570 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:05:02,570 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:05:02,570 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:05:02,570 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:05:02,571 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:05:02,571 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:05:02,571 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:05:02,571 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:05:02,571 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:05:02,572 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:05:02,572 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:05:02,572 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:05:02,572 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:05:02,572 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:05:02,572 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:05:02,573 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:05:02,573 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:05:02,573 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:05:02,573 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:05:02,573 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:05:02,573 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:05:02,573 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:05:02,574 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:05:02,574 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:05:02,574 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:05:02,574 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:05:02,574 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:05:02,574 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:05:02,574 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:05:02,765 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:05:02,767 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:05:03,491 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:05:03,500 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:05:03,501 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:05:03,502 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:03 BoogieIcfgContainer [2022-02-20 18:05:03,502 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:05:03,504 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:05:03,504 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:05:03,506 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:05:03,507 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:05:01" (1/3) ... [2022-02-20 18:05:03,507 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@190e9e1c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:03, skipping insertion in model container [2022-02-20 18:05:03,507 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:02" (2/3) ... [2022-02-20 18:05:03,508 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@190e9e1c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:03, skipping insertion in model container [2022-02-20 18:05:03,508 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:03" (3/3) ... [2022-02-20 18:05:03,509 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec9_product28.cil.c [2022-02-20 18:05:03,513 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:05:03,514 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:05:03,551 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:05:03,556 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:05:03,556 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:05:03,580 INFO L276 IsEmpty]: Start isEmpty. Operand has 328 states, 254 states have (on average 1.5196850393700787) internal successors, (386), 258 states have internal predecessors, (386), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 18:05:03,597 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 18:05:03,597 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:03,598 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:03,598 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:03,602 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:03,602 INFO L85 PathProgramCache]: Analyzing trace with hash 1688169557, now seen corresponding path program 1 times [2022-02-20 18:05:03,610 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:03,610 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2025629082] [2022-02-20 18:05:03,610 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:03,611 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:03,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:03,925 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:03,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:03,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:03,943 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:03,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:03,943 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {331#true} #960#return; {331#true} is VALID [2022-02-20 18:05:03,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:03,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:03,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:03,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:03,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:03,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {331#true} #962#return; {331#true} is VALID [2022-02-20 18:05:03,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:03,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:03,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {385#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:03,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {385#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {386#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:03,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {386#(= |setClientId_#in~handle| 1)} assume true; {386#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:03,988 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {386#(= |setClientId_#in~handle| 1)} {341#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {332#false} is VALID [2022-02-20 18:05:03,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:03,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,004 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,005 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #966#return; {332#false} is VALID [2022-02-20 18:05:04,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:04,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,012 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,013 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,014 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #968#return; {332#false} is VALID [2022-02-20 18:05:04,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:04,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #970#return; {332#false} is VALID [2022-02-20 18:05:04,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:05:04,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #948#return; {332#false} is VALID [2022-02-20 18:05:04,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:05:04,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,055 INFO L290 TraceCheckUtils]: 0: Hoare triple {331#true} ~handle := #in~handle;havoc ~retValue_acc~17; {331#true} is VALID [2022-02-20 18:05:04,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {331#true} is VALID [2022-02-20 18:05:04,056 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,056 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #906#return; {332#false} is VALID [2022-02-20 18:05:04,056 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:05:04,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {331#true} ~handle := #in~handle;havoc ~retValue_acc~36; {331#true} is VALID [2022-02-20 18:05:04,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {331#true} is VALID [2022-02-20 18:05:04,060 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #908#return; {332#false} is VALID [2022-02-20 18:05:04,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:05:04,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,071 INFO L290 TraceCheckUtils]: 0: Hoare triple {331#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {331#true} is VALID [2022-02-20 18:05:04,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle; {331#true} is VALID [2022-02-20 18:05:04,072 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {331#true} is VALID [2022-02-20 18:05:04,072 INFO L290 TraceCheckUtils]: 3: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,072 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {331#true} {332#false} #910#return; {332#false} is VALID [2022-02-20 18:05:04,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:05:04,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,081 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #916#return; {332#false} is VALID [2022-02-20 18:05:04,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:05:04,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {331#true} ~handle := #in~handle;havoc ~retValue_acc~39; {331#true} is VALID [2022-02-20 18:05:04,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {331#true} is VALID [2022-02-20 18:05:04,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,119 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {331#true} {332#false} #918#return; {332#false} is VALID [2022-02-20 18:05:04,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {331#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {331#true} is VALID [2022-02-20 18:05:04,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {331#true} is VALID [2022-02-20 18:05:04,124 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {331#true} is VALID [2022-02-20 18:05:04,125 INFO L290 TraceCheckUtils]: 3: Hoare triple {331#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {331#true} is VALID [2022-02-20 18:05:04,125 INFO L290 TraceCheckUtils]: 4: Hoare triple {331#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {331#true} is VALID [2022-02-20 18:05:04,125 INFO L290 TraceCheckUtils]: 5: Hoare triple {331#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {331#true} is VALID [2022-02-20 18:05:04,126 INFO L272 TraceCheckUtils]: 6: Hoare triple {331#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:04,126 INFO L290 TraceCheckUtils]: 7: Hoare triple {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,127 INFO L290 TraceCheckUtils]: 8: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,127 INFO L290 TraceCheckUtils]: 9: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,127 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {331#true} {331#true} #960#return; {331#true} is VALID [2022-02-20 18:05:04,127 INFO L290 TraceCheckUtils]: 11: Hoare triple {331#true} assume { :end_inline_setup_bob__wrappee__Base } true; {331#true} is VALID [2022-02-20 18:05:04,128 INFO L272 TraceCheckUtils]: 12: Hoare triple {331#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:04,128 INFO L290 TraceCheckUtils]: 13: Hoare triple {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,128 INFO L290 TraceCheckUtils]: 14: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,128 INFO L290 TraceCheckUtils]: 15: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,129 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {331#true} {331#true} #962#return; {331#true} is VALID [2022-02-20 18:05:04,130 INFO L290 TraceCheckUtils]: 17: Hoare triple {331#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {341#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:04,131 INFO L272 TraceCheckUtils]: 18: Hoare triple {341#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:04,131 INFO L290 TraceCheckUtils]: 19: Hoare triple {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {385#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:04,132 INFO L290 TraceCheckUtils]: 20: Hoare triple {385#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {386#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:04,132 INFO L290 TraceCheckUtils]: 21: Hoare triple {386#(= |setClientId_#in~handle| 1)} assume true; {386#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:04,133 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {386#(= |setClientId_#in~handle| 1)} {341#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {332#false} is VALID [2022-02-20 18:05:04,133 INFO L290 TraceCheckUtils]: 23: Hoare triple {332#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {332#false} is VALID [2022-02-20 18:05:04,133 INFO L272 TraceCheckUtils]: 24: Hoare triple {332#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:04,133 INFO L290 TraceCheckUtils]: 25: Hoare triple {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,134 INFO L290 TraceCheckUtils]: 26: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,134 INFO L290 TraceCheckUtils]: 27: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,134 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {331#true} {332#false} #966#return; {332#false} is VALID [2022-02-20 18:05:04,134 INFO L290 TraceCheckUtils]: 29: Hoare triple {332#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {332#false} is VALID [2022-02-20 18:05:04,134 INFO L272 TraceCheckUtils]: 30: Hoare triple {332#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:04,135 INFO L290 TraceCheckUtils]: 31: Hoare triple {383#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,135 INFO L290 TraceCheckUtils]: 32: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,135 INFO L290 TraceCheckUtils]: 33: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,136 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {331#true} {332#false} #968#return; {332#false} is VALID [2022-02-20 18:05:04,137 INFO L290 TraceCheckUtils]: 35: Hoare triple {332#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {332#false} is VALID [2022-02-20 18:05:04,137 INFO L272 TraceCheckUtils]: 36: Hoare triple {332#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:04,137 INFO L290 TraceCheckUtils]: 37: Hoare triple {384#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,137 INFO L290 TraceCheckUtils]: 38: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,137 INFO L290 TraceCheckUtils]: 39: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,137 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {331#true} {332#false} #970#return; {332#false} is VALID [2022-02-20 18:05:04,138 INFO L290 TraceCheckUtils]: 41: Hoare triple {332#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {332#false} is VALID [2022-02-20 18:05:04,138 INFO L290 TraceCheckUtils]: 42: Hoare triple {332#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {332#false} is VALID [2022-02-20 18:05:04,138 INFO L290 TraceCheckUtils]: 43: Hoare triple {332#false} assume !true; {332#false} is VALID [2022-02-20 18:05:04,138 INFO L290 TraceCheckUtils]: 44: Hoare triple {332#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {332#false} is VALID [2022-02-20 18:05:04,139 INFO L272 TraceCheckUtils]: 45: Hoare triple {332#false} call sendEmail(~bob~0, ~rjh~0); {332#false} is VALID [2022-02-20 18:05:04,139 INFO L290 TraceCheckUtils]: 46: Hoare triple {332#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {332#false} is VALID [2022-02-20 18:05:04,139 INFO L272 TraceCheckUtils]: 47: Hoare triple {332#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:04,139 INFO L290 TraceCheckUtils]: 48: Hoare triple {387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,139 INFO L290 TraceCheckUtils]: 49: Hoare triple {331#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,139 INFO L290 TraceCheckUtils]: 50: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,141 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {331#true} {332#false} #948#return; {332#false} is VALID [2022-02-20 18:05:04,141 INFO L290 TraceCheckUtils]: 52: Hoare triple {332#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {332#false} is VALID [2022-02-20 18:05:04,142 INFO L290 TraceCheckUtils]: 53: Hoare triple {332#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {332#false} is VALID [2022-02-20 18:05:04,142 INFO L290 TraceCheckUtils]: 54: Hoare triple {332#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {332#false} is VALID [2022-02-20 18:05:04,142 INFO L290 TraceCheckUtils]: 55: Hoare triple {332#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {332#false} is VALID [2022-02-20 18:05:04,142 INFO L272 TraceCheckUtils]: 56: Hoare triple {332#false} call outgoing(~sender#1, ~email~0#1); {332#false} is VALID [2022-02-20 18:05:04,143 INFO L290 TraceCheckUtils]: 57: Hoare triple {332#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {332#false} is VALID [2022-02-20 18:05:04,143 INFO L272 TraceCheckUtils]: 58: Hoare triple {332#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {331#true} is VALID [2022-02-20 18:05:04,144 INFO L290 TraceCheckUtils]: 59: Hoare triple {331#true} ~handle := #in~handle;havoc ~retValue_acc~17; {331#true} is VALID [2022-02-20 18:05:04,144 INFO L290 TraceCheckUtils]: 60: Hoare triple {331#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {331#true} is VALID [2022-02-20 18:05:04,144 INFO L290 TraceCheckUtils]: 61: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,145 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {331#true} {332#false} #906#return; {332#false} is VALID [2022-02-20 18:05:04,145 INFO L290 TraceCheckUtils]: 63: Hoare triple {332#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {332#false} is VALID [2022-02-20 18:05:04,152 INFO L290 TraceCheckUtils]: 64: Hoare triple {332#false} assume 0 == sign_~privkey~1#1; {332#false} is VALID [2022-02-20 18:05:04,153 INFO L290 TraceCheckUtils]: 65: Hoare triple {332#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {332#false} is VALID [2022-02-20 18:05:04,154 INFO L272 TraceCheckUtils]: 66: Hoare triple {332#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {331#true} is VALID [2022-02-20 18:05:04,154 INFO L290 TraceCheckUtils]: 67: Hoare triple {331#true} ~handle := #in~handle;havoc ~retValue_acc~36; {331#true} is VALID [2022-02-20 18:05:04,155 INFO L290 TraceCheckUtils]: 68: Hoare triple {331#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {331#true} is VALID [2022-02-20 18:05:04,155 INFO L290 TraceCheckUtils]: 69: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,156 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {331#true} {332#false} #908#return; {332#false} is VALID [2022-02-20 18:05:04,156 INFO L290 TraceCheckUtils]: 71: Hoare triple {332#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {332#false} is VALID [2022-02-20 18:05:04,159 INFO L272 TraceCheckUtils]: 72: Hoare triple {332#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {331#true} is VALID [2022-02-20 18:05:04,159 INFO L290 TraceCheckUtils]: 73: Hoare triple {331#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {331#true} is VALID [2022-02-20 18:05:04,160 INFO L290 TraceCheckUtils]: 74: Hoare triple {331#true} assume 1 == ~handle; {331#true} is VALID [2022-02-20 18:05:04,160 INFO L290 TraceCheckUtils]: 75: Hoare triple {331#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {331#true} is VALID [2022-02-20 18:05:04,160 INFO L290 TraceCheckUtils]: 76: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,160 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {331#true} {332#false} #910#return; {332#false} is VALID [2022-02-20 18:05:04,160 INFO L290 TraceCheckUtils]: 78: Hoare triple {332#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {332#false} is VALID [2022-02-20 18:05:04,160 INFO L290 TraceCheckUtils]: 79: Hoare triple {332#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {332#false} is VALID [2022-02-20 18:05:04,161 INFO L290 TraceCheckUtils]: 80: Hoare triple {332#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {332#false} is VALID [2022-02-20 18:05:04,161 INFO L290 TraceCheckUtils]: 81: Hoare triple {332#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {332#false} is VALID [2022-02-20 18:05:04,161 INFO L290 TraceCheckUtils]: 82: Hoare triple {332#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {332#false} is VALID [2022-02-20 18:05:04,161 INFO L272 TraceCheckUtils]: 83: Hoare triple {332#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:04,161 INFO L290 TraceCheckUtils]: 84: Hoare triple {387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,161 INFO L290 TraceCheckUtils]: 85: Hoare triple {331#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,161 INFO L290 TraceCheckUtils]: 86: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,161 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {331#true} {332#false} #916#return; {332#false} is VALID [2022-02-20 18:05:04,162 INFO L290 TraceCheckUtils]: 88: Hoare triple {332#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {332#false} is VALID [2022-02-20 18:05:04,162 INFO L290 TraceCheckUtils]: 89: Hoare triple {332#false} assume 0 != ~in_encrypted~0; {332#false} is VALID [2022-02-20 18:05:04,162 INFO L272 TraceCheckUtils]: 90: Hoare triple {332#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {331#true} is VALID [2022-02-20 18:05:04,162 INFO L290 TraceCheckUtils]: 91: Hoare triple {331#true} ~handle := #in~handle;havoc ~retValue_acc~39; {331#true} is VALID [2022-02-20 18:05:04,162 INFO L290 TraceCheckUtils]: 92: Hoare triple {331#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {331#true} is VALID [2022-02-20 18:05:04,162 INFO L290 TraceCheckUtils]: 93: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,162 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {331#true} {332#false} #918#return; {332#false} is VALID [2022-02-20 18:05:04,163 INFO L290 TraceCheckUtils]: 95: Hoare triple {332#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {332#false} is VALID [2022-02-20 18:05:04,163 INFO L290 TraceCheckUtils]: 96: Hoare triple {332#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {332#false} is VALID [2022-02-20 18:05:04,163 INFO L290 TraceCheckUtils]: 97: Hoare triple {332#false} assume !false; {332#false} is VALID [2022-02-20 18:05:04,164 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:05:04,164 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:04,165 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2025629082] [2022-02-20 18:05:04,165 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2025629082] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:04,166 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1290930774] [2022-02-20 18:05:04,166 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:04,166 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:04,166 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:04,168 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:04,173 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:05:04,447 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,452 INFO L263 TraceCheckSpWp]: Trace formula consists of 1017 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:05:04,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:04,520 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:04,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {331#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {331#true} is VALID [2022-02-20 18:05:04,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {331#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {331#true} is VALID [2022-02-20 18:05:04,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {331#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {331#true} is VALID [2022-02-20 18:05:04,738 INFO L290 TraceCheckUtils]: 3: Hoare triple {331#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {331#true} is VALID [2022-02-20 18:05:04,745 INFO L290 TraceCheckUtils]: 4: Hoare triple {331#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {331#true} is VALID [2022-02-20 18:05:04,745 INFO L290 TraceCheckUtils]: 5: Hoare triple {331#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {331#true} is VALID [2022-02-20 18:05:04,746 INFO L272 TraceCheckUtils]: 6: Hoare triple {331#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {331#true} is VALID [2022-02-20 18:05:04,746 INFO L290 TraceCheckUtils]: 7: Hoare triple {331#true} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,746 INFO L290 TraceCheckUtils]: 8: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,746 INFO L290 TraceCheckUtils]: 9: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,746 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {331#true} {331#true} #960#return; {331#true} is VALID [2022-02-20 18:05:04,746 INFO L290 TraceCheckUtils]: 11: Hoare triple {331#true} assume { :end_inline_setup_bob__wrappee__Base } true; {331#true} is VALID [2022-02-20 18:05:04,747 INFO L272 TraceCheckUtils]: 12: Hoare triple {331#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {331#true} is VALID [2022-02-20 18:05:04,747 INFO L290 TraceCheckUtils]: 13: Hoare triple {331#true} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,747 INFO L290 TraceCheckUtils]: 14: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,747 INFO L290 TraceCheckUtils]: 15: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,747 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {331#true} {331#true} #962#return; {331#true} is VALID [2022-02-20 18:05:04,747 INFO L290 TraceCheckUtils]: 17: Hoare triple {331#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {331#true} is VALID [2022-02-20 18:05:04,747 INFO L272 TraceCheckUtils]: 18: Hoare triple {331#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {331#true} is VALID [2022-02-20 18:05:04,748 INFO L290 TraceCheckUtils]: 19: Hoare triple {331#true} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,748 INFO L290 TraceCheckUtils]: 20: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,748 INFO L290 TraceCheckUtils]: 21: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,748 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {331#true} {331#true} #964#return; {331#true} is VALID [2022-02-20 18:05:04,748 INFO L290 TraceCheckUtils]: 23: Hoare triple {331#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {331#true} is VALID [2022-02-20 18:05:04,748 INFO L272 TraceCheckUtils]: 24: Hoare triple {331#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {331#true} is VALID [2022-02-20 18:05:04,749 INFO L290 TraceCheckUtils]: 25: Hoare triple {331#true} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,749 INFO L290 TraceCheckUtils]: 26: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,749 INFO L290 TraceCheckUtils]: 27: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,749 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {331#true} {331#true} #966#return; {331#true} is VALID [2022-02-20 18:05:04,749 INFO L290 TraceCheckUtils]: 29: Hoare triple {331#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {331#true} is VALID [2022-02-20 18:05:04,749 INFO L272 TraceCheckUtils]: 30: Hoare triple {331#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {331#true} is VALID [2022-02-20 18:05:04,750 INFO L290 TraceCheckUtils]: 31: Hoare triple {331#true} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,750 INFO L290 TraceCheckUtils]: 32: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,750 INFO L290 TraceCheckUtils]: 33: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,750 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {331#true} {331#true} #968#return; {331#true} is VALID [2022-02-20 18:05:04,750 INFO L290 TraceCheckUtils]: 35: Hoare triple {331#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {331#true} is VALID [2022-02-20 18:05:04,750 INFO L272 TraceCheckUtils]: 36: Hoare triple {331#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {331#true} is VALID [2022-02-20 18:05:04,751 INFO L290 TraceCheckUtils]: 37: Hoare triple {331#true} ~handle := #in~handle;~value := #in~value; {331#true} is VALID [2022-02-20 18:05:04,751 INFO L290 TraceCheckUtils]: 38: Hoare triple {331#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {331#true} is VALID [2022-02-20 18:05:04,751 INFO L290 TraceCheckUtils]: 39: Hoare triple {331#true} assume true; {331#true} is VALID [2022-02-20 18:05:04,752 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {331#true} {331#true} #970#return; {331#true} is VALID [2022-02-20 18:05:04,752 INFO L290 TraceCheckUtils]: 41: Hoare triple {331#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {331#true} is VALID [2022-02-20 18:05:04,753 INFO L290 TraceCheckUtils]: 42: Hoare triple {331#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {331#true} is VALID [2022-02-20 18:05:04,753 INFO L290 TraceCheckUtils]: 43: Hoare triple {331#true} assume !true; {332#false} is VALID [2022-02-20 18:05:04,753 INFO L290 TraceCheckUtils]: 44: Hoare triple {332#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {332#false} is VALID [2022-02-20 18:05:04,754 INFO L272 TraceCheckUtils]: 45: Hoare triple {332#false} call sendEmail(~bob~0, ~rjh~0); {332#false} is VALID [2022-02-20 18:05:04,754 INFO L290 TraceCheckUtils]: 46: Hoare triple {332#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {332#false} is VALID [2022-02-20 18:05:04,754 INFO L272 TraceCheckUtils]: 47: Hoare triple {332#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {332#false} is VALID [2022-02-20 18:05:04,754 INFO L290 TraceCheckUtils]: 48: Hoare triple {332#false} ~handle := #in~handle;~value := #in~value; {332#false} is VALID [2022-02-20 18:05:04,756 INFO L290 TraceCheckUtils]: 49: Hoare triple {332#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {332#false} is VALID [2022-02-20 18:05:04,757 INFO L290 TraceCheckUtils]: 50: Hoare triple {332#false} assume true; {332#false} is VALID [2022-02-20 18:05:04,757 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {332#false} {332#false} #948#return; {332#false} is VALID [2022-02-20 18:05:04,757 INFO L290 TraceCheckUtils]: 52: Hoare triple {332#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {332#false} is VALID [2022-02-20 18:05:04,757 INFO L290 TraceCheckUtils]: 53: Hoare triple {332#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {332#false} is VALID [2022-02-20 18:05:04,757 INFO L290 TraceCheckUtils]: 54: Hoare triple {332#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {332#false} is VALID [2022-02-20 18:05:04,757 INFO L290 TraceCheckUtils]: 55: Hoare triple {332#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {332#false} is VALID [2022-02-20 18:05:04,758 INFO L272 TraceCheckUtils]: 56: Hoare triple {332#false} call outgoing(~sender#1, ~email~0#1); {332#false} is VALID [2022-02-20 18:05:04,758 INFO L290 TraceCheckUtils]: 57: Hoare triple {332#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {332#false} is VALID [2022-02-20 18:05:04,758 INFO L272 TraceCheckUtils]: 58: Hoare triple {332#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {332#false} is VALID [2022-02-20 18:05:04,758 INFO L290 TraceCheckUtils]: 59: Hoare triple {332#false} ~handle := #in~handle;havoc ~retValue_acc~17; {332#false} is VALID [2022-02-20 18:05:04,758 INFO L290 TraceCheckUtils]: 60: Hoare triple {332#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {332#false} is VALID [2022-02-20 18:05:04,758 INFO L290 TraceCheckUtils]: 61: Hoare triple {332#false} assume true; {332#false} is VALID [2022-02-20 18:05:04,759 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {332#false} {332#false} #906#return; {332#false} is VALID [2022-02-20 18:05:04,759 INFO L290 TraceCheckUtils]: 63: Hoare triple {332#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {332#false} is VALID [2022-02-20 18:05:04,759 INFO L290 TraceCheckUtils]: 64: Hoare triple {332#false} assume 0 == sign_~privkey~1#1; {332#false} is VALID [2022-02-20 18:05:04,759 INFO L290 TraceCheckUtils]: 65: Hoare triple {332#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {332#false} is VALID [2022-02-20 18:05:04,759 INFO L272 TraceCheckUtils]: 66: Hoare triple {332#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {332#false} is VALID [2022-02-20 18:05:04,760 INFO L290 TraceCheckUtils]: 67: Hoare triple {332#false} ~handle := #in~handle;havoc ~retValue_acc~36; {332#false} is VALID [2022-02-20 18:05:04,760 INFO L290 TraceCheckUtils]: 68: Hoare triple {332#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {332#false} is VALID [2022-02-20 18:05:04,760 INFO L290 TraceCheckUtils]: 69: Hoare triple {332#false} assume true; {332#false} is VALID [2022-02-20 18:05:04,760 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {332#false} {332#false} #908#return; {332#false} is VALID [2022-02-20 18:05:04,760 INFO L290 TraceCheckUtils]: 71: Hoare triple {332#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {332#false} is VALID [2022-02-20 18:05:04,760 INFO L272 TraceCheckUtils]: 72: Hoare triple {332#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {332#false} is VALID [2022-02-20 18:05:04,761 INFO L290 TraceCheckUtils]: 73: Hoare triple {332#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {332#false} is VALID [2022-02-20 18:05:04,761 INFO L290 TraceCheckUtils]: 74: Hoare triple {332#false} assume 1 == ~handle; {332#false} is VALID [2022-02-20 18:05:04,761 INFO L290 TraceCheckUtils]: 75: Hoare triple {332#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {332#false} is VALID [2022-02-20 18:05:04,761 INFO L290 TraceCheckUtils]: 76: Hoare triple {332#false} assume true; {332#false} is VALID [2022-02-20 18:05:04,761 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {332#false} {332#false} #910#return; {332#false} is VALID [2022-02-20 18:05:04,761 INFO L290 TraceCheckUtils]: 78: Hoare triple {332#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {332#false} is VALID [2022-02-20 18:05:04,762 INFO L290 TraceCheckUtils]: 79: Hoare triple {332#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {332#false} is VALID [2022-02-20 18:05:04,762 INFO L290 TraceCheckUtils]: 80: Hoare triple {332#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {332#false} is VALID [2022-02-20 18:05:04,762 INFO L290 TraceCheckUtils]: 81: Hoare triple {332#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {332#false} is VALID [2022-02-20 18:05:04,762 INFO L290 TraceCheckUtils]: 82: Hoare triple {332#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {332#false} is VALID [2022-02-20 18:05:04,762 INFO L272 TraceCheckUtils]: 83: Hoare triple {332#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {332#false} is VALID [2022-02-20 18:05:04,762 INFO L290 TraceCheckUtils]: 84: Hoare triple {332#false} ~handle := #in~handle;~value := #in~value; {332#false} is VALID [2022-02-20 18:05:04,763 INFO L290 TraceCheckUtils]: 85: Hoare triple {332#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {332#false} is VALID [2022-02-20 18:05:04,763 INFO L290 TraceCheckUtils]: 86: Hoare triple {332#false} assume true; {332#false} is VALID [2022-02-20 18:05:04,763 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {332#false} {332#false} #916#return; {332#false} is VALID [2022-02-20 18:05:04,764 INFO L290 TraceCheckUtils]: 88: Hoare triple {332#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {332#false} is VALID [2022-02-20 18:05:04,767 INFO L290 TraceCheckUtils]: 89: Hoare triple {332#false} assume 0 != ~in_encrypted~0; {332#false} is VALID [2022-02-20 18:05:04,767 INFO L272 TraceCheckUtils]: 90: Hoare triple {332#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {332#false} is VALID [2022-02-20 18:05:04,768 INFO L290 TraceCheckUtils]: 91: Hoare triple {332#false} ~handle := #in~handle;havoc ~retValue_acc~39; {332#false} is VALID [2022-02-20 18:05:04,769 INFO L290 TraceCheckUtils]: 92: Hoare triple {332#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {332#false} is VALID [2022-02-20 18:05:04,771 INFO L290 TraceCheckUtils]: 93: Hoare triple {332#false} assume true; {332#false} is VALID [2022-02-20 18:05:04,772 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {332#false} {332#false} #918#return; {332#false} is VALID [2022-02-20 18:05:04,772 INFO L290 TraceCheckUtils]: 95: Hoare triple {332#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {332#false} is VALID [2022-02-20 18:05:04,773 INFO L290 TraceCheckUtils]: 96: Hoare triple {332#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {332#false} is VALID [2022-02-20 18:05:04,773 INFO L290 TraceCheckUtils]: 97: Hoare triple {332#false} assume !false; {332#false} is VALID [2022-02-20 18:05:04,774 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:04,774 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:04,774 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1290930774] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:04,774 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:04,775 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [8] total 8 [2022-02-20 18:05:04,776 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [270586193] [2022-02-20 18:05:04,777 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:04,781 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 18:05:04,783 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:04,785 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:04,845 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:04,845 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:05:04,846 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:04,858 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:05:04,859 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:05:04,863 INFO L87 Difference]: Start difference. First operand has 328 states, 254 states have (on average 1.5196850393700787) internal successors, (386), 258 states have internal predecessors, (386), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (50), 50 states have call predecessors, (50), 50 states have call successors, (50) Second operand has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:05,095 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:05,096 INFO L93 Difference]: Finished difference Result 507 states and 734 transitions. [2022-02-20 18:05:05,096 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:05:05,096 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 18:05:05,097 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:05,098 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:05,111 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 734 transitions. [2022-02-20 18:05:05,112 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:05,122 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 734 transitions. [2022-02-20 18:05:05,122 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 734 transitions. [2022-02-20 18:05:05,719 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 734 edges. 734 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:05,736 INFO L225 Difference]: With dead ends: 507 [2022-02-20 18:05:05,736 INFO L226 Difference]: Without dead ends: 321 [2022-02-20 18:05:05,740 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 125 GetRequests, 119 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:05:05,742 INFO L933 BasicCegarLoop]: 482 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 482 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:05,743 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 482 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:05,755 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 321 states. [2022-02-20 18:05:05,776 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 321 to 321. [2022-02-20 18:05:05,776 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:05,778 INFO L82 GeneralOperation]: Start isEquivalent. First operand 321 states. Second operand has 321 states, 248 states have (on average 1.5120967741935485) internal successors, (375), 251 states have internal predecessors, (375), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:05,779 INFO L74 IsIncluded]: Start isIncluded. First operand 321 states. Second operand has 321 states, 248 states have (on average 1.5120967741935485) internal successors, (375), 251 states have internal predecessors, (375), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:05,781 INFO L87 Difference]: Start difference. First operand 321 states. Second operand has 321 states, 248 states have (on average 1.5120967741935485) internal successors, (375), 251 states have internal predecessors, (375), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:05,797 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:05,798 INFO L93 Difference]: Finished difference Result 321 states and 474 transitions. [2022-02-20 18:05:05,798 INFO L276 IsEmpty]: Start isEmpty. Operand 321 states and 474 transitions. [2022-02-20 18:05:05,801 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:05,801 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:05,802 INFO L74 IsIncluded]: Start isIncluded. First operand has 321 states, 248 states have (on average 1.5120967741935485) internal successors, (375), 251 states have internal predecessors, (375), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 321 states. [2022-02-20 18:05:05,803 INFO L87 Difference]: Start difference. First operand has 321 states, 248 states have (on average 1.5120967741935485) internal successors, (375), 251 states have internal predecessors, (375), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 321 states. [2022-02-20 18:05:05,833 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:05,833 INFO L93 Difference]: Finished difference Result 321 states and 474 transitions. [2022-02-20 18:05:05,833 INFO L276 IsEmpty]: Start isEmpty. Operand 321 states and 474 transitions. [2022-02-20 18:05:05,835 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:05,835 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:05,835 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:05,835 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:05,836 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 321 states, 248 states have (on average 1.5120967741935485) internal successors, (375), 251 states have internal predecessors, (375), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:05,849 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 321 states to 321 states and 474 transitions. [2022-02-20 18:05:05,851 INFO L78 Accepts]: Start accepts. Automaton has 321 states and 474 transitions. Word has length 98 [2022-02-20 18:05:05,851 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:05,851 INFO L470 AbstractCegarLoop]: Abstraction has 321 states and 474 transitions. [2022-02-20 18:05:05,852 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 28.5) internal successors, (57), 2 states have internal predecessors, (57), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:05,852 INFO L276 IsEmpty]: Start isEmpty. Operand 321 states and 474 transitions. [2022-02-20 18:05:05,854 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 18:05:05,854 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:05,854 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:05,875 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:06,067 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:05:06,068 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:06,068 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:06,068 INFO L85 PathProgramCache]: Analyzing trace with hash 491471702, now seen corresponding path program 1 times [2022-02-20 18:05:06,068 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:06,068 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1481350572] [2022-02-20 18:05:06,069 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:06,069 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:06,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:06,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,146 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,146 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2469#true} #960#return; {2469#true} is VALID [2022-02-20 18:05:06,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:06,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,157 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,157 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,157 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2469#true} #962#return; {2469#true} is VALID [2022-02-20 18:05:06,157 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:06,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2523#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:06,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {2523#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2524#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {2524#(= |setClientId_#in~handle| 1)} assume true; {2524#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,177 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2524#(= |setClientId_#in~handle| 1)} {2479#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {2470#false} is VALID [2022-02-20 18:05:06,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:06,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,185 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #966#return; {2470#false} is VALID [2022-02-20 18:05:06,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:06,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,190 INFO L290 TraceCheckUtils]: 0: Hoare triple {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,190 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,190 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,190 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #968#return; {2470#false} is VALID [2022-02-20 18:05:06,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:06,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,195 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,195 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #970#return; {2470#false} is VALID [2022-02-20 18:05:06,202 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:05:06,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {2525#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,206 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #948#return; {2470#false} is VALID [2022-02-20 18:05:06,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:05:06,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,215 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} ~handle := #in~handle;havoc ~retValue_acc~17; {2469#true} is VALID [2022-02-20 18:05:06,215 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {2469#true} is VALID [2022-02-20 18:05:06,215 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,215 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #906#return; {2470#false} is VALID [2022-02-20 18:05:06,216 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:05:06,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2469#true} is VALID [2022-02-20 18:05:06,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2469#true} is VALID [2022-02-20 18:05:06,220 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,220 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #908#return; {2470#false} is VALID [2022-02-20 18:05:06,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:05:06,221 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {2469#true} is VALID [2022-02-20 18:05:06,223 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle; {2469#true} is VALID [2022-02-20 18:05:06,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {2469#true} is VALID [2022-02-20 18:05:06,224 INFO L290 TraceCheckUtils]: 3: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,224 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2469#true} {2470#false} #910#return; {2470#false} is VALID [2022-02-20 18:05:06,224 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:05:06,225 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,227 INFO L290 TraceCheckUtils]: 0: Hoare triple {2525#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,227 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,227 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,227 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #916#return; {2470#false} is VALID [2022-02-20 18:05:06,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:05:06,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2469#true} is VALID [2022-02-20 18:05:06,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2469#true} is VALID [2022-02-20 18:05:06,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2469#true} {2470#false} #918#return; {2470#false} is VALID [2022-02-20 18:05:06,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2469#true} is VALID [2022-02-20 18:05:06,231 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {2469#true} is VALID [2022-02-20 18:05:06,231 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2469#true} is VALID [2022-02-20 18:05:06,231 INFO L290 TraceCheckUtils]: 3: Hoare triple {2469#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {2469#true} is VALID [2022-02-20 18:05:06,231 INFO L290 TraceCheckUtils]: 4: Hoare triple {2469#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {2469#true} is VALID [2022-02-20 18:05:06,231 INFO L290 TraceCheckUtils]: 5: Hoare triple {2469#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2469#true} is VALID [2022-02-20 18:05:06,232 INFO L272 TraceCheckUtils]: 6: Hoare triple {2469#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:06,232 INFO L290 TraceCheckUtils]: 7: Hoare triple {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,232 INFO L290 TraceCheckUtils]: 8: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,232 INFO L290 TraceCheckUtils]: 9: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,232 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2469#true} {2469#true} #960#return; {2469#true} is VALID [2022-02-20 18:05:06,232 INFO L290 TraceCheckUtils]: 11: Hoare triple {2469#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2469#true} is VALID [2022-02-20 18:05:06,233 INFO L272 TraceCheckUtils]: 12: Hoare triple {2469#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:06,233 INFO L290 TraceCheckUtils]: 13: Hoare triple {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,233 INFO L290 TraceCheckUtils]: 14: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,233 INFO L290 TraceCheckUtils]: 15: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,233 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2469#true} {2469#true} #962#return; {2469#true} is VALID [2022-02-20 18:05:06,234 INFO L290 TraceCheckUtils]: 17: Hoare triple {2469#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2479#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:06,235 INFO L272 TraceCheckUtils]: 18: Hoare triple {2479#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:06,235 INFO L290 TraceCheckUtils]: 19: Hoare triple {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2523#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:06,235 INFO L290 TraceCheckUtils]: 20: Hoare triple {2523#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2524#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,236 INFO L290 TraceCheckUtils]: 21: Hoare triple {2524#(= |setClientId_#in~handle| 1)} assume true; {2524#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,236 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2524#(= |setClientId_#in~handle| 1)} {2479#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {2470#false} is VALID [2022-02-20 18:05:06,236 INFO L290 TraceCheckUtils]: 23: Hoare triple {2470#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2470#false} is VALID [2022-02-20 18:05:06,236 INFO L272 TraceCheckUtils]: 24: Hoare triple {2470#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:06,236 INFO L290 TraceCheckUtils]: 25: Hoare triple {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 26: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 27: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,237 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2469#true} {2470#false} #966#return; {2470#false} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 29: Hoare triple {2470#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2470#false} is VALID [2022-02-20 18:05:06,237 INFO L272 TraceCheckUtils]: 30: Hoare triple {2470#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 31: Hoare triple {2521#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 32: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 33: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,237 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2469#true} {2470#false} #968#return; {2470#false} is VALID [2022-02-20 18:05:06,237 INFO L290 TraceCheckUtils]: 35: Hoare triple {2470#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2470#false} is VALID [2022-02-20 18:05:06,237 INFO L272 TraceCheckUtils]: 36: Hoare triple {2470#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 37: Hoare triple {2522#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 38: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 39: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,238 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2469#true} {2470#false} #970#return; {2470#false} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 41: Hoare triple {2470#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {2470#false} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 42: Hoare triple {2470#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2470#false} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 43: Hoare triple {2470#false} assume !false; {2470#false} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 44: Hoare triple {2470#false} assume !(test_~splverifierCounter~0#1 < 4); {2470#false} is VALID [2022-02-20 18:05:06,238 INFO L290 TraceCheckUtils]: 45: Hoare triple {2470#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {2470#false} is VALID [2022-02-20 18:05:06,239 INFO L272 TraceCheckUtils]: 46: Hoare triple {2470#false} call sendEmail(~bob~0, ~rjh~0); {2470#false} is VALID [2022-02-20 18:05:06,239 INFO L290 TraceCheckUtils]: 47: Hoare triple {2470#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2470#false} is VALID [2022-02-20 18:05:06,239 INFO L272 TraceCheckUtils]: 48: Hoare triple {2470#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2525#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 49: Hoare triple {2525#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 50: Hoare triple {2469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 51: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,240 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2469#true} {2470#false} #948#return; {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 53: Hoare triple {2470#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 54: Hoare triple {2470#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 55: Hoare triple {2470#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 56: Hoare triple {2470#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L272 TraceCheckUtils]: 57: Hoare triple {2470#false} call outgoing(~sender#1, ~email~0#1); {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 58: Hoare triple {2470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {2470#false} is VALID [2022-02-20 18:05:06,240 INFO L272 TraceCheckUtils]: 59: Hoare triple {2470#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {2469#true} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 60: Hoare triple {2469#true} ~handle := #in~handle;havoc ~retValue_acc~17; {2469#true} is VALID [2022-02-20 18:05:06,240 INFO L290 TraceCheckUtils]: 61: Hoare triple {2469#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {2469#true} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 62: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,241 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {2469#true} {2470#false} #906#return; {2470#false} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 64: Hoare triple {2470#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {2470#false} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 65: Hoare triple {2470#false} assume 0 == sign_~privkey~1#1; {2470#false} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 66: Hoare triple {2470#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {2470#false} is VALID [2022-02-20 18:05:06,241 INFO L272 TraceCheckUtils]: 67: Hoare triple {2470#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2469#true} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 68: Hoare triple {2469#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2469#true} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 69: Hoare triple {2469#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2469#true} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 70: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,241 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {2469#true} {2470#false} #908#return; {2470#false} is VALID [2022-02-20 18:05:06,241 INFO L290 TraceCheckUtils]: 72: Hoare triple {2470#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {2470#false} is VALID [2022-02-20 18:05:06,241 INFO L272 TraceCheckUtils]: 73: Hoare triple {2470#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2469#true} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 74: Hoare triple {2469#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {2469#true} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 75: Hoare triple {2469#true} assume 1 == ~handle; {2469#true} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 76: Hoare triple {2469#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {2469#true} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 77: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,242 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {2469#true} {2470#false} #910#return; {2470#false} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 79: Hoare triple {2470#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {2470#false} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 80: Hoare triple {2470#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2470#false} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 81: Hoare triple {2470#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {2470#false} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 82: Hoare triple {2470#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {2470#false} is VALID [2022-02-20 18:05:06,242 INFO L290 TraceCheckUtils]: 83: Hoare triple {2470#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {2470#false} is VALID [2022-02-20 18:05:06,244 INFO L272 TraceCheckUtils]: 84: Hoare triple {2470#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {2525#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:06,244 INFO L290 TraceCheckUtils]: 85: Hoare triple {2525#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 86: Hoare triple {2469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 87: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2469#true} {2470#false} #916#return; {2470#false} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 89: Hoare triple {2470#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {2470#false} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 90: Hoare triple {2470#false} assume 0 != ~in_encrypted~0; {2470#false} is VALID [2022-02-20 18:05:06,245 INFO L272 TraceCheckUtils]: 91: Hoare triple {2470#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 92: Hoare triple {2469#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 93: Hoare triple {2469#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 94: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,245 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2469#true} {2470#false} #918#return; {2470#false} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 96: Hoare triple {2470#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {2470#false} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 97: Hoare triple {2470#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {2470#false} is VALID [2022-02-20 18:05:06,245 INFO L290 TraceCheckUtils]: 98: Hoare triple {2470#false} assume !false; {2470#false} is VALID [2022-02-20 18:05:06,246 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:05:06,246 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:06,246 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1481350572] [2022-02-20 18:05:06,246 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1481350572] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:06,246 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [76086469] [2022-02-20 18:05:06,246 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:06,247 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:06,247 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:06,264 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:06,272 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:05:06,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,526 INFO L263 TraceCheckSpWp]: Trace formula consists of 1018 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:05:06,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,573 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:06,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L290 TraceCheckUtils]: 3: Hoare triple {2469#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L290 TraceCheckUtils]: 4: Hoare triple {2469#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L290 TraceCheckUtils]: 5: Hoare triple {2469#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L272 TraceCheckUtils]: 6: Hoare triple {2469#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2469#true} is VALID [2022-02-20 18:05:06,773 INFO L290 TraceCheckUtils]: 7: Hoare triple {2469#true} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 8: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 9: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2469#true} {2469#true} #960#return; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 11: Hoare triple {2469#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L272 TraceCheckUtils]: 12: Hoare triple {2469#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 13: Hoare triple {2469#true} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 14: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 15: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2469#true} {2469#true} #962#return; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 17: Hoare triple {2469#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L272 TraceCheckUtils]: 18: Hoare triple {2469#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 19: Hoare triple {2469#true} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 20: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L290 TraceCheckUtils]: 21: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,774 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2469#true} {2469#true} #964#return; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 23: Hoare triple {2469#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L272 TraceCheckUtils]: 24: Hoare triple {2469#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 25: Hoare triple {2469#true} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 26: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 27: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2469#true} {2469#true} #966#return; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 29: Hoare triple {2469#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L272 TraceCheckUtils]: 30: Hoare triple {2469#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 31: Hoare triple {2469#true} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 32: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 33: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2469#true} {2469#true} #968#return; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L290 TraceCheckUtils]: 35: Hoare triple {2469#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2469#true} is VALID [2022-02-20 18:05:06,775 INFO L272 TraceCheckUtils]: 36: Hoare triple {2469#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2469#true} is VALID [2022-02-20 18:05:06,776 INFO L290 TraceCheckUtils]: 37: Hoare triple {2469#true} ~handle := #in~handle;~value := #in~value; {2469#true} is VALID [2022-02-20 18:05:06,776 INFO L290 TraceCheckUtils]: 38: Hoare triple {2469#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2469#true} is VALID [2022-02-20 18:05:06,776 INFO L290 TraceCheckUtils]: 39: Hoare triple {2469#true} assume true; {2469#true} is VALID [2022-02-20 18:05:06,776 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2469#true} {2469#true} #970#return; {2469#true} is VALID [2022-02-20 18:05:06,776 INFO L290 TraceCheckUtils]: 41: Hoare triple {2469#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {2469#true} is VALID [2022-02-20 18:05:06,792 INFO L290 TraceCheckUtils]: 42: Hoare triple {2469#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2655#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:06,792 INFO L290 TraceCheckUtils]: 43: Hoare triple {2655#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2655#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 44: Hoare triple {2655#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 45: Hoare triple {2470#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L272 TraceCheckUtils]: 46: Hoare triple {2470#false} call sendEmail(~bob~0, ~rjh~0); {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 47: Hoare triple {2470#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L272 TraceCheckUtils]: 48: Hoare triple {2470#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 49: Hoare triple {2470#false} ~handle := #in~handle;~value := #in~value; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 50: Hoare triple {2470#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 51: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2470#false} {2470#false} #948#return; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 53: Hoare triple {2470#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 54: Hoare triple {2470#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 55: Hoare triple {2470#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {2470#false} is VALID [2022-02-20 18:05:06,793 INFO L290 TraceCheckUtils]: 56: Hoare triple {2470#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L272 TraceCheckUtils]: 57: Hoare triple {2470#false} call outgoing(~sender#1, ~email~0#1); {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 58: Hoare triple {2470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L272 TraceCheckUtils]: 59: Hoare triple {2470#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 60: Hoare triple {2470#false} ~handle := #in~handle;havoc ~retValue_acc~17; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 61: Hoare triple {2470#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 62: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {2470#false} {2470#false} #906#return; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 64: Hoare triple {2470#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 65: Hoare triple {2470#false} assume 0 == sign_~privkey~1#1; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 66: Hoare triple {2470#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L272 TraceCheckUtils]: 67: Hoare triple {2470#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 68: Hoare triple {2470#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 69: Hoare triple {2470#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L290 TraceCheckUtils]: 70: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:05:06,794 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {2470#false} {2470#false} #908#return; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 72: Hoare triple {2470#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L272 TraceCheckUtils]: 73: Hoare triple {2470#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 74: Hoare triple {2470#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 75: Hoare triple {2470#false} assume 1 == ~handle; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 76: Hoare triple {2470#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 77: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {2470#false} {2470#false} #910#return; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 79: Hoare triple {2470#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 80: Hoare triple {2470#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 81: Hoare triple {2470#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 82: Hoare triple {2470#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 83: Hoare triple {2470#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L272 TraceCheckUtils]: 84: Hoare triple {2470#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {2470#false} is VALID [2022-02-20 18:05:06,795 INFO L290 TraceCheckUtils]: 85: Hoare triple {2470#false} ~handle := #in~handle;~value := #in~value; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 86: Hoare triple {2470#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 87: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2470#false} {2470#false} #916#return; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 89: Hoare triple {2470#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 90: Hoare triple {2470#false} assume 0 != ~in_encrypted~0; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L272 TraceCheckUtils]: 91: Hoare triple {2470#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 92: Hoare triple {2470#false} ~handle := #in~handle;havoc ~retValue_acc~39; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 93: Hoare triple {2470#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 94: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2470#false} {2470#false} #918#return; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 96: Hoare triple {2470#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 97: Hoare triple {2470#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {2470#false} is VALID [2022-02-20 18:05:06,796 INFO L290 TraceCheckUtils]: 98: Hoare triple {2470#false} assume !false; {2470#false} is VALID [2022-02-20 18:05:06,797 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:06,797 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:06,797 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [76086469] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:06,797 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:06,797 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 18:05:06,797 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [489802637] [2022-02-20 18:05:06,797 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:06,798 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 18:05:06,799 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:06,799 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:06,867 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:06,867 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:06,867 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:06,868 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:06,868 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:06,868 INFO L87 Difference]: Start difference. First operand 321 states and 474 transitions. Second operand has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:07,333 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:07,333 INFO L93 Difference]: Finished difference Result 497 states and 715 transitions. [2022-02-20 18:05:07,334 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:07,334 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 18:05:07,334 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:07,335 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:07,342 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 715 transitions. [2022-02-20 18:05:07,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:07,350 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 715 transitions. [2022-02-20 18:05:07,351 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 715 transitions. [2022-02-20 18:05:07,882 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 715 edges. 715 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:07,889 INFO L225 Difference]: With dead ends: 497 [2022-02-20 18:05:07,890 INFO L226 Difference]: Without dead ends: 324 [2022-02-20 18:05:07,890 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 119 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:07,891 INFO L933 BasicCegarLoop]: 472 mSDtfsCounter, 1 mSDsluCounter, 470 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 942 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:07,891 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 942 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:07,892 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 324 states. [2022-02-20 18:05:07,902 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 324 to 323. [2022-02-20 18:05:07,902 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:07,903 INFO L82 GeneralOperation]: Start isEquivalent. First operand 324 states. Second operand has 323 states, 250 states have (on average 1.508) internal successors, (377), 253 states have internal predecessors, (377), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:07,904 INFO L74 IsIncluded]: Start isIncluded. First operand 324 states. Second operand has 323 states, 250 states have (on average 1.508) internal successors, (377), 253 states have internal predecessors, (377), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:07,905 INFO L87 Difference]: Start difference. First operand 324 states. Second operand has 323 states, 250 states have (on average 1.508) internal successors, (377), 253 states have internal predecessors, (377), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:07,913 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:07,914 INFO L93 Difference]: Finished difference Result 324 states and 477 transitions. [2022-02-20 18:05:07,914 INFO L276 IsEmpty]: Start isEmpty. Operand 324 states and 477 transitions. [2022-02-20 18:05:07,915 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:07,915 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:07,916 INFO L74 IsIncluded]: Start isIncluded. First operand has 323 states, 250 states have (on average 1.508) internal successors, (377), 253 states have internal predecessors, (377), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 324 states. [2022-02-20 18:05:07,916 INFO L87 Difference]: Start difference. First operand has 323 states, 250 states have (on average 1.508) internal successors, (377), 253 states have internal predecessors, (377), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 324 states. [2022-02-20 18:05:07,925 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:07,925 INFO L93 Difference]: Finished difference Result 324 states and 477 transitions. [2022-02-20 18:05:07,925 INFO L276 IsEmpty]: Start isEmpty. Operand 324 states and 477 transitions. [2022-02-20 18:05:07,926 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:07,926 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:07,926 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:07,927 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:07,927 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 323 states, 250 states have (on average 1.508) internal successors, (377), 253 states have internal predecessors, (377), 50 states have call successors, (50), 22 states have call predecessors, (50), 22 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:05:07,937 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 323 states to 323 states and 476 transitions. [2022-02-20 18:05:07,937 INFO L78 Accepts]: Start accepts. Automaton has 323 states and 476 transitions. Word has length 99 [2022-02-20 18:05:07,938 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:07,938 INFO L470 AbstractCegarLoop]: Abstraction has 323 states and 476 transitions. [2022-02-20 18:05:07,938 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:07,938 INFO L276 IsEmpty]: Start isEmpty. Operand 323 states and 476 transitions. [2022-02-20 18:05:07,939 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 18:05:07,939 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:07,939 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:07,965 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 18:05:08,139 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:05:08,140 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:08,140 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:08,140 INFO L85 PathProgramCache]: Analyzing trace with hash -221745491, now seen corresponding path program 1 times [2022-02-20 18:05:08,141 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:08,141 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [302884497] [2022-02-20 18:05:08,141 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:08,141 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:08,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,229 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:08,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4604#true} #960#return; {4604#true} is VALID [2022-02-20 18:05:08,241 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:08,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,246 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,246 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4604#true} #962#return; {4604#true} is VALID [2022-02-20 18:05:08,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:08,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4658#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:08,263 INFO L290 TraceCheckUtils]: 1: Hoare triple {4658#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4659#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,264 INFO L290 TraceCheckUtils]: 2: Hoare triple {4659#(= |setClientId_#in~handle| 1)} assume true; {4659#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,264 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4659#(= |setClientId_#in~handle| 1)} {4614#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {4605#false} is VALID [2022-02-20 18:05:08,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:08,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #966#return; {4605#false} is VALID [2022-02-20 18:05:08,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:08,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,272 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #968#return; {4605#false} is VALID [2022-02-20 18:05:08,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:08,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,275 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #970#return; {4605#false} is VALID [2022-02-20 18:05:08,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:05:08,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {4660#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #948#return; {4605#false} is VALID [2022-02-20 18:05:08,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:05:08,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#true} ~handle := #in~handle;havoc ~retValue_acc~17; {4604#true} is VALID [2022-02-20 18:05:08,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {4604#true} is VALID [2022-02-20 18:05:08,298 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,298 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #906#return; {4605#false} is VALID [2022-02-20 18:05:08,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:05:08,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4604#true} is VALID [2022-02-20 18:05:08,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4604#true} is VALID [2022-02-20 18:05:08,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #908#return; {4605#false} is VALID [2022-02-20 18:05:08,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:08,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {4604#true} is VALID [2022-02-20 18:05:08,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle; {4604#true} is VALID [2022-02-20 18:05:08,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {4604#true} is VALID [2022-02-20 18:05:08,320 INFO L290 TraceCheckUtils]: 3: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,320 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4604#true} {4605#false} #910#return; {4605#false} is VALID [2022-02-20 18:05:08,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:05:08,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {4660#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #916#return; {4605#false} is VALID [2022-02-20 18:05:08,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:05:08,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#true} ~handle := #in~handle;havoc ~retValue_acc~39; {4604#true} is VALID [2022-02-20 18:05:08,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4604#true} is VALID [2022-02-20 18:05:08,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4604#true} {4605#false} #918#return; {4605#false} is VALID [2022-02-20 18:05:08,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4604#true} is VALID [2022-02-20 18:05:08,330 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {4604#true} is VALID [2022-02-20 18:05:08,330 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4604#true} is VALID [2022-02-20 18:05:08,330 INFO L290 TraceCheckUtils]: 3: Hoare triple {4604#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {4604#true} is VALID [2022-02-20 18:05:08,330 INFO L290 TraceCheckUtils]: 4: Hoare triple {4604#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {4604#true} is VALID [2022-02-20 18:05:08,330 INFO L290 TraceCheckUtils]: 5: Hoare triple {4604#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4604#true} is VALID [2022-02-20 18:05:08,331 INFO L272 TraceCheckUtils]: 6: Hoare triple {4604#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:08,331 INFO L290 TraceCheckUtils]: 7: Hoare triple {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,331 INFO L290 TraceCheckUtils]: 8: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,331 INFO L290 TraceCheckUtils]: 9: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,331 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4604#true} {4604#true} #960#return; {4604#true} is VALID [2022-02-20 18:05:08,332 INFO L290 TraceCheckUtils]: 11: Hoare triple {4604#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4604#true} is VALID [2022-02-20 18:05:08,332 INFO L272 TraceCheckUtils]: 12: Hoare triple {4604#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:08,332 INFO L290 TraceCheckUtils]: 13: Hoare triple {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,333 INFO L290 TraceCheckUtils]: 14: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,333 INFO L290 TraceCheckUtils]: 15: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,333 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4604#true} {4604#true} #962#return; {4604#true} is VALID [2022-02-20 18:05:08,333 INFO L290 TraceCheckUtils]: 17: Hoare triple {4604#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4614#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:08,334 INFO L272 TraceCheckUtils]: 18: Hoare triple {4614#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:08,334 INFO L290 TraceCheckUtils]: 19: Hoare triple {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4658#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:08,335 INFO L290 TraceCheckUtils]: 20: Hoare triple {4658#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4659#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,335 INFO L290 TraceCheckUtils]: 21: Hoare triple {4659#(= |setClientId_#in~handle| 1)} assume true; {4659#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,336 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4659#(= |setClientId_#in~handle| 1)} {4614#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {4605#false} is VALID [2022-02-20 18:05:08,336 INFO L290 TraceCheckUtils]: 23: Hoare triple {4605#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4605#false} is VALID [2022-02-20 18:05:08,336 INFO L272 TraceCheckUtils]: 24: Hoare triple {4605#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:08,336 INFO L290 TraceCheckUtils]: 25: Hoare triple {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,336 INFO L290 TraceCheckUtils]: 26: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,336 INFO L290 TraceCheckUtils]: 27: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,336 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4604#true} {4605#false} #966#return; {4605#false} is VALID [2022-02-20 18:05:08,337 INFO L290 TraceCheckUtils]: 29: Hoare triple {4605#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4605#false} is VALID [2022-02-20 18:05:08,337 INFO L272 TraceCheckUtils]: 30: Hoare triple {4605#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:08,337 INFO L290 TraceCheckUtils]: 31: Hoare triple {4656#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,337 INFO L290 TraceCheckUtils]: 32: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,337 INFO L290 TraceCheckUtils]: 33: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,337 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4604#true} {4605#false} #968#return; {4605#false} is VALID [2022-02-20 18:05:08,337 INFO L290 TraceCheckUtils]: 35: Hoare triple {4605#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4605#false} is VALID [2022-02-20 18:05:08,338 INFO L272 TraceCheckUtils]: 36: Hoare triple {4605#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:08,338 INFO L290 TraceCheckUtils]: 37: Hoare triple {4657#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,338 INFO L290 TraceCheckUtils]: 38: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,338 INFO L290 TraceCheckUtils]: 39: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,338 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4604#true} {4605#false} #970#return; {4605#false} is VALID [2022-02-20 18:05:08,338 INFO L290 TraceCheckUtils]: 41: Hoare triple {4605#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {4605#false} is VALID [2022-02-20 18:05:08,338 INFO L290 TraceCheckUtils]: 42: Hoare triple {4605#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4605#false} is VALID [2022-02-20 18:05:08,338 INFO L290 TraceCheckUtils]: 43: Hoare triple {4605#false} assume !false; {4605#false} is VALID [2022-02-20 18:05:08,339 INFO L290 TraceCheckUtils]: 44: Hoare triple {4605#false} assume test_~splverifierCounter~0#1 < 4; {4605#false} is VALID [2022-02-20 18:05:08,339 INFO L290 TraceCheckUtils]: 45: Hoare triple {4605#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4605#false} is VALID [2022-02-20 18:05:08,339 INFO L290 TraceCheckUtils]: 46: Hoare triple {4605#false} assume !(0 == test_~op1~0#1); {4605#false} is VALID [2022-02-20 18:05:08,339 INFO L290 TraceCheckUtils]: 47: Hoare triple {4605#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {4605#false} is VALID [2022-02-20 18:05:08,339 INFO L290 TraceCheckUtils]: 48: Hoare triple {4605#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4605#false} is VALID [2022-02-20 18:05:08,339 INFO L290 TraceCheckUtils]: 49: Hoare triple {4605#false} assume !false; {4605#false} is VALID [2022-02-20 18:05:08,340 INFO L290 TraceCheckUtils]: 50: Hoare triple {4605#false} assume !(test_~splverifierCounter~0#1 < 4); {4605#false} is VALID [2022-02-20 18:05:08,340 INFO L290 TraceCheckUtils]: 51: Hoare triple {4605#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {4605#false} is VALID [2022-02-20 18:05:08,340 INFO L272 TraceCheckUtils]: 52: Hoare triple {4605#false} call sendEmail(~bob~0, ~rjh~0); {4605#false} is VALID [2022-02-20 18:05:08,340 INFO L290 TraceCheckUtils]: 53: Hoare triple {4605#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4605#false} is VALID [2022-02-20 18:05:08,340 INFO L272 TraceCheckUtils]: 54: Hoare triple {4605#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4660#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:08,340 INFO L290 TraceCheckUtils]: 55: Hoare triple {4660#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,340 INFO L290 TraceCheckUtils]: 56: Hoare triple {4604#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,341 INFO L290 TraceCheckUtils]: 57: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,341 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4604#true} {4605#false} #948#return; {4605#false} is VALID [2022-02-20 18:05:08,341 INFO L290 TraceCheckUtils]: 59: Hoare triple {4605#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {4605#false} is VALID [2022-02-20 18:05:08,341 INFO L290 TraceCheckUtils]: 60: Hoare triple {4605#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {4605#false} is VALID [2022-02-20 18:05:08,341 INFO L290 TraceCheckUtils]: 61: Hoare triple {4605#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {4605#false} is VALID [2022-02-20 18:05:08,341 INFO L290 TraceCheckUtils]: 62: Hoare triple {4605#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {4605#false} is VALID [2022-02-20 18:05:08,341 INFO L272 TraceCheckUtils]: 63: Hoare triple {4605#false} call outgoing(~sender#1, ~email~0#1); {4605#false} is VALID [2022-02-20 18:05:08,341 INFO L290 TraceCheckUtils]: 64: Hoare triple {4605#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {4605#false} is VALID [2022-02-20 18:05:08,342 INFO L272 TraceCheckUtils]: 65: Hoare triple {4605#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {4604#true} is VALID [2022-02-20 18:05:08,342 INFO L290 TraceCheckUtils]: 66: Hoare triple {4604#true} ~handle := #in~handle;havoc ~retValue_acc~17; {4604#true} is VALID [2022-02-20 18:05:08,342 INFO L290 TraceCheckUtils]: 67: Hoare triple {4604#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {4604#true} is VALID [2022-02-20 18:05:08,342 INFO L290 TraceCheckUtils]: 68: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,342 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4604#true} {4605#false} #906#return; {4605#false} is VALID [2022-02-20 18:05:08,342 INFO L290 TraceCheckUtils]: 70: Hoare triple {4605#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {4605#false} is VALID [2022-02-20 18:05:08,342 INFO L290 TraceCheckUtils]: 71: Hoare triple {4605#false} assume 0 == sign_~privkey~1#1; {4605#false} is VALID [2022-02-20 18:05:08,343 INFO L290 TraceCheckUtils]: 72: Hoare triple {4605#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {4605#false} is VALID [2022-02-20 18:05:08,343 INFO L272 TraceCheckUtils]: 73: Hoare triple {4605#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {4604#true} is VALID [2022-02-20 18:05:08,343 INFO L290 TraceCheckUtils]: 74: Hoare triple {4604#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4604#true} is VALID [2022-02-20 18:05:08,343 INFO L290 TraceCheckUtils]: 75: Hoare triple {4604#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4604#true} is VALID [2022-02-20 18:05:08,343 INFO L290 TraceCheckUtils]: 76: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,343 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {4604#true} {4605#false} #908#return; {4605#false} is VALID [2022-02-20 18:05:08,343 INFO L290 TraceCheckUtils]: 78: Hoare triple {4605#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {4605#false} is VALID [2022-02-20 18:05:08,344 INFO L272 TraceCheckUtils]: 79: Hoare triple {4605#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {4604#true} is VALID [2022-02-20 18:05:08,344 INFO L290 TraceCheckUtils]: 80: Hoare triple {4604#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {4604#true} is VALID [2022-02-20 18:05:08,344 INFO L290 TraceCheckUtils]: 81: Hoare triple {4604#true} assume 1 == ~handle; {4604#true} is VALID [2022-02-20 18:05:08,344 INFO L290 TraceCheckUtils]: 82: Hoare triple {4604#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {4604#true} is VALID [2022-02-20 18:05:08,344 INFO L290 TraceCheckUtils]: 83: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,344 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {4604#true} {4605#false} #910#return; {4605#false} is VALID [2022-02-20 18:05:08,344 INFO L290 TraceCheckUtils]: 85: Hoare triple {4605#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {4605#false} is VALID [2022-02-20 18:05:08,344 INFO L290 TraceCheckUtils]: 86: Hoare triple {4605#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {4605#false} is VALID [2022-02-20 18:05:08,345 INFO L290 TraceCheckUtils]: 87: Hoare triple {4605#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {4605#false} is VALID [2022-02-20 18:05:08,345 INFO L290 TraceCheckUtils]: 88: Hoare triple {4605#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {4605#false} is VALID [2022-02-20 18:05:08,345 INFO L290 TraceCheckUtils]: 89: Hoare triple {4605#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {4605#false} is VALID [2022-02-20 18:05:08,345 INFO L272 TraceCheckUtils]: 90: Hoare triple {4605#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {4660#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:08,345 INFO L290 TraceCheckUtils]: 91: Hoare triple {4660#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,345 INFO L290 TraceCheckUtils]: 92: Hoare triple {4604#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,345 INFO L290 TraceCheckUtils]: 93: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,346 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {4604#true} {4605#false} #916#return; {4605#false} is VALID [2022-02-20 18:05:08,346 INFO L290 TraceCheckUtils]: 95: Hoare triple {4605#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {4605#false} is VALID [2022-02-20 18:05:08,346 INFO L290 TraceCheckUtils]: 96: Hoare triple {4605#false} assume 0 != ~in_encrypted~0; {4605#false} is VALID [2022-02-20 18:05:08,346 INFO L272 TraceCheckUtils]: 97: Hoare triple {4605#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4604#true} is VALID [2022-02-20 18:05:08,346 INFO L290 TraceCheckUtils]: 98: Hoare triple {4604#true} ~handle := #in~handle;havoc ~retValue_acc~39; {4604#true} is VALID [2022-02-20 18:05:08,346 INFO L290 TraceCheckUtils]: 99: Hoare triple {4604#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4604#true} is VALID [2022-02-20 18:05:08,346 INFO L290 TraceCheckUtils]: 100: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,347 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {4604#true} {4605#false} #918#return; {4605#false} is VALID [2022-02-20 18:05:08,347 INFO L290 TraceCheckUtils]: 102: Hoare triple {4605#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {4605#false} is VALID [2022-02-20 18:05:08,347 INFO L290 TraceCheckUtils]: 103: Hoare triple {4605#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {4605#false} is VALID [2022-02-20 18:05:08,347 INFO L290 TraceCheckUtils]: 104: Hoare triple {4605#false} assume !false; {4605#false} is VALID [2022-02-20 18:05:08,347 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:08,348 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:08,350 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [302884497] [2022-02-20 18:05:08,351 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [302884497] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:08,351 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [241261870] [2022-02-20 18:05:08,352 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:08,352 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:08,352 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:08,368 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:08,379 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:05:08,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,618 INFO L263 TraceCheckSpWp]: Trace formula consists of 1032 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:05:08,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,670 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:08,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4604#true} is VALID [2022-02-20 18:05:08,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {4604#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {4604#true} is VALID [2022-02-20 18:05:08,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {4604#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4604#true} is VALID [2022-02-20 18:05:08,881 INFO L290 TraceCheckUtils]: 3: Hoare triple {4604#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 4: Hoare triple {4604#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 5: Hoare triple {4604#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L272 TraceCheckUtils]: 6: Hoare triple {4604#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 7: Hoare triple {4604#true} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 8: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 9: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4604#true} {4604#true} #960#return; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 11: Hoare triple {4604#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L272 TraceCheckUtils]: 12: Hoare triple {4604#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 13: Hoare triple {4604#true} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 14: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 15: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4604#true} {4604#true} #962#return; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 17: Hoare triple {4604#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L272 TraceCheckUtils]: 18: Hoare triple {4604#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 19: Hoare triple {4604#true} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 20: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L290 TraceCheckUtils]: 21: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,882 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4604#true} {4604#true} #964#return; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L290 TraceCheckUtils]: 23: Hoare triple {4604#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L272 TraceCheckUtils]: 24: Hoare triple {4604#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L290 TraceCheckUtils]: 25: Hoare triple {4604#true} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L290 TraceCheckUtils]: 26: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L290 TraceCheckUtils]: 27: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4604#true} {4604#true} #966#return; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L290 TraceCheckUtils]: 29: Hoare triple {4604#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4604#true} is VALID [2022-02-20 18:05:08,883 INFO L272 TraceCheckUtils]: 30: Hoare triple {4604#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L290 TraceCheckUtils]: 31: Hoare triple {4604#true} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L290 TraceCheckUtils]: 32: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L290 TraceCheckUtils]: 33: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4604#true} {4604#true} #968#return; {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L290 TraceCheckUtils]: 35: Hoare triple {4604#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L272 TraceCheckUtils]: 36: Hoare triple {4604#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L290 TraceCheckUtils]: 37: Hoare triple {4604#true} ~handle := #in~handle;~value := #in~value; {4604#true} is VALID [2022-02-20 18:05:08,884 INFO L290 TraceCheckUtils]: 38: Hoare triple {4604#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4604#true} is VALID [2022-02-20 18:05:08,885 INFO L290 TraceCheckUtils]: 39: Hoare triple {4604#true} assume true; {4604#true} is VALID [2022-02-20 18:05:08,885 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4604#true} {4604#true} #970#return; {4604#true} is VALID [2022-02-20 18:05:08,885 INFO L290 TraceCheckUtils]: 41: Hoare triple {4604#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {4604#true} is VALID [2022-02-20 18:05:08,885 INFO L290 TraceCheckUtils]: 42: Hoare triple {4604#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:08,885 INFO L290 TraceCheckUtils]: 43: Hoare triple {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 44: Hoare triple {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 45: Hoare triple {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 46: Hoare triple {4790#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4605#false} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 47: Hoare triple {4605#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {4605#false} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 48: Hoare triple {4605#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4605#false} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 49: Hoare triple {4605#false} assume !false; {4605#false} is VALID [2022-02-20 18:05:08,886 INFO L290 TraceCheckUtils]: 50: Hoare triple {4605#false} assume !(test_~splverifierCounter~0#1 < 4); {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 51: Hoare triple {4605#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L272 TraceCheckUtils]: 52: Hoare triple {4605#false} call sendEmail(~bob~0, ~rjh~0); {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 53: Hoare triple {4605#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L272 TraceCheckUtils]: 54: Hoare triple {4605#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 55: Hoare triple {4605#false} ~handle := #in~handle;~value := #in~value; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 56: Hoare triple {4605#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 57: Hoare triple {4605#false} assume true; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4605#false} {4605#false} #948#return; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 59: Hoare triple {4605#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 60: Hoare triple {4605#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 61: Hoare triple {4605#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 62: Hoare triple {4605#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L272 TraceCheckUtils]: 63: Hoare triple {4605#false} call outgoing(~sender#1, ~email~0#1); {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 64: Hoare triple {4605#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L272 TraceCheckUtils]: 65: Hoare triple {4605#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 66: Hoare triple {4605#false} ~handle := #in~handle;havoc ~retValue_acc~17; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 67: Hoare triple {4605#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 68: Hoare triple {4605#false} assume true; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4605#false} {4605#false} #906#return; {4605#false} is VALID [2022-02-20 18:05:08,887 INFO L290 TraceCheckUtils]: 70: Hoare triple {4605#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L290 TraceCheckUtils]: 71: Hoare triple {4605#false} assume 0 == sign_~privkey~1#1; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L290 TraceCheckUtils]: 72: Hoare triple {4605#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L272 TraceCheckUtils]: 73: Hoare triple {4605#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L290 TraceCheckUtils]: 74: Hoare triple {4605#false} ~handle := #in~handle;havoc ~retValue_acc~36; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L290 TraceCheckUtils]: 75: Hoare triple {4605#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L290 TraceCheckUtils]: 76: Hoare triple {4605#false} assume true; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {4605#false} {4605#false} #908#return; {4605#false} is VALID [2022-02-20 18:05:08,911 INFO L290 TraceCheckUtils]: 78: Hoare triple {4605#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L272 TraceCheckUtils]: 79: Hoare triple {4605#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 80: Hoare triple {4605#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 81: Hoare triple {4605#false} assume 1 == ~handle; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 82: Hoare triple {4605#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 83: Hoare triple {4605#false} assume true; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {4605#false} {4605#false} #910#return; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 85: Hoare triple {4605#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 86: Hoare triple {4605#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 87: Hoare triple {4605#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 88: Hoare triple {4605#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 89: Hoare triple {4605#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L272 TraceCheckUtils]: 90: Hoare triple {4605#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 91: Hoare triple {4605#false} ~handle := #in~handle;~value := #in~value; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 92: Hoare triple {4605#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 93: Hoare triple {4605#false} assume true; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {4605#false} {4605#false} #916#return; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 95: Hoare triple {4605#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 96: Hoare triple {4605#false} assume 0 != ~in_encrypted~0; {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L272 TraceCheckUtils]: 97: Hoare triple {4605#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4605#false} is VALID [2022-02-20 18:05:08,912 INFO L290 TraceCheckUtils]: 98: Hoare triple {4605#false} ~handle := #in~handle;havoc ~retValue_acc~39; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L290 TraceCheckUtils]: 99: Hoare triple {4605#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L290 TraceCheckUtils]: 100: Hoare triple {4605#false} assume true; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {4605#false} {4605#false} #918#return; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L290 TraceCheckUtils]: 102: Hoare triple {4605#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L290 TraceCheckUtils]: 103: Hoare triple {4605#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L290 TraceCheckUtils]: 104: Hoare triple {4605#false} assume !false; {4605#false} is VALID [2022-02-20 18:05:08,913 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:08,913 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:08,913 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [241261870] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:08,913 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:08,913 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 18:05:08,913 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1525708419] [2022-02-20 18:05:08,914 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:08,914 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105 [2022-02-20 18:05:08,914 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:08,914 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:08,984 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:08,984 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:08,984 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:08,985 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:08,985 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:08,985 INFO L87 Difference]: Start difference. First operand 323 states and 476 transitions. Second operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:09,486 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:09,486 INFO L93 Difference]: Finished difference Result 671 states and 1003 transitions. [2022-02-20 18:05:09,486 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:09,486 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105 [2022-02-20 18:05:09,486 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:09,487 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:09,499 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1001 transitions. [2022-02-20 18:05:09,499 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:09,514 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1001 transitions. [2022-02-20 18:05:09,515 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1001 transitions. [2022-02-20 18:05:10,193 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1001 edges. 1001 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:10,208 INFO L225 Difference]: With dead ends: 671 [2022-02-20 18:05:10,208 INFO L226 Difference]: Without dead ends: 375 [2022-02-20 18:05:10,209 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 132 GetRequests, 125 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:10,210 INFO L933 BasicCegarLoop]: 492 mSDtfsCounter, 99 mSDsluCounter, 426 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 114 SdHoareTripleChecker+Valid, 918 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:10,210 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [114 Valid, 918 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:10,211 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 375 states. [2022-02-20 18:05:10,225 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 375 to 367. [2022-02-20 18:05:10,226 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:10,227 INFO L82 GeneralOperation]: Start isEquivalent. First operand 375 states. Second operand has 367 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 286 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 18:05:10,227 INFO L74 IsIncluded]: Start isIncluded. First operand 375 states. Second operand has 367 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 286 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 18:05:10,228 INFO L87 Difference]: Start difference. First operand 375 states. Second operand has 367 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 286 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 18:05:10,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:10,243 INFO L93 Difference]: Finished difference Result 375 states and 561 transitions. [2022-02-20 18:05:10,244 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 561 transitions. [2022-02-20 18:05:10,245 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:10,245 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:10,246 INFO L74 IsIncluded]: Start isIncluded. First operand has 367 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 286 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) Second operand 375 states. [2022-02-20 18:05:10,247 INFO L87 Difference]: Start difference. First operand has 367 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 286 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) Second operand 375 states. [2022-02-20 18:05:10,262 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:10,262 INFO L93 Difference]: Finished difference Result 375 states and 561 transitions. [2022-02-20 18:05:10,262 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 561 transitions. [2022-02-20 18:05:10,264 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:10,264 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:10,265 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:10,265 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:10,266 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 367 states, 283 states have (on average 1.5229681978798586) internal successors, (431), 286 states have internal predecessors, (431), 61 states have call successors, (61), 22 states have call predecessors, (61), 22 states have return successors, (60), 60 states have call predecessors, (60), 60 states have call successors, (60) [2022-02-20 18:05:10,289 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 367 states to 367 states and 552 transitions. [2022-02-20 18:05:10,289 INFO L78 Accepts]: Start accepts. Automaton has 367 states and 552 transitions. Word has length 105 [2022-02-20 18:05:10,290 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:10,290 INFO L470 AbstractCegarLoop]: Abstraction has 367 states and 552 transitions. [2022-02-20 18:05:10,290 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:10,290 INFO L276 IsEmpty]: Start isEmpty. Operand 367 states and 552 transitions. [2022-02-20 18:05:10,292 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 18:05:10,293 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:10,293 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:10,319 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:10,499 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:10,500 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:10,500 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:10,500 INFO L85 PathProgramCache]: Analyzing trace with hash -1964089952, now seen corresponding path program 1 times [2022-02-20 18:05:10,500 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:10,500 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1865130675] [2022-02-20 18:05:10,500 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:10,501 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:10,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,580 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:10,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,584 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,584 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,584 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7181#true} #960#return; {7181#true} is VALID [2022-02-20 18:05:10,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:10,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,593 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7181#true} #962#return; {7181#true} is VALID [2022-02-20 18:05:10,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:10,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7235#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:10,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {7235#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7236#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,609 INFO L290 TraceCheckUtils]: 2: Hoare triple {7236#(= |setClientId_#in~handle| 1)} assume true; {7236#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,610 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7236#(= |setClientId_#in~handle| 1)} {7191#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {7182#false} is VALID [2022-02-20 18:05:10,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:10,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,614 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #966#return; {7182#false} is VALID [2022-02-20 18:05:10,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:10,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,619 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,619 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,619 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #968#return; {7182#false} is VALID [2022-02-20 18:05:10,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:10,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,624 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,624 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #970#return; {7182#false} is VALID [2022-02-20 18:05:10,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:05:10,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,637 INFO L290 TraceCheckUtils]: 0: Hoare triple {7237#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,637 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,637 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,637 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #948#return; {7182#false} is VALID [2022-02-20 18:05:10,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:05:10,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {7181#true} ~handle := #in~handle;havoc ~retValue_acc~17; {7181#true} is VALID [2022-02-20 18:05:10,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {7181#true} is VALID [2022-02-20 18:05:10,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,640 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #906#return; {7182#false} is VALID [2022-02-20 18:05:10,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:05:10,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {7181#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7181#true} is VALID [2022-02-20 18:05:10,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7181#true} is VALID [2022-02-20 18:05:10,644 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,644 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #908#return; {7182#false} is VALID [2022-02-20 18:05:10,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:05:10,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {7181#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {7181#true} is VALID [2022-02-20 18:05:10,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle; {7181#true} is VALID [2022-02-20 18:05:10,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {7181#true} is VALID [2022-02-20 18:05:10,647 INFO L290 TraceCheckUtils]: 3: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,648 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {7181#true} {7182#false} #910#return; {7182#false} is VALID [2022-02-20 18:05:10,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:05:10,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,651 INFO L290 TraceCheckUtils]: 0: Hoare triple {7237#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,651 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,652 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #916#return; {7182#false} is VALID [2022-02-20 18:05:10,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:05:10,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {7181#true} ~handle := #in~handle;havoc ~retValue_acc~39; {7181#true} is VALID [2022-02-20 18:05:10,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7181#true} is VALID [2022-02-20 18:05:10,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7181#true} {7182#false} #918#return; {7182#false} is VALID [2022-02-20 18:05:10,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {7181#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7181#true} is VALID [2022-02-20 18:05:10,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {7181#true} is VALID [2022-02-20 18:05:10,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7181#true} is VALID [2022-02-20 18:05:10,657 INFO L290 TraceCheckUtils]: 3: Hoare triple {7181#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {7181#true} is VALID [2022-02-20 18:05:10,657 INFO L290 TraceCheckUtils]: 4: Hoare triple {7181#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {7181#true} is VALID [2022-02-20 18:05:10,658 INFO L290 TraceCheckUtils]: 5: Hoare triple {7181#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7181#true} is VALID [2022-02-20 18:05:10,658 INFO L272 TraceCheckUtils]: 6: Hoare triple {7181#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:10,659 INFO L290 TraceCheckUtils]: 7: Hoare triple {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,659 INFO L290 TraceCheckUtils]: 8: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,659 INFO L290 TraceCheckUtils]: 9: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,659 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7181#true} {7181#true} #960#return; {7181#true} is VALID [2022-02-20 18:05:10,659 INFO L290 TraceCheckUtils]: 11: Hoare triple {7181#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7181#true} is VALID [2022-02-20 18:05:10,660 INFO L272 TraceCheckUtils]: 12: Hoare triple {7181#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:10,660 INFO L290 TraceCheckUtils]: 13: Hoare triple {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,660 INFO L290 TraceCheckUtils]: 14: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,660 INFO L290 TraceCheckUtils]: 15: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,660 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7181#true} {7181#true} #962#return; {7181#true} is VALID [2022-02-20 18:05:10,661 INFO L290 TraceCheckUtils]: 17: Hoare triple {7181#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7191#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:10,661 INFO L272 TraceCheckUtils]: 18: Hoare triple {7191#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:10,661 INFO L290 TraceCheckUtils]: 19: Hoare triple {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7235#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:10,662 INFO L290 TraceCheckUtils]: 20: Hoare triple {7235#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7236#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,662 INFO L290 TraceCheckUtils]: 21: Hoare triple {7236#(= |setClientId_#in~handle| 1)} assume true; {7236#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,663 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7236#(= |setClientId_#in~handle| 1)} {7191#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #964#return; {7182#false} is VALID [2022-02-20 18:05:10,663 INFO L290 TraceCheckUtils]: 23: Hoare triple {7182#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7182#false} is VALID [2022-02-20 18:05:10,663 INFO L272 TraceCheckUtils]: 24: Hoare triple {7182#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:10,663 INFO L290 TraceCheckUtils]: 25: Hoare triple {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,663 INFO L290 TraceCheckUtils]: 26: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,663 INFO L290 TraceCheckUtils]: 27: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,663 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7181#true} {7182#false} #966#return; {7182#false} is VALID [2022-02-20 18:05:10,664 INFO L290 TraceCheckUtils]: 29: Hoare triple {7182#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7182#false} is VALID [2022-02-20 18:05:10,664 INFO L272 TraceCheckUtils]: 30: Hoare triple {7182#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:10,664 INFO L290 TraceCheckUtils]: 31: Hoare triple {7233#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,664 INFO L290 TraceCheckUtils]: 32: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,664 INFO L290 TraceCheckUtils]: 33: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,664 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7181#true} {7182#false} #968#return; {7182#false} is VALID [2022-02-20 18:05:10,664 INFO L290 TraceCheckUtils]: 35: Hoare triple {7182#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7182#false} is VALID [2022-02-20 18:05:10,664 INFO L272 TraceCheckUtils]: 36: Hoare triple {7182#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 37: Hoare triple {7234#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 38: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 39: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,665 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7181#true} {7182#false} #970#return; {7182#false} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 41: Hoare triple {7182#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {7182#false} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 42: Hoare triple {7182#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7182#false} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 43: Hoare triple {7182#false} assume !false; {7182#false} is VALID [2022-02-20 18:05:10,665 INFO L290 TraceCheckUtils]: 44: Hoare triple {7182#false} assume test_~splverifierCounter~0#1 < 4; {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 45: Hoare triple {7182#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 46: Hoare triple {7182#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 47: Hoare triple {7182#false} assume !(0 != test_~tmp___9~0#1); {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 48: Hoare triple {7182#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 49: Hoare triple {7182#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 50: Hoare triple {7182#false} assume !false; {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 51: Hoare triple {7182#false} assume !(test_~splverifierCounter~0#1 < 4); {7182#false} is VALID [2022-02-20 18:05:10,666 INFO L290 TraceCheckUtils]: 52: Hoare triple {7182#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {7182#false} is VALID [2022-02-20 18:05:10,667 INFO L272 TraceCheckUtils]: 53: Hoare triple {7182#false} call sendEmail(~bob~0, ~rjh~0); {7182#false} is VALID [2022-02-20 18:05:10,667 INFO L290 TraceCheckUtils]: 54: Hoare triple {7182#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7182#false} is VALID [2022-02-20 18:05:10,667 INFO L272 TraceCheckUtils]: 55: Hoare triple {7182#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7237#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:10,667 INFO L290 TraceCheckUtils]: 56: Hoare triple {7237#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,667 INFO L290 TraceCheckUtils]: 57: Hoare triple {7181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,667 INFO L290 TraceCheckUtils]: 58: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,667 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7181#true} {7182#false} #948#return; {7182#false} is VALID [2022-02-20 18:05:10,667 INFO L290 TraceCheckUtils]: 60: Hoare triple {7182#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7182#false} is VALID [2022-02-20 18:05:10,667 INFO L290 TraceCheckUtils]: 61: Hoare triple {7182#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7182#false} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 62: Hoare triple {7182#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {7182#false} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 63: Hoare triple {7182#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {7182#false} is VALID [2022-02-20 18:05:10,668 INFO L272 TraceCheckUtils]: 64: Hoare triple {7182#false} call outgoing(~sender#1, ~email~0#1); {7182#false} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 65: Hoare triple {7182#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {7182#false} is VALID [2022-02-20 18:05:10,668 INFO L272 TraceCheckUtils]: 66: Hoare triple {7182#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {7181#true} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 67: Hoare triple {7181#true} ~handle := #in~handle;havoc ~retValue_acc~17; {7181#true} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 68: Hoare triple {7181#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {7181#true} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 69: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,668 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {7181#true} {7182#false} #906#return; {7182#false} is VALID [2022-02-20 18:05:10,668 INFO L290 TraceCheckUtils]: 71: Hoare triple {7182#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {7182#false} is VALID [2022-02-20 18:05:10,669 INFO L290 TraceCheckUtils]: 72: Hoare triple {7182#false} assume 0 == sign_~privkey~1#1; {7182#false} is VALID [2022-02-20 18:05:10,669 INFO L290 TraceCheckUtils]: 73: Hoare triple {7182#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {7182#false} is VALID [2022-02-20 18:05:10,669 INFO L272 TraceCheckUtils]: 74: Hoare triple {7182#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {7181#true} is VALID [2022-02-20 18:05:10,669 INFO L290 TraceCheckUtils]: 75: Hoare triple {7181#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7181#true} is VALID [2022-02-20 18:05:10,669 INFO L290 TraceCheckUtils]: 76: Hoare triple {7181#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7181#true} is VALID [2022-02-20 18:05:10,669 INFO L290 TraceCheckUtils]: 77: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,669 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {7181#true} {7182#false} #908#return; {7182#false} is VALID [2022-02-20 18:05:10,669 INFO L290 TraceCheckUtils]: 79: Hoare triple {7182#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {7182#false} is VALID [2022-02-20 18:05:10,669 INFO L272 TraceCheckUtils]: 80: Hoare triple {7182#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {7181#true} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 81: Hoare triple {7181#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {7181#true} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 82: Hoare triple {7181#true} assume 1 == ~handle; {7181#true} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 83: Hoare triple {7181#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {7181#true} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 84: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,670 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {7181#true} {7182#false} #910#return; {7182#false} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 86: Hoare triple {7182#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {7182#false} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 87: Hoare triple {7182#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {7182#false} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 88: Hoare triple {7182#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {7182#false} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 89: Hoare triple {7182#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {7182#false} is VALID [2022-02-20 18:05:10,670 INFO L290 TraceCheckUtils]: 90: Hoare triple {7182#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {7182#false} is VALID [2022-02-20 18:05:10,671 INFO L272 TraceCheckUtils]: 91: Hoare triple {7182#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {7237#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:10,671 INFO L290 TraceCheckUtils]: 92: Hoare triple {7237#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:10,671 INFO L290 TraceCheckUtils]: 93: Hoare triple {7181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:10,671 INFO L290 TraceCheckUtils]: 94: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,671 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {7181#true} {7182#false} #916#return; {7182#false} is VALID [2022-02-20 18:05:10,671 INFO L290 TraceCheckUtils]: 96: Hoare triple {7182#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {7182#false} is VALID [2022-02-20 18:05:10,671 INFO L290 TraceCheckUtils]: 97: Hoare triple {7182#false} assume 0 != ~in_encrypted~0; {7182#false} is VALID [2022-02-20 18:05:10,671 INFO L272 TraceCheckUtils]: 98: Hoare triple {7182#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7181#true} is VALID [2022-02-20 18:05:10,671 INFO L290 TraceCheckUtils]: 99: Hoare triple {7181#true} ~handle := #in~handle;havoc ~retValue_acc~39; {7181#true} is VALID [2022-02-20 18:05:10,672 INFO L290 TraceCheckUtils]: 100: Hoare triple {7181#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7181#true} is VALID [2022-02-20 18:05:10,672 INFO L290 TraceCheckUtils]: 101: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:10,672 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {7181#true} {7182#false} #918#return; {7182#false} is VALID [2022-02-20 18:05:10,672 INFO L290 TraceCheckUtils]: 103: Hoare triple {7182#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {7182#false} is VALID [2022-02-20 18:05:10,672 INFO L290 TraceCheckUtils]: 104: Hoare triple {7182#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {7182#false} is VALID [2022-02-20 18:05:10,672 INFO L290 TraceCheckUtils]: 105: Hoare triple {7182#false} assume !false; {7182#false} is VALID [2022-02-20 18:05:10,672 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:10,673 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:10,673 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1865130675] [2022-02-20 18:05:10,673 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1865130675] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:10,673 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1935855158] [2022-02-20 18:05:10,673 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:10,673 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:10,673 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:10,674 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:10,676 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:05:10,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,947 INFO L263 TraceCheckSpWp]: Trace formula consists of 1039 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:05:10,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:11,001 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:11,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {7181#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7181#true} is VALID [2022-02-20 18:05:11,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {7181#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {7181#true} is VALID [2022-02-20 18:05:11,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {7181#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7181#true} is VALID [2022-02-20 18:05:11,317 INFO L290 TraceCheckUtils]: 3: Hoare triple {7181#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {7181#true} is VALID [2022-02-20 18:05:11,317 INFO L290 TraceCheckUtils]: 4: Hoare triple {7181#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {7181#true} is VALID [2022-02-20 18:05:11,317 INFO L290 TraceCheckUtils]: 5: Hoare triple {7181#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L272 TraceCheckUtils]: 6: Hoare triple {7181#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L290 TraceCheckUtils]: 7: Hoare triple {7181#true} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L290 TraceCheckUtils]: 8: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L290 TraceCheckUtils]: 9: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7181#true} {7181#true} #960#return; {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L290 TraceCheckUtils]: 11: Hoare triple {7181#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L272 TraceCheckUtils]: 12: Hoare triple {7181#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7181#true} is VALID [2022-02-20 18:05:11,318 INFO L290 TraceCheckUtils]: 13: Hoare triple {7181#true} ~handle := #in~handle;~value := #in~value; {7181#true} is VALID [2022-02-20 18:05:11,319 INFO L290 TraceCheckUtils]: 14: Hoare triple {7181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7181#true} is VALID [2022-02-20 18:05:11,319 INFO L290 TraceCheckUtils]: 15: Hoare triple {7181#true} assume true; {7181#true} is VALID [2022-02-20 18:05:11,319 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7181#true} {7181#true} #962#return; {7181#true} is VALID [2022-02-20 18:05:11,323 INFO L290 TraceCheckUtils]: 17: Hoare triple {7181#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7292#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:11,323 INFO L272 TraceCheckUtils]: 18: Hoare triple {7292#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7181#true} is VALID [2022-02-20 18:05:11,323 INFO L290 TraceCheckUtils]: 19: Hoare triple {7181#true} ~handle := #in~handle;~value := #in~value; {7299#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:05:11,324 INFO L290 TraceCheckUtils]: 20: Hoare triple {7299#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7303#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:11,324 INFO L290 TraceCheckUtils]: 21: Hoare triple {7303#(<= |setClientId_#in~handle| 1)} assume true; {7303#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:11,325 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7303#(<= |setClientId_#in~handle| 1)} {7292#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #964#return; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 23: Hoare triple {7182#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L272 TraceCheckUtils]: 24: Hoare triple {7182#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 25: Hoare triple {7182#false} ~handle := #in~handle;~value := #in~value; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 26: Hoare triple {7182#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 27: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7182#false} {7182#false} #966#return; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 29: Hoare triple {7182#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L272 TraceCheckUtils]: 30: Hoare triple {7182#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 31: Hoare triple {7182#false} ~handle := #in~handle;~value := #in~value; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 32: Hoare triple {7182#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 33: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7182#false} {7182#false} #968#return; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 35: Hoare triple {7182#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L272 TraceCheckUtils]: 36: Hoare triple {7182#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7182#false} is VALID [2022-02-20 18:05:11,325 INFO L290 TraceCheckUtils]: 37: Hoare triple {7182#false} ~handle := #in~handle;~value := #in~value; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 38: Hoare triple {7182#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 39: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7182#false} {7182#false} #970#return; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 41: Hoare triple {7182#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 42: Hoare triple {7182#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 43: Hoare triple {7182#false} assume !false; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 44: Hoare triple {7182#false} assume test_~splverifierCounter~0#1 < 4; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 45: Hoare triple {7182#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 46: Hoare triple {7182#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {7182#false} is VALID [2022-02-20 18:05:11,326 INFO L290 TraceCheckUtils]: 47: Hoare triple {7182#false} assume !(0 != test_~tmp___9~0#1); {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 48: Hoare triple {7182#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 49: Hoare triple {7182#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 50: Hoare triple {7182#false} assume !false; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 51: Hoare triple {7182#false} assume !(test_~splverifierCounter~0#1 < 4); {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 52: Hoare triple {7182#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L272 TraceCheckUtils]: 53: Hoare triple {7182#false} call sendEmail(~bob~0, ~rjh~0); {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 54: Hoare triple {7182#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L272 TraceCheckUtils]: 55: Hoare triple {7182#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 56: Hoare triple {7182#false} ~handle := #in~handle;~value := #in~value; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 57: Hoare triple {7182#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7182#false} is VALID [2022-02-20 18:05:11,327 INFO L290 TraceCheckUtils]: 58: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7182#false} {7182#false} #948#return; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 60: Hoare triple {7182#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 61: Hoare triple {7182#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 62: Hoare triple {7182#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 63: Hoare triple {7182#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L272 TraceCheckUtils]: 64: Hoare triple {7182#false} call outgoing(~sender#1, ~email~0#1); {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 65: Hoare triple {7182#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L272 TraceCheckUtils]: 66: Hoare triple {7182#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 67: Hoare triple {7182#false} ~handle := #in~handle;havoc ~retValue_acc~17; {7182#false} is VALID [2022-02-20 18:05:11,328 INFO L290 TraceCheckUtils]: 68: Hoare triple {7182#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 69: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {7182#false} {7182#false} #906#return; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 71: Hoare triple {7182#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 72: Hoare triple {7182#false} assume 0 == sign_~privkey~1#1; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 73: Hoare triple {7182#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L272 TraceCheckUtils]: 74: Hoare triple {7182#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 75: Hoare triple {7182#false} ~handle := #in~handle;havoc ~retValue_acc~36; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 76: Hoare triple {7182#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7182#false} is VALID [2022-02-20 18:05:11,329 INFO L290 TraceCheckUtils]: 77: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {7182#false} {7182#false} #908#return; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L290 TraceCheckUtils]: 79: Hoare triple {7182#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L272 TraceCheckUtils]: 80: Hoare triple {7182#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L290 TraceCheckUtils]: 81: Hoare triple {7182#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L290 TraceCheckUtils]: 82: Hoare triple {7182#false} assume 1 == ~handle; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L290 TraceCheckUtils]: 83: Hoare triple {7182#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L290 TraceCheckUtils]: 84: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {7182#false} {7182#false} #910#return; {7182#false} is VALID [2022-02-20 18:05:11,330 INFO L290 TraceCheckUtils]: 86: Hoare triple {7182#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 87: Hoare triple {7182#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 88: Hoare triple {7182#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 89: Hoare triple {7182#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 90: Hoare triple {7182#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L272 TraceCheckUtils]: 91: Hoare triple {7182#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 92: Hoare triple {7182#false} ~handle := #in~handle;~value := #in~value; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 93: Hoare triple {7182#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L290 TraceCheckUtils]: 94: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,331 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {7182#false} {7182#false} #916#return; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L290 TraceCheckUtils]: 96: Hoare triple {7182#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L290 TraceCheckUtils]: 97: Hoare triple {7182#false} assume 0 != ~in_encrypted~0; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L272 TraceCheckUtils]: 98: Hoare triple {7182#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L290 TraceCheckUtils]: 99: Hoare triple {7182#false} ~handle := #in~handle;havoc ~retValue_acc~39; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L290 TraceCheckUtils]: 100: Hoare triple {7182#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L290 TraceCheckUtils]: 101: Hoare triple {7182#false} assume true; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {7182#false} {7182#false} #918#return; {7182#false} is VALID [2022-02-20 18:05:11,332 INFO L290 TraceCheckUtils]: 103: Hoare triple {7182#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {7182#false} is VALID [2022-02-20 18:05:11,333 INFO L290 TraceCheckUtils]: 104: Hoare triple {7182#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {7182#false} is VALID [2022-02-20 18:05:11,333 INFO L290 TraceCheckUtils]: 105: Hoare triple {7182#false} assume !false; {7182#false} is VALID [2022-02-20 18:05:11,333 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:05:11,333 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:11,333 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1935855158] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:11,333 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:11,333 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2022-02-20 18:05:11,334 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1791049653] [2022-02-20 18:05:11,334 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:11,334 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:05:11,335 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:11,335 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:11,409 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:11,409 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:11,409 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:11,409 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:11,410 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:05:11,410 INFO L87 Difference]: Start difference. First operand 367 states and 552 transitions. Second operand has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:12,272 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:12,273 INFO L93 Difference]: Finished difference Result 725 states and 1094 transitions. [2022-02-20 18:05:12,273 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:05:12,273 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:05:12,273 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:12,273 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:12,282 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 938 transitions. [2022-02-20 18:05:12,282 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:12,289 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 938 transitions. [2022-02-20 18:05:12,290 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 938 transitions. [2022-02-20 18:05:12,917 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 938 edges. 938 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:12,925 INFO L225 Difference]: With dead ends: 725 [2022-02-20 18:05:12,926 INFO L226 Difference]: Without dead ends: 369 [2022-02-20 18:05:12,926 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 124 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:12,927 INFO L933 BasicCegarLoop]: 465 mSDtfsCounter, 117 mSDsluCounter, 1259 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 137 SdHoareTripleChecker+Valid, 1724 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:12,927 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [137 Valid, 1724 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:12,928 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 369 states. [2022-02-20 18:05:12,974 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 369 to 369. [2022-02-20 18:05:12,974 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:12,975 INFO L82 GeneralOperation]: Start isEquivalent. First operand 369 states. Second operand has 369 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 288 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 18:05:12,976 INFO L74 IsIncluded]: Start isIncluded. First operand 369 states. Second operand has 369 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 288 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 18:05:12,977 INFO L87 Difference]: Start difference. First operand 369 states. Second operand has 369 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 288 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 18:05:12,986 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:12,986 INFO L93 Difference]: Finished difference Result 369 states and 555 transitions. [2022-02-20 18:05:12,986 INFO L276 IsEmpty]: Start isEmpty. Operand 369 states and 555 transitions. [2022-02-20 18:05:12,987 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:12,987 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:12,988 INFO L74 IsIncluded]: Start isIncluded. First operand has 369 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 288 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) Second operand 369 states. [2022-02-20 18:05:12,989 INFO L87 Difference]: Start difference. First operand has 369 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 288 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) Second operand 369 states. [2022-02-20 18:05:12,998 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:12,999 INFO L93 Difference]: Finished difference Result 369 states and 555 transitions. [2022-02-20 18:05:12,999 INFO L276 IsEmpty]: Start isEmpty. Operand 369 states and 555 transitions. [2022-02-20 18:05:13,000 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:13,000 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:13,000 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:13,000 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:13,001 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 369 states, 284 states have (on average 1.5211267605633803) internal successors, (432), 288 states have internal predecessors, (432), 61 states have call successors, (61), 22 states have call predecessors, (61), 23 states have return successors, (62), 60 states have call predecessors, (62), 60 states have call successors, (62) [2022-02-20 18:05:13,011 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 369 states to 369 states and 555 transitions. [2022-02-20 18:05:13,011 INFO L78 Accepts]: Start accepts. Automaton has 369 states and 555 transitions. Word has length 106 [2022-02-20 18:05:13,011 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:13,011 INFO L470 AbstractCegarLoop]: Abstraction has 369 states and 555 transitions. [2022-02-20 18:05:13,012 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.25) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:13,012 INFO L276 IsEmpty]: Start isEmpty. Operand 369 states and 555 transitions. [2022-02-20 18:05:13,013 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 18:05:13,013 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:13,013 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:13,033 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:13,231 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:13,231 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:13,232 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:13,232 INFO L85 PathProgramCache]: Analyzing trace with hash 1110095373, now seen corresponding path program 1 times [2022-02-20 18:05:13,232 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:13,232 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2065497954] [2022-02-20 18:05:13,232 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:13,232 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:13,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:13,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,302 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9840#true} #960#return; {9840#true} is VALID [2022-02-20 18:05:13,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:13,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,311 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9840#true} #962#return; {9840#true} is VALID [2022-02-20 18:05:13,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:13,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {9896#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,330 INFO L290 TraceCheckUtils]: 2: Hoare triple {9896#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9897#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,330 INFO L290 TraceCheckUtils]: 3: Hoare triple {9897#(= 2 |setClientId_#in~handle|)} assume true; {9897#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,330 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9897#(= 2 |setClientId_#in~handle|)} {9850#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #964#return; {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:13,331 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:13,333 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:13,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {9898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9899#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:13,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {9899#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9899#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:13,349 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9899#(= |setClientPrivateKey_#in~handle| 1)} {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #966#return; {9841#false} is VALID [2022-02-20 18:05:13,349 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:05:13,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #968#return; {9841#false} is VALID [2022-02-20 18:05:13,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:05:13,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,356 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,356 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #970#return; {9841#false} is VALID [2022-02-20 18:05:13,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:05:13,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {9900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,367 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #948#return; {9841#false} is VALID [2022-02-20 18:05:13,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:05:13,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,370 INFO L290 TraceCheckUtils]: 0: Hoare triple {9840#true} ~handle := #in~handle;havoc ~retValue_acc~17; {9840#true} is VALID [2022-02-20 18:05:13,370 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {9840#true} is VALID [2022-02-20 18:05:13,370 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,370 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #906#return; {9841#false} is VALID [2022-02-20 18:05:13,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:05:13,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,373 INFO L290 TraceCheckUtils]: 0: Hoare triple {9840#true} ~handle := #in~handle;havoc ~retValue_acc~36; {9840#true} is VALID [2022-02-20 18:05:13,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9840#true} is VALID [2022-02-20 18:05:13,373 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #908#return; {9841#false} is VALID [2022-02-20 18:05:13,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:05:13,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {9840#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {9840#true} is VALID [2022-02-20 18:05:13,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle; {9840#true} is VALID [2022-02-20 18:05:13,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {9840#true} is VALID [2022-02-20 18:05:13,376 INFO L290 TraceCheckUtils]: 3: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,376 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9840#true} {9841#false} #910#return; {9841#false} is VALID [2022-02-20 18:05:13,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:05:13,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {9900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,379 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #916#return; {9841#false} is VALID [2022-02-20 18:05:13,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:05:13,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,381 INFO L290 TraceCheckUtils]: 0: Hoare triple {9840#true} ~handle := #in~handle;havoc ~retValue_acc~39; {9840#true} is VALID [2022-02-20 18:05:13,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {9840#true} is VALID [2022-02-20 18:05:13,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,382 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9840#true} {9841#false} #918#return; {9841#false} is VALID [2022-02-20 18:05:13,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {9840#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {9840#true} is VALID [2022-02-20 18:05:13,382 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {9840#true} is VALID [2022-02-20 18:05:13,382 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9840#true} is VALID [2022-02-20 18:05:13,382 INFO L290 TraceCheckUtils]: 3: Hoare triple {9840#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {9840#true} is VALID [2022-02-20 18:05:13,382 INFO L290 TraceCheckUtils]: 4: Hoare triple {9840#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {9840#true} is VALID [2022-02-20 18:05:13,382 INFO L290 TraceCheckUtils]: 5: Hoare triple {9840#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9840#true} is VALID [2022-02-20 18:05:13,383 INFO L272 TraceCheckUtils]: 6: Hoare triple {9840#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:13,383 INFO L290 TraceCheckUtils]: 7: Hoare triple {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,383 INFO L290 TraceCheckUtils]: 8: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,383 INFO L290 TraceCheckUtils]: 9: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,383 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9840#true} {9840#true} #960#return; {9840#true} is VALID [2022-02-20 18:05:13,384 INFO L290 TraceCheckUtils]: 11: Hoare triple {9840#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9840#true} is VALID [2022-02-20 18:05:13,384 INFO L272 TraceCheckUtils]: 12: Hoare triple {9840#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:13,384 INFO L290 TraceCheckUtils]: 13: Hoare triple {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,384 INFO L290 TraceCheckUtils]: 14: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,384 INFO L290 TraceCheckUtils]: 15: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,384 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9840#true} {9840#true} #962#return; {9840#true} is VALID [2022-02-20 18:05:13,385 INFO L290 TraceCheckUtils]: 17: Hoare triple {9840#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9850#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:13,385 INFO L272 TraceCheckUtils]: 18: Hoare triple {9850#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:13,386 INFO L290 TraceCheckUtils]: 19: Hoare triple {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,386 INFO L290 TraceCheckUtils]: 20: Hoare triple {9896#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9896#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,386 INFO L290 TraceCheckUtils]: 21: Hoare triple {9896#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9897#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,387 INFO L290 TraceCheckUtils]: 22: Hoare triple {9897#(= 2 |setClientId_#in~handle|)} assume true; {9897#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:13,387 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9897#(= 2 |setClientId_#in~handle|)} {9850#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #964#return; {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:13,387 INFO L290 TraceCheckUtils]: 24: Hoare triple {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:13,388 INFO L272 TraceCheckUtils]: 25: Hoare triple {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:13,388 INFO L290 TraceCheckUtils]: 26: Hoare triple {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:13,388 INFO L290 TraceCheckUtils]: 27: Hoare triple {9898#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9899#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:13,389 INFO L290 TraceCheckUtils]: 28: Hoare triple {9899#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9899#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:13,389 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {9899#(= |setClientPrivateKey_#in~handle| 1)} {9856#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #966#return; {9841#false} is VALID [2022-02-20 18:05:13,389 INFO L290 TraceCheckUtils]: 30: Hoare triple {9841#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9841#false} is VALID [2022-02-20 18:05:13,389 INFO L272 TraceCheckUtils]: 31: Hoare triple {9841#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:13,389 INFO L290 TraceCheckUtils]: 32: Hoare triple {9894#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 33: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 34: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,390 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {9840#true} {9841#false} #968#return; {9841#false} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 36: Hoare triple {9841#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9841#false} is VALID [2022-02-20 18:05:13,390 INFO L272 TraceCheckUtils]: 37: Hoare triple {9841#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 38: Hoare triple {9895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 39: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 40: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,390 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9840#true} {9841#false} #970#return; {9841#false} is VALID [2022-02-20 18:05:13,390 INFO L290 TraceCheckUtils]: 42: Hoare triple {9841#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 43: Hoare triple {9841#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 44: Hoare triple {9841#false} assume !false; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 45: Hoare triple {9841#false} assume test_~splverifierCounter~0#1 < 4; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 46: Hoare triple {9841#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 47: Hoare triple {9841#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 48: Hoare triple {9841#false} assume !(0 != test_~tmp___9~0#1); {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 49: Hoare triple {9841#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 50: Hoare triple {9841#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9841#false} is VALID [2022-02-20 18:05:13,391 INFO L290 TraceCheckUtils]: 51: Hoare triple {9841#false} assume !false; {9841#false} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 52: Hoare triple {9841#false} assume !(test_~splverifierCounter~0#1 < 4); {9841#false} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 53: Hoare triple {9841#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {9841#false} is VALID [2022-02-20 18:05:13,392 INFO L272 TraceCheckUtils]: 54: Hoare triple {9841#false} call sendEmail(~bob~0, ~rjh~0); {9841#false} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 55: Hoare triple {9841#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9841#false} is VALID [2022-02-20 18:05:13,392 INFO L272 TraceCheckUtils]: 56: Hoare triple {9841#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 57: Hoare triple {9900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 58: Hoare triple {9840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 59: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,392 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9840#true} {9841#false} #948#return; {9841#false} is VALID [2022-02-20 18:05:13,392 INFO L290 TraceCheckUtils]: 61: Hoare triple {9841#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {9841#false} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 62: Hoare triple {9841#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {9841#false} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 63: Hoare triple {9841#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {9841#false} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 64: Hoare triple {9841#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {9841#false} is VALID [2022-02-20 18:05:13,393 INFO L272 TraceCheckUtils]: 65: Hoare triple {9841#false} call outgoing(~sender#1, ~email~0#1); {9841#false} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 66: Hoare triple {9841#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {9841#false} is VALID [2022-02-20 18:05:13,393 INFO L272 TraceCheckUtils]: 67: Hoare triple {9841#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {9840#true} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 68: Hoare triple {9840#true} ~handle := #in~handle;havoc ~retValue_acc~17; {9840#true} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 69: Hoare triple {9840#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {9840#true} is VALID [2022-02-20 18:05:13,393 INFO L290 TraceCheckUtils]: 70: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,393 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {9840#true} {9841#false} #906#return; {9841#false} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 72: Hoare triple {9841#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {9841#false} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 73: Hoare triple {9841#false} assume 0 == sign_~privkey~1#1; {9841#false} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 74: Hoare triple {9841#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {9841#false} is VALID [2022-02-20 18:05:13,394 INFO L272 TraceCheckUtils]: 75: Hoare triple {9841#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {9840#true} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 76: Hoare triple {9840#true} ~handle := #in~handle;havoc ~retValue_acc~36; {9840#true} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 77: Hoare triple {9840#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9840#true} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 78: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,394 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {9840#true} {9841#false} #908#return; {9841#false} is VALID [2022-02-20 18:05:13,394 INFO L290 TraceCheckUtils]: 80: Hoare triple {9841#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {9841#false} is VALID [2022-02-20 18:05:13,394 INFO L272 TraceCheckUtils]: 81: Hoare triple {9841#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {9840#true} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 82: Hoare triple {9840#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {9840#true} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 83: Hoare triple {9840#true} assume 1 == ~handle; {9840#true} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 84: Hoare triple {9840#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {9840#true} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 85: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,395 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {9840#true} {9841#false} #910#return; {9841#false} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 87: Hoare triple {9841#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {9841#false} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 88: Hoare triple {9841#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {9841#false} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 89: Hoare triple {9841#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {9841#false} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 90: Hoare triple {9841#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {9841#false} is VALID [2022-02-20 18:05:13,395 INFO L290 TraceCheckUtils]: 91: Hoare triple {9841#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {9841#false} is VALID [2022-02-20 18:05:13,396 INFO L272 TraceCheckUtils]: 92: Hoare triple {9841#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {9900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:13,396 INFO L290 TraceCheckUtils]: 93: Hoare triple {9900#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,396 INFO L290 TraceCheckUtils]: 94: Hoare triple {9840#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,396 INFO L290 TraceCheckUtils]: 95: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,396 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {9840#true} {9841#false} #916#return; {9841#false} is VALID [2022-02-20 18:05:13,396 INFO L290 TraceCheckUtils]: 97: Hoare triple {9841#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {9841#false} is VALID [2022-02-20 18:05:13,396 INFO L290 TraceCheckUtils]: 98: Hoare triple {9841#false} assume 0 != ~in_encrypted~0; {9841#false} is VALID [2022-02-20 18:05:13,396 INFO L272 TraceCheckUtils]: 99: Hoare triple {9841#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {9840#true} is VALID [2022-02-20 18:05:13,396 INFO L290 TraceCheckUtils]: 100: Hoare triple {9840#true} ~handle := #in~handle;havoc ~retValue_acc~39; {9840#true} is VALID [2022-02-20 18:05:13,397 INFO L290 TraceCheckUtils]: 101: Hoare triple {9840#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {9840#true} is VALID [2022-02-20 18:05:13,397 INFO L290 TraceCheckUtils]: 102: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,397 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {9840#true} {9841#false} #918#return; {9841#false} is VALID [2022-02-20 18:05:13,397 INFO L290 TraceCheckUtils]: 104: Hoare triple {9841#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {9841#false} is VALID [2022-02-20 18:05:13,397 INFO L290 TraceCheckUtils]: 105: Hoare triple {9841#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {9841#false} is VALID [2022-02-20 18:05:13,397 INFO L290 TraceCheckUtils]: 106: Hoare triple {9841#false} assume !false; {9841#false} is VALID [2022-02-20 18:05:13,397 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:13,397 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:13,398 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2065497954] [2022-02-20 18:05:13,398 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2065497954] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:13,398 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [299857976] [2022-02-20 18:05:13,398 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:13,398 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:13,398 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:13,399 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:13,400 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:05:13,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,592 INFO L263 TraceCheckSpWp]: Trace formula consists of 1040 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:05:13,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:13,646 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:13,929 INFO L290 TraceCheckUtils]: 0: Hoare triple {9840#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {9840#true} is VALID [2022-02-20 18:05:13,929 INFO L290 TraceCheckUtils]: 1: Hoare triple {9840#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {9840#true} is VALID [2022-02-20 18:05:13,929 INFO L290 TraceCheckUtils]: 2: Hoare triple {9840#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9840#true} is VALID [2022-02-20 18:05:13,929 INFO L290 TraceCheckUtils]: 3: Hoare triple {9840#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {9840#true} is VALID [2022-02-20 18:05:13,929 INFO L290 TraceCheckUtils]: 4: Hoare triple {9840#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {9840#true} is VALID [2022-02-20 18:05:13,929 INFO L290 TraceCheckUtils]: 5: Hoare triple {9840#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L272 TraceCheckUtils]: 6: Hoare triple {9840#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 7: Hoare triple {9840#true} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 8: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 9: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9840#true} {9840#true} #960#return; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 11: Hoare triple {9840#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L272 TraceCheckUtils]: 12: Hoare triple {9840#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 13: Hoare triple {9840#true} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 14: Hoare triple {9840#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L290 TraceCheckUtils]: 15: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,930 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9840#true} {9840#true} #962#return; {9840#true} is VALID [2022-02-20 18:05:13,931 INFO L290 TraceCheckUtils]: 17: Hoare triple {9840#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:13,931 INFO L272 TraceCheckUtils]: 18: Hoare triple {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9840#true} is VALID [2022-02-20 18:05:13,931 INFO L290 TraceCheckUtils]: 19: Hoare triple {9840#true} ~handle := #in~handle;~value := #in~value; {9840#true} is VALID [2022-02-20 18:05:13,931 INFO L290 TraceCheckUtils]: 20: Hoare triple {9840#true} assume !(1 == ~handle); {9840#true} is VALID [2022-02-20 18:05:13,931 INFO L290 TraceCheckUtils]: 21: Hoare triple {9840#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9840#true} is VALID [2022-02-20 18:05:13,931 INFO L290 TraceCheckUtils]: 22: Hoare triple {9840#true} assume true; {9840#true} is VALID [2022-02-20 18:05:13,932 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9840#true} {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #964#return; {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:13,935 INFO L290 TraceCheckUtils]: 24: Hoare triple {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:13,935 INFO L272 TraceCheckUtils]: 25: Hoare triple {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9840#true} is VALID [2022-02-20 18:05:13,936 INFO L290 TraceCheckUtils]: 26: Hoare triple {9840#true} ~handle := #in~handle;~value := #in~value; {9983#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:05:13,936 INFO L290 TraceCheckUtils]: 27: Hoare triple {9983#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9987#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:13,937 INFO L290 TraceCheckUtils]: 28: Hoare triple {9987#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {9987#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:13,937 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {9987#(<= |setClientPrivateKey_#in~handle| 1)} {9955#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #966#return; {9841#false} is VALID [2022-02-20 18:05:13,937 INFO L290 TraceCheckUtils]: 30: Hoare triple {9841#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9841#false} is VALID [2022-02-20 18:05:13,937 INFO L272 TraceCheckUtils]: 31: Hoare triple {9841#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9841#false} is VALID [2022-02-20 18:05:13,937 INFO L290 TraceCheckUtils]: 32: Hoare triple {9841#false} ~handle := #in~handle;~value := #in~value; {9841#false} is VALID [2022-02-20 18:05:13,937 INFO L290 TraceCheckUtils]: 33: Hoare triple {9841#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 34: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {9841#false} {9841#false} #968#return; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 36: Hoare triple {9841#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L272 TraceCheckUtils]: 37: Hoare triple {9841#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 38: Hoare triple {9841#false} ~handle := #in~handle;~value := #in~value; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 39: Hoare triple {9841#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 40: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9841#false} {9841#false} #970#return; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 42: Hoare triple {9841#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 43: Hoare triple {9841#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 44: Hoare triple {9841#false} assume !false; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 45: Hoare triple {9841#false} assume test_~splverifierCounter~0#1 < 4; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 46: Hoare triple {9841#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 47: Hoare triple {9841#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 48: Hoare triple {9841#false} assume !(0 != test_~tmp___9~0#1); {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 49: Hoare triple {9841#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {9841#false} is VALID [2022-02-20 18:05:13,938 INFO L290 TraceCheckUtils]: 50: Hoare triple {9841#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 51: Hoare triple {9841#false} assume !false; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 52: Hoare triple {9841#false} assume !(test_~splverifierCounter~0#1 < 4); {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 53: Hoare triple {9841#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L272 TraceCheckUtils]: 54: Hoare triple {9841#false} call sendEmail(~bob~0, ~rjh~0); {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 55: Hoare triple {9841#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L272 TraceCheckUtils]: 56: Hoare triple {9841#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 57: Hoare triple {9841#false} ~handle := #in~handle;~value := #in~value; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 58: Hoare triple {9841#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 59: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9841#false} {9841#false} #948#return; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 61: Hoare triple {9841#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 62: Hoare triple {9841#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 63: Hoare triple {9841#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 64: Hoare triple {9841#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L272 TraceCheckUtils]: 65: Hoare triple {9841#false} call outgoing(~sender#1, ~email~0#1); {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 66: Hoare triple {9841#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L272 TraceCheckUtils]: 67: Hoare triple {9841#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {9841#false} is VALID [2022-02-20 18:05:13,939 INFO L290 TraceCheckUtils]: 68: Hoare triple {9841#false} ~handle := #in~handle;havoc ~retValue_acc~17; {9841#false} is VALID [2022-02-20 18:05:13,940 INFO L290 TraceCheckUtils]: 69: Hoare triple {9841#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {9841#false} is VALID [2022-02-20 18:05:13,940 INFO L290 TraceCheckUtils]: 70: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,940 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {9841#false} {9841#false} #906#return; {9841#false} is VALID [2022-02-20 18:05:13,940 INFO L290 TraceCheckUtils]: 72: Hoare triple {9841#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {9841#false} is VALID [2022-02-20 18:05:13,940 INFO L290 TraceCheckUtils]: 73: Hoare triple {9841#false} assume 0 == sign_~privkey~1#1; {9841#false} is VALID [2022-02-20 18:05:13,940 INFO L290 TraceCheckUtils]: 74: Hoare triple {9841#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L272 TraceCheckUtils]: 75: Hoare triple {9841#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 76: Hoare triple {9841#false} ~handle := #in~handle;havoc ~retValue_acc~36; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 77: Hoare triple {9841#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 78: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {9841#false} {9841#false} #908#return; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 80: Hoare triple {9841#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L272 TraceCheckUtils]: 81: Hoare triple {9841#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 82: Hoare triple {9841#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 83: Hoare triple {9841#false} assume 1 == ~handle; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 84: Hoare triple {9841#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 85: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {9841#false} {9841#false} #910#return; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 87: Hoare triple {9841#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 88: Hoare triple {9841#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {9841#false} is VALID [2022-02-20 18:05:13,951 INFO L290 TraceCheckUtils]: 89: Hoare triple {9841#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L290 TraceCheckUtils]: 90: Hoare triple {9841#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L290 TraceCheckUtils]: 91: Hoare triple {9841#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L272 TraceCheckUtils]: 92: Hoare triple {9841#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L290 TraceCheckUtils]: 93: Hoare triple {9841#false} ~handle := #in~handle;~value := #in~value; {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L290 TraceCheckUtils]: 94: Hoare triple {9841#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L290 TraceCheckUtils]: 95: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,952 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {9841#false} {9841#false} #916#return; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 97: Hoare triple {9841#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 98: Hoare triple {9841#false} assume 0 != ~in_encrypted~0; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L272 TraceCheckUtils]: 99: Hoare triple {9841#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 100: Hoare triple {9841#false} ~handle := #in~handle;havoc ~retValue_acc~39; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 101: Hoare triple {9841#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 102: Hoare triple {9841#false} assume true; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {9841#false} {9841#false} #918#return; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 104: Hoare triple {9841#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 105: Hoare triple {9841#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {9841#false} is VALID [2022-02-20 18:05:13,953 INFO L290 TraceCheckUtils]: 106: Hoare triple {9841#false} assume !false; {9841#false} is VALID [2022-02-20 18:05:13,954 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:05:13,954 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:13,954 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [299857976] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:13,954 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:13,954 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [11] total 14 [2022-02-20 18:05:13,954 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1903094404] [2022-02-20 18:05:13,955 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:13,956 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107 [2022-02-20 18:05:13,956 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:13,957 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:14,022 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:14,022 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:14,023 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:14,023 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:14,023 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=28, Invalid=154, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:05:14,024 INFO L87 Difference]: Start difference. First operand 369 states and 555 transitions. Second operand has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:14,899 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:14,900 INFO L93 Difference]: Finished difference Result 727 states and 1099 transitions. [2022-02-20 18:05:14,900 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:05:14,900 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107 [2022-02-20 18:05:14,900 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:14,900 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:14,907 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 937 transitions. [2022-02-20 18:05:14,907 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:14,914 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 937 transitions. [2022-02-20 18:05:14,914 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 937 transitions. [2022-02-20 18:05:15,510 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 937 edges. 937 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:15,521 INFO L225 Difference]: With dead ends: 727 [2022-02-20 18:05:15,522 INFO L226 Difference]: Without dead ends: 371 [2022-02-20 18:05:15,523 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 124 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=178, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:05:15,524 INFO L933 BasicCegarLoop]: 463 mSDtfsCounter, 116 mSDsluCounter, 1250 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 136 SdHoareTripleChecker+Valid, 1713 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:15,524 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [136 Valid, 1713 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:15,525 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 371 states. [2022-02-20 18:05:15,614 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 371 to 371. [2022-02-20 18:05:15,614 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:15,616 INFO L82 GeneralOperation]: Start isEquivalent. First operand 371 states. Second operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:15,617 INFO L74 IsIncluded]: Start isIncluded. First operand 371 states. Second operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:15,617 INFO L87 Difference]: Start difference. First operand 371 states. Second operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:15,630 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:15,630 INFO L93 Difference]: Finished difference Result 371 states and 561 transitions. [2022-02-20 18:05:15,630 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 561 transitions. [2022-02-20 18:05:15,632 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:15,632 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:15,633 INFO L74 IsIncluded]: Start isIncluded. First operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 371 states. [2022-02-20 18:05:15,634 INFO L87 Difference]: Start difference. First operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 371 states. [2022-02-20 18:05:15,655 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:15,656 INFO L93 Difference]: Finished difference Result 371 states and 561 transitions. [2022-02-20 18:05:15,656 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 561 transitions. [2022-02-20 18:05:15,657 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:15,657 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:15,657 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:15,657 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:15,658 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:15,684 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 371 states to 371 states and 561 transitions. [2022-02-20 18:05:15,685 INFO L78 Accepts]: Start accepts. Automaton has 371 states and 561 transitions. Word has length 107 [2022-02-20 18:05:15,685 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:15,685 INFO L470 AbstractCegarLoop]: Abstraction has 371 states and 561 transitions. [2022-02-20 18:05:15,685 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.0) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:15,685 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 561 transitions. [2022-02-20 18:05:15,686 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 18:05:15,686 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:15,686 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:15,730 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:15,887 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:15,887 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:15,887 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:15,888 INFO L85 PathProgramCache]: Analyzing trace with hash 303759806, now seen corresponding path program 1 times [2022-02-20 18:05:15,888 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:15,888 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1989841549] [2022-02-20 18:05:15,888 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:15,888 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:15,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:15,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:15,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:15,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:15,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12512#true} #960#return; {12512#true} is VALID [2022-02-20 18:05:15,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:15,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:15,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:15,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:15,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12512#true} #962#return; {12512#true} is VALID [2022-02-20 18:05:15,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:15,975 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:15,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume !(1 == ~handle); {12512#true} is VALID [2022-02-20 18:05:15,977 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:15,977 INFO L290 TraceCheckUtils]: 3: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:15,977 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12512#true} {12512#true} #964#return; {12512#true} is VALID [2022-02-20 18:05:15,978 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:15,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:15,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume !(1 == ~handle); {12512#true} is VALID [2022-02-20 18:05:15,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:15,983 INFO L290 TraceCheckUtils]: 3: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:15,983 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12512#true} {12512#true} #966#return; {12512#true} is VALID [2022-02-20 18:05:15,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:15,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12568#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {12568#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12569#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:16,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {12569#(= |setClientId_#in~handle| 1)} assume true; {12569#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:16,000 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12569#(= |setClientId_#in~handle| 1)} {12532#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {12513#false} is VALID [2022-02-20 18:05:16,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:16,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,005 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,005 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12513#false} #970#return; {12513#false} is VALID [2022-02-20 18:05:16,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:05:16,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {12570#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,016 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12513#false} #948#return; {12513#false} is VALID [2022-02-20 18:05:16,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:05:16,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {12512#true} ~handle := #in~handle;havoc ~retValue_acc~17; {12512#true} is VALID [2022-02-20 18:05:16,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {12512#true} is VALID [2022-02-20 18:05:16,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12513#false} #906#return; {12513#false} is VALID [2022-02-20 18:05:16,022 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:05:16,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {12512#true} ~handle := #in~handle;havoc ~retValue_acc~36; {12512#true} is VALID [2022-02-20 18:05:16,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {12512#true} is VALID [2022-02-20 18:05:16,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12513#false} #908#return; {12513#false} is VALID [2022-02-20 18:05:16,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:05:16,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {12512#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {12512#true} is VALID [2022-02-20 18:05:16,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle; {12512#true} is VALID [2022-02-20 18:05:16,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {12512#true} is VALID [2022-02-20 18:05:16,031 INFO L290 TraceCheckUtils]: 3: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,031 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12512#true} {12513#false} #910#return; {12513#false} is VALID [2022-02-20 18:05:16,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:05:16,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {12570#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,034 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12513#false} #916#return; {12513#false} is VALID [2022-02-20 18:05:16,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:05:16,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {12512#true} ~handle := #in~handle;havoc ~retValue_acc~39; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12512#true} {12513#false} #918#return; {12513#false} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {12512#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {12512#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {12512#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 3: Hoare triple {12512#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {12512#true} is VALID [2022-02-20 18:05:16,038 INFO L290 TraceCheckUtils]: 4: Hoare triple {12512#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {12512#true} is VALID [2022-02-20 18:05:16,044 INFO L290 TraceCheckUtils]: 5: Hoare triple {12512#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12512#true} is VALID [2022-02-20 18:05:16,045 INFO L272 TraceCheckUtils]: 6: Hoare triple {12512#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:16,045 INFO L290 TraceCheckUtils]: 7: Hoare triple {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,045 INFO L290 TraceCheckUtils]: 8: Hoare triple {12512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,045 INFO L290 TraceCheckUtils]: 9: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,045 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12512#true} {12512#true} #960#return; {12512#true} is VALID [2022-02-20 18:05:16,046 INFO L290 TraceCheckUtils]: 11: Hoare triple {12512#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12512#true} is VALID [2022-02-20 18:05:16,046 INFO L272 TraceCheckUtils]: 12: Hoare triple {12512#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:16,046 INFO L290 TraceCheckUtils]: 13: Hoare triple {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,046 INFO L290 TraceCheckUtils]: 14: Hoare triple {12512#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,047 INFO L290 TraceCheckUtils]: 15: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,047 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12512#true} {12512#true} #962#return; {12512#true} is VALID [2022-02-20 18:05:16,047 INFO L290 TraceCheckUtils]: 17: Hoare triple {12512#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12512#true} is VALID [2022-02-20 18:05:16,047 INFO L272 TraceCheckUtils]: 18: Hoare triple {12512#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:16,048 INFO L290 TraceCheckUtils]: 19: Hoare triple {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,048 INFO L290 TraceCheckUtils]: 20: Hoare triple {12512#true} assume !(1 == ~handle); {12512#true} is VALID [2022-02-20 18:05:16,048 INFO L290 TraceCheckUtils]: 21: Hoare triple {12512#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,048 INFO L290 TraceCheckUtils]: 22: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,049 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12512#true} {12512#true} #964#return; {12512#true} is VALID [2022-02-20 18:05:16,049 INFO L290 TraceCheckUtils]: 24: Hoare triple {12512#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {12512#true} is VALID [2022-02-20 18:05:16,049 INFO L272 TraceCheckUtils]: 25: Hoare triple {12512#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:16,049 INFO L290 TraceCheckUtils]: 26: Hoare triple {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,050 INFO L290 TraceCheckUtils]: 27: Hoare triple {12512#true} assume !(1 == ~handle); {12512#true} is VALID [2022-02-20 18:05:16,050 INFO L290 TraceCheckUtils]: 28: Hoare triple {12512#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,050 INFO L290 TraceCheckUtils]: 29: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,050 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {12512#true} {12512#true} #966#return; {12512#true} is VALID [2022-02-20 18:05:16,050 INFO L290 TraceCheckUtils]: 31: Hoare triple {12512#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12532#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:16,051 INFO L272 TraceCheckUtils]: 32: Hoare triple {12532#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:16,051 INFO L290 TraceCheckUtils]: 33: Hoare triple {12566#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12568#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:16,052 INFO L290 TraceCheckUtils]: 34: Hoare triple {12568#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12569#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:16,052 INFO L290 TraceCheckUtils]: 35: Hoare triple {12569#(= |setClientId_#in~handle| 1)} assume true; {12569#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:16,053 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12569#(= |setClientId_#in~handle| 1)} {12532#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {12513#false} is VALID [2022-02-20 18:05:16,053 INFO L290 TraceCheckUtils]: 37: Hoare triple {12513#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12513#false} is VALID [2022-02-20 18:05:16,053 INFO L272 TraceCheckUtils]: 38: Hoare triple {12513#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:16,053 INFO L290 TraceCheckUtils]: 39: Hoare triple {12567#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,053 INFO L290 TraceCheckUtils]: 40: Hoare triple {12512#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,053 INFO L290 TraceCheckUtils]: 41: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,053 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {12512#true} {12513#false} #970#return; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 43: Hoare triple {12513#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 44: Hoare triple {12513#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 45: Hoare triple {12513#false} assume !false; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 46: Hoare triple {12513#false} assume test_~splverifierCounter~0#1 < 4; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 47: Hoare triple {12513#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 48: Hoare triple {12513#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {12513#false} is VALID [2022-02-20 18:05:16,054 INFO L290 TraceCheckUtils]: 49: Hoare triple {12513#false} assume !(0 != test_~tmp___9~0#1); {12513#false} is VALID [2022-02-20 18:05:16,055 INFO L290 TraceCheckUtils]: 50: Hoare triple {12513#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {12513#false} is VALID [2022-02-20 18:05:16,055 INFO L290 TraceCheckUtils]: 51: Hoare triple {12513#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12513#false} is VALID [2022-02-20 18:05:16,055 INFO L290 TraceCheckUtils]: 52: Hoare triple {12513#false} assume !false; {12513#false} is VALID [2022-02-20 18:05:16,056 INFO L290 TraceCheckUtils]: 53: Hoare triple {12513#false} assume !(test_~splverifierCounter~0#1 < 4); {12513#false} is VALID [2022-02-20 18:05:16,056 INFO L290 TraceCheckUtils]: 54: Hoare triple {12513#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {12513#false} is VALID [2022-02-20 18:05:16,057 INFO L272 TraceCheckUtils]: 55: Hoare triple {12513#false} call sendEmail(~bob~0, ~rjh~0); {12513#false} is VALID [2022-02-20 18:05:16,057 INFO L290 TraceCheckUtils]: 56: Hoare triple {12513#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12513#false} is VALID [2022-02-20 18:05:16,058 INFO L272 TraceCheckUtils]: 57: Hoare triple {12513#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12570#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:16,058 INFO L290 TraceCheckUtils]: 58: Hoare triple {12570#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,058 INFO L290 TraceCheckUtils]: 59: Hoare triple {12512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,059 INFO L290 TraceCheckUtils]: 60: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,059 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {12512#true} {12513#false} #948#return; {12513#false} is VALID [2022-02-20 18:05:16,059 INFO L290 TraceCheckUtils]: 62: Hoare triple {12513#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {12513#false} is VALID [2022-02-20 18:05:16,060 INFO L290 TraceCheckUtils]: 63: Hoare triple {12513#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {12513#false} is VALID [2022-02-20 18:05:16,062 INFO L290 TraceCheckUtils]: 64: Hoare triple {12513#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {12513#false} is VALID [2022-02-20 18:05:16,062 INFO L290 TraceCheckUtils]: 65: Hoare triple {12513#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {12513#false} is VALID [2022-02-20 18:05:16,063 INFO L272 TraceCheckUtils]: 66: Hoare triple {12513#false} call outgoing(~sender#1, ~email~0#1); {12513#false} is VALID [2022-02-20 18:05:16,064 INFO L290 TraceCheckUtils]: 67: Hoare triple {12513#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {12513#false} is VALID [2022-02-20 18:05:16,064 INFO L272 TraceCheckUtils]: 68: Hoare triple {12513#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {12512#true} is VALID [2022-02-20 18:05:16,064 INFO L290 TraceCheckUtils]: 69: Hoare triple {12512#true} ~handle := #in~handle;havoc ~retValue_acc~17; {12512#true} is VALID [2022-02-20 18:05:16,064 INFO L290 TraceCheckUtils]: 70: Hoare triple {12512#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {12512#true} is VALID [2022-02-20 18:05:16,065 INFO L290 TraceCheckUtils]: 71: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,066 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {12512#true} {12513#false} #906#return; {12513#false} is VALID [2022-02-20 18:05:16,066 INFO L290 TraceCheckUtils]: 73: Hoare triple {12513#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {12513#false} is VALID [2022-02-20 18:05:16,066 INFO L290 TraceCheckUtils]: 74: Hoare triple {12513#false} assume 0 == sign_~privkey~1#1; {12513#false} is VALID [2022-02-20 18:05:16,066 INFO L290 TraceCheckUtils]: 75: Hoare triple {12513#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {12513#false} is VALID [2022-02-20 18:05:16,066 INFO L272 TraceCheckUtils]: 76: Hoare triple {12513#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {12512#true} is VALID [2022-02-20 18:05:16,067 INFO L290 TraceCheckUtils]: 77: Hoare triple {12512#true} ~handle := #in~handle;havoc ~retValue_acc~36; {12512#true} is VALID [2022-02-20 18:05:16,067 INFO L290 TraceCheckUtils]: 78: Hoare triple {12512#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {12512#true} is VALID [2022-02-20 18:05:16,067 INFO L290 TraceCheckUtils]: 79: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,067 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {12512#true} {12513#false} #908#return; {12513#false} is VALID [2022-02-20 18:05:16,067 INFO L290 TraceCheckUtils]: 81: Hoare triple {12513#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {12513#false} is VALID [2022-02-20 18:05:16,067 INFO L272 TraceCheckUtils]: 82: Hoare triple {12513#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {12512#true} is VALID [2022-02-20 18:05:16,067 INFO L290 TraceCheckUtils]: 83: Hoare triple {12512#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {12512#true} is VALID [2022-02-20 18:05:16,079 INFO L290 TraceCheckUtils]: 84: Hoare triple {12512#true} assume 1 == ~handle; {12512#true} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 85: Hoare triple {12512#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {12512#true} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 86: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,080 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {12512#true} {12513#false} #910#return; {12513#false} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 88: Hoare triple {12513#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {12513#false} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 89: Hoare triple {12513#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {12513#false} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 90: Hoare triple {12513#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {12513#false} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 91: Hoare triple {12513#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {12513#false} is VALID [2022-02-20 18:05:16,080 INFO L290 TraceCheckUtils]: 92: Hoare triple {12513#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {12513#false} is VALID [2022-02-20 18:05:16,080 INFO L272 TraceCheckUtils]: 93: Hoare triple {12513#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {12570#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 94: Hoare triple {12570#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 95: Hoare triple {12512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 96: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {12512#true} {12513#false} #916#return; {12513#false} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 98: Hoare triple {12513#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {12513#false} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 99: Hoare triple {12513#false} assume 0 != ~in_encrypted~0; {12513#false} is VALID [2022-02-20 18:05:16,081 INFO L272 TraceCheckUtils]: 100: Hoare triple {12513#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 101: Hoare triple {12512#true} ~handle := #in~handle;havoc ~retValue_acc~39; {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 102: Hoare triple {12512#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 103: Hoare triple {12512#true} assume true; {12512#true} is VALID [2022-02-20 18:05:16,081 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12512#true} {12513#false} #918#return; {12513#false} is VALID [2022-02-20 18:05:16,081 INFO L290 TraceCheckUtils]: 105: Hoare triple {12513#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {12513#false} is VALID [2022-02-20 18:05:16,082 INFO L290 TraceCheckUtils]: 106: Hoare triple {12513#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {12513#false} is VALID [2022-02-20 18:05:16,082 INFO L290 TraceCheckUtils]: 107: Hoare triple {12513#false} assume !false; {12513#false} is VALID [2022-02-20 18:05:16,082 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:16,082 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:16,082 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1989841549] [2022-02-20 18:05:16,082 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1989841549] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:16,082 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:16,082 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:05:16,082 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [621182377] [2022-02-20 18:05:16,083 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:16,083 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108 [2022-02-20 18:05:16,083 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:16,084 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:16,144 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:16,144 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:05:16,144 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:16,145 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:05:16,145 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:05:16,145 INFO L87 Difference]: Start difference. First operand 371 states and 561 transitions. Second operand has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:20,605 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:20,605 INFO L93 Difference]: Finished difference Result 791 states and 1202 transitions. [2022-02-20 18:05:20,605 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:05:20,606 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108 [2022-02-20 18:05:20,606 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:20,606 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:20,622 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1032 transitions. [2022-02-20 18:05:20,623 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:20,630 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1032 transitions. [2022-02-20 18:05:20,631 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1032 transitions. [2022-02-20 18:05:21,453 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1032 edges. 1032 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:21,465 INFO L225 Difference]: With dead ends: 791 [2022-02-20 18:05:21,465 INFO L226 Difference]: Without dead ends: 443 [2022-02-20 18:05:21,466 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:05:21,467 INFO L933 BasicCegarLoop]: 489 mSDtfsCounter, 920 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1481 mSolverCounterSat, 278 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 937 SdHoareTripleChecker+Valid, 1140 SdHoareTripleChecker+Invalid, 1759 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 278 IncrementalHoareTripleChecker+Valid, 1481 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:21,467 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [937 Valid, 1140 Invalid, 1759 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [278 Valid, 1481 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 18:05:21,468 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2022-02-20 18:05:21,551 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 371. [2022-02-20 18:05:21,551 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:21,552 INFO L82 GeneralOperation]: Start isEquivalent. First operand 443 states. Second operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:05:21,553 INFO L74 IsIncluded]: Start isIncluded. First operand 443 states. Second operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:05:21,554 INFO L87 Difference]: Start difference. First operand 443 states. Second operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:05:21,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:21,567 INFO L93 Difference]: Finished difference Result 443 states and 672 transitions. [2022-02-20 18:05:21,567 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 672 transitions. [2022-02-20 18:05:21,568 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:21,568 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:21,569 INFO L74 IsIncluded]: Start isIncluded. First operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) Second operand 443 states. [2022-02-20 18:05:21,570 INFO L87 Difference]: Start difference. First operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) Second operand 443 states. [2022-02-20 18:05:21,581 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:21,581 INFO L93 Difference]: Finished difference Result 443 states and 672 transitions. [2022-02-20 18:05:21,582 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 672 transitions. [2022-02-20 18:05:21,583 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:21,583 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:21,583 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:21,583 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:21,584 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 371 states, 285 states have (on average 1.5192982456140351) internal successors, (433), 290 states have internal predecessors, (433), 61 states have call successors, (61), 22 states have call predecessors, (61), 24 states have return successors, (66), 60 states have call predecessors, (66), 60 states have call successors, (66) [2022-02-20 18:05:21,593 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 371 states to 371 states and 560 transitions. [2022-02-20 18:05:21,594 INFO L78 Accepts]: Start accepts. Automaton has 371 states and 560 transitions. Word has length 108 [2022-02-20 18:05:21,594 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:21,594 INFO L470 AbstractCegarLoop]: Abstraction has 371 states and 560 transitions. [2022-02-20 18:05:21,594 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 10.142857142857142) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:21,594 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 560 transitions. [2022-02-20 18:05:21,596 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 18:05:21,596 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:21,596 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:21,598 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:05:21,598 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:21,598 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:21,598 INFO L85 PathProgramCache]: Analyzing trace with hash 1105541005, now seen corresponding path program 2 times [2022-02-20 18:05:21,598 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:21,598 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [773507975] [2022-02-20 18:05:21,599 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:21,599 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:21,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,646 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:21,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,649 INFO L290 TraceCheckUtils]: 0: Hoare triple {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,649 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,649 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,649 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15110#true} #960#return; {15110#true} is VALID [2022-02-20 18:05:21,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:21,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15110#true} #962#return; {15110#true} is VALID [2022-02-20 18:05:21,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:21,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume !(1 == ~handle); {15110#true} is VALID [2022-02-20 18:05:21,660 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,660 INFO L290 TraceCheckUtils]: 3: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,660 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15110#true} {15110#true} #964#return; {15110#true} is VALID [2022-02-20 18:05:21,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:21,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume !(1 == ~handle); {15110#true} is VALID [2022-02-20 18:05:21,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,664 INFO L290 TraceCheckUtils]: 3: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,664 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15110#true} {15110#true} #966#return; {15110#true} is VALID [2022-02-20 18:05:21,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:21,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {15167#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {15167#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15168#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,682 INFO L290 TraceCheckUtils]: 3: Hoare triple {15168#(= 2 |setClientId_#in~handle|)} assume true; {15168#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,682 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15168#(= 2 |setClientId_#in~handle|)} {15130#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {15111#false} is VALID [2022-02-20 18:05:21,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:05:21,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,686 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15111#false} #970#return; {15111#false} is VALID [2022-02-20 18:05:21,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:05:21,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {15169#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,694 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,695 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15111#false} #948#return; {15111#false} is VALID [2022-02-20 18:05:21,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:05:21,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {15110#true} ~handle := #in~handle;havoc ~retValue_acc~17; {15110#true} is VALID [2022-02-20 18:05:21,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {15110#true} is VALID [2022-02-20 18:05:21,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15111#false} #906#return; {15111#false} is VALID [2022-02-20 18:05:21,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:05:21,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {15110#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15110#true} is VALID [2022-02-20 18:05:21,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {15110#true} is VALID [2022-02-20 18:05:21,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,700 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15111#false} #908#return; {15111#false} is VALID [2022-02-20 18:05:21,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:05:21,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {15110#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {15110#true} is VALID [2022-02-20 18:05:21,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle; {15110#true} is VALID [2022-02-20 18:05:21,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {15110#true} is VALID [2022-02-20 18:05:21,705 INFO L290 TraceCheckUtils]: 3: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,705 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15110#true} {15111#false} #910#return; {15111#false} is VALID [2022-02-20 18:05:21,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:05:21,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {15169#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,708 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,708 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15111#false} #916#return; {15111#false} is VALID [2022-02-20 18:05:21,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:05:21,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:21,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {15110#true} ~handle := #in~handle;havoc ~retValue_acc~39; {15110#true} is VALID [2022-02-20 18:05:21,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {15110#true} is VALID [2022-02-20 18:05:21,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,712 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15110#true} {15111#false} #918#return; {15111#false} is VALID [2022-02-20 18:05:21,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {15110#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {15110#true} is VALID [2022-02-20 18:05:21,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {15110#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {15110#true} is VALID [2022-02-20 18:05:21,712 INFO L290 TraceCheckUtils]: 2: Hoare triple {15110#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15110#true} is VALID [2022-02-20 18:05:21,712 INFO L290 TraceCheckUtils]: 3: Hoare triple {15110#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {15110#true} is VALID [2022-02-20 18:05:21,712 INFO L290 TraceCheckUtils]: 4: Hoare triple {15110#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {15110#true} is VALID [2022-02-20 18:05:21,712 INFO L290 TraceCheckUtils]: 5: Hoare triple {15110#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15110#true} is VALID [2022-02-20 18:05:21,713 INFO L272 TraceCheckUtils]: 6: Hoare triple {15110#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:21,713 INFO L290 TraceCheckUtils]: 7: Hoare triple {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,713 INFO L290 TraceCheckUtils]: 8: Hoare triple {15110#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,713 INFO L290 TraceCheckUtils]: 9: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,713 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15110#true} {15110#true} #960#return; {15110#true} is VALID [2022-02-20 18:05:21,713 INFO L290 TraceCheckUtils]: 11: Hoare triple {15110#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15110#true} is VALID [2022-02-20 18:05:21,714 INFO L272 TraceCheckUtils]: 12: Hoare triple {15110#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:21,714 INFO L290 TraceCheckUtils]: 13: Hoare triple {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,714 INFO L290 TraceCheckUtils]: 14: Hoare triple {15110#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,714 INFO L290 TraceCheckUtils]: 15: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,714 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15110#true} {15110#true} #962#return; {15110#true} is VALID [2022-02-20 18:05:21,714 INFO L290 TraceCheckUtils]: 17: Hoare triple {15110#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15110#true} is VALID [2022-02-20 18:05:21,715 INFO L272 TraceCheckUtils]: 18: Hoare triple {15110#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:21,715 INFO L290 TraceCheckUtils]: 19: Hoare triple {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,715 INFO L290 TraceCheckUtils]: 20: Hoare triple {15110#true} assume !(1 == ~handle); {15110#true} is VALID [2022-02-20 18:05:21,715 INFO L290 TraceCheckUtils]: 21: Hoare triple {15110#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,715 INFO L290 TraceCheckUtils]: 22: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,716 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15110#true} {15110#true} #964#return; {15110#true} is VALID [2022-02-20 18:05:21,716 INFO L290 TraceCheckUtils]: 24: Hoare triple {15110#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15110#true} is VALID [2022-02-20 18:05:21,716 INFO L272 TraceCheckUtils]: 25: Hoare triple {15110#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:21,716 INFO L290 TraceCheckUtils]: 26: Hoare triple {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,716 INFO L290 TraceCheckUtils]: 27: Hoare triple {15110#true} assume !(1 == ~handle); {15110#true} is VALID [2022-02-20 18:05:21,717 INFO L290 TraceCheckUtils]: 28: Hoare triple {15110#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,717 INFO L290 TraceCheckUtils]: 29: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,717 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15110#true} {15110#true} #966#return; {15110#true} is VALID [2022-02-20 18:05:21,717 INFO L290 TraceCheckUtils]: 31: Hoare triple {15110#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15130#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:21,718 INFO L272 TraceCheckUtils]: 32: Hoare triple {15130#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:21,718 INFO L290 TraceCheckUtils]: 33: Hoare triple {15165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,718 INFO L290 TraceCheckUtils]: 34: Hoare triple {15167#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,719 INFO L290 TraceCheckUtils]: 35: Hoare triple {15167#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15168#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,719 INFO L290 TraceCheckUtils]: 36: Hoare triple {15168#(= 2 |setClientId_#in~handle|)} assume true; {15168#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:21,719 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {15168#(= 2 |setClientId_#in~handle|)} {15130#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {15111#false} is VALID [2022-02-20 18:05:21,719 INFO L290 TraceCheckUtils]: 38: Hoare triple {15111#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15111#false} is VALID [2022-02-20 18:05:21,720 INFO L272 TraceCheckUtils]: 39: Hoare triple {15111#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 40: Hoare triple {15166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 41: Hoare triple {15110#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 42: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,720 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {15110#true} {15111#false} #970#return; {15111#false} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 44: Hoare triple {15111#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {15111#false} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 45: Hoare triple {15111#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15111#false} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 46: Hoare triple {15111#false} assume !false; {15111#false} is VALID [2022-02-20 18:05:21,720 INFO L290 TraceCheckUtils]: 47: Hoare triple {15111#false} assume test_~splverifierCounter~0#1 < 4; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 48: Hoare triple {15111#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 49: Hoare triple {15111#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 50: Hoare triple {15111#false} assume !(0 != test_~tmp___9~0#1); {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 51: Hoare triple {15111#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 52: Hoare triple {15111#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 53: Hoare triple {15111#false} assume !false; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 54: Hoare triple {15111#false} assume !(test_~splverifierCounter~0#1 < 4); {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 55: Hoare triple {15111#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L272 TraceCheckUtils]: 56: Hoare triple {15111#false} call sendEmail(~bob~0, ~rjh~0); {15111#false} is VALID [2022-02-20 18:05:21,721 INFO L290 TraceCheckUtils]: 57: Hoare triple {15111#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15111#false} is VALID [2022-02-20 18:05:21,722 INFO L272 TraceCheckUtils]: 58: Hoare triple {15111#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15169#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 59: Hoare triple {15169#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 60: Hoare triple {15110#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 61: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,722 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {15110#true} {15111#false} #948#return; {15111#false} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 63: Hoare triple {15111#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {15111#false} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 64: Hoare triple {15111#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {15111#false} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 65: Hoare triple {15111#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {15111#false} is VALID [2022-02-20 18:05:21,722 INFO L290 TraceCheckUtils]: 66: Hoare triple {15111#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {15111#false} is VALID [2022-02-20 18:05:21,722 INFO L272 TraceCheckUtils]: 67: Hoare triple {15111#false} call outgoing(~sender#1, ~email~0#1); {15111#false} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 68: Hoare triple {15111#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {15111#false} is VALID [2022-02-20 18:05:21,723 INFO L272 TraceCheckUtils]: 69: Hoare triple {15111#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {15110#true} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 70: Hoare triple {15110#true} ~handle := #in~handle;havoc ~retValue_acc~17; {15110#true} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 71: Hoare triple {15110#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {15110#true} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 72: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,723 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {15110#true} {15111#false} #906#return; {15111#false} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 74: Hoare triple {15111#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {15111#false} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 75: Hoare triple {15111#false} assume 0 == sign_~privkey~1#1; {15111#false} is VALID [2022-02-20 18:05:21,723 INFO L290 TraceCheckUtils]: 76: Hoare triple {15111#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {15111#false} is VALID [2022-02-20 18:05:21,723 INFO L272 TraceCheckUtils]: 77: Hoare triple {15111#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 78: Hoare triple {15110#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 79: Hoare triple {15110#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 80: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {15110#true} {15111#false} #908#return; {15111#false} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 82: Hoare triple {15111#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {15111#false} is VALID [2022-02-20 18:05:21,724 INFO L272 TraceCheckUtils]: 83: Hoare triple {15111#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 84: Hoare triple {15110#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 85: Hoare triple {15110#true} assume 1 == ~handle; {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 86: Hoare triple {15110#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {15110#true} is VALID [2022-02-20 18:05:21,724 INFO L290 TraceCheckUtils]: 87: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,725 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {15110#true} {15111#false} #910#return; {15111#false} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 89: Hoare triple {15111#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {15111#false} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 90: Hoare triple {15111#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {15111#false} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 91: Hoare triple {15111#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {15111#false} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 92: Hoare triple {15111#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {15111#false} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 93: Hoare triple {15111#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {15111#false} is VALID [2022-02-20 18:05:21,725 INFO L272 TraceCheckUtils]: 94: Hoare triple {15111#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {15169#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 95: Hoare triple {15169#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15110#true} is VALID [2022-02-20 18:05:21,725 INFO L290 TraceCheckUtils]: 96: Hoare triple {15110#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15110#true} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 97: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,726 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {15110#true} {15111#false} #916#return; {15111#false} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 99: Hoare triple {15111#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {15111#false} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 100: Hoare triple {15111#false} assume 0 != ~in_encrypted~0; {15111#false} is VALID [2022-02-20 18:05:21,726 INFO L272 TraceCheckUtils]: 101: Hoare triple {15111#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {15110#true} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 102: Hoare triple {15110#true} ~handle := #in~handle;havoc ~retValue_acc~39; {15110#true} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 103: Hoare triple {15110#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {15110#true} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 104: Hoare triple {15110#true} assume true; {15110#true} is VALID [2022-02-20 18:05:21,726 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {15110#true} {15111#false} #918#return; {15111#false} is VALID [2022-02-20 18:05:21,726 INFO L290 TraceCheckUtils]: 106: Hoare triple {15111#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {15111#false} is VALID [2022-02-20 18:05:21,727 INFO L290 TraceCheckUtils]: 107: Hoare triple {15111#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {15111#false} is VALID [2022-02-20 18:05:21,727 INFO L290 TraceCheckUtils]: 108: Hoare triple {15111#false} assume !false; {15111#false} is VALID [2022-02-20 18:05:21,727 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:21,727 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:21,727 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [773507975] [2022-02-20 18:05:21,727 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [773507975] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:21,727 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:21,728 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:05:21,728 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [869441035] [2022-02-20 18:05:21,728 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:21,729 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 18:05:21,729 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:21,729 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:21,795 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:21,796 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:05:21,796 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:21,796 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:05:21,796 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:05:21,797 INFO L87 Difference]: Start difference. First operand 371 states and 560 transitions. Second operand has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:26,082 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:26,083 INFO L93 Difference]: Finished difference Result 793 states and 1205 transitions. [2022-02-20 18:05:26,083 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:05:26,083 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 18:05:26,084 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:26,084 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:26,093 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1033 transitions. [2022-02-20 18:05:26,093 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:26,102 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1033 transitions. [2022-02-20 18:05:26,103 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1033 transitions. [2022-02-20 18:05:26,948 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1033 edges. 1033 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:26,960 INFO L225 Difference]: With dead ends: 793 [2022-02-20 18:05:26,960 INFO L226 Difference]: Without dead ends: 445 [2022-02-20 18:05:26,961 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:05:26,961 INFO L933 BasicCegarLoop]: 501 mSDtfsCounter, 894 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1524 mSolverCounterSat, 278 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 911 SdHoareTripleChecker+Valid, 1152 SdHoareTripleChecker+Invalid, 1802 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 278 IncrementalHoareTripleChecker+Valid, 1524 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:26,962 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [911 Valid, 1152 Invalid, 1802 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [278 Valid, 1524 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 18:05:26,962 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 445 states. [2022-02-20 18:05:27,058 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 445 to 373. [2022-02-20 18:05:27,059 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:27,060 INFO L82 GeneralOperation]: Start isEquivalent. First operand 445 states. Second operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:05:27,060 INFO L74 IsIncluded]: Start isIncluded. First operand 445 states. Second operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:05:27,061 INFO L87 Difference]: Start difference. First operand 445 states. Second operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:05:27,072 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:27,072 INFO L93 Difference]: Finished difference Result 445 states and 675 transitions. [2022-02-20 18:05:27,072 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 675 transitions. [2022-02-20 18:05:27,074 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:27,074 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:27,075 INFO L74 IsIncluded]: Start isIncluded. First operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) Second operand 445 states. [2022-02-20 18:05:27,075 INFO L87 Difference]: Start difference. First operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) Second operand 445 states. [2022-02-20 18:05:27,086 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:27,087 INFO L93 Difference]: Finished difference Result 445 states and 675 transitions. [2022-02-20 18:05:27,087 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 675 transitions. [2022-02-20 18:05:27,088 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:27,088 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:27,088 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:27,088 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:27,089 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (68), 60 states have call predecessors, (68), 60 states have call successors, (68) [2022-02-20 18:05:27,098 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 373 states to 373 states and 563 transitions. [2022-02-20 18:05:27,099 INFO L78 Accepts]: Start accepts. Automaton has 373 states and 563 transitions. Word has length 109 [2022-02-20 18:05:27,099 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:27,099 INFO L470 AbstractCegarLoop]: Abstraction has 373 states and 563 transitions. [2022-02-20 18:05:27,099 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 10.285714285714286) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 5 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:05:27,099 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 563 transitions. [2022-02-20 18:05:27,101 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 18:05:27,101 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:27,101 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:27,101 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:05:27,101 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:27,102 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:27,102 INFO L85 PathProgramCache]: Analyzing trace with hash -1885955783, now seen corresponding path program 1 times [2022-02-20 18:05:27,102 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:27,102 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1532074929] [2022-02-20 18:05:27,102 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:27,102 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:27,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:27,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,171 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,172 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17717#true} #960#return; {17717#true} is VALID [2022-02-20 18:05:27,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:27,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,182 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17717#true} #962#return; {17717#true} is VALID [2022-02-20 18:05:27,182 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:27,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,184 INFO L290 TraceCheckUtils]: 0: Hoare triple {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,184 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume !(1 == ~handle); {17717#true} is VALID [2022-02-20 18:05:27,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,185 INFO L290 TraceCheckUtils]: 3: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,185 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17717#true} {17717#true} #964#return; {17717#true} is VALID [2022-02-20 18:05:27,187 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:27,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,190 INFO L290 TraceCheckUtils]: 0: Hoare triple {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,190 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume !(1 == ~handle); {17717#true} is VALID [2022-02-20 18:05:27,191 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,191 INFO L290 TraceCheckUtils]: 3: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,191 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17717#true} {17717#true} #966#return; {17717#true} is VALID [2022-02-20 18:05:27,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:27,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {17776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,208 INFO L290 TraceCheckUtils]: 2: Hoare triple {17776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,209 INFO L290 TraceCheckUtils]: 3: Hoare triple {17776#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17777#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,209 INFO L290 TraceCheckUtils]: 4: Hoare triple {17777#(= 3 |setClientId_#in~handle|)} assume true; {17777#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,209 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17777#(= 3 |setClientId_#in~handle|)} {17737#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:27,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:27,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:27,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {17778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:27,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {17779#(= |setClientPrivateKey_#in~handle| 1)} assume true; {17779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:27,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17779#(= |setClientPrivateKey_#in~handle| 1)} {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #970#return; {17718#false} is VALID [2022-02-20 18:05:27,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:05:27,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {17780#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,261 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,261 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,261 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17718#false} #948#return; {17718#false} is VALID [2022-02-20 18:05:27,261 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:05:27,262 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {17717#true} ~handle := #in~handle;havoc ~retValue_acc~17; {17717#true} is VALID [2022-02-20 18:05:27,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {17717#true} is VALID [2022-02-20 18:05:27,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,265 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17718#false} #906#return; {17718#false} is VALID [2022-02-20 18:05:27,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:05:27,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {17717#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17717#true} is VALID [2022-02-20 18:05:27,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {17717#true} is VALID [2022-02-20 18:05:27,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17718#false} #908#return; {17718#false} is VALID [2022-02-20 18:05:27,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:05:27,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {17717#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {17717#true} is VALID [2022-02-20 18:05:27,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle; {17717#true} is VALID [2022-02-20 18:05:27,271 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {17717#true} is VALID [2022-02-20 18:05:27,271 INFO L290 TraceCheckUtils]: 3: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,272 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17717#true} {17718#false} #910#return; {17718#false} is VALID [2022-02-20 18:05:27,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:05:27,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {17780#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,275 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17718#false} #916#return; {17718#false} is VALID [2022-02-20 18:05:27,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:05:27,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {17717#true} ~handle := #in~handle;havoc ~retValue_acc~39; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17717#true} {17718#false} #918#return; {17718#false} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 0: Hoare triple {17717#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {17717#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {17717#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 3: Hoare triple {17717#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {17717#true} is VALID [2022-02-20 18:05:27,279 INFO L290 TraceCheckUtils]: 4: Hoare triple {17717#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {17717#true} is VALID [2022-02-20 18:05:27,280 INFO L290 TraceCheckUtils]: 5: Hoare triple {17717#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17717#true} is VALID [2022-02-20 18:05:27,280 INFO L272 TraceCheckUtils]: 6: Hoare triple {17717#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:27,280 INFO L290 TraceCheckUtils]: 7: Hoare triple {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,280 INFO L290 TraceCheckUtils]: 8: Hoare triple {17717#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,280 INFO L290 TraceCheckUtils]: 9: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,281 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17717#true} {17717#true} #960#return; {17717#true} is VALID [2022-02-20 18:05:27,281 INFO L290 TraceCheckUtils]: 11: Hoare triple {17717#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17717#true} is VALID [2022-02-20 18:05:27,281 INFO L272 TraceCheckUtils]: 12: Hoare triple {17717#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:27,281 INFO L290 TraceCheckUtils]: 13: Hoare triple {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,281 INFO L290 TraceCheckUtils]: 14: Hoare triple {17717#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,282 INFO L290 TraceCheckUtils]: 15: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,282 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17717#true} {17717#true} #962#return; {17717#true} is VALID [2022-02-20 18:05:27,282 INFO L290 TraceCheckUtils]: 17: Hoare triple {17717#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17717#true} is VALID [2022-02-20 18:05:27,282 INFO L272 TraceCheckUtils]: 18: Hoare triple {17717#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:27,282 INFO L290 TraceCheckUtils]: 19: Hoare triple {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,282 INFO L290 TraceCheckUtils]: 20: Hoare triple {17717#true} assume !(1 == ~handle); {17717#true} is VALID [2022-02-20 18:05:27,283 INFO L290 TraceCheckUtils]: 21: Hoare triple {17717#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,283 INFO L290 TraceCheckUtils]: 22: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,283 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17717#true} {17717#true} #964#return; {17717#true} is VALID [2022-02-20 18:05:27,283 INFO L290 TraceCheckUtils]: 24: Hoare triple {17717#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17717#true} is VALID [2022-02-20 18:05:27,283 INFO L272 TraceCheckUtils]: 25: Hoare triple {17717#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 26: Hoare triple {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 27: Hoare triple {17717#true} assume !(1 == ~handle); {17717#true} is VALID [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 28: Hoare triple {17717#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 29: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,285 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17717#true} {17717#true} #966#return; {17717#true} is VALID [2022-02-20 18:05:27,285 INFO L290 TraceCheckUtils]: 31: Hoare triple {17717#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17737#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:27,286 INFO L272 TraceCheckUtils]: 32: Hoare triple {17737#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:27,286 INFO L290 TraceCheckUtils]: 33: Hoare triple {17774#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,286 INFO L290 TraceCheckUtils]: 34: Hoare triple {17776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,286 INFO L290 TraceCheckUtils]: 35: Hoare triple {17776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,287 INFO L290 TraceCheckUtils]: 36: Hoare triple {17776#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17777#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,287 INFO L290 TraceCheckUtils]: 37: Hoare triple {17777#(= 3 |setClientId_#in~handle|)} assume true; {17777#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,287 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {17777#(= 3 |setClientId_#in~handle|)} {17737#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:27,288 INFO L290 TraceCheckUtils]: 39: Hoare triple {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:27,288 INFO L272 TraceCheckUtils]: 40: Hoare triple {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:27,289 INFO L290 TraceCheckUtils]: 41: Hoare triple {17775#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:27,289 INFO L290 TraceCheckUtils]: 42: Hoare triple {17778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:27,289 INFO L290 TraceCheckUtils]: 43: Hoare triple {17779#(= |setClientPrivateKey_#in~handle| 1)} assume true; {17779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:27,290 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {17779#(= |setClientPrivateKey_#in~handle| 1)} {17744#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #970#return; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 45: Hoare triple {17718#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 46: Hoare triple {17718#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 47: Hoare triple {17718#false} assume !false; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 48: Hoare triple {17718#false} assume test_~splverifierCounter~0#1 < 4; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 49: Hoare triple {17718#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 50: Hoare triple {17718#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 51: Hoare triple {17718#false} assume !(0 != test_~tmp___9~0#1); {17718#false} is VALID [2022-02-20 18:05:27,290 INFO L290 TraceCheckUtils]: 52: Hoare triple {17718#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 53: Hoare triple {17718#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 54: Hoare triple {17718#false} assume !false; {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 55: Hoare triple {17718#false} assume !(test_~splverifierCounter~0#1 < 4); {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 56: Hoare triple {17718#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L272 TraceCheckUtils]: 57: Hoare triple {17718#false} call sendEmail(~bob~0, ~rjh~0); {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 58: Hoare triple {17718#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17718#false} is VALID [2022-02-20 18:05:27,291 INFO L272 TraceCheckUtils]: 59: Hoare triple {17718#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17780#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 60: Hoare triple {17780#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 61: Hoare triple {17717#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,291 INFO L290 TraceCheckUtils]: 62: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,292 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {17717#true} {17718#false} #948#return; {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 64: Hoare triple {17718#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 65: Hoare triple {17718#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 66: Hoare triple {17718#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 67: Hoare triple {17718#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L272 TraceCheckUtils]: 68: Hoare triple {17718#false} call outgoing(~sender#1, ~email~0#1); {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 69: Hoare triple {17718#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {17718#false} is VALID [2022-02-20 18:05:27,292 INFO L272 TraceCheckUtils]: 70: Hoare triple {17718#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {17717#true} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 71: Hoare triple {17717#true} ~handle := #in~handle;havoc ~retValue_acc~17; {17717#true} is VALID [2022-02-20 18:05:27,292 INFO L290 TraceCheckUtils]: 72: Hoare triple {17717#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {17717#true} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 73: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,293 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {17717#true} {17718#false} #906#return; {17718#false} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 75: Hoare triple {17718#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {17718#false} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 76: Hoare triple {17718#false} assume 0 == sign_~privkey~1#1; {17718#false} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 77: Hoare triple {17718#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {17718#false} is VALID [2022-02-20 18:05:27,293 INFO L272 TraceCheckUtils]: 78: Hoare triple {17718#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {17717#true} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 79: Hoare triple {17717#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17717#true} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 80: Hoare triple {17717#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {17717#true} is VALID [2022-02-20 18:05:27,293 INFO L290 TraceCheckUtils]: 81: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,294 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {17717#true} {17718#false} #908#return; {17718#false} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 83: Hoare triple {17718#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {17718#false} is VALID [2022-02-20 18:05:27,294 INFO L272 TraceCheckUtils]: 84: Hoare triple {17718#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {17717#true} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 85: Hoare triple {17717#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {17717#true} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 86: Hoare triple {17717#true} assume 1 == ~handle; {17717#true} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 87: Hoare triple {17717#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {17717#true} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 88: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,294 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {17717#true} {17718#false} #910#return; {17718#false} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 90: Hoare triple {17718#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {17718#false} is VALID [2022-02-20 18:05:27,294 INFO L290 TraceCheckUtils]: 91: Hoare triple {17718#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {17718#false} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 92: Hoare triple {17718#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {17718#false} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 93: Hoare triple {17718#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {17718#false} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 94: Hoare triple {17718#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {17718#false} is VALID [2022-02-20 18:05:27,295 INFO L272 TraceCheckUtils]: 95: Hoare triple {17718#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {17780#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 96: Hoare triple {17780#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17717#true} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 97: Hoare triple {17717#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17717#true} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 98: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,295 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {17717#true} {17718#false} #916#return; {17718#false} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 100: Hoare triple {17718#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {17718#false} is VALID [2022-02-20 18:05:27,295 INFO L290 TraceCheckUtils]: 101: Hoare triple {17718#false} assume 0 != ~in_encrypted~0; {17718#false} is VALID [2022-02-20 18:05:27,296 INFO L272 TraceCheckUtils]: 102: Hoare triple {17718#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {17717#true} is VALID [2022-02-20 18:05:27,296 INFO L290 TraceCheckUtils]: 103: Hoare triple {17717#true} ~handle := #in~handle;havoc ~retValue_acc~39; {17717#true} is VALID [2022-02-20 18:05:27,296 INFO L290 TraceCheckUtils]: 104: Hoare triple {17717#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {17717#true} is VALID [2022-02-20 18:05:27,296 INFO L290 TraceCheckUtils]: 105: Hoare triple {17717#true} assume true; {17717#true} is VALID [2022-02-20 18:05:27,296 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {17717#true} {17718#false} #918#return; {17718#false} is VALID [2022-02-20 18:05:27,296 INFO L290 TraceCheckUtils]: 107: Hoare triple {17718#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {17718#false} is VALID [2022-02-20 18:05:27,296 INFO L290 TraceCheckUtils]: 108: Hoare triple {17718#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {17718#false} is VALID [2022-02-20 18:05:27,296 INFO L290 TraceCheckUtils]: 109: Hoare triple {17718#false} assume !false; {17718#false} is VALID [2022-02-20 18:05:27,297 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:27,297 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:27,297 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1532074929] [2022-02-20 18:05:27,297 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1532074929] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:27,297 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:27,297 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:05:27,297 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1898419415] [2022-02-20 18:05:27,297 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:27,298 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110 [2022-02-20 18:05:27,298 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:27,298 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:27,367 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:27,367 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:05:27,367 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:27,368 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:05:27,368 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:05:27,368 INFO L87 Difference]: Start difference. First operand 373 states and 563 transitions. Second operand has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:33,889 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:33,889 INFO L93 Difference]: Finished difference Result 791 states and 1200 transitions. [2022-02-20 18:05:33,889 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:05:33,890 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110 [2022-02-20 18:05:33,890 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:33,890 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:33,897 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1034 transitions. [2022-02-20 18:05:33,898 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:33,905 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1034 transitions. [2022-02-20 18:05:33,906 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1034 transitions. [2022-02-20 18:05:34,699 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1034 edges. 1034 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:34,723 INFO L225 Difference]: With dead ends: 791 [2022-02-20 18:05:34,723 INFO L226 Difference]: Without dead ends: 445 [2022-02-20 18:05:34,724 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:05:34,725 INFO L933 BasicCegarLoop]: 470 mSDtfsCounter, 1030 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2706 mSolverCounterSat, 334 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1030 SdHoareTripleChecker+Valid, 1422 SdHoareTripleChecker+Invalid, 3040 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 334 IncrementalHoareTripleChecker+Valid, 2706 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:34,725 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1030 Valid, 1422 Invalid, 3040 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [334 Valid, 2706 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 18:05:34,726 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 445 states. [2022-02-20 18:05:34,797 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 445 to 373. [2022-02-20 18:05:34,797 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:34,798 INFO L82 GeneralOperation]: Start isEquivalent. First operand 445 states. Second operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:34,799 INFO L74 IsIncluded]: Start isIncluded. First operand 445 states. Second operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:34,800 INFO L87 Difference]: Start difference. First operand 445 states. Second operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:34,810 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:34,811 INFO L93 Difference]: Finished difference Result 445 states and 674 transitions. [2022-02-20 18:05:34,811 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 674 transitions. [2022-02-20 18:05:34,812 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:34,812 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:34,813 INFO L74 IsIncluded]: Start isIncluded. First operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 445 states. [2022-02-20 18:05:34,814 INFO L87 Difference]: Start difference. First operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) Second operand 445 states. [2022-02-20 18:05:34,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:34,841 INFO L93 Difference]: Finished difference Result 445 states and 674 transitions. [2022-02-20 18:05:34,841 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 674 transitions. [2022-02-20 18:05:34,842 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:34,842 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:34,842 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:34,842 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:34,843 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 373 states, 286 states have (on average 1.5174825174825175) internal successors, (434), 292 states have internal predecessors, (434), 61 states have call successors, (61), 22 states have call predecessors, (61), 25 states have return successors, (67), 60 states have call predecessors, (67), 60 states have call successors, (67) [2022-02-20 18:05:34,869 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 373 states to 373 states and 562 transitions. [2022-02-20 18:05:34,869 INFO L78 Accepts]: Start accepts. Automaton has 373 states and 562 transitions. Word has length 110 [2022-02-20 18:05:34,869 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:34,869 INFO L470 AbstractCegarLoop]: Abstraction has 373 states and 562 transitions. [2022-02-20 18:05:34,869 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 7.6) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:34,869 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 562 transitions. [2022-02-20 18:05:34,870 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:05:34,871 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:34,871 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:34,871 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:05:34,871 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:34,871 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:34,871 INFO L85 PathProgramCache]: Analyzing trace with hash -2027319372, now seen corresponding path program 2 times [2022-02-20 18:05:34,871 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:34,871 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [968661607] [2022-02-20 18:05:34,871 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:34,871 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:34,914 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:34,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:34,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:34,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:34,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20333#true} #960#return; {20333#true} is VALID [2022-02-20 18:05:34,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:34,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:34,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:34,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:34,954 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20333#true} #962#return; {20333#true} is VALID [2022-02-20 18:05:34,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:34,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:34,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume !(1 == ~handle); {20333#true} is VALID [2022-02-20 18:05:34,958 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:34,958 INFO L290 TraceCheckUtils]: 3: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:34,958 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20333#true} {20333#true} #964#return; {20333#true} is VALID [2022-02-20 18:05:34,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:34,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:34,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume !(1 == ~handle); {20333#true} is VALID [2022-02-20 18:05:34,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:34,964 INFO L290 TraceCheckUtils]: 3: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:34,965 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20333#true} {20333#true} #966#return; {20333#true} is VALID [2022-02-20 18:05:34,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:34,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20393#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:34,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {20393#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20393#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:34,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {20393#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20393#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,003 INFO L290 TraceCheckUtils]: 3: Hoare triple {20393#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20394#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,004 INFO L290 TraceCheckUtils]: 4: Hoare triple {20394#(= 3 |setClientId_#in~handle|)} assume true; {20394#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,004 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20394#(= 3 |setClientId_#in~handle|)} {20353#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:05:35,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:35,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20396#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,021 INFO L290 TraceCheckUtils]: 3: Hoare triple {20396#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {20396#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,021 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20396#(= 2 |setClientPrivateKey_#in~handle|)} {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #970#return; {20334#false} is VALID [2022-02-20 18:05:35,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:05:35,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {20397#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20334#false} #948#return; {20334#false} is VALID [2022-02-20 18:05:35,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:05:35,031 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,033 INFO L290 TraceCheckUtils]: 0: Hoare triple {20333#true} ~handle := #in~handle;havoc ~retValue_acc~17; {20333#true} is VALID [2022-02-20 18:05:35,033 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {20333#true} is VALID [2022-02-20 18:05:35,033 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20334#false} #906#return; {20334#false} is VALID [2022-02-20 18:05:35,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:35,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {20333#true} ~handle := #in~handle;havoc ~retValue_acc~36; {20333#true} is VALID [2022-02-20 18:05:35,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {20333#true} is VALID [2022-02-20 18:05:35,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20334#false} #908#return; {20334#false} is VALID [2022-02-20 18:05:35,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:05:35,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {20333#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {20333#true} is VALID [2022-02-20 18:05:35,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle; {20333#true} is VALID [2022-02-20 18:05:35,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {20333#true} is VALID [2022-02-20 18:05:35,038 INFO L290 TraceCheckUtils]: 3: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,038 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20333#true} {20334#false} #910#return; {20334#false} is VALID [2022-02-20 18:05:35,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:05:35,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {20397#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20334#false} #916#return; {20334#false} is VALID [2022-02-20 18:05:35,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:05:35,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:35,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {20333#true} ~handle := #in~handle;havoc ~retValue_acc~39; {20333#true} is VALID [2022-02-20 18:05:35,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {20333#true} is VALID [2022-02-20 18:05:35,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#true} {20334#false} #918#return; {20334#false} is VALID [2022-02-20 18:05:35,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {20333#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {20333#true} is VALID [2022-02-20 18:05:35,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {20333#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {20333#true} is VALID [2022-02-20 18:05:35,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {20333#true} is VALID [2022-02-20 18:05:35,043 INFO L290 TraceCheckUtils]: 3: Hoare triple {20333#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {20333#true} is VALID [2022-02-20 18:05:35,043 INFO L290 TraceCheckUtils]: 4: Hoare triple {20333#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {20333#true} is VALID [2022-02-20 18:05:35,043 INFO L290 TraceCheckUtils]: 5: Hoare triple {20333#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {20333#true} is VALID [2022-02-20 18:05:35,044 INFO L272 TraceCheckUtils]: 6: Hoare triple {20333#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:35,044 INFO L290 TraceCheckUtils]: 7: Hoare triple {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,044 INFO L290 TraceCheckUtils]: 8: Hoare triple {20333#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,044 INFO L290 TraceCheckUtils]: 9: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,044 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {20333#true} {20333#true} #960#return; {20333#true} is VALID [2022-02-20 18:05:35,044 INFO L290 TraceCheckUtils]: 11: Hoare triple {20333#true} assume { :end_inline_setup_bob__wrappee__Base } true; {20333#true} is VALID [2022-02-20 18:05:35,045 INFO L272 TraceCheckUtils]: 12: Hoare triple {20333#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:35,045 INFO L290 TraceCheckUtils]: 13: Hoare triple {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,045 INFO L290 TraceCheckUtils]: 14: Hoare triple {20333#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,045 INFO L290 TraceCheckUtils]: 15: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,045 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {20333#true} {20333#true} #962#return; {20333#true} is VALID [2022-02-20 18:05:35,045 INFO L290 TraceCheckUtils]: 17: Hoare triple {20333#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {20333#true} is VALID [2022-02-20 18:05:35,046 INFO L272 TraceCheckUtils]: 18: Hoare triple {20333#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:35,046 INFO L290 TraceCheckUtils]: 19: Hoare triple {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,046 INFO L290 TraceCheckUtils]: 20: Hoare triple {20333#true} assume !(1 == ~handle); {20333#true} is VALID [2022-02-20 18:05:35,046 INFO L290 TraceCheckUtils]: 21: Hoare triple {20333#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,046 INFO L290 TraceCheckUtils]: 22: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,046 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {20333#true} {20333#true} #964#return; {20333#true} is VALID [2022-02-20 18:05:35,046 INFO L290 TraceCheckUtils]: 24: Hoare triple {20333#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {20333#true} is VALID [2022-02-20 18:05:35,047 INFO L272 TraceCheckUtils]: 25: Hoare triple {20333#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:35,047 INFO L290 TraceCheckUtils]: 26: Hoare triple {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,047 INFO L290 TraceCheckUtils]: 27: Hoare triple {20333#true} assume !(1 == ~handle); {20333#true} is VALID [2022-02-20 18:05:35,047 INFO L290 TraceCheckUtils]: 28: Hoare triple {20333#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,047 INFO L290 TraceCheckUtils]: 29: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,047 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {20333#true} {20333#true} #966#return; {20333#true} is VALID [2022-02-20 18:05:35,048 INFO L290 TraceCheckUtils]: 31: Hoare triple {20333#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {20353#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:35,048 INFO L272 TraceCheckUtils]: 32: Hoare triple {20353#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:35,049 INFO L290 TraceCheckUtils]: 33: Hoare triple {20391#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20393#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,049 INFO L290 TraceCheckUtils]: 34: Hoare triple {20393#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20393#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,049 INFO L290 TraceCheckUtils]: 35: Hoare triple {20393#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20393#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,049 INFO L290 TraceCheckUtils]: 36: Hoare triple {20393#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20394#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,050 INFO L290 TraceCheckUtils]: 37: Hoare triple {20394#(= 3 |setClientId_#in~handle|)} assume true; {20394#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:35,050 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {20394#(= 3 |setClientId_#in~handle|)} {20353#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #968#return; {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:05:35,050 INFO L290 TraceCheckUtils]: 39: Hoare triple {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:05:35,051 INFO L272 TraceCheckUtils]: 40: Hoare triple {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:35,051 INFO L290 TraceCheckUtils]: 41: Hoare triple {20392#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,051 INFO L290 TraceCheckUtils]: 42: Hoare triple {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,052 INFO L290 TraceCheckUtils]: 43: Hoare triple {20395#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20396#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,052 INFO L290 TraceCheckUtils]: 44: Hoare triple {20396#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {20396#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:35,052 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {20396#(= 2 |setClientPrivateKey_#in~handle|)} {20360#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #970#return; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 46: Hoare triple {20334#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 47: Hoare triple {20334#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 48: Hoare triple {20334#false} assume !false; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 49: Hoare triple {20334#false} assume test_~splverifierCounter~0#1 < 4; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 50: Hoare triple {20334#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 51: Hoare triple {20334#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 52: Hoare triple {20334#false} assume !(0 != test_~tmp___9~0#1); {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 53: Hoare triple {20334#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 54: Hoare triple {20334#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {20334#false} is VALID [2022-02-20 18:05:35,053 INFO L290 TraceCheckUtils]: 55: Hoare triple {20334#false} assume !false; {20334#false} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 56: Hoare triple {20334#false} assume !(test_~splverifierCounter~0#1 < 4); {20334#false} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 57: Hoare triple {20334#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {20334#false} is VALID [2022-02-20 18:05:35,054 INFO L272 TraceCheckUtils]: 58: Hoare triple {20334#false} call sendEmail(~bob~0, ~rjh~0); {20334#false} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 59: Hoare triple {20334#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {20334#false} is VALID [2022-02-20 18:05:35,054 INFO L272 TraceCheckUtils]: 60: Hoare triple {20334#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20397#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 61: Hoare triple {20397#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 62: Hoare triple {20333#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 63: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,054 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {20333#true} {20334#false} #948#return; {20334#false} is VALID [2022-02-20 18:05:35,054 INFO L290 TraceCheckUtils]: 65: Hoare triple {20334#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {20334#false} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 66: Hoare triple {20334#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {20334#false} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 67: Hoare triple {20334#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {20334#false} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 68: Hoare triple {20334#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {20334#false} is VALID [2022-02-20 18:05:35,055 INFO L272 TraceCheckUtils]: 69: Hoare triple {20334#false} call outgoing(~sender#1, ~email~0#1); {20334#false} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 70: Hoare triple {20334#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {20334#false} is VALID [2022-02-20 18:05:35,055 INFO L272 TraceCheckUtils]: 71: Hoare triple {20334#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {20333#true} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 72: Hoare triple {20333#true} ~handle := #in~handle;havoc ~retValue_acc~17; {20333#true} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 73: Hoare triple {20333#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {20333#true} is VALID [2022-02-20 18:05:35,055 INFO L290 TraceCheckUtils]: 74: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,056 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {20333#true} {20334#false} #906#return; {20334#false} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 76: Hoare triple {20334#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {20334#false} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 77: Hoare triple {20334#false} assume 0 == sign_~privkey~1#1; {20334#false} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 78: Hoare triple {20334#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {20334#false} is VALID [2022-02-20 18:05:35,056 INFO L272 TraceCheckUtils]: 79: Hoare triple {20334#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {20333#true} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 80: Hoare triple {20333#true} ~handle := #in~handle;havoc ~retValue_acc~36; {20333#true} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 81: Hoare triple {20333#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {20333#true} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 82: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,056 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {20333#true} {20334#false} #908#return; {20334#false} is VALID [2022-02-20 18:05:35,056 INFO L290 TraceCheckUtils]: 84: Hoare triple {20334#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {20334#false} is VALID [2022-02-20 18:05:35,057 INFO L272 TraceCheckUtils]: 85: Hoare triple {20334#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {20333#true} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 86: Hoare triple {20333#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {20333#true} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 87: Hoare triple {20333#true} assume 1 == ~handle; {20333#true} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 88: Hoare triple {20333#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {20333#true} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 89: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,057 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {20333#true} {20334#false} #910#return; {20334#false} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 91: Hoare triple {20334#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {20334#false} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 92: Hoare triple {20334#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {20334#false} is VALID [2022-02-20 18:05:35,057 INFO L290 TraceCheckUtils]: 93: Hoare triple {20334#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {20334#false} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 94: Hoare triple {20334#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {20334#false} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 95: Hoare triple {20334#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {20334#false} is VALID [2022-02-20 18:05:35,058 INFO L272 TraceCheckUtils]: 96: Hoare triple {20334#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {20397#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 97: Hoare triple {20397#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20333#true} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 98: Hoare triple {20333#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20333#true} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 99: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,058 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {20333#true} {20334#false} #916#return; {20334#false} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 101: Hoare triple {20334#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {20334#false} is VALID [2022-02-20 18:05:35,058 INFO L290 TraceCheckUtils]: 102: Hoare triple {20334#false} assume 0 != ~in_encrypted~0; {20334#false} is VALID [2022-02-20 18:05:35,058 INFO L272 TraceCheckUtils]: 103: Hoare triple {20334#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {20333#true} is VALID [2022-02-20 18:05:35,059 INFO L290 TraceCheckUtils]: 104: Hoare triple {20333#true} ~handle := #in~handle;havoc ~retValue_acc~39; {20333#true} is VALID [2022-02-20 18:05:35,059 INFO L290 TraceCheckUtils]: 105: Hoare triple {20333#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {20333#true} is VALID [2022-02-20 18:05:35,059 INFO L290 TraceCheckUtils]: 106: Hoare triple {20333#true} assume true; {20333#true} is VALID [2022-02-20 18:05:35,059 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {20333#true} {20334#false} #918#return; {20334#false} is VALID [2022-02-20 18:05:35,059 INFO L290 TraceCheckUtils]: 108: Hoare triple {20334#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {20334#false} is VALID [2022-02-20 18:05:35,059 INFO L290 TraceCheckUtils]: 109: Hoare triple {20334#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {20334#false} is VALID [2022-02-20 18:05:35,059 INFO L290 TraceCheckUtils]: 110: Hoare triple {20334#false} assume !false; {20334#false} is VALID [2022-02-20 18:05:35,060 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:35,060 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:35,060 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [968661607] [2022-02-20 18:05:35,060 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [968661607] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:35,060 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:35,060 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 18:05:35,060 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1802289093] [2022-02-20 18:05:35,060 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:35,061 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111 [2022-02-20 18:05:35,061 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:35,061 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:35,126 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:35,126 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:05:35,126 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:35,127 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:05:35,127 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:05:35,127 INFO L87 Difference]: Start difference. First operand 373 states and 562 transitions. Second operand has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:41,716 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:41,716 INFO L93 Difference]: Finished difference Result 793 states and 1206 transitions. [2022-02-20 18:05:41,716 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:05:41,717 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111 [2022-02-20 18:05:41,717 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:41,717 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:41,733 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1035 transitions. [2022-02-20 18:05:41,734 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:41,742 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1035 transitions. [2022-02-20 18:05:41,743 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1035 transitions. [2022-02-20 18:05:42,546 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1035 edges. 1035 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:42,559 INFO L225 Difference]: With dead ends: 793 [2022-02-20 18:05:42,559 INFO L226 Difference]: Without dead ends: 447 [2022-02-20 18:05:42,561 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:05:42,561 INFO L933 BasicCegarLoop]: 496 mSDtfsCounter, 980 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2895 mSolverCounterSat, 322 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 980 SdHoareTripleChecker+Valid, 1448 SdHoareTripleChecker+Invalid, 3217 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 322 IncrementalHoareTripleChecker+Valid, 2895 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:42,562 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [980 Valid, 1448 Invalid, 3217 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [322 Valid, 2895 Invalid, 0 Unknown, 0 Unchecked, 3.0s Time] [2022-02-20 18:05:42,562 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 447 states. [2022-02-20 18:05:42,653 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 447 to 375. [2022-02-20 18:05:42,654 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:42,655 INFO L82 GeneralOperation]: Start isEquivalent. First operand 447 states. Second operand has 375 states, 287 states have (on average 1.5156794425087108) internal successors, (435), 294 states have internal predecessors, (435), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:05:42,655 INFO L74 IsIncluded]: Start isIncluded. First operand 447 states. Second operand has 375 states, 287 states have (on average 1.5156794425087108) internal successors, (435), 294 states have internal predecessors, (435), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:05:42,656 INFO L87 Difference]: Start difference. First operand 447 states. Second operand has 375 states, 287 states have (on average 1.5156794425087108) internal successors, (435), 294 states have internal predecessors, (435), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:05:42,669 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:42,670 INFO L93 Difference]: Finished difference Result 447 states and 680 transitions. [2022-02-20 18:05:42,670 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 680 transitions. [2022-02-20 18:05:42,672 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:42,672 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:42,673 INFO L74 IsIncluded]: Start isIncluded. First operand has 375 states, 287 states have (on average 1.5156794425087108) internal successors, (435), 294 states have internal predecessors, (435), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) Second operand 447 states. [2022-02-20 18:05:42,673 INFO L87 Difference]: Start difference. First operand has 375 states, 287 states have (on average 1.5156794425087108) internal successors, (435), 294 states have internal predecessors, (435), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) Second operand 447 states. [2022-02-20 18:05:42,687 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:42,687 INFO L93 Difference]: Finished difference Result 447 states and 680 transitions. [2022-02-20 18:05:42,688 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 680 transitions. [2022-02-20 18:05:42,694 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:42,694 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:42,694 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:42,694 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:42,695 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 375 states, 287 states have (on average 1.5156794425087108) internal successors, (435), 294 states have internal predecessors, (435), 61 states have call successors, (61), 22 states have call predecessors, (61), 26 states have return successors, (72), 60 states have call predecessors, (72), 60 states have call successors, (72) [2022-02-20 18:05:42,707 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 375 states to 375 states and 568 transitions. [2022-02-20 18:05:42,707 INFO L78 Accepts]: Start accepts. Automaton has 375 states and 568 transitions. Word has length 111 [2022-02-20 18:05:42,708 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:42,708 INFO L470 AbstractCegarLoop]: Abstraction has 375 states and 568 transitions. [2022-02-20 18:05:42,708 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 7.7) internal successors, (77), 8 states have internal predecessors, (77), 4 states have call successors, (14), 5 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:05:42,708 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 568 transitions. [2022-02-20 18:05:42,711 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:05:42,711 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:42,711 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:42,711 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:05:42,711 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:42,712 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:42,712 INFO L85 PathProgramCache]: Analyzing trace with hash -1877256588, now seen corresponding path program 1 times [2022-02-20 18:05:42,712 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:42,712 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [991234824] [2022-02-20 18:05:42,712 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:42,712 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:42,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:42,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22958#true} #960#return; {22958#true} is VALID [2022-02-20 18:05:42,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:42,793 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,796 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,796 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,796 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22958#true} #962#return; {22958#true} is VALID [2022-02-20 18:05:42,796 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:42,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,802 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,802 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22958#true} {22958#true} #964#return; {22958#true} is VALID [2022-02-20 18:05:42,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:42,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,809 INFO L290 TraceCheckUtils]: 0: Hoare triple {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,809 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,810 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,810 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22958#true} {22958#true} #966#return; {22958#true} is VALID [2022-02-20 18:05:42,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:42,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,815 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,815 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,815 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,815 INFO L290 TraceCheckUtils]: 4: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,815 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22958#true} {22958#true} #968#return; {22958#true} is VALID [2022-02-20 18:05:42,815 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:42,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,821 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,821 INFO L290 TraceCheckUtils]: 4: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,821 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22958#true} {22958#true} #970#return; {22958#true} is VALID [2022-02-20 18:05:42,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:42,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {23019#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22959#false} #948#return; {22959#false} is VALID [2022-02-20 18:05:42,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:05:42,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~17; {22958#true} is VALID [2022-02-20 18:05:42,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {22958#true} is VALID [2022-02-20 18:05:42,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22959#false} #906#return; {22959#false} is VALID [2022-02-20 18:05:42,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:05:42,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22958#true} is VALID [2022-02-20 18:05:42,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {22958#true} is VALID [2022-02-20 18:05:42,837 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,837 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22959#false} #908#return; {22959#false} is VALID [2022-02-20 18:05:42,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:05:42,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {22958#true} is VALID [2022-02-20 18:05:42,842 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle; {22958#true} is VALID [2022-02-20 18:05:42,842 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {22958#true} is VALID [2022-02-20 18:05:42,842 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,842 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22958#true} {22959#false} #910#return; {22959#false} is VALID [2022-02-20 18:05:42,843 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:05:42,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,846 INFO L290 TraceCheckUtils]: 0: Hoare triple {23019#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,846 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,846 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22959#false} #916#return; {22959#false} is VALID [2022-02-20 18:05:42,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:05:42,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:42,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~39; {22958#true} is VALID [2022-02-20 18:05:42,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {22958#true} is VALID [2022-02-20 18:05:42,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,849 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22958#true} {22959#false} #918#return; {22959#false} is VALID [2022-02-20 18:05:42,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {22958#true} is VALID [2022-02-20 18:05:42,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {22958#true} is VALID [2022-02-20 18:05:42,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22958#true} is VALID [2022-02-20 18:05:42,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {22958#true} is VALID [2022-02-20 18:05:42,849 INFO L290 TraceCheckUtils]: 4: Hoare triple {22958#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {22958#true} is VALID [2022-02-20 18:05:42,850 INFO L290 TraceCheckUtils]: 5: Hoare triple {22958#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22958#true} is VALID [2022-02-20 18:05:42,850 INFO L272 TraceCheckUtils]: 6: Hoare triple {22958#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:42,850 INFO L290 TraceCheckUtils]: 7: Hoare triple {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,851 INFO L290 TraceCheckUtils]: 8: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,851 INFO L290 TraceCheckUtils]: 9: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,851 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22958#true} {22958#true} #960#return; {22958#true} is VALID [2022-02-20 18:05:42,851 INFO L290 TraceCheckUtils]: 11: Hoare triple {22958#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:42,852 INFO L272 TraceCheckUtils]: 12: Hoare triple {22958#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:42,852 INFO L290 TraceCheckUtils]: 13: Hoare triple {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,852 INFO L290 TraceCheckUtils]: 14: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,852 INFO L290 TraceCheckUtils]: 15: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,852 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22958#true} {22958#true} #962#return; {22958#true} is VALID [2022-02-20 18:05:42,852 INFO L290 TraceCheckUtils]: 17: Hoare triple {22958#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22958#true} is VALID [2022-02-20 18:05:42,853 INFO L272 TraceCheckUtils]: 18: Hoare triple {22958#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:42,853 INFO L290 TraceCheckUtils]: 19: Hoare triple {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,853 INFO L290 TraceCheckUtils]: 20: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,853 INFO L290 TraceCheckUtils]: 21: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,853 INFO L290 TraceCheckUtils]: 22: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,853 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22958#true} {22958#true} #964#return; {22958#true} is VALID [2022-02-20 18:05:42,853 INFO L290 TraceCheckUtils]: 24: Hoare triple {22958#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:42,854 INFO L272 TraceCheckUtils]: 25: Hoare triple {22958#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:42,854 INFO L290 TraceCheckUtils]: 26: Hoare triple {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,854 INFO L290 TraceCheckUtils]: 27: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,854 INFO L290 TraceCheckUtils]: 28: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,855 INFO L290 TraceCheckUtils]: 29: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,855 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22958#true} {22958#true} #966#return; {22958#true} is VALID [2022-02-20 18:05:42,855 INFO L290 TraceCheckUtils]: 31: Hoare triple {22958#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22958#true} is VALID [2022-02-20 18:05:42,855 INFO L272 TraceCheckUtils]: 32: Hoare triple {22958#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:42,855 INFO L290 TraceCheckUtils]: 33: Hoare triple {23017#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,856 INFO L290 TraceCheckUtils]: 34: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,856 INFO L290 TraceCheckUtils]: 35: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,856 INFO L290 TraceCheckUtils]: 36: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,856 INFO L290 TraceCheckUtils]: 37: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,856 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22958#true} {22958#true} #968#return; {22958#true} is VALID [2022-02-20 18:05:42,856 INFO L290 TraceCheckUtils]: 39: Hoare triple {22958#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:42,857 INFO L272 TraceCheckUtils]: 40: Hoare triple {22958#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:42,857 INFO L290 TraceCheckUtils]: 41: Hoare triple {23018#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,857 INFO L290 TraceCheckUtils]: 42: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,857 INFO L290 TraceCheckUtils]: 43: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:42,857 INFO L290 TraceCheckUtils]: 44: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,857 INFO L290 TraceCheckUtils]: 45: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,858 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22958#true} {22958#true} #970#return; {22958#true} is VALID [2022-02-20 18:05:42,858 INFO L290 TraceCheckUtils]: 47: Hoare triple {22958#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {22958#true} is VALID [2022-02-20 18:05:42,858 INFO L290 TraceCheckUtils]: 48: Hoare triple {22958#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22990#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:42,858 INFO L290 TraceCheckUtils]: 49: Hoare triple {22990#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {22990#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:42,859 INFO L290 TraceCheckUtils]: 50: Hoare triple {22990#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {22990#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:42,859 INFO L290 TraceCheckUtils]: 51: Hoare triple {22990#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:42,859 INFO L290 TraceCheckUtils]: 52: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:42,860 INFO L290 TraceCheckUtils]: 53: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:42,860 INFO L290 TraceCheckUtils]: 54: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:42,860 INFO L290 TraceCheckUtils]: 55: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:42,860 INFO L290 TraceCheckUtils]: 56: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:42,861 INFO L290 TraceCheckUtils]: 57: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {22959#false} is VALID [2022-02-20 18:05:42,861 INFO L290 TraceCheckUtils]: 58: Hoare triple {22959#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {22959#false} is VALID [2022-02-20 18:05:42,861 INFO L272 TraceCheckUtils]: 59: Hoare triple {22959#false} call sendEmail(~bob~0, ~rjh~0); {22959#false} is VALID [2022-02-20 18:05:42,861 INFO L290 TraceCheckUtils]: 60: Hoare triple {22959#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22959#false} is VALID [2022-02-20 18:05:42,861 INFO L272 TraceCheckUtils]: 61: Hoare triple {22959#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23019#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:42,861 INFO L290 TraceCheckUtils]: 62: Hoare triple {23019#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,862 INFO L290 TraceCheckUtils]: 63: Hoare triple {22958#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,862 INFO L290 TraceCheckUtils]: 64: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,862 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22958#true} {22959#false} #948#return; {22959#false} is VALID [2022-02-20 18:05:42,862 INFO L290 TraceCheckUtils]: 66: Hoare triple {22959#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22959#false} is VALID [2022-02-20 18:05:42,862 INFO L290 TraceCheckUtils]: 67: Hoare triple {22959#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22959#false} is VALID [2022-02-20 18:05:42,862 INFO L290 TraceCheckUtils]: 68: Hoare triple {22959#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {22959#false} is VALID [2022-02-20 18:05:42,862 INFO L290 TraceCheckUtils]: 69: Hoare triple {22959#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {22959#false} is VALID [2022-02-20 18:05:42,862 INFO L272 TraceCheckUtils]: 70: Hoare triple {22959#false} call outgoing(~sender#1, ~email~0#1); {22959#false} is VALID [2022-02-20 18:05:42,863 INFO L290 TraceCheckUtils]: 71: Hoare triple {22959#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {22959#false} is VALID [2022-02-20 18:05:42,863 INFO L272 TraceCheckUtils]: 72: Hoare triple {22959#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {22958#true} is VALID [2022-02-20 18:05:42,863 INFO L290 TraceCheckUtils]: 73: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~17; {22958#true} is VALID [2022-02-20 18:05:42,863 INFO L290 TraceCheckUtils]: 74: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {22958#true} is VALID [2022-02-20 18:05:42,863 INFO L290 TraceCheckUtils]: 75: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,863 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {22958#true} {22959#false} #906#return; {22959#false} is VALID [2022-02-20 18:05:42,863 INFO L290 TraceCheckUtils]: 77: Hoare triple {22959#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {22959#false} is VALID [2022-02-20 18:05:42,863 INFO L290 TraceCheckUtils]: 78: Hoare triple {22959#false} assume 0 == sign_~privkey~1#1; {22959#false} is VALID [2022-02-20 18:05:42,864 INFO L290 TraceCheckUtils]: 79: Hoare triple {22959#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {22959#false} is VALID [2022-02-20 18:05:42,864 INFO L272 TraceCheckUtils]: 80: Hoare triple {22959#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {22958#true} is VALID [2022-02-20 18:05:42,864 INFO L290 TraceCheckUtils]: 81: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22958#true} is VALID [2022-02-20 18:05:42,864 INFO L290 TraceCheckUtils]: 82: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {22958#true} is VALID [2022-02-20 18:05:42,864 INFO L290 TraceCheckUtils]: 83: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,864 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {22958#true} {22959#false} #908#return; {22959#false} is VALID [2022-02-20 18:05:42,864 INFO L290 TraceCheckUtils]: 85: Hoare triple {22959#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {22959#false} is VALID [2022-02-20 18:05:42,864 INFO L272 TraceCheckUtils]: 86: Hoare triple {22959#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {22958#true} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 87: Hoare triple {22958#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {22958#true} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 88: Hoare triple {22958#true} assume 1 == ~handle; {22958#true} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 89: Hoare triple {22958#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {22958#true} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 90: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,865 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {22958#true} {22959#false} #910#return; {22959#false} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 92: Hoare triple {22959#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {22959#false} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 93: Hoare triple {22959#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {22959#false} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 94: Hoare triple {22959#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {22959#false} is VALID [2022-02-20 18:05:42,865 INFO L290 TraceCheckUtils]: 95: Hoare triple {22959#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {22959#false} is VALID [2022-02-20 18:05:42,866 INFO L290 TraceCheckUtils]: 96: Hoare triple {22959#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {22959#false} is VALID [2022-02-20 18:05:42,866 INFO L272 TraceCheckUtils]: 97: Hoare triple {22959#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {23019#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:42,866 INFO L290 TraceCheckUtils]: 98: Hoare triple {23019#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:42,866 INFO L290 TraceCheckUtils]: 99: Hoare triple {22958#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:42,866 INFO L290 TraceCheckUtils]: 100: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,866 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {22958#true} {22959#false} #916#return; {22959#false} is VALID [2022-02-20 18:05:42,866 INFO L290 TraceCheckUtils]: 102: Hoare triple {22959#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {22959#false} is VALID [2022-02-20 18:05:42,867 INFO L290 TraceCheckUtils]: 103: Hoare triple {22959#false} assume 0 != ~in_encrypted~0; {22959#false} is VALID [2022-02-20 18:05:42,867 INFO L272 TraceCheckUtils]: 104: Hoare triple {22959#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {22958#true} is VALID [2022-02-20 18:05:42,867 INFO L290 TraceCheckUtils]: 105: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~39; {22958#true} is VALID [2022-02-20 18:05:42,867 INFO L290 TraceCheckUtils]: 106: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {22958#true} is VALID [2022-02-20 18:05:42,867 INFO L290 TraceCheckUtils]: 107: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:42,867 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {22958#true} {22959#false} #918#return; {22959#false} is VALID [2022-02-20 18:05:42,867 INFO L290 TraceCheckUtils]: 109: Hoare triple {22959#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {22959#false} is VALID [2022-02-20 18:05:42,867 INFO L290 TraceCheckUtils]: 110: Hoare triple {22959#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {22959#false} is VALID [2022-02-20 18:05:42,868 INFO L290 TraceCheckUtils]: 111: Hoare triple {22959#false} assume !false; {22959#false} is VALID [2022-02-20 18:05:42,868 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:42,868 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:42,868 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [991234824] [2022-02-20 18:05:42,868 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [991234824] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:42,868 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [275705917] [2022-02-20 18:05:42,869 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:42,869 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:42,869 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:42,884 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:42,927 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:05:43,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:43,101 INFO L263 TraceCheckSpWp]: Trace formula consists of 1045 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:05:43,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:43,141 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:43,351 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {22958#true} is VALID [2022-02-20 18:05:43,351 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {22958#true} is VALID [2022-02-20 18:05:43,351 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22958#true} is VALID [2022-02-20 18:05:43,351 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {22958#true} is VALID [2022-02-20 18:05:43,351 INFO L290 TraceCheckUtils]: 4: Hoare triple {22958#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {22958#true} is VALID [2022-02-20 18:05:43,351 INFO L290 TraceCheckUtils]: 5: Hoare triple {22958#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L272 TraceCheckUtils]: 6: Hoare triple {22958#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 7: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 8: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 9: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22958#true} {22958#true} #960#return; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 11: Hoare triple {22958#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L272 TraceCheckUtils]: 12: Hoare triple {22958#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 13: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 14: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 15: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22958#true} {22958#true} #962#return; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 17: Hoare triple {22958#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L272 TraceCheckUtils]: 18: Hoare triple {22958#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 19: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 20: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 21: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 22: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22958#true} {22958#true} #964#return; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 24: Hoare triple {22958#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L272 TraceCheckUtils]: 25: Hoare triple {22958#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 26: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 27: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,352 INFO L290 TraceCheckUtils]: 28: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,353 INFO L290 TraceCheckUtils]: 29: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,353 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22958#true} {22958#true} #966#return; {22958#true} is VALID [2022-02-20 18:05:43,353 INFO L290 TraceCheckUtils]: 31: Hoare triple {22958#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22958#true} is VALID [2022-02-20 18:05:43,366 INFO L272 TraceCheckUtils]: 32: Hoare triple {22958#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 33: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 34: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 35: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 36: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 37: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22958#true} {22958#true} #968#return; {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 39: Hoare triple {22958#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L272 TraceCheckUtils]: 40: Hoare triple {22958#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22958#true} is VALID [2022-02-20 18:05:43,367 INFO L290 TraceCheckUtils]: 41: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,368 INFO L290 TraceCheckUtils]: 42: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,368 INFO L290 TraceCheckUtils]: 43: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,368 INFO L290 TraceCheckUtils]: 44: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,368 INFO L290 TraceCheckUtils]: 45: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,368 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22958#true} {22958#true} #970#return; {22958#true} is VALID [2022-02-20 18:05:43,368 INFO L290 TraceCheckUtils]: 47: Hoare triple {22958#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {22958#true} is VALID [2022-02-20 18:05:43,369 INFO L290 TraceCheckUtils]: 48: Hoare triple {22958#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23167#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:43,369 INFO L290 TraceCheckUtils]: 49: Hoare triple {23167#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {23167#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:43,369 INFO L290 TraceCheckUtils]: 50: Hoare triple {23167#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {23167#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:43,370 INFO L290 TraceCheckUtils]: 51: Hoare triple {23167#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:43,370 INFO L290 TraceCheckUtils]: 52: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:43,370 INFO L290 TraceCheckUtils]: 53: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:43,370 INFO L290 TraceCheckUtils]: 54: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:43,371 INFO L290 TraceCheckUtils]: 55: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:43,371 INFO L290 TraceCheckUtils]: 56: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:43,371 INFO L290 TraceCheckUtils]: 57: Hoare triple {22991#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {22959#false} is VALID [2022-02-20 18:05:43,371 INFO L290 TraceCheckUtils]: 58: Hoare triple {22959#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {22959#false} is VALID [2022-02-20 18:05:43,371 INFO L272 TraceCheckUtils]: 59: Hoare triple {22959#false} call sendEmail(~bob~0, ~rjh~0); {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 60: Hoare triple {22959#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L272 TraceCheckUtils]: 61: Hoare triple {22959#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 62: Hoare triple {22959#false} ~handle := #in~handle;~value := #in~value; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 63: Hoare triple {22959#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 64: Hoare triple {22959#false} assume true; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22959#false} {22959#false} #948#return; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 66: Hoare triple {22959#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 67: Hoare triple {22959#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22959#false} is VALID [2022-02-20 18:05:43,372 INFO L290 TraceCheckUtils]: 68: Hoare triple {22959#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L290 TraceCheckUtils]: 69: Hoare triple {22959#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L272 TraceCheckUtils]: 70: Hoare triple {22959#false} call outgoing(~sender#1, ~email~0#1); {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L290 TraceCheckUtils]: 71: Hoare triple {22959#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L272 TraceCheckUtils]: 72: Hoare triple {22959#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L290 TraceCheckUtils]: 73: Hoare triple {22959#false} ~handle := #in~handle;havoc ~retValue_acc~17; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L290 TraceCheckUtils]: 74: Hoare triple {22959#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L290 TraceCheckUtils]: 75: Hoare triple {22959#false} assume true; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {22959#false} {22959#false} #906#return; {22959#false} is VALID [2022-02-20 18:05:43,373 INFO L290 TraceCheckUtils]: 77: Hoare triple {22959#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L290 TraceCheckUtils]: 78: Hoare triple {22959#false} assume 0 == sign_~privkey~1#1; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L290 TraceCheckUtils]: 79: Hoare triple {22959#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L272 TraceCheckUtils]: 80: Hoare triple {22959#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L290 TraceCheckUtils]: 81: Hoare triple {22959#false} ~handle := #in~handle;havoc ~retValue_acc~36; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L290 TraceCheckUtils]: 82: Hoare triple {22959#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L290 TraceCheckUtils]: 83: Hoare triple {22959#false} assume true; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {22959#false} {22959#false} #908#return; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L290 TraceCheckUtils]: 85: Hoare triple {22959#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {22959#false} is VALID [2022-02-20 18:05:43,374 INFO L272 TraceCheckUtils]: 86: Hoare triple {22959#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 87: Hoare triple {22959#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 88: Hoare triple {22959#false} assume 1 == ~handle; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 89: Hoare triple {22959#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 90: Hoare triple {22959#false} assume true; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {22959#false} {22959#false} #910#return; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 92: Hoare triple {22959#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 93: Hoare triple {22959#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 94: Hoare triple {22959#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {22959#false} is VALID [2022-02-20 18:05:43,375 INFO L290 TraceCheckUtils]: 95: Hoare triple {22959#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L290 TraceCheckUtils]: 96: Hoare triple {22959#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L272 TraceCheckUtils]: 97: Hoare triple {22959#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L290 TraceCheckUtils]: 98: Hoare triple {22959#false} ~handle := #in~handle;~value := #in~value; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L290 TraceCheckUtils]: 99: Hoare triple {22959#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L290 TraceCheckUtils]: 100: Hoare triple {22959#false} assume true; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {22959#false} {22959#false} #916#return; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L290 TraceCheckUtils]: 102: Hoare triple {22959#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L290 TraceCheckUtils]: 103: Hoare triple {22959#false} assume 0 != ~in_encrypted~0; {22959#false} is VALID [2022-02-20 18:05:43,376 INFO L272 TraceCheckUtils]: 104: Hoare triple {22959#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L290 TraceCheckUtils]: 105: Hoare triple {22959#false} ~handle := #in~handle;havoc ~retValue_acc~39; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L290 TraceCheckUtils]: 106: Hoare triple {22959#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L290 TraceCheckUtils]: 107: Hoare triple {22959#false} assume true; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {22959#false} {22959#false} #918#return; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L290 TraceCheckUtils]: 109: Hoare triple {22959#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L290 TraceCheckUtils]: 110: Hoare triple {22959#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L290 TraceCheckUtils]: 111: Hoare triple {22959#false} assume !false; {22959#false} is VALID [2022-02-20 18:05:43,377 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:43,378 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:05:43,655 INFO L290 TraceCheckUtils]: 111: Hoare triple {22959#false} assume !false; {22959#false} is VALID [2022-02-20 18:05:43,655 INFO L290 TraceCheckUtils]: 110: Hoare triple {22959#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {22959#false} is VALID [2022-02-20 18:05:43,655 INFO L290 TraceCheckUtils]: 109: Hoare triple {22959#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {22959#false} is VALID [2022-02-20 18:05:43,655 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {22958#true} {22959#false} #918#return; {22959#false} is VALID [2022-02-20 18:05:43,655 INFO L290 TraceCheckUtils]: 107: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 106: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 105: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~39; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L272 TraceCheckUtils]: 104: Hoare triple {22959#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 103: Hoare triple {22959#false} assume 0 != ~in_encrypted~0; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 102: Hoare triple {22959#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {22958#true} {22959#false} #916#return; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 100: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 99: Hoare triple {22958#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 98: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L272 TraceCheckUtils]: 97: Hoare triple {22959#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 96: Hoare triple {22959#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 95: Hoare triple {22959#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 94: Hoare triple {22959#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 93: Hoare triple {22959#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 92: Hoare triple {22959#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {22958#true} {22959#false} #910#return; {22959#false} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 90: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 89: Hoare triple {22958#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 88: Hoare triple {22958#true} assume 1 == ~handle; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 87: Hoare triple {22958#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L272 TraceCheckUtils]: 86: Hoare triple {22959#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {22958#true} is VALID [2022-02-20 18:05:43,656 INFO L290 TraceCheckUtils]: 85: Hoare triple {22959#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {22959#false} is VALID [2022-02-20 18:05:43,657 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {22958#true} {22959#false} #908#return; {22959#false} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 83: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 82: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 81: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L272 TraceCheckUtils]: 80: Hoare triple {22959#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 79: Hoare triple {22959#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {22959#false} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 78: Hoare triple {22959#false} assume 0 == sign_~privkey~1#1; {22959#false} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 77: Hoare triple {22959#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {22959#false} is VALID [2022-02-20 18:05:43,657 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {22958#true} {22959#false} #906#return; {22959#false} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 75: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 74: Hoare triple {22958#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 73: Hoare triple {22958#true} ~handle := #in~handle;havoc ~retValue_acc~17; {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L272 TraceCheckUtils]: 72: Hoare triple {22959#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {22958#true} is VALID [2022-02-20 18:05:43,657 INFO L290 TraceCheckUtils]: 71: Hoare triple {22959#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L272 TraceCheckUtils]: 70: Hoare triple {22959#false} call outgoing(~sender#1, ~email~0#1); {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 69: Hoare triple {22959#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 68: Hoare triple {22959#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 67: Hoare triple {22959#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 66: Hoare triple {22959#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22958#true} {22959#false} #948#return; {22959#false} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 64: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 63: Hoare triple {22958#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,658 INFO L290 TraceCheckUtils]: 62: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,658 INFO L272 TraceCheckUtils]: 61: Hoare triple {22959#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22958#true} is VALID [2022-02-20 18:05:43,659 INFO L290 TraceCheckUtils]: 60: Hoare triple {22959#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22959#false} is VALID [2022-02-20 18:05:43,659 INFO L272 TraceCheckUtils]: 59: Hoare triple {22959#false} call sendEmail(~bob~0, ~rjh~0); {22959#false} is VALID [2022-02-20 18:05:43,659 INFO L290 TraceCheckUtils]: 58: Hoare triple {22959#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {22959#false} is VALID [2022-02-20 18:05:43,663 INFO L290 TraceCheckUtils]: 57: Hoare triple {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {22959#false} is VALID [2022-02-20 18:05:43,663 INFO L290 TraceCheckUtils]: 56: Hoare triple {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:43,664 INFO L290 TraceCheckUtils]: 55: Hoare triple {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:43,664 INFO L290 TraceCheckUtils]: 54: Hoare triple {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:43,664 INFO L290 TraceCheckUtils]: 53: Hoare triple {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:43,664 INFO L290 TraceCheckUtils]: 52: Hoare triple {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:43,665 INFO L290 TraceCheckUtils]: 51: Hoare triple {23538#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23519#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:43,665 INFO L290 TraceCheckUtils]: 50: Hoare triple {23538#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {23538#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:05:43,665 INFO L290 TraceCheckUtils]: 49: Hoare triple {23538#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {23538#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:05:43,666 INFO L290 TraceCheckUtils]: 48: Hoare triple {22958#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23538#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:05:43,666 INFO L290 TraceCheckUtils]: 47: Hoare triple {22958#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {22958#true} is VALID [2022-02-20 18:05:43,666 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22958#true} {22958#true} #970#return; {22958#true} is VALID [2022-02-20 18:05:43,666 INFO L290 TraceCheckUtils]: 45: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,666 INFO L290 TraceCheckUtils]: 44: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,666 INFO L290 TraceCheckUtils]: 43: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 42: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 41: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L272 TraceCheckUtils]: 40: Hoare triple {22958#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 39: Hoare triple {22958#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22958#true} {22958#true} #968#return; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 37: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 36: Hoare triple {22958#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 35: Hoare triple {22958#true} assume !(2 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 34: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 33: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L272 TraceCheckUtils]: 32: Hoare triple {22958#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 31: Hoare triple {22958#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22958#true} {22958#true} #966#return; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 29: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 28: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 27: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 26: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L272 TraceCheckUtils]: 25: Hoare triple {22958#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22958#true} is VALID [2022-02-20 18:05:43,667 INFO L290 TraceCheckUtils]: 24: Hoare triple {22958#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22958#true} {22958#true} #964#return; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L290 TraceCheckUtils]: 22: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L290 TraceCheckUtils]: 21: Hoare triple {22958#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L290 TraceCheckUtils]: 20: Hoare triple {22958#true} assume !(1 == ~handle); {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L290 TraceCheckUtils]: 19: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L272 TraceCheckUtils]: 18: Hoare triple {22958#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L290 TraceCheckUtils]: 17: Hoare triple {22958#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22958#true} {22958#true} #962#return; {22958#true} is VALID [2022-02-20 18:05:43,668 INFO L290 TraceCheckUtils]: 15: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 14: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 13: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L272 TraceCheckUtils]: 12: Hoare triple {22958#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 11: Hoare triple {22958#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22958#true} {22958#true} #960#return; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 9: Hoare triple {22958#true} assume true; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 8: Hoare triple {22958#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 7: Hoare triple {22958#true} ~handle := #in~handle;~value := #in~value; {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L272 TraceCheckUtils]: 6: Hoare triple {22958#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22958#true} is VALID [2022-02-20 18:05:43,669 INFO L290 TraceCheckUtils]: 5: Hoare triple {22958#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22958#true} is VALID [2022-02-20 18:05:43,670 INFO L290 TraceCheckUtils]: 4: Hoare triple {22958#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {22958#true} is VALID [2022-02-20 18:05:43,670 INFO L290 TraceCheckUtils]: 3: Hoare triple {22958#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {22958#true} is VALID [2022-02-20 18:05:43,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {22958#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22958#true} is VALID [2022-02-20 18:05:43,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {22958#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {22958#true} is VALID [2022-02-20 18:05:43,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {22958#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {22958#true} is VALID [2022-02-20 18:05:43,670 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:43,671 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [275705917] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:05:43,671 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:05:43,671 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 18:05:43,671 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1796251991] [2022-02-20 18:05:43,671 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:05:43,672 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 112 [2022-02-20 18:05:43,935 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:43,936 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:44,024 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 152 edges. 152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:44,024 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:05:44,024 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:44,024 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:05:44,025 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:44,025 INFO L87 Difference]: Start difference. First operand 375 states and 568 transitions. Second operand has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:49,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:49,532 INFO L93 Difference]: Finished difference Result 947 states and 1504 transitions. [2022-02-20 18:05:49,532 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:05:49,532 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 112 [2022-02-20 18:05:49,532 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:49,532 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:49,545 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1238 transitions. [2022-02-20 18:05:49,546 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:49,557 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1238 transitions. [2022-02-20 18:05:49,558 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1238 transitions. [2022-02-20 18:05:50,511 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1238 edges. 1238 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:50,555 INFO L225 Difference]: With dead ends: 947 [2022-02-20 18:05:50,555 INFO L226 Difference]: Without dead ends: 774 [2022-02-20 18:05:50,556 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 257 GetRequests, 245 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=135, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:05:50,557 INFO L933 BasicCegarLoop]: 585 mSDtfsCounter, 1185 mSDsluCounter, 1079 mSDsCounter, 0 mSdLazyCounter, 1840 mSolverCounterSat, 392 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1230 SdHoareTripleChecker+Valid, 1664 SdHoareTripleChecker+Invalid, 2232 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 392 IncrementalHoareTripleChecker+Valid, 1840 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:50,557 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1230 Valid, 1664 Invalid, 2232 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [392 Valid, 1840 Invalid, 0 Unknown, 0 Unchecked, 2.2s Time] [2022-02-20 18:05:50,558 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 774 states. [2022-02-20 18:05:50,891 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 774 to 678. [2022-02-20 18:05:50,891 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:50,894 INFO L82 GeneralOperation]: Start isEquivalent. First operand 774 states. Second operand has 678 states, 526 states have (on average 1.5836501901140685) internal successors, (833), 533 states have internal predecessors, (833), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:05:50,896 INFO L74 IsIncluded]: Start isIncluded. First operand 774 states. Second operand has 678 states, 526 states have (on average 1.5836501901140685) internal successors, (833), 533 states have internal predecessors, (833), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:05:50,897 INFO L87 Difference]: Start difference. First operand 774 states. Second operand has 678 states, 526 states have (on average 1.5836501901140685) internal successors, (833), 533 states have internal predecessors, (833), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:05:50,950 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:50,950 INFO L93 Difference]: Finished difference Result 774 states and 1261 transitions. [2022-02-20 18:05:50,950 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 1261 transitions. [2022-02-20 18:05:50,953 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:50,953 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:50,955 INFO L74 IsIncluded]: Start isIncluded. First operand has 678 states, 526 states have (on average 1.5836501901140685) internal successors, (833), 533 states have internal predecessors, (833), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) Second operand 774 states. [2022-02-20 18:05:50,955 INFO L87 Difference]: Start difference. First operand has 678 states, 526 states have (on average 1.5836501901140685) internal successors, (833), 533 states have internal predecessors, (833), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) Second operand 774 states. [2022-02-20 18:05:50,985 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:50,986 INFO L93 Difference]: Finished difference Result 774 states and 1261 transitions. [2022-02-20 18:05:50,986 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 1261 transitions. [2022-02-20 18:05:50,988 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:50,989 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:50,989 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:50,989 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:50,990 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 678 states, 526 states have (on average 1.5836501901140685) internal successors, (833), 533 states have internal predecessors, (833), 125 states have call successors, (125), 22 states have call predecessors, (125), 26 states have return successors, (146), 124 states have call predecessors, (146), 124 states have call successors, (146) [2022-02-20 18:05:51,015 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 678 states to 678 states and 1104 transitions. [2022-02-20 18:05:51,016 INFO L78 Accepts]: Start accepts. Automaton has 678 states and 1104 transitions. Word has length 112 [2022-02-20 18:05:51,016 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:51,016 INFO L470 AbstractCegarLoop]: Abstraction has 678 states and 1104 transitions. [2022-02-20 18:05:51,017 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 10.6) internal successors, (106), 7 states have internal predecessors, (106), 2 states have call successors, (28), 5 states have call predecessors, (28), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:51,017 INFO L276 IsEmpty]: Start isEmpty. Operand 678 states and 1104 transitions. [2022-02-20 18:05:51,019 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 119 [2022-02-20 18:05:51,019 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:51,019 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:51,038 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:51,222 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:51,225 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:51,225 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:51,225 INFO L85 PathProgramCache]: Analyzing trace with hash 1908706807, now seen corresponding path program 1 times [2022-02-20 18:05:51,225 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:51,225 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1724570779] [2022-02-20 18:05:51,226 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:51,226 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:51,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:51,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,279 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27597#true} #960#return; {27597#true} is VALID [2022-02-20 18:05:51,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:51,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27597#true} #962#return; {27597#true} is VALID [2022-02-20 18:05:51,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:51,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,294 INFO L290 TraceCheckUtils]: 3: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,294 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27597#true} {27597#true} #964#return; {27597#true} is VALID [2022-02-20 18:05:51,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:51,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 3: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,300 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27597#true} {27597#true} #966#return; {27597#true} is VALID [2022-02-20 18:05:51,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:51,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,305 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,305 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume !(2 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,305 INFO L290 TraceCheckUtils]: 3: Hoare triple {27597#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,305 INFO L290 TraceCheckUtils]: 4: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,305 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27597#true} {27597#true} #968#return; {27597#true} is VALID [2022-02-20 18:05:51,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:51,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume !(2 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,308 INFO L290 TraceCheckUtils]: 3: Hoare triple {27597#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,308 INFO L290 TraceCheckUtils]: 4: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,308 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27597#true} {27597#true} #970#return; {27597#true} is VALID [2022-02-20 18:05:51,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:05:51,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {27657#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,315 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27598#false} #948#return; {27598#false} is VALID [2022-02-20 18:05:51,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:05:51,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,318 INFO L290 TraceCheckUtils]: 0: Hoare triple {27597#true} ~handle := #in~handle;havoc ~retValue_acc~17; {27597#true} is VALID [2022-02-20 18:05:51,318 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {27597#true} is VALID [2022-02-20 18:05:51,318 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,318 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27598#false} #906#return; {27598#false} is VALID [2022-02-20 18:05:51,318 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:05:51,319 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {27597#true} ~handle := #in~handle;havoc ~retValue_acc~36; {27597#true} is VALID [2022-02-20 18:05:51,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {27597#true} is VALID [2022-02-20 18:05:51,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,321 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27598#false} #908#return; {27598#false} is VALID [2022-02-20 18:05:51,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:05:51,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {27597#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {27597#true} is VALID [2022-02-20 18:05:51,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle; {27597#true} is VALID [2022-02-20 18:05:51,323 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {27597#true} is VALID [2022-02-20 18:05:51,323 INFO L290 TraceCheckUtils]: 3: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,323 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27597#true} {27598#false} #910#return; {27598#false} is VALID [2022-02-20 18:05:51,323 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:05:51,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {27657#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,326 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27598#false} #916#return; {27598#false} is VALID [2022-02-20 18:05:51,326 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:05:51,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {27597#true} ~handle := #in~handle;havoc ~retValue_acc~39; {27597#true} is VALID [2022-02-20 18:05:51,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {27597#true} is VALID [2022-02-20 18:05:51,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27597#true} {27598#false} #918#return; {27598#false} is VALID [2022-02-20 18:05:51,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {27597#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {27597#true} is VALID [2022-02-20 18:05:51,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {27597#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {27597#true} is VALID [2022-02-20 18:05:51,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {27597#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27597#true} is VALID [2022-02-20 18:05:51,329 INFO L290 TraceCheckUtils]: 3: Hoare triple {27597#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {27597#true} is VALID [2022-02-20 18:05:51,329 INFO L290 TraceCheckUtils]: 4: Hoare triple {27597#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {27597#true} is VALID [2022-02-20 18:05:51,329 INFO L290 TraceCheckUtils]: 5: Hoare triple {27597#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27597#true} is VALID [2022-02-20 18:05:51,329 INFO L272 TraceCheckUtils]: 6: Hoare triple {27597#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:51,330 INFO L290 TraceCheckUtils]: 7: Hoare triple {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,330 INFO L290 TraceCheckUtils]: 8: Hoare triple {27597#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,330 INFO L290 TraceCheckUtils]: 9: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,330 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27597#true} {27597#true} #960#return; {27597#true} is VALID [2022-02-20 18:05:51,330 INFO L290 TraceCheckUtils]: 11: Hoare triple {27597#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27597#true} is VALID [2022-02-20 18:05:51,331 INFO L272 TraceCheckUtils]: 12: Hoare triple {27597#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:51,331 INFO L290 TraceCheckUtils]: 13: Hoare triple {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,331 INFO L290 TraceCheckUtils]: 14: Hoare triple {27597#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,331 INFO L290 TraceCheckUtils]: 15: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,331 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27597#true} {27597#true} #962#return; {27597#true} is VALID [2022-02-20 18:05:51,331 INFO L290 TraceCheckUtils]: 17: Hoare triple {27597#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27597#true} is VALID [2022-02-20 18:05:51,332 INFO L272 TraceCheckUtils]: 18: Hoare triple {27597#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:51,332 INFO L290 TraceCheckUtils]: 19: Hoare triple {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,332 INFO L290 TraceCheckUtils]: 20: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,332 INFO L290 TraceCheckUtils]: 21: Hoare triple {27597#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,332 INFO L290 TraceCheckUtils]: 22: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,332 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27597#true} {27597#true} #964#return; {27597#true} is VALID [2022-02-20 18:05:51,332 INFO L290 TraceCheckUtils]: 24: Hoare triple {27597#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27597#true} is VALID [2022-02-20 18:05:51,333 INFO L272 TraceCheckUtils]: 25: Hoare triple {27597#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:51,333 INFO L290 TraceCheckUtils]: 26: Hoare triple {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,333 INFO L290 TraceCheckUtils]: 27: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,333 INFO L290 TraceCheckUtils]: 28: Hoare triple {27597#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,333 INFO L290 TraceCheckUtils]: 29: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,334 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27597#true} {27597#true} #966#return; {27597#true} is VALID [2022-02-20 18:05:51,334 INFO L290 TraceCheckUtils]: 31: Hoare triple {27597#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27597#true} is VALID [2022-02-20 18:05:51,334 INFO L272 TraceCheckUtils]: 32: Hoare triple {27597#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:51,334 INFO L290 TraceCheckUtils]: 33: Hoare triple {27655#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,334 INFO L290 TraceCheckUtils]: 34: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,334 INFO L290 TraceCheckUtils]: 35: Hoare triple {27597#true} assume !(2 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,335 INFO L290 TraceCheckUtils]: 36: Hoare triple {27597#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,335 INFO L290 TraceCheckUtils]: 37: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,335 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27597#true} {27597#true} #968#return; {27597#true} is VALID [2022-02-20 18:05:51,335 INFO L290 TraceCheckUtils]: 39: Hoare triple {27597#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27597#true} is VALID [2022-02-20 18:05:51,335 INFO L272 TraceCheckUtils]: 40: Hoare triple {27597#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 41: Hoare triple {27656#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 42: Hoare triple {27597#true} assume !(1 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 43: Hoare triple {27597#true} assume !(2 == ~handle); {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 44: Hoare triple {27597#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 45: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27597#true} {27597#true} #970#return; {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 47: Hoare triple {27597#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {27597#true} is VALID [2022-02-20 18:05:51,336 INFO L290 TraceCheckUtils]: 48: Hoare triple {27597#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:05:51,337 INFO L290 TraceCheckUtils]: 49: Hoare triple {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:05:51,337 INFO L290 TraceCheckUtils]: 50: Hoare triple {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:05:51,337 INFO L290 TraceCheckUtils]: 51: Hoare triple {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:05:51,337 INFO L290 TraceCheckUtils]: 52: Hoare triple {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 53: Hoare triple {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 54: Hoare triple {27629#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {27598#false} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 55: Hoare triple {27598#false} assume !(0 == test_~op3~0#1); {27598#false} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 56: Hoare triple {27598#false} assume !(0 == test_~op4~0#1); {27598#false} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 57: Hoare triple {27598#false} assume !(0 == test_~op5~0#1); {27598#false} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 58: Hoare triple {27598#false} assume !(0 == test_~op6~0#1); {27598#false} is VALID [2022-02-20 18:05:51,338 INFO L290 TraceCheckUtils]: 59: Hoare triple {27598#false} assume !(0 == test_~op7~0#1); {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 60: Hoare triple {27598#false} assume !(0 == test_~op8~0#1); {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 61: Hoare triple {27598#false} assume !(0 == test_~op9~0#1); {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 62: Hoare triple {27598#false} assume !(0 == test_~op10~0#1); {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 63: Hoare triple {27598#false} assume !(0 == test_~op11~0#1); {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 64: Hoare triple {27598#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L272 TraceCheckUtils]: 65: Hoare triple {27598#false} call sendEmail(~bob~0, ~rjh~0); {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 66: Hoare triple {27598#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27598#false} is VALID [2022-02-20 18:05:51,339 INFO L272 TraceCheckUtils]: 67: Hoare triple {27598#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27657#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 68: Hoare triple {27657#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,339 INFO L290 TraceCheckUtils]: 69: Hoare triple {27597#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,340 INFO L290 TraceCheckUtils]: 70: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,340 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {27597#true} {27598#false} #948#return; {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L290 TraceCheckUtils]: 72: Hoare triple {27598#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L290 TraceCheckUtils]: 73: Hoare triple {27598#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L290 TraceCheckUtils]: 74: Hoare triple {27598#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L290 TraceCheckUtils]: 75: Hoare triple {27598#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L272 TraceCheckUtils]: 76: Hoare triple {27598#false} call outgoing(~sender#1, ~email~0#1); {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L290 TraceCheckUtils]: 77: Hoare triple {27598#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {27598#false} is VALID [2022-02-20 18:05:51,340 INFO L272 TraceCheckUtils]: 78: Hoare triple {27598#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {27597#true} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 79: Hoare triple {27597#true} ~handle := #in~handle;havoc ~retValue_acc~17; {27597#true} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 80: Hoare triple {27597#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {27597#true} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 81: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,341 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {27597#true} {27598#false} #906#return; {27598#false} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 83: Hoare triple {27598#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {27598#false} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 84: Hoare triple {27598#false} assume 0 == sign_~privkey~1#1; {27598#false} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 85: Hoare triple {27598#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {27598#false} is VALID [2022-02-20 18:05:51,341 INFO L272 TraceCheckUtils]: 86: Hoare triple {27598#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {27597#true} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 87: Hoare triple {27597#true} ~handle := #in~handle;havoc ~retValue_acc~36; {27597#true} is VALID [2022-02-20 18:05:51,341 INFO L290 TraceCheckUtils]: 88: Hoare triple {27597#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L290 TraceCheckUtils]: 89: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {27597#true} {27598#false} #908#return; {27598#false} is VALID [2022-02-20 18:05:51,342 INFO L290 TraceCheckUtils]: 91: Hoare triple {27598#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {27598#false} is VALID [2022-02-20 18:05:51,342 INFO L272 TraceCheckUtils]: 92: Hoare triple {27598#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L290 TraceCheckUtils]: 93: Hoare triple {27597#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L290 TraceCheckUtils]: 94: Hoare triple {27597#true} assume 1 == ~handle; {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L290 TraceCheckUtils]: 95: Hoare triple {27597#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L290 TraceCheckUtils]: 96: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,342 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {27597#true} {27598#false} #910#return; {27598#false} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 98: Hoare triple {27598#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {27598#false} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 99: Hoare triple {27598#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {27598#false} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 100: Hoare triple {27598#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {27598#false} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 101: Hoare triple {27598#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {27598#false} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 102: Hoare triple {27598#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {27598#false} is VALID [2022-02-20 18:05:51,343 INFO L272 TraceCheckUtils]: 103: Hoare triple {27598#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {27657#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 104: Hoare triple {27657#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27597#true} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 105: Hoare triple {27597#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27597#true} is VALID [2022-02-20 18:05:51,343 INFO L290 TraceCheckUtils]: 106: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,343 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {27597#true} {27598#false} #916#return; {27598#false} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 108: Hoare triple {27598#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {27598#false} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 109: Hoare triple {27598#false} assume 0 != ~in_encrypted~0; {27598#false} is VALID [2022-02-20 18:05:51,344 INFO L272 TraceCheckUtils]: 110: Hoare triple {27598#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {27597#true} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 111: Hoare triple {27597#true} ~handle := #in~handle;havoc ~retValue_acc~39; {27597#true} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 112: Hoare triple {27597#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {27597#true} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 113: Hoare triple {27597#true} assume true; {27597#true} is VALID [2022-02-20 18:05:51,344 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {27597#true} {27598#false} #918#return; {27598#false} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 115: Hoare triple {27598#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {27598#false} is VALID [2022-02-20 18:05:51,344 INFO L290 TraceCheckUtils]: 116: Hoare triple {27598#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {27598#false} is VALID [2022-02-20 18:05:51,345 INFO L290 TraceCheckUtils]: 117: Hoare triple {27598#false} assume !false; {27598#false} is VALID [2022-02-20 18:05:51,345 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:51,345 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:51,345 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1724570779] [2022-02-20 18:05:51,345 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1724570779] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:51,345 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:51,345 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:05:51,346 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [322815729] [2022-02-20 18:05:51,346 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:51,346 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 118 [2022-02-20 18:05:51,346 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:51,347 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:51,416 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:51,416 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:05:51,416 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:51,417 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:05:51,417 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:05:51,417 INFO L87 Difference]: Start difference. First operand 678 states and 1104 transitions. Second operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:54,719 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:54,720 INFO L93 Difference]: Finished difference Result 1668 states and 2783 transitions. [2022-02-20 18:05:54,720 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:05:54,720 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 118 [2022-02-20 18:05:54,720 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:54,720 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:54,728 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1161 transitions. [2022-02-20 18:05:54,728 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:54,736 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1161 transitions. [2022-02-20 18:05:54,736 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1161 transitions. [2022-02-20 18:05:55,653 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1161 edges. 1161 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:55,726 INFO L225 Difference]: With dead ends: 1668 [2022-02-20 18:05:55,727 INFO L226 Difference]: Without dead ends: 1058 [2022-02-20 18:05:55,729 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 34 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:55,729 INFO L933 BasicCegarLoop]: 526 mSDtfsCounter, 909 mSDsluCounter, 496 mSDsCounter, 0 mSdLazyCounter, 723 mSolverCounterSat, 311 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 924 SdHoareTripleChecker+Valid, 1022 SdHoareTripleChecker+Invalid, 1034 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 311 IncrementalHoareTripleChecker+Valid, 723 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:55,729 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [924 Valid, 1022 Invalid, 1034 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [311 Valid, 723 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 18:05:55,731 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1058 states. [2022-02-20 18:05:56,213 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1058 to 978. [2022-02-20 18:05:56,213 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:56,215 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1058 states. Second operand has 978 states, 762 states have (on average 1.5984251968503937) internal successors, (1218), 769 states have internal predecessors, (1218), 189 states have call successors, (189), 22 states have call predecessors, (189), 26 states have return successors, (220), 188 states have call predecessors, (220), 188 states have call successors, (220) [2022-02-20 18:05:56,216 INFO L74 IsIncluded]: Start isIncluded. First operand 1058 states. Second operand has 978 states, 762 states have (on average 1.5984251968503937) internal successors, (1218), 769 states have internal predecessors, (1218), 189 states have call successors, (189), 22 states have call predecessors, (189), 26 states have return successors, (220), 188 states have call predecessors, (220), 188 states have call successors, (220) [2022-02-20 18:05:56,218 INFO L87 Difference]: Start difference. First operand 1058 states. Second operand has 978 states, 762 states have (on average 1.5984251968503937) internal successors, (1218), 769 states have internal predecessors, (1218), 189 states have call successors, (189), 22 states have call predecessors, (189), 26 states have return successors, (220), 188 states have call predecessors, (220), 188 states have call successors, (220) [2022-02-20 18:05:56,278 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:56,279 INFO L93 Difference]: Finished difference Result 1058 states and 1779 transitions. [2022-02-20 18:05:56,279 INFO L276 IsEmpty]: Start isEmpty. Operand 1058 states and 1779 transitions. [2022-02-20 18:05:56,283 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:56,284 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:56,286 INFO L74 IsIncluded]: Start isIncluded. First operand has 978 states, 762 states have (on average 1.5984251968503937) internal successors, (1218), 769 states have internal predecessors, (1218), 189 states have call successors, (189), 22 states have call predecessors, (189), 26 states have return successors, (220), 188 states have call predecessors, (220), 188 states have call successors, (220) Second operand 1058 states. [2022-02-20 18:05:56,287 INFO L87 Difference]: Start difference. First operand has 978 states, 762 states have (on average 1.5984251968503937) internal successors, (1218), 769 states have internal predecessors, (1218), 189 states have call successors, (189), 22 states have call predecessors, (189), 26 states have return successors, (220), 188 states have call predecessors, (220), 188 states have call successors, (220) Second operand 1058 states. [2022-02-20 18:05:56,336 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:56,336 INFO L93 Difference]: Finished difference Result 1058 states and 1779 transitions. [2022-02-20 18:05:56,337 INFO L276 IsEmpty]: Start isEmpty. Operand 1058 states and 1779 transitions. [2022-02-20 18:05:56,340 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:56,340 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:56,340 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:56,340 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:56,342 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 978 states, 762 states have (on average 1.5984251968503937) internal successors, (1218), 769 states have internal predecessors, (1218), 189 states have call successors, (189), 22 states have call predecessors, (189), 26 states have return successors, (220), 188 states have call predecessors, (220), 188 states have call successors, (220) [2022-02-20 18:05:56,406 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 978 states to 978 states and 1627 transitions. [2022-02-20 18:05:56,406 INFO L78 Accepts]: Start accepts. Automaton has 978 states and 1627 transitions. Word has length 118 [2022-02-20 18:05:56,406 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:56,406 INFO L470 AbstractCegarLoop]: Abstraction has 978 states and 1627 transitions. [2022-02-20 18:05:56,406 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:56,407 INFO L276 IsEmpty]: Start isEmpty. Operand 978 states and 1627 transitions. [2022-02-20 18:05:56,409 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 120 [2022-02-20 18:05:56,409 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:56,410 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:56,410 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 18:05:56,410 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:56,410 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:56,410 INFO L85 PathProgramCache]: Analyzing trace with hash 315871257, now seen corresponding path program 1 times [2022-02-20 18:05:56,410 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:56,410 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [986678402] [2022-02-20 18:05:56,411 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:56,411 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:56,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,455 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:56,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,458 INFO L290 TraceCheckUtils]: 0: Hoare triple {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,458 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,458 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,458 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33669#true} #960#return; {33669#true} is VALID [2022-02-20 18:05:56,470 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:56,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,473 INFO L290 TraceCheckUtils]: 0: Hoare triple {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,473 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,473 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33669#true} #962#return; {33669#true} is VALID [2022-02-20 18:05:56,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:56,475 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,476 INFO L290 TraceCheckUtils]: 0: Hoare triple {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,477 INFO L290 TraceCheckUtils]: 3: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,477 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {33669#true} {33669#true} #964#return; {33669#true} is VALID [2022-02-20 18:05:56,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:56,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,479 INFO L290 TraceCheckUtils]: 0: Hoare triple {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,479 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,479 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,479 INFO L290 TraceCheckUtils]: 3: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,479 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {33669#true} {33669#true} #966#return; {33669#true} is VALID [2022-02-20 18:05:56,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:56,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,482 INFO L290 TraceCheckUtils]: 0: Hoare triple {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,482 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,482 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume !(2 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,482 INFO L290 TraceCheckUtils]: 3: Hoare triple {33669#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,482 INFO L290 TraceCheckUtils]: 4: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,483 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {33669#true} {33669#true} #968#return; {33669#true} is VALID [2022-02-20 18:05:56,483 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:56,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume !(2 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,487 INFO L290 TraceCheckUtils]: 3: Hoare triple {33669#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,487 INFO L290 TraceCheckUtils]: 4: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,487 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {33669#true} {33669#true} #970#return; {33669#true} is VALID [2022-02-20 18:05:56,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:05:56,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {33729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,495 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33670#false} #948#return; {33670#false} is VALID [2022-02-20 18:05:56,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:56,495 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {33669#true} ~handle := #in~handle;havoc ~retValue_acc~17; {33669#true} is VALID [2022-02-20 18:05:56,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {33669#true} is VALID [2022-02-20 18:05:56,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,498 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33670#false} #906#return; {33670#false} is VALID [2022-02-20 18:05:56,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:05:56,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {33669#true} ~handle := #in~handle;havoc ~retValue_acc~36; {33669#true} is VALID [2022-02-20 18:05:56,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {33669#true} is VALID [2022-02-20 18:05:56,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,500 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33670#false} #908#return; {33670#false} is VALID [2022-02-20 18:05:56,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:05:56,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {33669#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {33669#true} is VALID [2022-02-20 18:05:56,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle; {33669#true} is VALID [2022-02-20 18:05:56,502 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {33669#true} is VALID [2022-02-20 18:05:56,502 INFO L290 TraceCheckUtils]: 3: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,502 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {33669#true} {33670#false} #910#return; {33670#false} is VALID [2022-02-20 18:05:56,502 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:05:56,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {33729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,504 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,505 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33670#false} #916#return; {33670#false} is VALID [2022-02-20 18:05:56,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:05:56,505 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,506 INFO L290 TraceCheckUtils]: 0: Hoare triple {33669#true} ~handle := #in~handle;havoc ~retValue_acc~39; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {33669#true} {33670#false} #918#return; {33670#false} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {33669#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(17, 4);call #Ultimate.allocInit(17, 5);call #Ultimate.allocInit(13, 6);call #Ultimate.allocInit(17, 7);call #Ultimate.allocInit(4, 8);call write~init~int(37, 8, 0, 1);call write~init~int(115, 8, 1, 1);call write~init~int(10, 8, 2, 1);call write~init~int(0, 8, 3, 1);call #Ultimate.allocInit(10, 9);call #Ultimate.allocInit(16, 10);call #Ultimate.allocInit(20, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 1: Hoare triple {33669#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet76#1, main_#t~ret77#1, main_~retValue_acc~28#1, main_~tmp~16#1;assume -2147483648 <= main_#t~nondet76#1 && main_#t~nondet76#1 <= 2147483647;main_~retValue_acc~28#1 := main_#t~nondet76#1;havoc main_#t~nondet76#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {33669#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 3: Hoare triple {33669#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~2#1;havoc valid_product_~retValue_acc~2#1;valid_product_~retValue_acc~2#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~2#1; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 4: Hoare triple {33669#true} main_#t~ret77#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret77#1 && main_#t~ret77#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret77#1;havoc main_#t~ret77#1; {33669#true} is VALID [2022-02-20 18:05:56,507 INFO L290 TraceCheckUtils]: 5: Hoare triple {33669#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet73#1, setup_#t~nondet74#1, setup_#t~nondet75#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {33669#true} is VALID [2022-02-20 18:05:56,508 INFO L272 TraceCheckUtils]: 6: Hoare triple {33669#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:56,508 INFO L290 TraceCheckUtils]: 7: Hoare triple {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,508 INFO L290 TraceCheckUtils]: 8: Hoare triple {33669#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,508 INFO L290 TraceCheckUtils]: 9: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,508 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {33669#true} {33669#true} #960#return; {33669#true} is VALID [2022-02-20 18:05:56,509 INFO L290 TraceCheckUtils]: 11: Hoare triple {33669#true} assume { :end_inline_setup_bob__wrappee__Base } true; {33669#true} is VALID [2022-02-20 18:05:56,509 INFO L272 TraceCheckUtils]: 12: Hoare triple {33669#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:56,509 INFO L290 TraceCheckUtils]: 13: Hoare triple {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,509 INFO L290 TraceCheckUtils]: 14: Hoare triple {33669#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,509 INFO L290 TraceCheckUtils]: 15: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,510 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {33669#true} {33669#true} #962#return; {33669#true} is VALID [2022-02-20 18:05:56,510 INFO L290 TraceCheckUtils]: 17: Hoare triple {33669#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet73#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {33669#true} is VALID [2022-02-20 18:05:56,510 INFO L272 TraceCheckUtils]: 18: Hoare triple {33669#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:56,510 INFO L290 TraceCheckUtils]: 19: Hoare triple {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,510 INFO L290 TraceCheckUtils]: 20: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,510 INFO L290 TraceCheckUtils]: 21: Hoare triple {33669#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,511 INFO L290 TraceCheckUtils]: 22: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,511 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {33669#true} {33669#true} #964#return; {33669#true} is VALID [2022-02-20 18:05:56,511 INFO L290 TraceCheckUtils]: 24: Hoare triple {33669#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {33669#true} is VALID [2022-02-20 18:05:56,512 INFO L272 TraceCheckUtils]: 25: Hoare triple {33669#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:56,512 INFO L290 TraceCheckUtils]: 26: Hoare triple {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,512 INFO L290 TraceCheckUtils]: 27: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,512 INFO L290 TraceCheckUtils]: 28: Hoare triple {33669#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,512 INFO L290 TraceCheckUtils]: 29: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,513 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {33669#true} {33669#true} #966#return; {33669#true} is VALID [2022-02-20 18:05:56,513 INFO L290 TraceCheckUtils]: 31: Hoare triple {33669#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 27, 0;havoc setup_#t~nondet74#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {33669#true} is VALID [2022-02-20 18:05:56,513 INFO L272 TraceCheckUtils]: 32: Hoare triple {33669#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:56,513 INFO L290 TraceCheckUtils]: 33: Hoare triple {33727#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,513 INFO L290 TraceCheckUtils]: 34: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,514 INFO L290 TraceCheckUtils]: 35: Hoare triple {33669#true} assume !(2 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,514 INFO L290 TraceCheckUtils]: 36: Hoare triple {33669#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,514 INFO L290 TraceCheckUtils]: 37: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,514 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {33669#true} {33669#true} #968#return; {33669#true} is VALID [2022-02-20 18:05:56,514 INFO L290 TraceCheckUtils]: 39: Hoare triple {33669#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L272 TraceCheckUtils]: 40: Hoare triple {33669#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 41: Hoare triple {33728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 42: Hoare triple {33669#true} assume !(1 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 43: Hoare triple {33669#true} assume !(2 == ~handle); {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 44: Hoare triple {33669#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 45: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {33669#true} {33669#true} #970#return; {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 47: Hoare triple {33669#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 28, 0;havoc setup_#t~nondet75#1; {33669#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 48: Hoare triple {33669#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,516 INFO L290 TraceCheckUtils]: 49: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,516 INFO L290 TraceCheckUtils]: 50: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,516 INFO L290 TraceCheckUtils]: 51: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,517 INFO L290 TraceCheckUtils]: 52: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,517 INFO L290 TraceCheckUtils]: 53: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,517 INFO L290 TraceCheckUtils]: 54: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,517 INFO L290 TraceCheckUtils]: 55: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 56: Hoare triple {33701#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 57: Hoare triple {33670#false} assume !(0 == test_~op4~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 58: Hoare triple {33670#false} assume !(0 == test_~op5~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 59: Hoare triple {33670#false} assume !(0 == test_~op6~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 60: Hoare triple {33670#false} assume !(0 == test_~op7~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 61: Hoare triple {33670#false} assume !(0 == test_~op8~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 62: Hoare triple {33670#false} assume !(0 == test_~op9~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 63: Hoare triple {33670#false} assume !(0 == test_~op10~0#1); {33670#false} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 64: Hoare triple {33670#false} assume !(0 == test_~op11~0#1); {33670#false} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 65: Hoare triple {33670#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret68#1, bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret68#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret68#1 && bobToRjh_#t~ret68#1 <= 2147483647;havoc bobToRjh_#t~ret68#1; {33670#false} is VALID [2022-02-20 18:05:56,519 INFO L272 TraceCheckUtils]: 66: Hoare triple {33670#false} call sendEmail(~bob~0, ~rjh~0); {33670#false} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 67: Hoare triple {33670#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~6#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~32#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~32#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {33670#false} is VALID [2022-02-20 18:05:56,519 INFO L272 TraceCheckUtils]: 68: Hoare triple {33670#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {33729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 69: Hoare triple {33729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 70: Hoare triple {33669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 71: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,519 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {33669#true} {33670#false} #948#return; {33670#false} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 73: Hoare triple {33670#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {33670#false} is VALID [2022-02-20 18:05:56,519 INFO L290 TraceCheckUtils]: 74: Hoare triple {33670#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {33670#false} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 75: Hoare triple {33670#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~32#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~32#1; {33670#false} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 76: Hoare triple {33670#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~6#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~6#1; {33670#false} is VALID [2022-02-20 18:05:56,520 INFO L272 TraceCheckUtils]: 77: Hoare triple {33670#false} call outgoing(~sender#1, ~email~0#1); {33670#false} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 78: Hoare triple {33670#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret25#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~7#1; {33670#false} is VALID [2022-02-20 18:05:56,520 INFO L272 TraceCheckUtils]: 79: Hoare triple {33670#false} call sign_#t~ret25#1 := getClientPrivateKey(sign_~client#1); {33669#true} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 80: Hoare triple {33669#true} ~handle := #in~handle;havoc ~retValue_acc~17; {33669#true} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 81: Hoare triple {33669#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {33669#true} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 82: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,520 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {33669#true} {33670#false} #906#return; {33670#false} is VALID [2022-02-20 18:05:56,520 INFO L290 TraceCheckUtils]: 84: Hoare triple {33670#false} assume -2147483648 <= sign_#t~ret25#1 && sign_#t~ret25#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret25#1;havoc sign_#t~ret25#1;sign_~privkey~1#1 := sign_~tmp~7#1; {33670#false} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 85: Hoare triple {33670#false} assume 0 == sign_~privkey~1#1; {33670#false} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 86: Hoare triple {33670#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1, outgoing__wrappee__Encrypt_#t~ret16#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~3#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~0#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~3#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~0#1; {33670#false} is VALID [2022-02-20 18:05:56,521 INFO L272 TraceCheckUtils]: 87: Hoare triple {33670#false} call outgoing__wrappee__Encrypt_#t~ret15#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {33669#true} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 88: Hoare triple {33669#true} ~handle := #in~handle;havoc ~retValue_acc~36; {33669#true} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 89: Hoare triple {33669#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {33669#true} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 90: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,521 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {33669#true} {33670#false} #908#return; {33670#false} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 92: Hoare triple {33670#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret15#1 && outgoing__wrappee__Encrypt_#t~ret15#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~3#1 := outgoing__wrappee__Encrypt_#t~ret15#1;havoc outgoing__wrappee__Encrypt_#t~ret15#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~3#1; {33670#false} is VALID [2022-02-20 18:05:56,521 INFO L272 TraceCheckUtils]: 93: Hoare triple {33670#false} call outgoing__wrappee__Encrypt_#t~ret16#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {33669#true} is VALID [2022-02-20 18:05:56,521 INFO L290 TraceCheckUtils]: 94: Hoare triple {33669#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {33669#true} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 95: Hoare triple {33669#true} assume 1 == ~handle; {33669#true} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 96: Hoare triple {33669#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {33669#true} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 97: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,522 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {33669#true} {33670#false} #910#return; {33670#false} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 99: Hoare triple {33670#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret16#1 && outgoing__wrappee__Encrypt_#t~ret16#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~0#1 := outgoing__wrappee__Encrypt_#t~ret16#1;havoc outgoing__wrappee__Encrypt_#t~ret16#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~0#1; {33670#false} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 100: Hoare triple {33670#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {33670#false} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 101: Hoare triple {33670#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret14#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {33670#false} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 102: Hoare triple {33670#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {33670#false} is VALID [2022-02-20 18:05:56,522 INFO L290 TraceCheckUtils]: 103: Hoare triple {33670#false} outgoing__wrappee__Keys_#t~ret14#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret14#1 && outgoing__wrappee__Keys_#t~ret14#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret14#1;havoc outgoing__wrappee__Keys_#t~ret14#1; {33670#false} is VALID [2022-02-20 18:05:56,522 INFO L272 TraceCheckUtils]: 104: Hoare triple {33670#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {33729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 105: Hoare triple {33729#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {33669#true} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 106: Hoare triple {33669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {33669#true} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 107: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,523 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {33669#true} {33670#false} #916#return; {33670#false} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 109: Hoare triple {33670#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret12#1, mail_#t~ret13#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1, __utac_acc__EncryptForward_spec__2_#t~nondet8#1, __utac_acc__EncryptForward_spec__2_#t~ret9#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~0#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~0#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret7#1 && __utac_acc__EncryptForward_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret7#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~0#1.offset := 7, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet8#1; {33670#false} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 110: Hoare triple {33670#false} assume 0 != ~in_encrypted~0; {33670#false} is VALID [2022-02-20 18:05:56,523 INFO L272 TraceCheckUtils]: 111: Hoare triple {33670#false} call __utac_acc__EncryptForward_spec__2_#t~ret9#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {33669#true} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 112: Hoare triple {33669#true} ~handle := #in~handle;havoc ~retValue_acc~39; {33669#true} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 113: Hoare triple {33669#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {33669#true} is VALID [2022-02-20 18:05:56,523 INFO L290 TraceCheckUtils]: 114: Hoare triple {33669#true} assume true; {33669#true} is VALID [2022-02-20 18:05:56,524 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {33669#true} {33670#false} #918#return; {33670#false} is VALID [2022-02-20 18:05:56,524 INFO L290 TraceCheckUtils]: 116: Hoare triple {33670#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret9#1 && __utac_acc__EncryptForward_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~0#1 := __utac_acc__EncryptForward_spec__2_#t~ret9#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret9#1; {33670#false} is VALID [2022-02-20 18:05:56,524 INFO L290 TraceCheckUtils]: 117: Hoare triple {33670#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {33670#false} is VALID [2022-02-20 18:05:56,524 INFO L290 TraceCheckUtils]: 118: Hoare triple {33670#false} assume !false; {33670#false} is VALID [2022-02-20 18:05:56,524 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:56,524 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:56,524 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [986678402] [2022-02-20 18:05:56,525 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [986678402] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:56,525 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:56,525 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:05:56,525 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1669994149] [2022-02-20 18:05:56,525 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:56,525 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.333333333333334) internal successors, (80), 3 states have internal predecessors, (80), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 119 [2022-02-20 18:05:56,526 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:56,526 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.333333333333334) internal successors, (80), 3 states have internal predecessors, (80), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:05:56,591 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:56,591 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:05:56,591 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:56,591 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:05:56,591 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:05:56,591 INFO L87 Difference]: Start difference. First operand 978 states and 1627 transitions. Second operand has 6 states, 6 states have (on average 13.333333333333334) internal successors, (80), 3 states have internal predecessors, (80), 2 states have call successors, (14), 5 states have call predecessors, (14), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)