./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec9_product30.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec9_product30.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash e931bf8fe4413228ccd3caf40302412c554842907046b600d394a87eb5d13e97 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:05:02,614 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:05:02,616 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:05:02,638 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:05:02,638 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:05:02,639 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:05:02,640 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:05:02,641 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:05:02,642 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:05:02,643 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:05:02,644 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:05:02,644 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:05:02,645 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:05:02,645 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:05:02,646 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:05:02,647 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:05:02,647 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:05:02,648 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:05:02,649 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:05:02,650 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:05:02,651 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:05:02,656 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:05:02,657 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:05:02,659 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:05:02,660 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:05:02,661 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:05:02,661 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:05:02,661 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:05:02,662 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:05:02,662 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:05:02,662 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:05:02,663 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:05:02,663 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:05:02,664 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:05:02,665 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:05:02,665 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:05:02,665 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:05:02,665 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:05:02,666 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:05:02,666 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:05:02,667 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:05:02,668 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:05:02,682 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:05:02,695 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:05:02,695 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:05:02,696 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:05:02,696 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:05:02,696 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:05:02,697 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:05:02,697 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:05:02,697 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:05:02,697 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:05:02,698 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:05:02,698 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:05:02,698 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:05:02,698 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:05:02,698 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:05:02,699 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:05:02,699 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:05:02,699 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:05:02,699 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:05:02,699 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:05:02,699 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:05:02,700 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:05:02,700 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:05:02,700 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:05:02,700 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:02,700 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:05:02,700 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:05:02,701 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:05:02,701 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:05:02,702 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:05:02,702 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:05:02,702 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:05:02,702 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:05:02,702 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> e931bf8fe4413228ccd3caf40302412c554842907046b600d394a87eb5d13e97 [2022-02-20 18:05:02,887 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:05:02,909 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:05:02,911 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:05:02,911 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:05:02,912 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:05:02,913 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec9_product30.cil.c [2022-02-20 18:05:02,960 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e22f1d1e5/424768b7e2454367848f63288e74d3d5/FLAGcda5181ea [2022-02-20 18:05:03,443 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:05:03,444 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product30.cil.c [2022-02-20 18:05:03,467 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e22f1d1e5/424768b7e2454367848f63288e74d3d5/FLAGcda5181ea [2022-02-20 18:05:03,951 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e22f1d1e5/424768b7e2454367848f63288e74d3d5 [2022-02-20 18:05:03,953 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:05:03,954 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:05:03,955 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:03,955 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:05:03,958 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:05:03,959 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:03" (1/1) ... [2022-02-20 18:05:03,960 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1c07fde0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:03, skipping insertion in model container [2022-02-20 18:05:03,960 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:03" (1/1) ... [2022-02-20 18:05:03,964 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:05:03,998 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:05:04,371 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product30.cil.c[41508,41521] [2022-02-20 18:05:04,423 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:04,435 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:05:04,506 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product30.cil.c[41508,41521] [2022-02-20 18:05:04,541 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:04,567 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:05:04,567 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04 WrapperNode [2022-02-20 18:05:04,567 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:04,568 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:04,568 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:05:04,569 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:05:04,573 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,595 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,659 INFO L137 Inliner]: procedures = 132, calls = 223, calls flagged for inlining = 61, calls inlined = 51, statements flattened = 923 [2022-02-20 18:05:04,660 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:04,660 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:05:04,660 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:05:04,660 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:05:04,682 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,682 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,686 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,686 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,708 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,715 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,718 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,723 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:05:04,723 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:05:04,723 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:05:04,724 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:05:04,724 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (1/1) ... [2022-02-20 18:05:04,758 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:04,766 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:04,796 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:05:04,802 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:05:04,830 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:05:04,831 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:05:04,831 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:05:04,831 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:05:04,831 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:05:04,831 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:05:04,831 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:05:04,831 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:05:04,831 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:05:04,832 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:05:04,832 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:05:04,832 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:05:04,832 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:05:04,833 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:05:04,833 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:05:04,833 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:05:04,833 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:05:04,833 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:05:04,833 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:05:04,833 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:05:04,833 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:05:04,833 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:05:04,834 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:05:04,834 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:05:04,834 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:05:04,834 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:05:04,834 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:05:04,834 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:05:04,834 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:05:04,834 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:05:04,835 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:05:04,835 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:05:04,835 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:05:04,835 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:05:04,835 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:05:04,835 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:05:04,835 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:05:04,835 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:05:04,835 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:05:04,836 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:05:04,836 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:05:04,836 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:05:04,836 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:05:04,836 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:05:04,836 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:05:04,836 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:05:04,836 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:05:04,836 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:05:04,837 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:05:04,837 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:05:04,837 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:05:05,053 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:05:05,055 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:05:05,772 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:05:05,783 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:05:05,784 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:05:05,786 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:05 BoogieIcfgContainer [2022-02-20 18:05:05,786 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:05:05,788 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:05:05,788 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:05:05,792 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:05:05,792 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:05:03" (1/3) ... [2022-02-20 18:05:05,793 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4a6ed5d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:05, skipping insertion in model container [2022-02-20 18:05:05,793 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:04" (2/3) ... [2022-02-20 18:05:05,793 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4a6ed5d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:05, skipping insertion in model container [2022-02-20 18:05:05,794 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:05" (3/3) ... [2022-02-20 18:05:05,795 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec9_product30.cil.c [2022-02-20 18:05:05,798 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:05:05,799 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:05:05,840 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:05:05,846 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:05:05,847 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:05:05,871 INFO L276 IsEmpty]: Start isEmpty. Operand has 348 states, 270 states have (on average 1.5148148148148148) internal successors, (409), 274 states have internal predecessors, (409), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:05:05,882 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-02-20 18:05:05,882 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:05,883 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:05,884 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:05,888 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:05,889 INFO L85 PathProgramCache]: Analyzing trace with hash 2031054471, now seen corresponding path program 1 times [2022-02-20 18:05:05,895 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:05,896 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [372066630] [2022-02-20 18:05:05,896 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:05,897 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:06,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:06,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,229 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {351#true} #1020#return; {351#true} is VALID [2022-02-20 18:05:06,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:06,241 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,247 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {351#true} #1022#return; {351#true} is VALID [2022-02-20 18:05:06,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:06,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {409#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:06,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {409#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {410#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {410#(= |setClientId_#in~handle| 1)} assume true; {410#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,276 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {410#(= |setClientId_#in~handle| 1)} {361#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {352#false} is VALID [2022-02-20 18:05:06,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:06,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,283 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #1026#return; {352#false} is VALID [2022-02-20 18:05:06,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:06,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #1028#return; {352#false} is VALID [2022-02-20 18:05:06,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:06,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,307 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #1030#return; {352#false} is VALID [2022-02-20 18:05:06,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:05:06,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {411#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,326 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #1006#return; {352#false} is VALID [2022-02-20 18:05:06,337 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:05:06,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {412#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,345 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #1008#return; {352#false} is VALID [2022-02-20 18:05:06,345 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:06,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {351#true} ~handle := #in~handle;havoc ~retValue_acc~19; {351#true} is VALID [2022-02-20 18:05:06,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {351#true} is VALID [2022-02-20 18:05:06,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #960#return; {352#false} is VALID [2022-02-20 18:05:06,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:05:06,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,354 INFO L290 TraceCheckUtils]: 0: Hoare triple {351#true} ~handle := #in~handle;havoc ~retValue_acc~33; {351#true} is VALID [2022-02-20 18:05:06,355 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {351#true} is VALID [2022-02-20 18:05:06,355 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,355 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #962#return; {352#false} is VALID [2022-02-20 18:05:06,355 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:05:06,358 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {351#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {351#true} is VALID [2022-02-20 18:05:06,362 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle; {351#true} is VALID [2022-02-20 18:05:06,362 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {351#true} is VALID [2022-02-20 18:05:06,362 INFO L290 TraceCheckUtils]: 3: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,363 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {351#true} {352#false} #964#return; {352#false} is VALID [2022-02-20 18:05:06,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:05:06,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {411#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,383 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #970#return; {352#false} is VALID [2022-02-20 18:05:06,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:05:06,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {351#true} ~handle := #in~handle;havoc ~retValue_acc~36; {351#true} is VALID [2022-02-20 18:05:06,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {351#true} is VALID [2022-02-20 18:05:06,391 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,392 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {351#true} {352#false} #972#return; {352#false} is VALID [2022-02-20 18:05:06,395 INFO L290 TraceCheckUtils]: 0: Hoare triple {351#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {351#true} is VALID [2022-02-20 18:05:06,396 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {351#true} is VALID [2022-02-20 18:05:06,396 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {351#true} is VALID [2022-02-20 18:05:06,396 INFO L290 TraceCheckUtils]: 3: Hoare triple {351#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {351#true} is VALID [2022-02-20 18:05:06,397 INFO L290 TraceCheckUtils]: 4: Hoare triple {351#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {351#true} is VALID [2022-02-20 18:05:06,397 INFO L290 TraceCheckUtils]: 5: Hoare triple {351#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {351#true} is VALID [2022-02-20 18:05:06,398 INFO L272 TraceCheckUtils]: 6: Hoare triple {351#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:06,398 INFO L290 TraceCheckUtils]: 7: Hoare triple {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,399 INFO L290 TraceCheckUtils]: 8: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,399 INFO L290 TraceCheckUtils]: 9: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,399 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {351#true} {351#true} #1020#return; {351#true} is VALID [2022-02-20 18:05:06,399 INFO L290 TraceCheckUtils]: 11: Hoare triple {351#true} assume { :end_inline_setup_bob__wrappee__Base } true; {351#true} is VALID [2022-02-20 18:05:06,400 INFO L272 TraceCheckUtils]: 12: Hoare triple {351#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:06,401 INFO L290 TraceCheckUtils]: 13: Hoare triple {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,401 INFO L290 TraceCheckUtils]: 14: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,401 INFO L290 TraceCheckUtils]: 15: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,401 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {351#true} {351#true} #1022#return; {351#true} is VALID [2022-02-20 18:05:06,403 INFO L290 TraceCheckUtils]: 17: Hoare triple {351#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {361#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:06,404 INFO L272 TraceCheckUtils]: 18: Hoare triple {361#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:06,405 INFO L290 TraceCheckUtils]: 19: Hoare triple {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {409#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:06,405 INFO L290 TraceCheckUtils]: 20: Hoare triple {409#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {410#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,406 INFO L290 TraceCheckUtils]: 21: Hoare triple {410#(= |setClientId_#in~handle| 1)} assume true; {410#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:06,407 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {410#(= |setClientId_#in~handle| 1)} {361#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {352#false} is VALID [2022-02-20 18:05:06,407 INFO L290 TraceCheckUtils]: 23: Hoare triple {352#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {352#false} is VALID [2022-02-20 18:05:06,407 INFO L272 TraceCheckUtils]: 24: Hoare triple {352#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:06,407 INFO L290 TraceCheckUtils]: 25: Hoare triple {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,407 INFO L290 TraceCheckUtils]: 26: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,408 INFO L290 TraceCheckUtils]: 27: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,409 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {351#true} {352#false} #1026#return; {352#false} is VALID [2022-02-20 18:05:06,409 INFO L290 TraceCheckUtils]: 29: Hoare triple {352#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {352#false} is VALID [2022-02-20 18:05:06,409 INFO L272 TraceCheckUtils]: 30: Hoare triple {352#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:06,409 INFO L290 TraceCheckUtils]: 31: Hoare triple {407#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,410 INFO L290 TraceCheckUtils]: 32: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,410 INFO L290 TraceCheckUtils]: 33: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,410 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {351#true} {352#false} #1028#return; {352#false} is VALID [2022-02-20 18:05:06,410 INFO L290 TraceCheckUtils]: 35: Hoare triple {352#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {352#false} is VALID [2022-02-20 18:05:06,410 INFO L272 TraceCheckUtils]: 36: Hoare triple {352#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:06,410 INFO L290 TraceCheckUtils]: 37: Hoare triple {408#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,411 INFO L290 TraceCheckUtils]: 38: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,411 INFO L290 TraceCheckUtils]: 39: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,411 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {351#true} {352#false} #1030#return; {352#false} is VALID [2022-02-20 18:05:06,411 INFO L290 TraceCheckUtils]: 41: Hoare triple {352#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {352#false} is VALID [2022-02-20 18:05:06,412 INFO L290 TraceCheckUtils]: 42: Hoare triple {352#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {352#false} is VALID [2022-02-20 18:05:06,412 INFO L290 TraceCheckUtils]: 43: Hoare triple {352#false} assume false; {352#false} is VALID [2022-02-20 18:05:06,412 INFO L290 TraceCheckUtils]: 44: Hoare triple {352#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {352#false} is VALID [2022-02-20 18:05:06,412 INFO L272 TraceCheckUtils]: 45: Hoare triple {352#false} call sendEmail(~bob~0, ~rjh~0); {352#false} is VALID [2022-02-20 18:05:06,414 INFO L290 TraceCheckUtils]: 46: Hoare triple {352#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {352#false} is VALID [2022-02-20 18:05:06,414 INFO L272 TraceCheckUtils]: 47: Hoare triple {352#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {411#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:06,414 INFO L290 TraceCheckUtils]: 48: Hoare triple {411#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,415 INFO L290 TraceCheckUtils]: 49: Hoare triple {351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,415 INFO L290 TraceCheckUtils]: 50: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,415 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {351#true} {352#false} #1006#return; {352#false} is VALID [2022-02-20 18:05:06,415 INFO L272 TraceCheckUtils]: 52: Hoare triple {352#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {412#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:06,415 INFO L290 TraceCheckUtils]: 53: Hoare triple {412#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,416 INFO L290 TraceCheckUtils]: 54: Hoare triple {351#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,417 INFO L290 TraceCheckUtils]: 55: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,417 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {351#true} {352#false} #1008#return; {352#false} is VALID [2022-02-20 18:05:06,417 INFO L290 TraceCheckUtils]: 57: Hoare triple {352#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {352#false} is VALID [2022-02-20 18:05:06,418 INFO L290 TraceCheckUtils]: 58: Hoare triple {352#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {352#false} is VALID [2022-02-20 18:05:06,418 INFO L272 TraceCheckUtils]: 59: Hoare triple {352#false} call outgoing(~sender#1, ~email~0#1); {352#false} is VALID [2022-02-20 18:05:06,425 INFO L290 TraceCheckUtils]: 60: Hoare triple {352#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {352#false} is VALID [2022-02-20 18:05:06,425 INFO L272 TraceCheckUtils]: 61: Hoare triple {352#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {351#true} is VALID [2022-02-20 18:05:06,427 INFO L290 TraceCheckUtils]: 62: Hoare triple {351#true} ~handle := #in~handle;havoc ~retValue_acc~19; {351#true} is VALID [2022-02-20 18:05:06,427 INFO L290 TraceCheckUtils]: 63: Hoare triple {351#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {351#true} is VALID [2022-02-20 18:05:06,427 INFO L290 TraceCheckUtils]: 64: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,428 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {351#true} {352#false} #960#return; {352#false} is VALID [2022-02-20 18:05:06,428 INFO L290 TraceCheckUtils]: 66: Hoare triple {352#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {352#false} is VALID [2022-02-20 18:05:06,428 INFO L290 TraceCheckUtils]: 67: Hoare triple {352#false} assume 0 == sign_~privkey~1#1; {352#false} is VALID [2022-02-20 18:05:06,429 INFO L290 TraceCheckUtils]: 68: Hoare triple {352#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {352#false} is VALID [2022-02-20 18:05:06,429 INFO L272 TraceCheckUtils]: 69: Hoare triple {352#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {351#true} is VALID [2022-02-20 18:05:06,429 INFO L290 TraceCheckUtils]: 70: Hoare triple {351#true} ~handle := #in~handle;havoc ~retValue_acc~33; {351#true} is VALID [2022-02-20 18:05:06,430 INFO L290 TraceCheckUtils]: 71: Hoare triple {351#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {351#true} is VALID [2022-02-20 18:05:06,430 INFO L290 TraceCheckUtils]: 72: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,430 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {351#true} {352#false} #962#return; {352#false} is VALID [2022-02-20 18:05:06,430 INFO L290 TraceCheckUtils]: 74: Hoare triple {352#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {352#false} is VALID [2022-02-20 18:05:06,431 INFO L272 TraceCheckUtils]: 75: Hoare triple {352#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {351#true} is VALID [2022-02-20 18:05:06,434 INFO L290 TraceCheckUtils]: 76: Hoare triple {351#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {351#true} is VALID [2022-02-20 18:05:06,435 INFO L290 TraceCheckUtils]: 77: Hoare triple {351#true} assume 1 == ~handle; {351#true} is VALID [2022-02-20 18:05:06,435 INFO L290 TraceCheckUtils]: 78: Hoare triple {351#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {351#true} is VALID [2022-02-20 18:05:06,435 INFO L290 TraceCheckUtils]: 79: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,435 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {351#true} {352#false} #964#return; {352#false} is VALID [2022-02-20 18:05:06,435 INFO L290 TraceCheckUtils]: 81: Hoare triple {352#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {352#false} is VALID [2022-02-20 18:05:06,436 INFO L290 TraceCheckUtils]: 82: Hoare triple {352#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {352#false} is VALID [2022-02-20 18:05:06,436 INFO L290 TraceCheckUtils]: 83: Hoare triple {352#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {352#false} is VALID [2022-02-20 18:05:06,436 INFO L290 TraceCheckUtils]: 84: Hoare triple {352#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {352#false} is VALID [2022-02-20 18:05:06,436 INFO L290 TraceCheckUtils]: 85: Hoare triple {352#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {352#false} is VALID [2022-02-20 18:05:06,436 INFO L272 TraceCheckUtils]: 86: Hoare triple {352#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {411#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:06,437 INFO L290 TraceCheckUtils]: 87: Hoare triple {411#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,437 INFO L290 TraceCheckUtils]: 88: Hoare triple {351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,437 INFO L290 TraceCheckUtils]: 89: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,437 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {351#true} {352#false} #970#return; {352#false} is VALID [2022-02-20 18:05:06,437 INFO L290 TraceCheckUtils]: 91: Hoare triple {352#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {352#false} is VALID [2022-02-20 18:05:06,438 INFO L290 TraceCheckUtils]: 92: Hoare triple {352#false} assume 0 != ~in_encrypted~0; {352#false} is VALID [2022-02-20 18:05:06,438 INFO L272 TraceCheckUtils]: 93: Hoare triple {352#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {351#true} is VALID [2022-02-20 18:05:06,438 INFO L290 TraceCheckUtils]: 94: Hoare triple {351#true} ~handle := #in~handle;havoc ~retValue_acc~36; {351#true} is VALID [2022-02-20 18:05:06,438 INFO L290 TraceCheckUtils]: 95: Hoare triple {351#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {351#true} is VALID [2022-02-20 18:05:06,440 INFO L290 TraceCheckUtils]: 96: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,441 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {351#true} {352#false} #972#return; {352#false} is VALID [2022-02-20 18:05:06,441 INFO L290 TraceCheckUtils]: 98: Hoare triple {352#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {352#false} is VALID [2022-02-20 18:05:06,441 INFO L290 TraceCheckUtils]: 99: Hoare triple {352#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {352#false} is VALID [2022-02-20 18:05:06,441 INFO L290 TraceCheckUtils]: 100: Hoare triple {352#false} assume !false; {352#false} is VALID [2022-02-20 18:05:06,442 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:05:06,442 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:06,442 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [372066630] [2022-02-20 18:05:06,443 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [372066630] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:06,444 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1867191631] [2022-02-20 18:05:06,444 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:06,445 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:06,445 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:06,446 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:06,447 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:05:06,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,720 INFO L263 TraceCheckSpWp]: Trace formula consists of 1062 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:05:06,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:06,777 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:06,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {351#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {351#true} is VALID [2022-02-20 18:05:06,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {351#true} is VALID [2022-02-20 18:05:06,988 INFO L290 TraceCheckUtils]: 2: Hoare triple {351#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {351#true} is VALID [2022-02-20 18:05:06,988 INFO L290 TraceCheckUtils]: 3: Hoare triple {351#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {351#true} is VALID [2022-02-20 18:05:06,988 INFO L290 TraceCheckUtils]: 4: Hoare triple {351#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {351#true} is VALID [2022-02-20 18:05:06,989 INFO L290 TraceCheckUtils]: 5: Hoare triple {351#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {351#true} is VALID [2022-02-20 18:05:06,989 INFO L272 TraceCheckUtils]: 6: Hoare triple {351#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {351#true} is VALID [2022-02-20 18:05:06,989 INFO L290 TraceCheckUtils]: 7: Hoare triple {351#true} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,989 INFO L290 TraceCheckUtils]: 8: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,989 INFO L290 TraceCheckUtils]: 9: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,989 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {351#true} {351#true} #1020#return; {351#true} is VALID [2022-02-20 18:05:06,990 INFO L290 TraceCheckUtils]: 11: Hoare triple {351#true} assume { :end_inline_setup_bob__wrappee__Base } true; {351#true} is VALID [2022-02-20 18:05:06,990 INFO L272 TraceCheckUtils]: 12: Hoare triple {351#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {351#true} is VALID [2022-02-20 18:05:06,990 INFO L290 TraceCheckUtils]: 13: Hoare triple {351#true} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,990 INFO L290 TraceCheckUtils]: 14: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,990 INFO L290 TraceCheckUtils]: 15: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,990 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {351#true} {351#true} #1022#return; {351#true} is VALID [2022-02-20 18:05:06,992 INFO L290 TraceCheckUtils]: 17: Hoare triple {351#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {351#true} is VALID [2022-02-20 18:05:06,992 INFO L272 TraceCheckUtils]: 18: Hoare triple {351#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {351#true} is VALID [2022-02-20 18:05:06,992 INFO L290 TraceCheckUtils]: 19: Hoare triple {351#true} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,992 INFO L290 TraceCheckUtils]: 20: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,993 INFO L290 TraceCheckUtils]: 21: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,993 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {351#true} {351#true} #1024#return; {351#true} is VALID [2022-02-20 18:05:06,993 INFO L290 TraceCheckUtils]: 23: Hoare triple {351#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {351#true} is VALID [2022-02-20 18:05:06,993 INFO L272 TraceCheckUtils]: 24: Hoare triple {351#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {351#true} is VALID [2022-02-20 18:05:06,993 INFO L290 TraceCheckUtils]: 25: Hoare triple {351#true} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,993 INFO L290 TraceCheckUtils]: 26: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,994 INFO L290 TraceCheckUtils]: 27: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,994 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {351#true} {351#true} #1026#return; {351#true} is VALID [2022-02-20 18:05:06,994 INFO L290 TraceCheckUtils]: 29: Hoare triple {351#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {351#true} is VALID [2022-02-20 18:05:06,994 INFO L272 TraceCheckUtils]: 30: Hoare triple {351#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {351#true} is VALID [2022-02-20 18:05:06,994 INFO L290 TraceCheckUtils]: 31: Hoare triple {351#true} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,994 INFO L290 TraceCheckUtils]: 32: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,995 INFO L290 TraceCheckUtils]: 33: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,995 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {351#true} {351#true} #1028#return; {351#true} is VALID [2022-02-20 18:05:06,995 INFO L290 TraceCheckUtils]: 35: Hoare triple {351#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {351#true} is VALID [2022-02-20 18:05:06,995 INFO L272 TraceCheckUtils]: 36: Hoare triple {351#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {351#true} is VALID [2022-02-20 18:05:06,995 INFO L290 TraceCheckUtils]: 37: Hoare triple {351#true} ~handle := #in~handle;~value := #in~value; {351#true} is VALID [2022-02-20 18:05:06,995 INFO L290 TraceCheckUtils]: 38: Hoare triple {351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {351#true} is VALID [2022-02-20 18:05:06,995 INFO L290 TraceCheckUtils]: 39: Hoare triple {351#true} assume true; {351#true} is VALID [2022-02-20 18:05:06,996 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {351#true} {351#true} #1030#return; {351#true} is VALID [2022-02-20 18:05:06,996 INFO L290 TraceCheckUtils]: 41: Hoare triple {351#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {351#true} is VALID [2022-02-20 18:05:06,998 INFO L290 TraceCheckUtils]: 42: Hoare triple {351#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {351#true} is VALID [2022-02-20 18:05:06,999 INFO L290 TraceCheckUtils]: 43: Hoare triple {351#true} assume false; {352#false} is VALID [2022-02-20 18:05:06,999 INFO L290 TraceCheckUtils]: 44: Hoare triple {352#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {352#false} is VALID [2022-02-20 18:05:07,000 INFO L272 TraceCheckUtils]: 45: Hoare triple {352#false} call sendEmail(~bob~0, ~rjh~0); {352#false} is VALID [2022-02-20 18:05:07,000 INFO L290 TraceCheckUtils]: 46: Hoare triple {352#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {352#false} is VALID [2022-02-20 18:05:07,000 INFO L272 TraceCheckUtils]: 47: Hoare triple {352#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {352#false} is VALID [2022-02-20 18:05:07,000 INFO L290 TraceCheckUtils]: 48: Hoare triple {352#false} ~handle := #in~handle;~value := #in~value; {352#false} is VALID [2022-02-20 18:05:07,001 INFO L290 TraceCheckUtils]: 49: Hoare triple {352#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {352#false} is VALID [2022-02-20 18:05:07,001 INFO L290 TraceCheckUtils]: 50: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,001 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {352#false} {352#false} #1006#return; {352#false} is VALID [2022-02-20 18:05:07,001 INFO L272 TraceCheckUtils]: 52: Hoare triple {352#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {352#false} is VALID [2022-02-20 18:05:07,001 INFO L290 TraceCheckUtils]: 53: Hoare triple {352#false} ~handle := #in~handle;~value := #in~value; {352#false} is VALID [2022-02-20 18:05:07,001 INFO L290 TraceCheckUtils]: 54: Hoare triple {352#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {352#false} is VALID [2022-02-20 18:05:07,002 INFO L290 TraceCheckUtils]: 55: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,002 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {352#false} {352#false} #1008#return; {352#false} is VALID [2022-02-20 18:05:07,002 INFO L290 TraceCheckUtils]: 57: Hoare triple {352#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {352#false} is VALID [2022-02-20 18:05:07,002 INFO L290 TraceCheckUtils]: 58: Hoare triple {352#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {352#false} is VALID [2022-02-20 18:05:07,002 INFO L272 TraceCheckUtils]: 59: Hoare triple {352#false} call outgoing(~sender#1, ~email~0#1); {352#false} is VALID [2022-02-20 18:05:07,002 INFO L290 TraceCheckUtils]: 60: Hoare triple {352#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {352#false} is VALID [2022-02-20 18:05:07,002 INFO L272 TraceCheckUtils]: 61: Hoare triple {352#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {352#false} is VALID [2022-02-20 18:05:07,003 INFO L290 TraceCheckUtils]: 62: Hoare triple {352#false} ~handle := #in~handle;havoc ~retValue_acc~19; {352#false} is VALID [2022-02-20 18:05:07,003 INFO L290 TraceCheckUtils]: 63: Hoare triple {352#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {352#false} is VALID [2022-02-20 18:05:07,003 INFO L290 TraceCheckUtils]: 64: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,003 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {352#false} {352#false} #960#return; {352#false} is VALID [2022-02-20 18:05:07,003 INFO L290 TraceCheckUtils]: 66: Hoare triple {352#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {352#false} is VALID [2022-02-20 18:05:07,003 INFO L290 TraceCheckUtils]: 67: Hoare triple {352#false} assume 0 == sign_~privkey~1#1; {352#false} is VALID [2022-02-20 18:05:07,004 INFO L290 TraceCheckUtils]: 68: Hoare triple {352#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {352#false} is VALID [2022-02-20 18:05:07,004 INFO L272 TraceCheckUtils]: 69: Hoare triple {352#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {352#false} is VALID [2022-02-20 18:05:07,004 INFO L290 TraceCheckUtils]: 70: Hoare triple {352#false} ~handle := #in~handle;havoc ~retValue_acc~33; {352#false} is VALID [2022-02-20 18:05:07,004 INFO L290 TraceCheckUtils]: 71: Hoare triple {352#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {352#false} is VALID [2022-02-20 18:05:07,004 INFO L290 TraceCheckUtils]: 72: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,005 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {352#false} {352#false} #962#return; {352#false} is VALID [2022-02-20 18:05:07,005 INFO L290 TraceCheckUtils]: 74: Hoare triple {352#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {352#false} is VALID [2022-02-20 18:05:07,005 INFO L272 TraceCheckUtils]: 75: Hoare triple {352#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {352#false} is VALID [2022-02-20 18:05:07,005 INFO L290 TraceCheckUtils]: 76: Hoare triple {352#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {352#false} is VALID [2022-02-20 18:05:07,005 INFO L290 TraceCheckUtils]: 77: Hoare triple {352#false} assume 1 == ~handle; {352#false} is VALID [2022-02-20 18:05:07,005 INFO L290 TraceCheckUtils]: 78: Hoare triple {352#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {352#false} is VALID [2022-02-20 18:05:07,006 INFO L290 TraceCheckUtils]: 79: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,006 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {352#false} {352#false} #964#return; {352#false} is VALID [2022-02-20 18:05:07,006 INFO L290 TraceCheckUtils]: 81: Hoare triple {352#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {352#false} is VALID [2022-02-20 18:05:07,010 INFO L290 TraceCheckUtils]: 82: Hoare triple {352#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {352#false} is VALID [2022-02-20 18:05:07,010 INFO L290 TraceCheckUtils]: 83: Hoare triple {352#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {352#false} is VALID [2022-02-20 18:05:07,011 INFO L290 TraceCheckUtils]: 84: Hoare triple {352#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {352#false} is VALID [2022-02-20 18:05:07,011 INFO L290 TraceCheckUtils]: 85: Hoare triple {352#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {352#false} is VALID [2022-02-20 18:05:07,014 INFO L272 TraceCheckUtils]: 86: Hoare triple {352#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {352#false} is VALID [2022-02-20 18:05:07,015 INFO L290 TraceCheckUtils]: 87: Hoare triple {352#false} ~handle := #in~handle;~value := #in~value; {352#false} is VALID [2022-02-20 18:05:07,015 INFO L290 TraceCheckUtils]: 88: Hoare triple {352#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {352#false} is VALID [2022-02-20 18:05:07,016 INFO L290 TraceCheckUtils]: 89: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,016 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {352#false} {352#false} #970#return; {352#false} is VALID [2022-02-20 18:05:07,016 INFO L290 TraceCheckUtils]: 91: Hoare triple {352#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {352#false} is VALID [2022-02-20 18:05:07,017 INFO L290 TraceCheckUtils]: 92: Hoare triple {352#false} assume 0 != ~in_encrypted~0; {352#false} is VALID [2022-02-20 18:05:07,017 INFO L272 TraceCheckUtils]: 93: Hoare triple {352#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {352#false} is VALID [2022-02-20 18:05:07,018 INFO L290 TraceCheckUtils]: 94: Hoare triple {352#false} ~handle := #in~handle;havoc ~retValue_acc~36; {352#false} is VALID [2022-02-20 18:05:07,018 INFO L290 TraceCheckUtils]: 95: Hoare triple {352#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {352#false} is VALID [2022-02-20 18:05:07,018 INFO L290 TraceCheckUtils]: 96: Hoare triple {352#false} assume true; {352#false} is VALID [2022-02-20 18:05:07,018 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {352#false} {352#false} #972#return; {352#false} is VALID [2022-02-20 18:05:07,019 INFO L290 TraceCheckUtils]: 98: Hoare triple {352#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {352#false} is VALID [2022-02-20 18:05:07,019 INFO L290 TraceCheckUtils]: 99: Hoare triple {352#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {352#false} is VALID [2022-02-20 18:05:07,019 INFO L290 TraceCheckUtils]: 100: Hoare triple {352#false} assume !false; {352#false} is VALID [2022-02-20 18:05:07,020 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:07,020 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:07,021 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1867191631] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:07,021 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:07,021 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:05:07,023 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [595774648] [2022-02-20 18:05:07,024 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:07,029 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 18:05:07,031 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:07,034 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:07,097 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:07,098 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:05:07,098 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:07,111 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:05:07,112 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:07,115 INFO L87 Difference]: Start difference. First operand has 348 states, 270 states have (on average 1.5148148148148148) internal successors, (409), 274 states have internal predecessors, (409), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) Second operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:07,422 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:07,423 INFO L93 Difference]: Finished difference Result 542 states and 784 transitions. [2022-02-20 18:05:07,423 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:05:07,424 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 18:05:07,424 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:07,426 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:07,454 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 784 transitions. [2022-02-20 18:05:07,454 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:07,465 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 784 transitions. [2022-02-20 18:05:07,466 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 784 transitions. [2022-02-20 18:05:07,978 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 784 edges. 784 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:07,997 INFO L225 Difference]: With dead ends: 542 [2022-02-20 18:05:07,998 INFO L226 Difference]: Without dead ends: 341 [2022-02-20 18:05:08,002 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:08,004 INFO L933 BasicCegarLoop]: 511 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 511 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:08,005 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 511 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:08,018 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 341 states. [2022-02-20 18:05:08,065 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 341 to 341. [2022-02-20 18:05:08,066 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:08,071 INFO L82 GeneralOperation]: Start isEquivalent. First operand 341 states. Second operand has 341 states, 264 states have (on average 1.5075757575757576) internal successors, (398), 267 states have internal predecessors, (398), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:08,074 INFO L74 IsIncluded]: Start isIncluded. First operand 341 states. Second operand has 341 states, 264 states have (on average 1.5075757575757576) internal successors, (398), 267 states have internal predecessors, (398), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:08,075 INFO L87 Difference]: Start difference. First operand 341 states. Second operand has 341 states, 264 states have (on average 1.5075757575757576) internal successors, (398), 267 states have internal predecessors, (398), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:08,092 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:08,093 INFO L93 Difference]: Finished difference Result 341 states and 503 transitions. [2022-02-20 18:05:08,093 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 503 transitions. [2022-02-20 18:05:08,099 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:08,099 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:08,102 INFO L74 IsIncluded]: Start isIncluded. First operand has 341 states, 264 states have (on average 1.5075757575757576) internal successors, (398), 267 states have internal predecessors, (398), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 341 states. [2022-02-20 18:05:08,103 INFO L87 Difference]: Start difference. First operand has 341 states, 264 states have (on average 1.5075757575757576) internal successors, (398), 267 states have internal predecessors, (398), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 341 states. [2022-02-20 18:05:08,114 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:08,114 INFO L93 Difference]: Finished difference Result 341 states and 503 transitions. [2022-02-20 18:05:08,114 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 503 transitions. [2022-02-20 18:05:08,115 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:08,115 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:08,115 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:08,116 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:08,117 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 264 states have (on average 1.5075757575757576) internal successors, (398), 267 states have internal predecessors, (398), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:08,129 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 503 transitions. [2022-02-20 18:05:08,130 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 503 transitions. Word has length 101 [2022-02-20 18:05:08,131 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:08,131 INFO L470 AbstractCegarLoop]: Abstraction has 341 states and 503 transitions. [2022-02-20 18:05:08,132 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:08,132 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 503 transitions. [2022-02-20 18:05:08,135 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 18:05:08,135 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:08,135 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:08,156 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:08,347 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:05:08,348 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:08,348 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:08,348 INFO L85 PathProgramCache]: Analyzing trace with hash -574775984, now seen corresponding path program 1 times [2022-02-20 18:05:08,348 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:08,348 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [691882657] [2022-02-20 18:05:08,349 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:08,349 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:08,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:08,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,407 INFO L290 TraceCheckUtils]: 0: Hoare triple {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,408 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,408 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,408 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2623#true} #1020#return; {2623#true} is VALID [2022-02-20 18:05:08,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:08,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2623#true} #1022#return; {2623#true} is VALID [2022-02-20 18:05:08,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:08,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2681#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:08,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {2681#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2682#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {2682#(= |setClientId_#in~handle| 1)} assume true; {2682#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,432 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2682#(= |setClientId_#in~handle| 1)} {2633#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {2624#false} is VALID [2022-02-20 18:05:08,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:08,433 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,439 INFO L290 TraceCheckUtils]: 0: Hoare triple {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,440 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,440 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,440 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #1026#return; {2624#false} is VALID [2022-02-20 18:05:08,440 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:08,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,446 INFO L290 TraceCheckUtils]: 0: Hoare triple {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,447 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,447 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,447 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #1028#return; {2624#false} is VALID [2022-02-20 18:05:08,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:08,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,452 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #1030#return; {2624#false} is VALID [2022-02-20 18:05:08,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:05:08,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {2683#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,466 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #1006#return; {2624#false} is VALID [2022-02-20 18:05:08,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:05:08,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {2684#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,477 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,477 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #1008#return; {2624#false} is VALID [2022-02-20 18:05:08,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:05:08,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {2623#true} ~handle := #in~handle;havoc ~retValue_acc~19; {2623#true} is VALID [2022-02-20 18:05:08,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {2623#true} is VALID [2022-02-20 18:05:08,481 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,481 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #960#return; {2624#false} is VALID [2022-02-20 18:05:08,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:05:08,482 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,483 INFO L290 TraceCheckUtils]: 0: Hoare triple {2623#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2623#true} is VALID [2022-02-20 18:05:08,484 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2623#true} is VALID [2022-02-20 18:05:08,484 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,484 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #962#return; {2624#false} is VALID [2022-02-20 18:05:08,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:05:08,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {2623#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {2623#true} is VALID [2022-02-20 18:05:08,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle; {2623#true} is VALID [2022-02-20 18:05:08,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {2623#true} is VALID [2022-02-20 18:05:08,491 INFO L290 TraceCheckUtils]: 3: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,491 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2623#true} {2624#false} #964#return; {2624#false} is VALID [2022-02-20 18:05:08,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:05:08,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,495 INFO L290 TraceCheckUtils]: 0: Hoare triple {2683#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,495 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,495 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #970#return; {2624#false} is VALID [2022-02-20 18:05:08,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:05:08,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {2623#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2623#true} is VALID [2022-02-20 18:05:08,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2623#true} is VALID [2022-02-20 18:05:08,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,498 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2623#true} {2624#false} #972#return; {2624#false} is VALID [2022-02-20 18:05:08,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {2623#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2623#true} is VALID [2022-02-20 18:05:08,499 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2623#true} is VALID [2022-02-20 18:05:08,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2623#true} is VALID [2022-02-20 18:05:08,519 INFO L290 TraceCheckUtils]: 3: Hoare triple {2623#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {2623#true} is VALID [2022-02-20 18:05:08,519 INFO L290 TraceCheckUtils]: 4: Hoare triple {2623#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2623#true} is VALID [2022-02-20 18:05:08,519 INFO L290 TraceCheckUtils]: 5: Hoare triple {2623#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2623#true} is VALID [2022-02-20 18:05:08,520 INFO L272 TraceCheckUtils]: 6: Hoare triple {2623#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:08,520 INFO L290 TraceCheckUtils]: 7: Hoare triple {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,521 INFO L290 TraceCheckUtils]: 8: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,521 INFO L290 TraceCheckUtils]: 9: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,521 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2623#true} {2623#true} #1020#return; {2623#true} is VALID [2022-02-20 18:05:08,521 INFO L290 TraceCheckUtils]: 11: Hoare triple {2623#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2623#true} is VALID [2022-02-20 18:05:08,521 INFO L272 TraceCheckUtils]: 12: Hoare triple {2623#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:08,522 INFO L290 TraceCheckUtils]: 13: Hoare triple {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,522 INFO L290 TraceCheckUtils]: 14: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,522 INFO L290 TraceCheckUtils]: 15: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,522 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2623#true} {2623#true} #1022#return; {2623#true} is VALID [2022-02-20 18:05:08,527 INFO L290 TraceCheckUtils]: 17: Hoare triple {2623#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2633#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:08,527 INFO L272 TraceCheckUtils]: 18: Hoare triple {2633#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:08,528 INFO L290 TraceCheckUtils]: 19: Hoare triple {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2681#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:08,528 INFO L290 TraceCheckUtils]: 20: Hoare triple {2681#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2682#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,528 INFO L290 TraceCheckUtils]: 21: Hoare triple {2682#(= |setClientId_#in~handle| 1)} assume true; {2682#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:08,529 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2682#(= |setClientId_#in~handle| 1)} {2633#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {2624#false} is VALID [2022-02-20 18:05:08,529 INFO L290 TraceCheckUtils]: 23: Hoare triple {2624#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2624#false} is VALID [2022-02-20 18:05:08,529 INFO L272 TraceCheckUtils]: 24: Hoare triple {2624#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:08,529 INFO L290 TraceCheckUtils]: 25: Hoare triple {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,529 INFO L290 TraceCheckUtils]: 26: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,530 INFO L290 TraceCheckUtils]: 27: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,530 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2623#true} {2624#false} #1026#return; {2624#false} is VALID [2022-02-20 18:05:08,530 INFO L290 TraceCheckUtils]: 29: Hoare triple {2624#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2624#false} is VALID [2022-02-20 18:05:08,530 INFO L272 TraceCheckUtils]: 30: Hoare triple {2624#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:08,530 INFO L290 TraceCheckUtils]: 31: Hoare triple {2679#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,530 INFO L290 TraceCheckUtils]: 32: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,530 INFO L290 TraceCheckUtils]: 33: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,530 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2623#true} {2624#false} #1028#return; {2624#false} is VALID [2022-02-20 18:05:08,531 INFO L290 TraceCheckUtils]: 35: Hoare triple {2624#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2624#false} is VALID [2022-02-20 18:05:08,531 INFO L272 TraceCheckUtils]: 36: Hoare triple {2624#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:08,531 INFO L290 TraceCheckUtils]: 37: Hoare triple {2680#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,531 INFO L290 TraceCheckUtils]: 38: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,531 INFO L290 TraceCheckUtils]: 39: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,531 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2623#true} {2624#false} #1030#return; {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L290 TraceCheckUtils]: 41: Hoare triple {2624#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L290 TraceCheckUtils]: 42: Hoare triple {2624#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L290 TraceCheckUtils]: 43: Hoare triple {2624#false} assume !false; {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L290 TraceCheckUtils]: 44: Hoare triple {2624#false} assume !(test_~splverifierCounter~0#1 < 4); {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L290 TraceCheckUtils]: 45: Hoare triple {2624#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L272 TraceCheckUtils]: 46: Hoare triple {2624#false} call sendEmail(~bob~0, ~rjh~0); {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L290 TraceCheckUtils]: 47: Hoare triple {2624#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2624#false} is VALID [2022-02-20 18:05:08,532 INFO L272 TraceCheckUtils]: 48: Hoare triple {2624#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2683#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:08,533 INFO L290 TraceCheckUtils]: 49: Hoare triple {2683#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,533 INFO L290 TraceCheckUtils]: 50: Hoare triple {2623#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,533 INFO L290 TraceCheckUtils]: 51: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,533 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2623#true} {2624#false} #1006#return; {2624#false} is VALID [2022-02-20 18:05:08,533 INFO L272 TraceCheckUtils]: 53: Hoare triple {2624#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2684#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:08,533 INFO L290 TraceCheckUtils]: 54: Hoare triple {2684#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,534 INFO L290 TraceCheckUtils]: 55: Hoare triple {2623#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,534 INFO L290 TraceCheckUtils]: 56: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,535 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2623#true} {2624#false} #1008#return; {2624#false} is VALID [2022-02-20 18:05:08,535 INFO L290 TraceCheckUtils]: 58: Hoare triple {2624#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {2624#false} is VALID [2022-02-20 18:05:08,537 INFO L290 TraceCheckUtils]: 59: Hoare triple {2624#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {2624#false} is VALID [2022-02-20 18:05:08,537 INFO L272 TraceCheckUtils]: 60: Hoare triple {2624#false} call outgoing(~sender#1, ~email~0#1); {2624#false} is VALID [2022-02-20 18:05:08,537 INFO L290 TraceCheckUtils]: 61: Hoare triple {2624#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {2624#false} is VALID [2022-02-20 18:05:08,538 INFO L272 TraceCheckUtils]: 62: Hoare triple {2624#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {2623#true} is VALID [2022-02-20 18:05:08,538 INFO L290 TraceCheckUtils]: 63: Hoare triple {2623#true} ~handle := #in~handle;havoc ~retValue_acc~19; {2623#true} is VALID [2022-02-20 18:05:08,538 INFO L290 TraceCheckUtils]: 64: Hoare triple {2623#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {2623#true} is VALID [2022-02-20 18:05:08,538 INFO L290 TraceCheckUtils]: 65: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,538 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2623#true} {2624#false} #960#return; {2624#false} is VALID [2022-02-20 18:05:08,538 INFO L290 TraceCheckUtils]: 67: Hoare triple {2624#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {2624#false} is VALID [2022-02-20 18:05:08,538 INFO L290 TraceCheckUtils]: 68: Hoare triple {2624#false} assume 0 == sign_~privkey~1#1; {2624#false} is VALID [2022-02-20 18:05:08,538 INFO L290 TraceCheckUtils]: 69: Hoare triple {2624#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {2624#false} is VALID [2022-02-20 18:05:08,539 INFO L272 TraceCheckUtils]: 70: Hoare triple {2624#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2623#true} is VALID [2022-02-20 18:05:08,539 INFO L290 TraceCheckUtils]: 71: Hoare triple {2623#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2623#true} is VALID [2022-02-20 18:05:08,539 INFO L290 TraceCheckUtils]: 72: Hoare triple {2623#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2623#true} is VALID [2022-02-20 18:05:08,539 INFO L290 TraceCheckUtils]: 73: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,539 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2623#true} {2624#false} #962#return; {2624#false} is VALID [2022-02-20 18:05:08,539 INFO L290 TraceCheckUtils]: 75: Hoare triple {2624#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {2624#false} is VALID [2022-02-20 18:05:08,539 INFO L272 TraceCheckUtils]: 76: Hoare triple {2624#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2623#true} is VALID [2022-02-20 18:05:08,539 INFO L290 TraceCheckUtils]: 77: Hoare triple {2623#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {2623#true} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 78: Hoare triple {2623#true} assume 1 == ~handle; {2623#true} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 79: Hoare triple {2623#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {2623#true} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 80: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,540 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2623#true} {2624#false} #964#return; {2624#false} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 82: Hoare triple {2624#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {2624#false} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 83: Hoare triple {2624#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2624#false} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 84: Hoare triple {2624#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {2624#false} is VALID [2022-02-20 18:05:08,540 INFO L290 TraceCheckUtils]: 85: Hoare triple {2624#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {2624#false} is VALID [2022-02-20 18:05:08,541 INFO L290 TraceCheckUtils]: 86: Hoare triple {2624#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {2624#false} is VALID [2022-02-20 18:05:08,541 INFO L272 TraceCheckUtils]: 87: Hoare triple {2624#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {2683#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:08,541 INFO L290 TraceCheckUtils]: 88: Hoare triple {2683#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:08,541 INFO L290 TraceCheckUtils]: 89: Hoare triple {2623#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:08,541 INFO L290 TraceCheckUtils]: 90: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,541 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2623#true} {2624#false} #970#return; {2624#false} is VALID [2022-02-20 18:05:08,541 INFO L290 TraceCheckUtils]: 92: Hoare triple {2624#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {2624#false} is VALID [2022-02-20 18:05:08,541 INFO L290 TraceCheckUtils]: 93: Hoare triple {2624#false} assume 0 != ~in_encrypted~0; {2624#false} is VALID [2022-02-20 18:05:08,542 INFO L272 TraceCheckUtils]: 94: Hoare triple {2624#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {2623#true} is VALID [2022-02-20 18:05:08,542 INFO L290 TraceCheckUtils]: 95: Hoare triple {2623#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2623#true} is VALID [2022-02-20 18:05:08,542 INFO L290 TraceCheckUtils]: 96: Hoare triple {2623#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2623#true} is VALID [2022-02-20 18:05:08,542 INFO L290 TraceCheckUtils]: 97: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:08,542 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2623#true} {2624#false} #972#return; {2624#false} is VALID [2022-02-20 18:05:08,542 INFO L290 TraceCheckUtils]: 99: Hoare triple {2624#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {2624#false} is VALID [2022-02-20 18:05:08,542 INFO L290 TraceCheckUtils]: 100: Hoare triple {2624#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {2624#false} is VALID [2022-02-20 18:05:08,542 INFO L290 TraceCheckUtils]: 101: Hoare triple {2624#false} assume !false; {2624#false} is VALID [2022-02-20 18:05:08,543 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:05:08,543 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:08,543 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [691882657] [2022-02-20 18:05:08,546 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [691882657] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:08,546 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [53541036] [2022-02-20 18:05:08,547 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:08,547 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:08,547 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:08,552 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:08,554 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:05:08,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,795 INFO L263 TraceCheckSpWp]: Trace formula consists of 1063 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:05:08,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:08,845 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:09,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {2623#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2623#true} is VALID [2022-02-20 18:05:09,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {2623#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2623#true} is VALID [2022-02-20 18:05:09,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {2623#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2623#true} is VALID [2022-02-20 18:05:09,030 INFO L290 TraceCheckUtils]: 3: Hoare triple {2623#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {2623#true} is VALID [2022-02-20 18:05:09,031 INFO L290 TraceCheckUtils]: 4: Hoare triple {2623#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2623#true} is VALID [2022-02-20 18:05:09,031 INFO L290 TraceCheckUtils]: 5: Hoare triple {2623#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2623#true} is VALID [2022-02-20 18:05:09,031 INFO L272 TraceCheckUtils]: 6: Hoare triple {2623#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2623#true} is VALID [2022-02-20 18:05:09,031 INFO L290 TraceCheckUtils]: 7: Hoare triple {2623#true} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:09,031 INFO L290 TraceCheckUtils]: 8: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:09,031 INFO L290 TraceCheckUtils]: 9: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:09,032 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2623#true} {2623#true} #1020#return; {2623#true} is VALID [2022-02-20 18:05:09,032 INFO L290 TraceCheckUtils]: 11: Hoare triple {2623#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2623#true} is VALID [2022-02-20 18:05:09,032 INFO L272 TraceCheckUtils]: 12: Hoare triple {2623#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2623#true} is VALID [2022-02-20 18:05:09,032 INFO L290 TraceCheckUtils]: 13: Hoare triple {2623#true} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:09,032 INFO L290 TraceCheckUtils]: 14: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:09,032 INFO L290 TraceCheckUtils]: 15: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:09,033 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2623#true} {2623#true} #1022#return; {2623#true} is VALID [2022-02-20 18:05:09,033 INFO L290 TraceCheckUtils]: 17: Hoare triple {2623#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2623#true} is VALID [2022-02-20 18:05:09,033 INFO L272 TraceCheckUtils]: 18: Hoare triple {2623#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2623#true} is VALID [2022-02-20 18:05:09,033 INFO L290 TraceCheckUtils]: 19: Hoare triple {2623#true} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:09,033 INFO L290 TraceCheckUtils]: 20: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:09,033 INFO L290 TraceCheckUtils]: 21: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:09,034 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2623#true} {2623#true} #1024#return; {2623#true} is VALID [2022-02-20 18:05:09,034 INFO L290 TraceCheckUtils]: 23: Hoare triple {2623#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2623#true} is VALID [2022-02-20 18:05:09,034 INFO L272 TraceCheckUtils]: 24: Hoare triple {2623#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2623#true} is VALID [2022-02-20 18:05:09,034 INFO L290 TraceCheckUtils]: 25: Hoare triple {2623#true} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:09,034 INFO L290 TraceCheckUtils]: 26: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:09,034 INFO L290 TraceCheckUtils]: 27: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2623#true} {2623#true} #1026#return; {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L290 TraceCheckUtils]: 29: Hoare triple {2623#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L272 TraceCheckUtils]: 30: Hoare triple {2623#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L290 TraceCheckUtils]: 31: Hoare triple {2623#true} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L290 TraceCheckUtils]: 32: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L290 TraceCheckUtils]: 33: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:09,035 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2623#true} {2623#true} #1028#return; {2623#true} is VALID [2022-02-20 18:05:09,036 INFO L290 TraceCheckUtils]: 35: Hoare triple {2623#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2623#true} is VALID [2022-02-20 18:05:09,036 INFO L272 TraceCheckUtils]: 36: Hoare triple {2623#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2623#true} is VALID [2022-02-20 18:05:09,036 INFO L290 TraceCheckUtils]: 37: Hoare triple {2623#true} ~handle := #in~handle;~value := #in~value; {2623#true} is VALID [2022-02-20 18:05:09,036 INFO L290 TraceCheckUtils]: 38: Hoare triple {2623#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2623#true} is VALID [2022-02-20 18:05:09,036 INFO L290 TraceCheckUtils]: 39: Hoare triple {2623#true} assume true; {2623#true} is VALID [2022-02-20 18:05:09,036 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2623#true} {2623#true} #1030#return; {2623#true} is VALID [2022-02-20 18:05:09,037 INFO L290 TraceCheckUtils]: 41: Hoare triple {2623#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2623#true} is VALID [2022-02-20 18:05:09,037 INFO L290 TraceCheckUtils]: 42: Hoare triple {2623#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2814#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:09,038 INFO L290 TraceCheckUtils]: 43: Hoare triple {2814#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2814#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:09,038 INFO L290 TraceCheckUtils]: 44: Hoare triple {2814#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2624#false} is VALID [2022-02-20 18:05:09,038 INFO L290 TraceCheckUtils]: 45: Hoare triple {2624#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2624#false} is VALID [2022-02-20 18:05:09,038 INFO L272 TraceCheckUtils]: 46: Hoare triple {2624#false} call sendEmail(~bob~0, ~rjh~0); {2624#false} is VALID [2022-02-20 18:05:09,039 INFO L290 TraceCheckUtils]: 47: Hoare triple {2624#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2624#false} is VALID [2022-02-20 18:05:09,039 INFO L272 TraceCheckUtils]: 48: Hoare triple {2624#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2624#false} is VALID [2022-02-20 18:05:09,039 INFO L290 TraceCheckUtils]: 49: Hoare triple {2624#false} ~handle := #in~handle;~value := #in~value; {2624#false} is VALID [2022-02-20 18:05:09,039 INFO L290 TraceCheckUtils]: 50: Hoare triple {2624#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2624#false} is VALID [2022-02-20 18:05:09,039 INFO L290 TraceCheckUtils]: 51: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,039 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2624#false} {2624#false} #1006#return; {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L272 TraceCheckUtils]: 53: Hoare triple {2624#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L290 TraceCheckUtils]: 54: Hoare triple {2624#false} ~handle := #in~handle;~value := #in~value; {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L290 TraceCheckUtils]: 55: Hoare triple {2624#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L290 TraceCheckUtils]: 56: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2624#false} {2624#false} #1008#return; {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L290 TraceCheckUtils]: 58: Hoare triple {2624#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {2624#false} is VALID [2022-02-20 18:05:09,040 INFO L290 TraceCheckUtils]: 59: Hoare triple {2624#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {2624#false} is VALID [2022-02-20 18:05:09,041 INFO L272 TraceCheckUtils]: 60: Hoare triple {2624#false} call outgoing(~sender#1, ~email~0#1); {2624#false} is VALID [2022-02-20 18:05:09,041 INFO L290 TraceCheckUtils]: 61: Hoare triple {2624#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {2624#false} is VALID [2022-02-20 18:05:09,041 INFO L272 TraceCheckUtils]: 62: Hoare triple {2624#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {2624#false} is VALID [2022-02-20 18:05:09,041 INFO L290 TraceCheckUtils]: 63: Hoare triple {2624#false} ~handle := #in~handle;havoc ~retValue_acc~19; {2624#false} is VALID [2022-02-20 18:05:09,041 INFO L290 TraceCheckUtils]: 64: Hoare triple {2624#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {2624#false} is VALID [2022-02-20 18:05:09,041 INFO L290 TraceCheckUtils]: 65: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2624#false} {2624#false} #960#return; {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L290 TraceCheckUtils]: 67: Hoare triple {2624#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L290 TraceCheckUtils]: 68: Hoare triple {2624#false} assume 0 == sign_~privkey~1#1; {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L290 TraceCheckUtils]: 69: Hoare triple {2624#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L272 TraceCheckUtils]: 70: Hoare triple {2624#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L290 TraceCheckUtils]: 71: Hoare triple {2624#false} ~handle := #in~handle;havoc ~retValue_acc~33; {2624#false} is VALID [2022-02-20 18:05:09,042 INFO L290 TraceCheckUtils]: 72: Hoare triple {2624#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2624#false} is VALID [2022-02-20 18:05:09,043 INFO L290 TraceCheckUtils]: 73: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,043 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2624#false} {2624#false} #962#return; {2624#false} is VALID [2022-02-20 18:05:09,043 INFO L290 TraceCheckUtils]: 75: Hoare triple {2624#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {2624#false} is VALID [2022-02-20 18:05:09,043 INFO L272 TraceCheckUtils]: 76: Hoare triple {2624#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2624#false} is VALID [2022-02-20 18:05:09,043 INFO L290 TraceCheckUtils]: 77: Hoare triple {2624#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {2624#false} is VALID [2022-02-20 18:05:09,043 INFO L290 TraceCheckUtils]: 78: Hoare triple {2624#false} assume 1 == ~handle; {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L290 TraceCheckUtils]: 79: Hoare triple {2624#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L290 TraceCheckUtils]: 80: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2624#false} {2624#false} #964#return; {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L290 TraceCheckUtils]: 82: Hoare triple {2624#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L290 TraceCheckUtils]: 83: Hoare triple {2624#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L290 TraceCheckUtils]: 84: Hoare triple {2624#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {2624#false} is VALID [2022-02-20 18:05:09,044 INFO L290 TraceCheckUtils]: 85: Hoare triple {2624#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {2624#false} is VALID [2022-02-20 18:05:09,045 INFO L290 TraceCheckUtils]: 86: Hoare triple {2624#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {2624#false} is VALID [2022-02-20 18:05:09,045 INFO L272 TraceCheckUtils]: 87: Hoare triple {2624#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {2624#false} is VALID [2022-02-20 18:05:09,045 INFO L290 TraceCheckUtils]: 88: Hoare triple {2624#false} ~handle := #in~handle;~value := #in~value; {2624#false} is VALID [2022-02-20 18:05:09,045 INFO L290 TraceCheckUtils]: 89: Hoare triple {2624#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2624#false} is VALID [2022-02-20 18:05:09,045 INFO L290 TraceCheckUtils]: 90: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,045 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2624#false} {2624#false} #970#return; {2624#false} is VALID [2022-02-20 18:05:09,046 INFO L290 TraceCheckUtils]: 92: Hoare triple {2624#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {2624#false} is VALID [2022-02-20 18:05:09,046 INFO L290 TraceCheckUtils]: 93: Hoare triple {2624#false} assume 0 != ~in_encrypted~0; {2624#false} is VALID [2022-02-20 18:05:09,046 INFO L272 TraceCheckUtils]: 94: Hoare triple {2624#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {2624#false} is VALID [2022-02-20 18:05:09,046 INFO L290 TraceCheckUtils]: 95: Hoare triple {2624#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2624#false} is VALID [2022-02-20 18:05:09,046 INFO L290 TraceCheckUtils]: 96: Hoare triple {2624#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2624#false} is VALID [2022-02-20 18:05:09,046 INFO L290 TraceCheckUtils]: 97: Hoare triple {2624#false} assume true; {2624#false} is VALID [2022-02-20 18:05:09,047 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2624#false} {2624#false} #972#return; {2624#false} is VALID [2022-02-20 18:05:09,047 INFO L290 TraceCheckUtils]: 99: Hoare triple {2624#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {2624#false} is VALID [2022-02-20 18:05:09,047 INFO L290 TraceCheckUtils]: 100: Hoare triple {2624#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {2624#false} is VALID [2022-02-20 18:05:09,047 INFO L290 TraceCheckUtils]: 101: Hoare triple {2624#false} assume !false; {2624#false} is VALID [2022-02-20 18:05:09,047 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:09,048 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:09,048 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [53541036] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:09,048 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:09,048 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:05:09,048 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [408918817] [2022-02-20 18:05:09,048 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:09,050 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 18:05:09,050 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:09,051 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:09,106 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:09,106 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:09,107 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:09,107 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:09,107 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:09,108 INFO L87 Difference]: Start difference. First operand 341 states and 503 transitions. Second operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:09,556 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:09,557 INFO L93 Difference]: Finished difference Result 532 states and 765 transitions. [2022-02-20 18:05:09,557 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:09,557 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 18:05:09,557 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:09,558 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:09,565 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 765 transitions. [2022-02-20 18:05:09,565 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:09,572 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 765 transitions. [2022-02-20 18:05:09,573 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 765 transitions. [2022-02-20 18:05:10,090 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 765 edges. 765 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:10,099 INFO L225 Difference]: With dead ends: 532 [2022-02-20 18:05:10,099 INFO L226 Difference]: Without dead ends: 344 [2022-02-20 18:05:10,100 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:10,101 INFO L933 BasicCegarLoop]: 501 mSDtfsCounter, 1 mSDsluCounter, 499 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1000 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:10,101 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1000 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:10,102 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 344 states. [2022-02-20 18:05:10,111 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 344 to 343. [2022-02-20 18:05:10,111 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:10,112 INFO L82 GeneralOperation]: Start isEquivalent. First operand 344 states. Second operand has 343 states, 266 states have (on average 1.5037593984962405) internal successors, (400), 269 states have internal predecessors, (400), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:10,112 INFO L74 IsIncluded]: Start isIncluded. First operand 344 states. Second operand has 343 states, 266 states have (on average 1.5037593984962405) internal successors, (400), 269 states have internal predecessors, (400), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:10,113 INFO L87 Difference]: Start difference. First operand 344 states. Second operand has 343 states, 266 states have (on average 1.5037593984962405) internal successors, (400), 269 states have internal predecessors, (400), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:10,124 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:10,124 INFO L93 Difference]: Finished difference Result 344 states and 506 transitions. [2022-02-20 18:05:10,124 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 506 transitions. [2022-02-20 18:05:10,125 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:10,125 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:10,126 INFO L74 IsIncluded]: Start isIncluded. First operand has 343 states, 266 states have (on average 1.5037593984962405) internal successors, (400), 269 states have internal predecessors, (400), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 344 states. [2022-02-20 18:05:10,127 INFO L87 Difference]: Start difference. First operand has 343 states, 266 states have (on average 1.5037593984962405) internal successors, (400), 269 states have internal predecessors, (400), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 344 states. [2022-02-20 18:05:10,137 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:10,138 INFO L93 Difference]: Finished difference Result 344 states and 506 transitions. [2022-02-20 18:05:10,138 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 506 transitions. [2022-02-20 18:05:10,139 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:10,139 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:10,139 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:10,139 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:10,140 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 343 states, 266 states have (on average 1.5037593984962405) internal successors, (400), 269 states have internal predecessors, (400), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 18:05:10,151 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 343 states to 343 states and 505 transitions. [2022-02-20 18:05:10,152 INFO L78 Accepts]: Start accepts. Automaton has 343 states and 505 transitions. Word has length 102 [2022-02-20 18:05:10,152 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:10,152 INFO L470 AbstractCegarLoop]: Abstraction has 343 states and 505 transitions. [2022-02-20 18:05:10,152 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:10,152 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 505 transitions. [2022-02-20 18:05:10,153 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:05:10,153 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:10,154 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:10,173 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:10,363 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:05:10,364 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:10,364 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:10,364 INFO L85 PathProgramCache]: Analyzing trace with hash 1701758514, now seen corresponding path program 1 times [2022-02-20 18:05:10,364 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:10,365 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [260765001] [2022-02-20 18:05:10,365 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:10,365 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:10,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:10,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,438 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4892#true} #1020#return; {4892#true} is VALID [2022-02-20 18:05:10,442 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:10,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,445 INFO L290 TraceCheckUtils]: 0: Hoare triple {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,445 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,446 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4892#true} #1022#return; {4892#true} is VALID [2022-02-20 18:05:10,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:10,447 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,458 INFO L290 TraceCheckUtils]: 0: Hoare triple {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4950#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:10,459 INFO L290 TraceCheckUtils]: 1: Hoare triple {4950#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4951#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,459 INFO L290 TraceCheckUtils]: 2: Hoare triple {4951#(= |setClientId_#in~handle| 1)} assume true; {4951#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,460 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4951#(= |setClientId_#in~handle| 1)} {4902#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {4893#false} is VALID [2022-02-20 18:05:10,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:10,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,464 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #1026#return; {4893#false} is VALID [2022-02-20 18:05:10,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:10,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,468 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,468 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #1028#return; {4893#false} is VALID [2022-02-20 18:05:10,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:10,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,471 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,472 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,472 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #1030#return; {4893#false} is VALID [2022-02-20 18:05:10,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:05:10,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {4952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #1006#return; {4893#false} is VALID [2022-02-20 18:05:10,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:05:10,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {4953#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,489 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,489 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,489 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #1008#return; {4893#false} is VALID [2022-02-20 18:05:10,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:05:10,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {4892#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4892#true} is VALID [2022-02-20 18:05:10,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {4892#true} is VALID [2022-02-20 18:05:10,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #960#return; {4893#false} is VALID [2022-02-20 18:05:10,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:10,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {4892#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4892#true} is VALID [2022-02-20 18:05:10,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {4892#true} is VALID [2022-02-20 18:05:10,495 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #962#return; {4893#false} is VALID [2022-02-20 18:05:10,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:05:10,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {4892#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {4892#true} is VALID [2022-02-20 18:05:10,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle; {4892#true} is VALID [2022-02-20 18:05:10,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {4892#true} is VALID [2022-02-20 18:05:10,497 INFO L290 TraceCheckUtils]: 3: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,498 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4892#true} {4893#false} #964#return; {4893#false} is VALID [2022-02-20 18:05:10,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:05:10,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {4952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,500 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #970#return; {4893#false} is VALID [2022-02-20 18:05:10,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:05:10,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {4892#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4892#true} is VALID [2022-02-20 18:05:10,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {4892#true} is VALID [2022-02-20 18:05:10,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,503 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4892#true} {4893#false} #972#return; {4893#false} is VALID [2022-02-20 18:05:10,503 INFO L290 TraceCheckUtils]: 0: Hoare triple {4892#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4892#true} is VALID [2022-02-20 18:05:10,503 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {4892#true} is VALID [2022-02-20 18:05:10,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4892#true} is VALID [2022-02-20 18:05:10,503 INFO L290 TraceCheckUtils]: 3: Hoare triple {4892#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {4892#true} is VALID [2022-02-20 18:05:10,503 INFO L290 TraceCheckUtils]: 4: Hoare triple {4892#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {4892#true} is VALID [2022-02-20 18:05:10,504 INFO L290 TraceCheckUtils]: 5: Hoare triple {4892#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4892#true} is VALID [2022-02-20 18:05:10,504 INFO L272 TraceCheckUtils]: 6: Hoare triple {4892#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:10,504 INFO L290 TraceCheckUtils]: 7: Hoare triple {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,504 INFO L290 TraceCheckUtils]: 8: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,505 INFO L290 TraceCheckUtils]: 9: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,505 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4892#true} {4892#true} #1020#return; {4892#true} is VALID [2022-02-20 18:05:10,505 INFO L290 TraceCheckUtils]: 11: Hoare triple {4892#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4892#true} is VALID [2022-02-20 18:05:10,505 INFO L272 TraceCheckUtils]: 12: Hoare triple {4892#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:10,505 INFO L290 TraceCheckUtils]: 13: Hoare triple {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,506 INFO L290 TraceCheckUtils]: 14: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,506 INFO L290 TraceCheckUtils]: 15: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,506 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4892#true} {4892#true} #1022#return; {4892#true} is VALID [2022-02-20 18:05:10,506 INFO L290 TraceCheckUtils]: 17: Hoare triple {4892#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4902#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:10,507 INFO L272 TraceCheckUtils]: 18: Hoare triple {4902#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:10,507 INFO L290 TraceCheckUtils]: 19: Hoare triple {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4950#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:10,507 INFO L290 TraceCheckUtils]: 20: Hoare triple {4950#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4951#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,508 INFO L290 TraceCheckUtils]: 21: Hoare triple {4951#(= |setClientId_#in~handle| 1)} assume true; {4951#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:10,508 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4951#(= |setClientId_#in~handle| 1)} {4902#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {4893#false} is VALID [2022-02-20 18:05:10,508 INFO L290 TraceCheckUtils]: 23: Hoare triple {4893#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4893#false} is VALID [2022-02-20 18:05:10,508 INFO L272 TraceCheckUtils]: 24: Hoare triple {4893#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:10,509 INFO L290 TraceCheckUtils]: 25: Hoare triple {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,509 INFO L290 TraceCheckUtils]: 26: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,509 INFO L290 TraceCheckUtils]: 27: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,509 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4892#true} {4893#false} #1026#return; {4893#false} is VALID [2022-02-20 18:05:10,509 INFO L290 TraceCheckUtils]: 29: Hoare triple {4893#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4893#false} is VALID [2022-02-20 18:05:10,509 INFO L272 TraceCheckUtils]: 30: Hoare triple {4893#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:10,509 INFO L290 TraceCheckUtils]: 31: Hoare triple {4948#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,509 INFO L290 TraceCheckUtils]: 32: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,510 INFO L290 TraceCheckUtils]: 33: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,510 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4892#true} {4893#false} #1028#return; {4893#false} is VALID [2022-02-20 18:05:10,510 INFO L290 TraceCheckUtils]: 35: Hoare triple {4893#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4893#false} is VALID [2022-02-20 18:05:10,510 INFO L272 TraceCheckUtils]: 36: Hoare triple {4893#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:10,510 INFO L290 TraceCheckUtils]: 37: Hoare triple {4949#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,510 INFO L290 TraceCheckUtils]: 38: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,510 INFO L290 TraceCheckUtils]: 39: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,510 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4892#true} {4893#false} #1030#return; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 41: Hoare triple {4893#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 42: Hoare triple {4893#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 43: Hoare triple {4893#false} assume !false; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 44: Hoare triple {4893#false} assume test_~splverifierCounter~0#1 < 4; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 45: Hoare triple {4893#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 46: Hoare triple {4893#false} assume !(0 == test_~op1~0#1); {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 47: Hoare triple {4893#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {4893#false} is VALID [2022-02-20 18:05:10,511 INFO L290 TraceCheckUtils]: 48: Hoare triple {4893#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 49: Hoare triple {4893#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 50: Hoare triple {4893#false} assume { :end_inline_setClientAutoResponse } true; {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 51: Hoare triple {4893#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 52: Hoare triple {4893#false} assume !false; {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 53: Hoare triple {4893#false} assume !(test_~splverifierCounter~0#1 < 4); {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 54: Hoare triple {4893#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L272 TraceCheckUtils]: 55: Hoare triple {4893#false} call sendEmail(~bob~0, ~rjh~0); {4893#false} is VALID [2022-02-20 18:05:10,512 INFO L290 TraceCheckUtils]: 56: Hoare triple {4893#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4893#false} is VALID [2022-02-20 18:05:10,513 INFO L272 TraceCheckUtils]: 57: Hoare triple {4893#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:10,513 INFO L290 TraceCheckUtils]: 58: Hoare triple {4952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,513 INFO L290 TraceCheckUtils]: 59: Hoare triple {4892#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,513 INFO L290 TraceCheckUtils]: 60: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,513 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4892#true} {4893#false} #1006#return; {4893#false} is VALID [2022-02-20 18:05:10,513 INFO L272 TraceCheckUtils]: 62: Hoare triple {4893#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4953#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:10,513 INFO L290 TraceCheckUtils]: 63: Hoare triple {4953#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,513 INFO L290 TraceCheckUtils]: 64: Hoare triple {4892#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,514 INFO L290 TraceCheckUtils]: 65: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,514 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4892#true} {4893#false} #1008#return; {4893#false} is VALID [2022-02-20 18:05:10,514 INFO L290 TraceCheckUtils]: 67: Hoare triple {4893#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {4893#false} is VALID [2022-02-20 18:05:10,514 INFO L290 TraceCheckUtils]: 68: Hoare triple {4893#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {4893#false} is VALID [2022-02-20 18:05:10,514 INFO L272 TraceCheckUtils]: 69: Hoare triple {4893#false} call outgoing(~sender#1, ~email~0#1); {4893#false} is VALID [2022-02-20 18:05:10,514 INFO L290 TraceCheckUtils]: 70: Hoare triple {4893#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {4893#false} is VALID [2022-02-20 18:05:10,514 INFO L272 TraceCheckUtils]: 71: Hoare triple {4893#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {4892#true} is VALID [2022-02-20 18:05:10,515 INFO L290 TraceCheckUtils]: 72: Hoare triple {4892#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4892#true} is VALID [2022-02-20 18:05:10,515 INFO L290 TraceCheckUtils]: 73: Hoare triple {4892#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {4892#true} is VALID [2022-02-20 18:05:10,515 INFO L290 TraceCheckUtils]: 74: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,515 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {4892#true} {4893#false} #960#return; {4893#false} is VALID [2022-02-20 18:05:10,515 INFO L290 TraceCheckUtils]: 76: Hoare triple {4893#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {4893#false} is VALID [2022-02-20 18:05:10,515 INFO L290 TraceCheckUtils]: 77: Hoare triple {4893#false} assume 0 == sign_~privkey~1#1; {4893#false} is VALID [2022-02-20 18:05:10,515 INFO L290 TraceCheckUtils]: 78: Hoare triple {4893#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {4893#false} is VALID [2022-02-20 18:05:10,515 INFO L272 TraceCheckUtils]: 79: Hoare triple {4893#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {4892#true} is VALID [2022-02-20 18:05:10,516 INFO L290 TraceCheckUtils]: 80: Hoare triple {4892#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4892#true} is VALID [2022-02-20 18:05:10,516 INFO L290 TraceCheckUtils]: 81: Hoare triple {4892#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {4892#true} is VALID [2022-02-20 18:05:10,516 INFO L290 TraceCheckUtils]: 82: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,516 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {4892#true} {4893#false} #962#return; {4893#false} is VALID [2022-02-20 18:05:10,516 INFO L290 TraceCheckUtils]: 84: Hoare triple {4893#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {4893#false} is VALID [2022-02-20 18:05:10,516 INFO L272 TraceCheckUtils]: 85: Hoare triple {4893#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {4892#true} is VALID [2022-02-20 18:05:10,516 INFO L290 TraceCheckUtils]: 86: Hoare triple {4892#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {4892#true} is VALID [2022-02-20 18:05:10,516 INFO L290 TraceCheckUtils]: 87: Hoare triple {4892#true} assume 1 == ~handle; {4892#true} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 88: Hoare triple {4892#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {4892#true} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 89: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,517 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {4892#true} {4893#false} #964#return; {4893#false} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 91: Hoare triple {4893#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {4893#false} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 92: Hoare triple {4893#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {4893#false} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 93: Hoare triple {4893#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {4893#false} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 94: Hoare triple {4893#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {4893#false} is VALID [2022-02-20 18:05:10,517 INFO L290 TraceCheckUtils]: 95: Hoare triple {4893#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {4893#false} is VALID [2022-02-20 18:05:10,518 INFO L272 TraceCheckUtils]: 96: Hoare triple {4893#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {4952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:10,518 INFO L290 TraceCheckUtils]: 97: Hoare triple {4952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:10,518 INFO L290 TraceCheckUtils]: 98: Hoare triple {4892#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:10,518 INFO L290 TraceCheckUtils]: 99: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,518 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {4892#true} {4893#false} #970#return; {4893#false} is VALID [2022-02-20 18:05:10,518 INFO L290 TraceCheckUtils]: 101: Hoare triple {4893#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {4893#false} is VALID [2022-02-20 18:05:10,518 INFO L290 TraceCheckUtils]: 102: Hoare triple {4893#false} assume 0 != ~in_encrypted~0; {4893#false} is VALID [2022-02-20 18:05:10,518 INFO L272 TraceCheckUtils]: 103: Hoare triple {4893#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4892#true} is VALID [2022-02-20 18:05:10,519 INFO L290 TraceCheckUtils]: 104: Hoare triple {4892#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4892#true} is VALID [2022-02-20 18:05:10,519 INFO L290 TraceCheckUtils]: 105: Hoare triple {4892#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {4892#true} is VALID [2022-02-20 18:05:10,519 INFO L290 TraceCheckUtils]: 106: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:10,519 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {4892#true} {4893#false} #972#return; {4893#false} is VALID [2022-02-20 18:05:10,519 INFO L290 TraceCheckUtils]: 108: Hoare triple {4893#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {4893#false} is VALID [2022-02-20 18:05:10,519 INFO L290 TraceCheckUtils]: 109: Hoare triple {4893#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {4893#false} is VALID [2022-02-20 18:05:10,519 INFO L290 TraceCheckUtils]: 110: Hoare triple {4893#false} assume !false; {4893#false} is VALID [2022-02-20 18:05:10,520 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:10,520 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:10,520 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [260765001] [2022-02-20 18:05:10,520 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [260765001] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:10,520 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2036929138] [2022-02-20 18:05:10,520 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:10,521 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:10,521 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:10,524 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:10,527 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:05:10,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,759 INFO L263 TraceCheckSpWp]: Trace formula consists of 1090 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:05:10,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:10,794 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:11,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {4892#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4892#true} is VALID [2022-02-20 18:05:11,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {4892#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {4892#true} is VALID [2022-02-20 18:05:11,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {4892#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4892#true} is VALID [2022-02-20 18:05:11,011 INFO L290 TraceCheckUtils]: 3: Hoare triple {4892#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 4: Hoare triple {4892#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 5: Hoare triple {4892#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L272 TraceCheckUtils]: 6: Hoare triple {4892#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 7: Hoare triple {4892#true} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 8: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 9: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4892#true} {4892#true} #1020#return; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 11: Hoare triple {4892#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L272 TraceCheckUtils]: 12: Hoare triple {4892#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 13: Hoare triple {4892#true} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:11,012 INFO L290 TraceCheckUtils]: 14: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L290 TraceCheckUtils]: 15: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4892#true} {4892#true} #1022#return; {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L290 TraceCheckUtils]: 17: Hoare triple {4892#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L272 TraceCheckUtils]: 18: Hoare triple {4892#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L290 TraceCheckUtils]: 19: Hoare triple {4892#true} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L290 TraceCheckUtils]: 20: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:11,015 INFO L290 TraceCheckUtils]: 21: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:11,016 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4892#true} {4892#true} #1024#return; {4892#true} is VALID [2022-02-20 18:05:11,027 INFO L290 TraceCheckUtils]: 23: Hoare triple {4892#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4892#true} is VALID [2022-02-20 18:05:11,027 INFO L272 TraceCheckUtils]: 24: Hoare triple {4892#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4892#true} is VALID [2022-02-20 18:05:11,027 INFO L290 TraceCheckUtils]: 25: Hoare triple {4892#true} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:11,027 INFO L290 TraceCheckUtils]: 26: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:11,027 INFO L290 TraceCheckUtils]: 27: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:11,027 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4892#true} {4892#true} #1026#return; {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L290 TraceCheckUtils]: 29: Hoare triple {4892#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L272 TraceCheckUtils]: 30: Hoare triple {4892#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L290 TraceCheckUtils]: 31: Hoare triple {4892#true} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L290 TraceCheckUtils]: 32: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L290 TraceCheckUtils]: 33: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4892#true} {4892#true} #1028#return; {4892#true} is VALID [2022-02-20 18:05:11,028 INFO L290 TraceCheckUtils]: 35: Hoare triple {4892#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4892#true} is VALID [2022-02-20 18:05:11,029 INFO L272 TraceCheckUtils]: 36: Hoare triple {4892#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4892#true} is VALID [2022-02-20 18:05:11,029 INFO L290 TraceCheckUtils]: 37: Hoare triple {4892#true} ~handle := #in~handle;~value := #in~value; {4892#true} is VALID [2022-02-20 18:05:11,029 INFO L290 TraceCheckUtils]: 38: Hoare triple {4892#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4892#true} is VALID [2022-02-20 18:05:11,029 INFO L290 TraceCheckUtils]: 39: Hoare triple {4892#true} assume true; {4892#true} is VALID [2022-02-20 18:05:11,029 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4892#true} {4892#true} #1030#return; {4892#true} is VALID [2022-02-20 18:05:11,029 INFO L290 TraceCheckUtils]: 41: Hoare triple {4892#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {4892#true} is VALID [2022-02-20 18:05:11,030 INFO L290 TraceCheckUtils]: 42: Hoare triple {4892#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:11,030 INFO L290 TraceCheckUtils]: 43: Hoare triple {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:11,030 INFO L290 TraceCheckUtils]: 44: Hoare triple {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:11,030 INFO L290 TraceCheckUtils]: 45: Hoare triple {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:11,031 INFO L290 TraceCheckUtils]: 46: Hoare triple {5083#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4893#false} is VALID [2022-02-20 18:05:11,031 INFO L290 TraceCheckUtils]: 47: Hoare triple {4893#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 48: Hoare triple {4893#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 49: Hoare triple {4893#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 50: Hoare triple {4893#false} assume { :end_inline_setClientAutoResponse } true; {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 51: Hoare triple {4893#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 52: Hoare triple {4893#false} assume !false; {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 53: Hoare triple {4893#false} assume !(test_~splverifierCounter~0#1 < 4); {4893#false} is VALID [2022-02-20 18:05:11,037 INFO L290 TraceCheckUtils]: 54: Hoare triple {4893#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {4893#false} is VALID [2022-02-20 18:05:11,038 INFO L272 TraceCheckUtils]: 55: Hoare triple {4893#false} call sendEmail(~bob~0, ~rjh~0); {4893#false} is VALID [2022-02-20 18:05:11,044 INFO L290 TraceCheckUtils]: 56: Hoare triple {4893#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4893#false} is VALID [2022-02-20 18:05:11,044 INFO L272 TraceCheckUtils]: 57: Hoare triple {4893#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4893#false} is VALID [2022-02-20 18:05:11,044 INFO L290 TraceCheckUtils]: 58: Hoare triple {4893#false} ~handle := #in~handle;~value := #in~value; {4893#false} is VALID [2022-02-20 18:05:11,044 INFO L290 TraceCheckUtils]: 59: Hoare triple {4893#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4893#false} is VALID [2022-02-20 18:05:11,044 INFO L290 TraceCheckUtils]: 60: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,044 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4893#false} {4893#false} #1006#return; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L272 TraceCheckUtils]: 62: Hoare triple {4893#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 63: Hoare triple {4893#false} ~handle := #in~handle;~value := #in~value; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 64: Hoare triple {4893#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 65: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4893#false} {4893#false} #1008#return; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 67: Hoare triple {4893#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 68: Hoare triple {4893#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L272 TraceCheckUtils]: 69: Hoare triple {4893#false} call outgoing(~sender#1, ~email~0#1); {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 70: Hoare triple {4893#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L272 TraceCheckUtils]: 71: Hoare triple {4893#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {4893#false} is VALID [2022-02-20 18:05:11,045 INFO L290 TraceCheckUtils]: 72: Hoare triple {4893#false} ~handle := #in~handle;havoc ~retValue_acc~19; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 73: Hoare triple {4893#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 74: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {4893#false} {4893#false} #960#return; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 76: Hoare triple {4893#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 77: Hoare triple {4893#false} assume 0 == sign_~privkey~1#1; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 78: Hoare triple {4893#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L272 TraceCheckUtils]: 79: Hoare triple {4893#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 80: Hoare triple {4893#false} ~handle := #in~handle;havoc ~retValue_acc~33; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 81: Hoare triple {4893#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 82: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {4893#false} {4893#false} #962#return; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 84: Hoare triple {4893#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L272 TraceCheckUtils]: 85: Hoare triple {4893#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {4893#false} is VALID [2022-02-20 18:05:11,046 INFO L290 TraceCheckUtils]: 86: Hoare triple {4893#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 87: Hoare triple {4893#false} assume 1 == ~handle; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 88: Hoare triple {4893#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 89: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {4893#false} {4893#false} #964#return; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 91: Hoare triple {4893#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 92: Hoare triple {4893#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 93: Hoare triple {4893#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 94: Hoare triple {4893#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L290 TraceCheckUtils]: 95: Hoare triple {4893#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {4893#false} is VALID [2022-02-20 18:05:11,047 INFO L272 TraceCheckUtils]: 96: Hoare triple {4893#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L290 TraceCheckUtils]: 97: Hoare triple {4893#false} ~handle := #in~handle;~value := #in~value; {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L290 TraceCheckUtils]: 98: Hoare triple {4893#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L290 TraceCheckUtils]: 99: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {4893#false} {4893#false} #970#return; {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L290 TraceCheckUtils]: 101: Hoare triple {4893#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L290 TraceCheckUtils]: 102: Hoare triple {4893#false} assume 0 != ~in_encrypted~0; {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L272 TraceCheckUtils]: 103: Hoare triple {4893#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4893#false} is VALID [2022-02-20 18:05:11,048 INFO L290 TraceCheckUtils]: 104: Hoare triple {4893#false} ~handle := #in~handle;havoc ~retValue_acc~36; {4893#false} is VALID [2022-02-20 18:05:11,049 INFO L290 TraceCheckUtils]: 105: Hoare triple {4893#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {4893#false} is VALID [2022-02-20 18:05:11,049 INFO L290 TraceCheckUtils]: 106: Hoare triple {4893#false} assume true; {4893#false} is VALID [2022-02-20 18:05:11,049 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {4893#false} {4893#false} #972#return; {4893#false} is VALID [2022-02-20 18:05:11,049 INFO L290 TraceCheckUtils]: 108: Hoare triple {4893#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {4893#false} is VALID [2022-02-20 18:05:11,049 INFO L290 TraceCheckUtils]: 109: Hoare triple {4893#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {4893#false} is VALID [2022-02-20 18:05:11,049 INFO L290 TraceCheckUtils]: 110: Hoare triple {4893#false} assume !false; {4893#false} is VALID [2022-02-20 18:05:11,050 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:11,050 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:11,050 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2036929138] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:11,050 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:11,050 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:05:11,050 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1406732736] [2022-02-20 18:05:11,050 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:11,051 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 18:05:11,052 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:11,052 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:11,117 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:11,117 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:11,117 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:11,118 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:11,118 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:11,118 INFO L87 Difference]: Start difference. First operand 343 states and 505 transitions. Second operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:11,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:11,566 INFO L93 Difference]: Finished difference Result 716 states and 1069 transitions. [2022-02-20 18:05:11,567 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:11,567 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 18:05:11,567 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:11,567 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:11,575 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1067 transitions. [2022-02-20 18:05:11,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:11,583 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1067 transitions. [2022-02-20 18:05:11,583 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1067 transitions. [2022-02-20 18:05:12,227 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1067 edges. 1067 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:12,238 INFO L225 Difference]: With dead ends: 716 [2022-02-20 18:05:12,238 INFO L226 Difference]: Without dead ends: 400 [2022-02-20 18:05:12,239 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 140 GetRequests, 132 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:12,240 INFO L933 BasicCegarLoop]: 525 mSDtfsCounter, 107 mSDsluCounter, 458 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 983 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:12,240 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 983 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:12,241 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 400 states. [2022-02-20 18:05:12,266 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 400 to 392. [2022-02-20 18:05:12,266 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:12,267 INFO L82 GeneralOperation]: Start isEquivalent. First operand 400 states. Second operand has 392 states, 304 states have (on average 1.519736842105263) internal successors, (462), 307 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:05:12,268 INFO L74 IsIncluded]: Start isIncluded. First operand 400 states. Second operand has 392 states, 304 states have (on average 1.519736842105263) internal successors, (462), 307 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:05:12,269 INFO L87 Difference]: Start difference. First operand 400 states. Second operand has 392 states, 304 states have (on average 1.519736842105263) internal successors, (462), 307 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:05:12,279 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:12,279 INFO L93 Difference]: Finished difference Result 400 states and 598 transitions. [2022-02-20 18:05:12,279 INFO L276 IsEmpty]: Start isEmpty. Operand 400 states and 598 transitions. [2022-02-20 18:05:12,281 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:12,281 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:12,282 INFO L74 IsIncluded]: Start isIncluded. First operand has 392 states, 304 states have (on average 1.519736842105263) internal successors, (462), 307 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) Second operand 400 states. [2022-02-20 18:05:12,283 INFO L87 Difference]: Start difference. First operand has 392 states, 304 states have (on average 1.519736842105263) internal successors, (462), 307 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) Second operand 400 states. [2022-02-20 18:05:12,292 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:12,293 INFO L93 Difference]: Finished difference Result 400 states and 598 transitions. [2022-02-20 18:05:12,293 INFO L276 IsEmpty]: Start isEmpty. Operand 400 states and 598 transitions. [2022-02-20 18:05:12,294 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:12,294 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:12,294 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:12,294 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:12,295 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 392 states, 304 states have (on average 1.519736842105263) internal successors, (462), 307 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:05:12,319 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 392 states to 392 states and 589 transitions. [2022-02-20 18:05:12,320 INFO L78 Accepts]: Start accepts. Automaton has 392 states and 589 transitions. Word has length 111 [2022-02-20 18:05:12,320 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:12,320 INFO L470 AbstractCegarLoop]: Abstraction has 392 states and 589 transitions. [2022-02-20 18:05:12,320 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 18:05:12,320 INFO L276 IsEmpty]: Start isEmpty. Operand 392 states and 589 transitions. [2022-02-20 18:05:12,322 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:05:12,322 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:12,322 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:12,342 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:12,530 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:12,530 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:12,531 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:12,531 INFO L85 PathProgramCache]: Analyzing trace with hash -1695941731, now seen corresponding path program 1 times [2022-02-20 18:05:12,531 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:12,531 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1513360411] [2022-02-20 18:05:12,531 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:12,531 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:12,568 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:12,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,602 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,602 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7643#true} #1020#return; {7643#true} is VALID [2022-02-20 18:05:12,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:12,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7643#true} #1022#return; {7643#true} is VALID [2022-02-20 18:05:12,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:12,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7701#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:12,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {7701#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:12,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {7702#(= |setClientId_#in~handle| 1)} assume true; {7702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:12,626 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7702#(= |setClientId_#in~handle| 1)} {7653#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {7644#false} is VALID [2022-02-20 18:05:12,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:12,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #1026#return; {7644#false} is VALID [2022-02-20 18:05:12,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:12,633 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,635 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,635 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,635 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #1028#return; {7644#false} is VALID [2022-02-20 18:05:12,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:12,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,639 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #1030#return; {7644#false} is VALID [2022-02-20 18:05:12,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:05:12,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {7703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #1006#return; {7644#false} is VALID [2022-02-20 18:05:12,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:05:12,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {7704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #1008#return; {7644#false} is VALID [2022-02-20 18:05:12,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:05:12,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,659 INFO L290 TraceCheckUtils]: 0: Hoare triple {7643#true} ~handle := #in~handle;havoc ~retValue_acc~19; {7643#true} is VALID [2022-02-20 18:05:12,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {7643#true} is VALID [2022-02-20 18:05:12,660 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,660 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #960#return; {7644#false} is VALID [2022-02-20 18:05:12,660 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:05:12,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {7643#true} ~handle := #in~handle;havoc ~retValue_acc~33; {7643#true} is VALID [2022-02-20 18:05:12,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {7643#true} is VALID [2022-02-20 18:05:12,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,663 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #962#return; {7644#false} is VALID [2022-02-20 18:05:12,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:05:12,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {7643#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {7643#true} is VALID [2022-02-20 18:05:12,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle; {7643#true} is VALID [2022-02-20 18:05:12,666 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {7643#true} is VALID [2022-02-20 18:05:12,666 INFO L290 TraceCheckUtils]: 3: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,666 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {7643#true} {7644#false} #964#return; {7644#false} is VALID [2022-02-20 18:05:12,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:05:12,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {7703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,669 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #970#return; {7644#false} is VALID [2022-02-20 18:05:12,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:05:12,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {7643#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7643#true} is VALID [2022-02-20 18:05:12,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {7643#true} is VALID [2022-02-20 18:05:12,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7643#true} {7644#false} #972#return; {7644#false} is VALID [2022-02-20 18:05:12,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {7643#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {7643#true} is VALID [2022-02-20 18:05:12,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7643#true} is VALID [2022-02-20 18:05:12,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7643#true} is VALID [2022-02-20 18:05:12,673 INFO L290 TraceCheckUtils]: 3: Hoare triple {7643#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {7643#true} is VALID [2022-02-20 18:05:12,673 INFO L290 TraceCheckUtils]: 4: Hoare triple {7643#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {7643#true} is VALID [2022-02-20 18:05:12,673 INFO L290 TraceCheckUtils]: 5: Hoare triple {7643#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7643#true} is VALID [2022-02-20 18:05:12,674 INFO L272 TraceCheckUtils]: 6: Hoare triple {7643#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:12,674 INFO L290 TraceCheckUtils]: 7: Hoare triple {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,674 INFO L290 TraceCheckUtils]: 8: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,674 INFO L290 TraceCheckUtils]: 9: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,674 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7643#true} {7643#true} #1020#return; {7643#true} is VALID [2022-02-20 18:05:12,674 INFO L290 TraceCheckUtils]: 11: Hoare triple {7643#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7643#true} is VALID [2022-02-20 18:05:12,675 INFO L272 TraceCheckUtils]: 12: Hoare triple {7643#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:12,675 INFO L290 TraceCheckUtils]: 13: Hoare triple {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,675 INFO L290 TraceCheckUtils]: 14: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,675 INFO L290 TraceCheckUtils]: 15: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,675 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7643#true} {7643#true} #1022#return; {7643#true} is VALID [2022-02-20 18:05:12,676 INFO L290 TraceCheckUtils]: 17: Hoare triple {7643#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7653#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:12,676 INFO L272 TraceCheckUtils]: 18: Hoare triple {7653#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:12,677 INFO L290 TraceCheckUtils]: 19: Hoare triple {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7701#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:12,677 INFO L290 TraceCheckUtils]: 20: Hoare triple {7701#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:12,677 INFO L290 TraceCheckUtils]: 21: Hoare triple {7702#(= |setClientId_#in~handle| 1)} assume true; {7702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:12,678 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7702#(= |setClientId_#in~handle| 1)} {7653#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1024#return; {7644#false} is VALID [2022-02-20 18:05:12,678 INFO L290 TraceCheckUtils]: 23: Hoare triple {7644#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7644#false} is VALID [2022-02-20 18:05:12,678 INFO L272 TraceCheckUtils]: 24: Hoare triple {7644#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:12,678 INFO L290 TraceCheckUtils]: 25: Hoare triple {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,678 INFO L290 TraceCheckUtils]: 26: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,678 INFO L290 TraceCheckUtils]: 27: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,679 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7643#true} {7644#false} #1026#return; {7644#false} is VALID [2022-02-20 18:05:12,679 INFO L290 TraceCheckUtils]: 29: Hoare triple {7644#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7644#false} is VALID [2022-02-20 18:05:12,679 INFO L272 TraceCheckUtils]: 30: Hoare triple {7644#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:12,679 INFO L290 TraceCheckUtils]: 31: Hoare triple {7699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,679 INFO L290 TraceCheckUtils]: 32: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,679 INFO L290 TraceCheckUtils]: 33: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,679 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7643#true} {7644#false} #1028#return; {7644#false} is VALID [2022-02-20 18:05:12,679 INFO L290 TraceCheckUtils]: 35: Hoare triple {7644#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7644#false} is VALID [2022-02-20 18:05:12,680 INFO L272 TraceCheckUtils]: 36: Hoare triple {7644#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:12,680 INFO L290 TraceCheckUtils]: 37: Hoare triple {7700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,680 INFO L290 TraceCheckUtils]: 38: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,680 INFO L290 TraceCheckUtils]: 39: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,680 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7643#true} {7644#false} #1030#return; {7644#false} is VALID [2022-02-20 18:05:12,680 INFO L290 TraceCheckUtils]: 41: Hoare triple {7644#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {7644#false} is VALID [2022-02-20 18:05:12,680 INFO L290 TraceCheckUtils]: 42: Hoare triple {7644#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7644#false} is VALID [2022-02-20 18:05:12,680 INFO L290 TraceCheckUtils]: 43: Hoare triple {7644#false} assume !false; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 44: Hoare triple {7644#false} assume test_~splverifierCounter~0#1 < 4; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 45: Hoare triple {7644#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 46: Hoare triple {7644#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 47: Hoare triple {7644#false} assume !(0 != test_~tmp___9~0#1); {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 48: Hoare triple {7644#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 49: Hoare triple {7644#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 50: Hoare triple {7644#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7644#false} is VALID [2022-02-20 18:05:12,681 INFO L290 TraceCheckUtils]: 51: Hoare triple {7644#false} assume { :end_inline_setClientAutoResponse } true; {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L290 TraceCheckUtils]: 52: Hoare triple {7644#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L290 TraceCheckUtils]: 53: Hoare triple {7644#false} assume !false; {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L290 TraceCheckUtils]: 54: Hoare triple {7644#false} assume !(test_~splverifierCounter~0#1 < 4); {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L290 TraceCheckUtils]: 55: Hoare triple {7644#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L272 TraceCheckUtils]: 56: Hoare triple {7644#false} call sendEmail(~bob~0, ~rjh~0); {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L290 TraceCheckUtils]: 57: Hoare triple {7644#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7644#false} is VALID [2022-02-20 18:05:12,682 INFO L272 TraceCheckUtils]: 58: Hoare triple {7644#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:12,682 INFO L290 TraceCheckUtils]: 59: Hoare triple {7703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,683 INFO L290 TraceCheckUtils]: 60: Hoare triple {7643#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,683 INFO L290 TraceCheckUtils]: 61: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,683 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7643#true} {7644#false} #1006#return; {7644#false} is VALID [2022-02-20 18:05:12,683 INFO L272 TraceCheckUtils]: 63: Hoare triple {7644#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:12,683 INFO L290 TraceCheckUtils]: 64: Hoare triple {7704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,683 INFO L290 TraceCheckUtils]: 65: Hoare triple {7643#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,683 INFO L290 TraceCheckUtils]: 66: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,683 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {7643#true} {7644#false} #1008#return; {7644#false} is VALID [2022-02-20 18:05:12,684 INFO L290 TraceCheckUtils]: 68: Hoare triple {7644#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {7644#false} is VALID [2022-02-20 18:05:12,684 INFO L290 TraceCheckUtils]: 69: Hoare triple {7644#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {7644#false} is VALID [2022-02-20 18:05:12,684 INFO L272 TraceCheckUtils]: 70: Hoare triple {7644#false} call outgoing(~sender#1, ~email~0#1); {7644#false} is VALID [2022-02-20 18:05:12,684 INFO L290 TraceCheckUtils]: 71: Hoare triple {7644#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {7644#false} is VALID [2022-02-20 18:05:12,684 INFO L272 TraceCheckUtils]: 72: Hoare triple {7644#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {7643#true} is VALID [2022-02-20 18:05:12,684 INFO L290 TraceCheckUtils]: 73: Hoare triple {7643#true} ~handle := #in~handle;havoc ~retValue_acc~19; {7643#true} is VALID [2022-02-20 18:05:12,684 INFO L290 TraceCheckUtils]: 74: Hoare triple {7643#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {7643#true} is VALID [2022-02-20 18:05:12,684 INFO L290 TraceCheckUtils]: 75: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,685 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {7643#true} {7644#false} #960#return; {7644#false} is VALID [2022-02-20 18:05:12,685 INFO L290 TraceCheckUtils]: 77: Hoare triple {7644#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {7644#false} is VALID [2022-02-20 18:05:12,685 INFO L290 TraceCheckUtils]: 78: Hoare triple {7644#false} assume 0 == sign_~privkey~1#1; {7644#false} is VALID [2022-02-20 18:05:12,685 INFO L290 TraceCheckUtils]: 79: Hoare triple {7644#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {7644#false} is VALID [2022-02-20 18:05:12,685 INFO L272 TraceCheckUtils]: 80: Hoare triple {7644#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {7643#true} is VALID [2022-02-20 18:05:12,685 INFO L290 TraceCheckUtils]: 81: Hoare triple {7643#true} ~handle := #in~handle;havoc ~retValue_acc~33; {7643#true} is VALID [2022-02-20 18:05:12,685 INFO L290 TraceCheckUtils]: 82: Hoare triple {7643#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {7643#true} is VALID [2022-02-20 18:05:12,685 INFO L290 TraceCheckUtils]: 83: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,686 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7643#true} {7644#false} #962#return; {7644#false} is VALID [2022-02-20 18:05:12,686 INFO L290 TraceCheckUtils]: 85: Hoare triple {7644#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {7644#false} is VALID [2022-02-20 18:05:12,686 INFO L272 TraceCheckUtils]: 86: Hoare triple {7644#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {7643#true} is VALID [2022-02-20 18:05:12,686 INFO L290 TraceCheckUtils]: 87: Hoare triple {7643#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {7643#true} is VALID [2022-02-20 18:05:12,686 INFO L290 TraceCheckUtils]: 88: Hoare triple {7643#true} assume 1 == ~handle; {7643#true} is VALID [2022-02-20 18:05:12,686 INFO L290 TraceCheckUtils]: 89: Hoare triple {7643#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {7643#true} is VALID [2022-02-20 18:05:12,686 INFO L290 TraceCheckUtils]: 90: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,686 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7643#true} {7644#false} #964#return; {7644#false} is VALID [2022-02-20 18:05:12,687 INFO L290 TraceCheckUtils]: 92: Hoare triple {7644#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {7644#false} is VALID [2022-02-20 18:05:12,687 INFO L290 TraceCheckUtils]: 93: Hoare triple {7644#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {7644#false} is VALID [2022-02-20 18:05:12,687 INFO L290 TraceCheckUtils]: 94: Hoare triple {7644#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {7644#false} is VALID [2022-02-20 18:05:12,687 INFO L290 TraceCheckUtils]: 95: Hoare triple {7644#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {7644#false} is VALID [2022-02-20 18:05:12,687 INFO L290 TraceCheckUtils]: 96: Hoare triple {7644#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {7644#false} is VALID [2022-02-20 18:05:12,687 INFO L272 TraceCheckUtils]: 97: Hoare triple {7644#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {7703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:12,687 INFO L290 TraceCheckUtils]: 98: Hoare triple {7703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:12,688 INFO L290 TraceCheckUtils]: 99: Hoare triple {7643#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:12,688 INFO L290 TraceCheckUtils]: 100: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,688 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {7643#true} {7644#false} #970#return; {7644#false} is VALID [2022-02-20 18:05:12,688 INFO L290 TraceCheckUtils]: 102: Hoare triple {7644#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {7644#false} is VALID [2022-02-20 18:05:12,688 INFO L290 TraceCheckUtils]: 103: Hoare triple {7644#false} assume 0 != ~in_encrypted~0; {7644#false} is VALID [2022-02-20 18:05:12,688 INFO L272 TraceCheckUtils]: 104: Hoare triple {7644#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7643#true} is VALID [2022-02-20 18:05:12,688 INFO L290 TraceCheckUtils]: 105: Hoare triple {7643#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7643#true} is VALID [2022-02-20 18:05:12,688 INFO L290 TraceCheckUtils]: 106: Hoare triple {7643#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {7643#true} is VALID [2022-02-20 18:05:12,689 INFO L290 TraceCheckUtils]: 107: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:12,689 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {7643#true} {7644#false} #972#return; {7644#false} is VALID [2022-02-20 18:05:12,689 INFO L290 TraceCheckUtils]: 109: Hoare triple {7644#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {7644#false} is VALID [2022-02-20 18:05:12,689 INFO L290 TraceCheckUtils]: 110: Hoare triple {7644#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {7644#false} is VALID [2022-02-20 18:05:12,689 INFO L290 TraceCheckUtils]: 111: Hoare triple {7644#false} assume !false; {7644#false} is VALID [2022-02-20 18:05:12,689 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:12,690 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:12,690 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1513360411] [2022-02-20 18:05:12,690 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1513360411] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:12,690 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1456841238] [2022-02-20 18:05:12,690 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:12,690 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:12,690 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:12,692 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:12,693 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:05:12,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,890 INFO L263 TraceCheckSpWp]: Trace formula consists of 1097 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:05:12,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:12,933 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:13,193 INFO L290 TraceCheckUtils]: 0: Hoare triple {7643#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {7643#true} is VALID [2022-02-20 18:05:13,193 INFO L290 TraceCheckUtils]: 1: Hoare triple {7643#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7643#true} is VALID [2022-02-20 18:05:13,193 INFO L290 TraceCheckUtils]: 2: Hoare triple {7643#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7643#true} is VALID [2022-02-20 18:05:13,193 INFO L290 TraceCheckUtils]: 3: Hoare triple {7643#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {7643#true} is VALID [2022-02-20 18:05:13,193 INFO L290 TraceCheckUtils]: 4: Hoare triple {7643#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {7643#true} is VALID [2022-02-20 18:05:13,193 INFO L290 TraceCheckUtils]: 5: Hoare triple {7643#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L272 TraceCheckUtils]: 6: Hoare triple {7643#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L290 TraceCheckUtils]: 7: Hoare triple {7643#true} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L290 TraceCheckUtils]: 8: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L290 TraceCheckUtils]: 9: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7643#true} {7643#true} #1020#return; {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L290 TraceCheckUtils]: 11: Hoare triple {7643#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7643#true} is VALID [2022-02-20 18:05:13,194 INFO L272 TraceCheckUtils]: 12: Hoare triple {7643#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7643#true} is VALID [2022-02-20 18:05:13,195 INFO L290 TraceCheckUtils]: 13: Hoare triple {7643#true} ~handle := #in~handle;~value := #in~value; {7643#true} is VALID [2022-02-20 18:05:13,195 INFO L290 TraceCheckUtils]: 14: Hoare triple {7643#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7643#true} is VALID [2022-02-20 18:05:13,195 INFO L290 TraceCheckUtils]: 15: Hoare triple {7643#true} assume true; {7643#true} is VALID [2022-02-20 18:05:13,195 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7643#true} {7643#true} #1022#return; {7643#true} is VALID [2022-02-20 18:05:13,195 INFO L290 TraceCheckUtils]: 17: Hoare triple {7643#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7759#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:13,196 INFO L272 TraceCheckUtils]: 18: Hoare triple {7759#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7643#true} is VALID [2022-02-20 18:05:13,196 INFO L290 TraceCheckUtils]: 19: Hoare triple {7643#true} ~handle := #in~handle;~value := #in~value; {7766#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:05:13,196 INFO L290 TraceCheckUtils]: 20: Hoare triple {7766#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7770#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:13,197 INFO L290 TraceCheckUtils]: 21: Hoare triple {7770#(<= |setClientId_#in~handle| 1)} assume true; {7770#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:13,197 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7770#(<= |setClientId_#in~handle| 1)} {7759#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1024#return; {7644#false} is VALID [2022-02-20 18:05:13,197 INFO L290 TraceCheckUtils]: 23: Hoare triple {7644#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7644#false} is VALID [2022-02-20 18:05:13,197 INFO L272 TraceCheckUtils]: 24: Hoare triple {7644#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7644#false} is VALID [2022-02-20 18:05:13,198 INFO L290 TraceCheckUtils]: 25: Hoare triple {7644#false} ~handle := #in~handle;~value := #in~value; {7644#false} is VALID [2022-02-20 18:05:13,198 INFO L290 TraceCheckUtils]: 26: Hoare triple {7644#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7644#false} is VALID [2022-02-20 18:05:13,198 INFO L290 TraceCheckUtils]: 27: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,198 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7644#false} {7644#false} #1026#return; {7644#false} is VALID [2022-02-20 18:05:13,198 INFO L290 TraceCheckUtils]: 29: Hoare triple {7644#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7644#false} is VALID [2022-02-20 18:05:13,200 INFO L272 TraceCheckUtils]: 30: Hoare triple {7644#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7644#false} is VALID [2022-02-20 18:05:13,200 INFO L290 TraceCheckUtils]: 31: Hoare triple {7644#false} ~handle := #in~handle;~value := #in~value; {7644#false} is VALID [2022-02-20 18:05:13,200 INFO L290 TraceCheckUtils]: 32: Hoare triple {7644#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7644#false} is VALID [2022-02-20 18:05:13,200 INFO L290 TraceCheckUtils]: 33: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,200 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7644#false} {7644#false} #1028#return; {7644#false} is VALID [2022-02-20 18:05:13,200 INFO L290 TraceCheckUtils]: 35: Hoare triple {7644#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L272 TraceCheckUtils]: 36: Hoare triple {7644#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L290 TraceCheckUtils]: 37: Hoare triple {7644#false} ~handle := #in~handle;~value := #in~value; {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L290 TraceCheckUtils]: 38: Hoare triple {7644#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L290 TraceCheckUtils]: 39: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7644#false} {7644#false} #1030#return; {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L290 TraceCheckUtils]: 41: Hoare triple {7644#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {7644#false} is VALID [2022-02-20 18:05:13,201 INFO L290 TraceCheckUtils]: 42: Hoare triple {7644#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 43: Hoare triple {7644#false} assume !false; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 44: Hoare triple {7644#false} assume test_~splverifierCounter~0#1 < 4; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 45: Hoare triple {7644#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 46: Hoare triple {7644#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 47: Hoare triple {7644#false} assume !(0 != test_~tmp___9~0#1); {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 48: Hoare triple {7644#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 49: Hoare triple {7644#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7644#false} is VALID [2022-02-20 18:05:13,202 INFO L290 TraceCheckUtils]: 50: Hoare triple {7644#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L290 TraceCheckUtils]: 51: Hoare triple {7644#false} assume { :end_inline_setClientAutoResponse } true; {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L290 TraceCheckUtils]: 52: Hoare triple {7644#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L290 TraceCheckUtils]: 53: Hoare triple {7644#false} assume !false; {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L290 TraceCheckUtils]: 54: Hoare triple {7644#false} assume !(test_~splverifierCounter~0#1 < 4); {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L290 TraceCheckUtils]: 55: Hoare triple {7644#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L272 TraceCheckUtils]: 56: Hoare triple {7644#false} call sendEmail(~bob~0, ~rjh~0); {7644#false} is VALID [2022-02-20 18:05:13,203 INFO L290 TraceCheckUtils]: 57: Hoare triple {7644#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7644#false} is VALID [2022-02-20 18:05:13,204 INFO L272 TraceCheckUtils]: 58: Hoare triple {7644#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7644#false} is VALID [2022-02-20 18:05:13,228 INFO L290 TraceCheckUtils]: 59: Hoare triple {7644#false} ~handle := #in~handle;~value := #in~value; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L290 TraceCheckUtils]: 60: Hoare triple {7644#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L290 TraceCheckUtils]: 61: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7644#false} {7644#false} #1006#return; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L272 TraceCheckUtils]: 63: Hoare triple {7644#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L290 TraceCheckUtils]: 64: Hoare triple {7644#false} ~handle := #in~handle;~value := #in~value; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L290 TraceCheckUtils]: 65: Hoare triple {7644#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L290 TraceCheckUtils]: 66: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {7644#false} {7644#false} #1008#return; {7644#false} is VALID [2022-02-20 18:05:13,229 INFO L290 TraceCheckUtils]: 68: Hoare triple {7644#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 69: Hoare triple {7644#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L272 TraceCheckUtils]: 70: Hoare triple {7644#false} call outgoing(~sender#1, ~email~0#1); {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 71: Hoare triple {7644#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L272 TraceCheckUtils]: 72: Hoare triple {7644#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 73: Hoare triple {7644#false} ~handle := #in~handle;havoc ~retValue_acc~19; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 74: Hoare triple {7644#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 75: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {7644#false} {7644#false} #960#return; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 77: Hoare triple {7644#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 78: Hoare triple {7644#false} assume 0 == sign_~privkey~1#1; {7644#false} is VALID [2022-02-20 18:05:13,230 INFO L290 TraceCheckUtils]: 79: Hoare triple {7644#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {7644#false} is VALID [2022-02-20 18:05:13,232 INFO L272 TraceCheckUtils]: 80: Hoare triple {7644#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {7644#false} is VALID [2022-02-20 18:05:13,232 INFO L290 TraceCheckUtils]: 81: Hoare triple {7644#false} ~handle := #in~handle;havoc ~retValue_acc~33; {7644#false} is VALID [2022-02-20 18:05:13,232 INFO L290 TraceCheckUtils]: 82: Hoare triple {7644#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {7644#false} is VALID [2022-02-20 18:05:13,232 INFO L290 TraceCheckUtils]: 83: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,232 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7644#false} {7644#false} #962#return; {7644#false} is VALID [2022-02-20 18:05:13,232 INFO L290 TraceCheckUtils]: 85: Hoare triple {7644#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L272 TraceCheckUtils]: 86: Hoare triple {7644#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L290 TraceCheckUtils]: 87: Hoare triple {7644#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L290 TraceCheckUtils]: 88: Hoare triple {7644#false} assume 1 == ~handle; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L290 TraceCheckUtils]: 89: Hoare triple {7644#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L290 TraceCheckUtils]: 90: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7644#false} {7644#false} #964#return; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L290 TraceCheckUtils]: 92: Hoare triple {7644#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {7644#false} is VALID [2022-02-20 18:05:13,233 INFO L290 TraceCheckUtils]: 93: Hoare triple {7644#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 94: Hoare triple {7644#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 95: Hoare triple {7644#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 96: Hoare triple {7644#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L272 TraceCheckUtils]: 97: Hoare triple {7644#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 98: Hoare triple {7644#false} ~handle := #in~handle;~value := #in~value; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 99: Hoare triple {7644#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 100: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {7644#false} {7644#false} #970#return; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 102: Hoare triple {7644#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {7644#false} is VALID [2022-02-20 18:05:13,234 INFO L290 TraceCheckUtils]: 103: Hoare triple {7644#false} assume 0 != ~in_encrypted~0; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L272 TraceCheckUtils]: 104: Hoare triple {7644#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L290 TraceCheckUtils]: 105: Hoare triple {7644#false} ~handle := #in~handle;havoc ~retValue_acc~36; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L290 TraceCheckUtils]: 106: Hoare triple {7644#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L290 TraceCheckUtils]: 107: Hoare triple {7644#false} assume true; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {7644#false} {7644#false} #972#return; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L290 TraceCheckUtils]: 109: Hoare triple {7644#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L290 TraceCheckUtils]: 110: Hoare triple {7644#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {7644#false} is VALID [2022-02-20 18:05:13,235 INFO L290 TraceCheckUtils]: 111: Hoare triple {7644#false} assume !false; {7644#false} is VALID [2022-02-20 18:05:13,236 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:05:13,236 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:13,236 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1456841238] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:13,236 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:13,236 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:05:13,236 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [272372315] [2022-02-20 18:05:13,237 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:13,238 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 18:05:13,239 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:13,239 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:13,309 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:13,309 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:13,309 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:13,310 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:13,310 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:13,311 INFO L87 Difference]: Start difference. First operand 392 states and 589 transitions. Second operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:14,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:14,183 INFO L93 Difference]: Finished difference Result 775 states and 1168 transitions. [2022-02-20 18:05:14,183 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:05:14,183 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 18:05:14,183 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:14,184 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:14,197 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 996 transitions. [2022-02-20 18:05:14,197 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:14,205 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 996 transitions. [2022-02-20 18:05:14,205 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 996 transitions. [2022-02-20 18:05:14,826 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 996 edges. 996 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:14,847 INFO L225 Difference]: With dead ends: 775 [2022-02-20 18:05:14,847 INFO L226 Difference]: Without dead ends: 394 [2022-02-20 18:05:14,848 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 131 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:05:14,849 INFO L933 BasicCegarLoop]: 494 mSDtfsCounter, 125 mSDsluCounter, 1338 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 1832 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:14,849 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 1832 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:14,850 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 394 states. [2022-02-20 18:05:14,887 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 394 to 394. [2022-02-20 18:05:14,887 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:14,888 INFO L82 GeneralOperation]: Start isEquivalent. First operand 394 states. Second operand has 394 states, 305 states have (on average 1.518032786885246) internal successors, (463), 309 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:05:14,889 INFO L74 IsIncluded]: Start isIncluded. First operand 394 states. Second operand has 394 states, 305 states have (on average 1.518032786885246) internal successors, (463), 309 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:05:14,889 INFO L87 Difference]: Start difference. First operand 394 states. Second operand has 394 states, 305 states have (on average 1.518032786885246) internal successors, (463), 309 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:05:14,899 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:14,899 INFO L93 Difference]: Finished difference Result 394 states and 592 transitions. [2022-02-20 18:05:14,899 INFO L276 IsEmpty]: Start isEmpty. Operand 394 states and 592 transitions. [2022-02-20 18:05:14,900 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:14,900 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:14,901 INFO L74 IsIncluded]: Start isIncluded. First operand has 394 states, 305 states have (on average 1.518032786885246) internal successors, (463), 309 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) Second operand 394 states. [2022-02-20 18:05:14,902 INFO L87 Difference]: Start difference. First operand has 394 states, 305 states have (on average 1.518032786885246) internal successors, (463), 309 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) Second operand 394 states. [2022-02-20 18:05:14,911 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:14,911 INFO L93 Difference]: Finished difference Result 394 states and 592 transitions. [2022-02-20 18:05:14,911 INFO L276 IsEmpty]: Start isEmpty. Operand 394 states and 592 transitions. [2022-02-20 18:05:14,912 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:14,912 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:14,913 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:14,913 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:14,914 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 394 states, 305 states have (on average 1.518032786885246) internal successors, (463), 309 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:05:14,924 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 394 states to 394 states and 592 transitions. [2022-02-20 18:05:14,925 INFO L78 Accepts]: Start accepts. Automaton has 394 states and 592 transitions. Word has length 112 [2022-02-20 18:05:14,925 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:14,925 INFO L470 AbstractCegarLoop]: Abstraction has 394 states and 592 transitions. [2022-02-20 18:05:14,926 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:14,926 INFO L276 IsEmpty]: Start isEmpty. Operand 394 states and 592 transitions. [2022-02-20 18:05:14,928 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 18:05:14,928 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:14,928 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:14,965 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:15,141 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:15,141 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:15,142 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:15,142 INFO L85 PathProgramCache]: Analyzing trace with hash 1112941486, now seen corresponding path program 1 times [2022-02-20 18:05:15,142 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:15,142 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1137870769] [2022-02-20 18:05:15,142 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:15,142 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:15,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:15,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,226 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10483#true} #1020#return; {10483#true} is VALID [2022-02-20 18:05:15,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:15,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10483#true} #1022#return; {10483#true} is VALID [2022-02-20 18:05:15,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:15,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,261 INFO L290 TraceCheckUtils]: 0: Hoare triple {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10543#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {10543#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10543#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {10543#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10544#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,262 INFO L290 TraceCheckUtils]: 3: Hoare triple {10544#(= 2 |setClientId_#in~handle|)} assume true; {10544#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,263 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10544#(= 2 |setClientId_#in~handle|)} {10493#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1024#return; {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:15,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:15,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10545#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:15,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {10545#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10546#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:15,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {10546#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10546#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:15,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10546#(= |setClientPrivateKey_#in~handle| 1)} {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1026#return; {10484#false} is VALID [2022-02-20 18:05:15,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:05:15,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,286 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,286 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #1028#return; {10484#false} is VALID [2022-02-20 18:05:15,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:05:15,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #1030#return; {10484#false} is VALID [2022-02-20 18:05:15,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:05:15,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,300 INFO L290 TraceCheckUtils]: 0: Hoare triple {10547#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #1006#return; {10484#false} is VALID [2022-02-20 18:05:15,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:05:15,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {10548#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #1008#return; {10484#false} is VALID [2022-02-20 18:05:15,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:05:15,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {10483#true} ~handle := #in~handle;havoc ~retValue_acc~19; {10483#true} is VALID [2022-02-20 18:05:15,314 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {10483#true} is VALID [2022-02-20 18:05:15,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,315 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #960#return; {10484#false} is VALID [2022-02-20 18:05:15,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:05:15,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {10483#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10483#true} is VALID [2022-02-20 18:05:15,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10483#true} is VALID [2022-02-20 18:05:15,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #962#return; {10484#false} is VALID [2022-02-20 18:05:15,318 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:05:15,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {10483#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {10483#true} is VALID [2022-02-20 18:05:15,324 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle; {10483#true} is VALID [2022-02-20 18:05:15,324 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {10483#true} is VALID [2022-02-20 18:05:15,324 INFO L290 TraceCheckUtils]: 3: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,324 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10483#true} {10484#false} #964#return; {10484#false} is VALID [2022-02-20 18:05:15,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:05:15,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {10547#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #970#return; {10484#false} is VALID [2022-02-20 18:05:15,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:05:15,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,331 INFO L290 TraceCheckUtils]: 0: Hoare triple {10483#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10483#true} is VALID [2022-02-20 18:05:15,331 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {10483#true} is VALID [2022-02-20 18:05:15,331 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,331 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10483#true} {10484#false} #972#return; {10484#false} is VALID [2022-02-20 18:05:15,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {10483#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {10483#true} is VALID [2022-02-20 18:05:15,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10483#true} is VALID [2022-02-20 18:05:15,332 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10483#true} is VALID [2022-02-20 18:05:15,332 INFO L290 TraceCheckUtils]: 3: Hoare triple {10483#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {10483#true} is VALID [2022-02-20 18:05:15,332 INFO L290 TraceCheckUtils]: 4: Hoare triple {10483#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {10483#true} is VALID [2022-02-20 18:05:15,332 INFO L290 TraceCheckUtils]: 5: Hoare triple {10483#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10483#true} is VALID [2022-02-20 18:05:15,333 INFO L272 TraceCheckUtils]: 6: Hoare triple {10483#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:15,333 INFO L290 TraceCheckUtils]: 7: Hoare triple {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,333 INFO L290 TraceCheckUtils]: 8: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,333 INFO L290 TraceCheckUtils]: 9: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,333 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10483#true} {10483#true} #1020#return; {10483#true} is VALID [2022-02-20 18:05:15,334 INFO L290 TraceCheckUtils]: 11: Hoare triple {10483#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10483#true} is VALID [2022-02-20 18:05:15,334 INFO L272 TraceCheckUtils]: 12: Hoare triple {10483#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:15,334 INFO L290 TraceCheckUtils]: 13: Hoare triple {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,334 INFO L290 TraceCheckUtils]: 14: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,334 INFO L290 TraceCheckUtils]: 15: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,335 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10483#true} {10483#true} #1022#return; {10483#true} is VALID [2022-02-20 18:05:15,335 INFO L290 TraceCheckUtils]: 17: Hoare triple {10483#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10493#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:15,336 INFO L272 TraceCheckUtils]: 18: Hoare triple {10493#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:15,336 INFO L290 TraceCheckUtils]: 19: Hoare triple {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10543#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,336 INFO L290 TraceCheckUtils]: 20: Hoare triple {10543#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10543#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,336 INFO L290 TraceCheckUtils]: 21: Hoare triple {10543#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10544#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,337 INFO L290 TraceCheckUtils]: 22: Hoare triple {10544#(= 2 |setClientId_#in~handle|)} assume true; {10544#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:15,337 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10544#(= 2 |setClientId_#in~handle|)} {10493#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1024#return; {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:15,337 INFO L290 TraceCheckUtils]: 24: Hoare triple {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:15,338 INFO L272 TraceCheckUtils]: 25: Hoare triple {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:15,338 INFO L290 TraceCheckUtils]: 26: Hoare triple {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10545#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:15,339 INFO L290 TraceCheckUtils]: 27: Hoare triple {10545#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10546#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:15,339 INFO L290 TraceCheckUtils]: 28: Hoare triple {10546#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10546#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:15,339 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10546#(= |setClientPrivateKey_#in~handle| 1)} {10499#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1026#return; {10484#false} is VALID [2022-02-20 18:05:15,339 INFO L290 TraceCheckUtils]: 30: Hoare triple {10484#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10484#false} is VALID [2022-02-20 18:05:15,340 INFO L272 TraceCheckUtils]: 31: Hoare triple {10484#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:15,340 INFO L290 TraceCheckUtils]: 32: Hoare triple {10541#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,340 INFO L290 TraceCheckUtils]: 33: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,349 INFO L290 TraceCheckUtils]: 34: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,349 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10483#true} {10484#false} #1028#return; {10484#false} is VALID [2022-02-20 18:05:15,349 INFO L290 TraceCheckUtils]: 36: Hoare triple {10484#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10484#false} is VALID [2022-02-20 18:05:15,349 INFO L272 TraceCheckUtils]: 37: Hoare triple {10484#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:15,349 INFO L290 TraceCheckUtils]: 38: Hoare triple {10542#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,349 INFO L290 TraceCheckUtils]: 39: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,349 INFO L290 TraceCheckUtils]: 40: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,350 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10483#true} {10484#false} #1030#return; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 42: Hoare triple {10484#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 43: Hoare triple {10484#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 44: Hoare triple {10484#false} assume !false; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 45: Hoare triple {10484#false} assume test_~splverifierCounter~0#1 < 4; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 46: Hoare triple {10484#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 47: Hoare triple {10484#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 48: Hoare triple {10484#false} assume !(0 != test_~tmp___9~0#1); {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 49: Hoare triple {10484#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 50: Hoare triple {10484#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 51: Hoare triple {10484#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 52: Hoare triple {10484#false} assume { :end_inline_setClientAutoResponse } true; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 53: Hoare triple {10484#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 54: Hoare triple {10484#false} assume !false; {10484#false} is VALID [2022-02-20 18:05:15,350 INFO L290 TraceCheckUtils]: 55: Hoare triple {10484#false} assume !(test_~splverifierCounter~0#1 < 4); {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 56: Hoare triple {10484#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L272 TraceCheckUtils]: 57: Hoare triple {10484#false} call sendEmail(~bob~0, ~rjh~0); {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 58: Hoare triple {10484#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L272 TraceCheckUtils]: 59: Hoare triple {10484#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10547#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 60: Hoare triple {10547#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 61: Hoare triple {10483#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 62: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,351 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {10483#true} {10484#false} #1006#return; {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L272 TraceCheckUtils]: 64: Hoare triple {10484#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10548#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 65: Hoare triple {10548#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 66: Hoare triple {10483#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 67: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,351 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {10483#true} {10484#false} #1008#return; {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 69: Hoare triple {10484#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L290 TraceCheckUtils]: 70: Hoare triple {10484#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {10484#false} is VALID [2022-02-20 18:05:15,351 INFO L272 TraceCheckUtils]: 71: Hoare triple {10484#false} call outgoing(~sender#1, ~email~0#1); {10484#false} is VALID [2022-02-20 18:05:15,352 INFO L290 TraceCheckUtils]: 72: Hoare triple {10484#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L272 TraceCheckUtils]: 73: Hoare triple {10484#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 74: Hoare triple {10483#true} ~handle := #in~handle;havoc ~retValue_acc~19; {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 75: Hoare triple {10483#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 76: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {10483#true} {10484#false} #960#return; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 78: Hoare triple {10484#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 79: Hoare triple {10484#false} assume 0 == sign_~privkey~1#1; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 80: Hoare triple {10484#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L272 TraceCheckUtils]: 81: Hoare triple {10484#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 82: Hoare triple {10483#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 83: Hoare triple {10483#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 84: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,355 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {10483#true} {10484#false} #962#return; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L290 TraceCheckUtils]: 86: Hoare triple {10484#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {10484#false} is VALID [2022-02-20 18:05:15,355 INFO L272 TraceCheckUtils]: 87: Hoare triple {10484#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 88: Hoare triple {10483#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 89: Hoare triple {10483#true} assume 1 == ~handle; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 90: Hoare triple {10483#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 91: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10483#true} {10484#false} #964#return; {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 93: Hoare triple {10484#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 94: Hoare triple {10484#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 95: Hoare triple {10484#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 96: Hoare triple {10484#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 97: Hoare triple {10484#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L272 TraceCheckUtils]: 98: Hoare triple {10484#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {10547#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 99: Hoare triple {10547#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 100: Hoare triple {10483#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 101: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,356 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {10483#true} {10484#false} #970#return; {10484#false} is VALID [2022-02-20 18:05:15,356 INFO L290 TraceCheckUtils]: 103: Hoare triple {10484#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {10484#false} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 104: Hoare triple {10484#false} assume 0 != ~in_encrypted~0; {10484#false} is VALID [2022-02-20 18:05:15,357 INFO L272 TraceCheckUtils]: 105: Hoare triple {10484#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10483#true} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 106: Hoare triple {10483#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10483#true} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 107: Hoare triple {10483#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {10483#true} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 108: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,357 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {10483#true} {10484#false} #972#return; {10484#false} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 110: Hoare triple {10484#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {10484#false} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 111: Hoare triple {10484#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {10484#false} is VALID [2022-02-20 18:05:15,357 INFO L290 TraceCheckUtils]: 112: Hoare triple {10484#false} assume !false; {10484#false} is VALID [2022-02-20 18:05:15,357 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:15,357 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:15,357 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1137870769] [2022-02-20 18:05:15,358 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1137870769] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:15,358 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [26175929] [2022-02-20 18:05:15,358 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:15,358 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:15,358 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:15,359 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:15,385 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:05:15,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,597 INFO L263 TraceCheckSpWp]: Trace formula consists of 1098 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:05:15,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:15,626 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:15,832 INFO L290 TraceCheckUtils]: 0: Hoare triple {10483#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {10483#true} is VALID [2022-02-20 18:05:15,832 INFO L290 TraceCheckUtils]: 1: Hoare triple {10483#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10483#true} is VALID [2022-02-20 18:05:15,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {10483#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10483#true} is VALID [2022-02-20 18:05:15,832 INFO L290 TraceCheckUtils]: 3: Hoare triple {10483#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L290 TraceCheckUtils]: 4: Hoare triple {10483#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L290 TraceCheckUtils]: 5: Hoare triple {10483#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L272 TraceCheckUtils]: 6: Hoare triple {10483#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L290 TraceCheckUtils]: 7: Hoare triple {10483#true} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L290 TraceCheckUtils]: 8: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L290 TraceCheckUtils]: 9: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,833 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10483#true} {10483#true} #1020#return; {10483#true} is VALID [2022-02-20 18:05:15,834 INFO L290 TraceCheckUtils]: 11: Hoare triple {10483#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10483#true} is VALID [2022-02-20 18:05:15,834 INFO L272 TraceCheckUtils]: 12: Hoare triple {10483#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10483#true} is VALID [2022-02-20 18:05:15,834 INFO L290 TraceCheckUtils]: 13: Hoare triple {10483#true} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,834 INFO L290 TraceCheckUtils]: 14: Hoare triple {10483#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,834 INFO L290 TraceCheckUtils]: 15: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,834 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10483#true} {10483#true} #1022#return; {10483#true} is VALID [2022-02-20 18:05:15,835 INFO L290 TraceCheckUtils]: 17: Hoare triple {10483#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:15,835 INFO L272 TraceCheckUtils]: 18: Hoare triple {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10483#true} is VALID [2022-02-20 18:05:15,836 INFO L290 TraceCheckUtils]: 19: Hoare triple {10483#true} ~handle := #in~handle;~value := #in~value; {10483#true} is VALID [2022-02-20 18:05:15,836 INFO L290 TraceCheckUtils]: 20: Hoare triple {10483#true} assume !(1 == ~handle); {10483#true} is VALID [2022-02-20 18:05:15,836 INFO L290 TraceCheckUtils]: 21: Hoare triple {10483#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10483#true} is VALID [2022-02-20 18:05:15,836 INFO L290 TraceCheckUtils]: 22: Hoare triple {10483#true} assume true; {10483#true} is VALID [2022-02-20 18:05:15,837 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10483#true} {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1024#return; {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:15,837 INFO L290 TraceCheckUtils]: 24: Hoare triple {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:15,837 INFO L272 TraceCheckUtils]: 25: Hoare triple {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10483#true} is VALID [2022-02-20 18:05:15,838 INFO L290 TraceCheckUtils]: 26: Hoare triple {10483#true} ~handle := #in~handle;~value := #in~value; {10631#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:05:15,838 INFO L290 TraceCheckUtils]: 27: Hoare triple {10631#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10635#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:15,838 INFO L290 TraceCheckUtils]: 28: Hoare triple {10635#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10635#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:15,839 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10635#(<= |setClientPrivateKey_#in~handle| 1)} {10603#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1026#return; {10484#false} is VALID [2022-02-20 18:05:15,839 INFO L290 TraceCheckUtils]: 30: Hoare triple {10484#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10484#false} is VALID [2022-02-20 18:05:15,839 INFO L272 TraceCheckUtils]: 31: Hoare triple {10484#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10484#false} is VALID [2022-02-20 18:05:15,839 INFO L290 TraceCheckUtils]: 32: Hoare triple {10484#false} ~handle := #in~handle;~value := #in~value; {10484#false} is VALID [2022-02-20 18:05:15,840 INFO L290 TraceCheckUtils]: 33: Hoare triple {10484#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10484#false} is VALID [2022-02-20 18:05:15,840 INFO L290 TraceCheckUtils]: 34: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,840 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10484#false} {10484#false} #1028#return; {10484#false} is VALID [2022-02-20 18:05:15,840 INFO L290 TraceCheckUtils]: 36: Hoare triple {10484#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10484#false} is VALID [2022-02-20 18:05:15,840 INFO L272 TraceCheckUtils]: 37: Hoare triple {10484#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10484#false} is VALID [2022-02-20 18:05:15,840 INFO L290 TraceCheckUtils]: 38: Hoare triple {10484#false} ~handle := #in~handle;~value := #in~value; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L290 TraceCheckUtils]: 39: Hoare triple {10484#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L290 TraceCheckUtils]: 40: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10484#false} {10484#false} #1030#return; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L290 TraceCheckUtils]: 42: Hoare triple {10484#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L290 TraceCheckUtils]: 43: Hoare triple {10484#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L290 TraceCheckUtils]: 44: Hoare triple {10484#false} assume !false; {10484#false} is VALID [2022-02-20 18:05:15,841 INFO L290 TraceCheckUtils]: 45: Hoare triple {10484#false} assume test_~splverifierCounter~0#1 < 4; {10484#false} is VALID [2022-02-20 18:05:15,842 INFO L290 TraceCheckUtils]: 46: Hoare triple {10484#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10484#false} is VALID [2022-02-20 18:05:15,842 INFO L290 TraceCheckUtils]: 47: Hoare triple {10484#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {10484#false} is VALID [2022-02-20 18:05:15,842 INFO L290 TraceCheckUtils]: 48: Hoare triple {10484#false} assume !(0 != test_~tmp___9~0#1); {10484#false} is VALID [2022-02-20 18:05:15,842 INFO L290 TraceCheckUtils]: 49: Hoare triple {10484#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {10484#false} is VALID [2022-02-20 18:05:15,842 INFO L290 TraceCheckUtils]: 50: Hoare triple {10484#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10484#false} is VALID [2022-02-20 18:05:15,842 INFO L290 TraceCheckUtils]: 51: Hoare triple {10484#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L290 TraceCheckUtils]: 52: Hoare triple {10484#false} assume { :end_inline_setClientAutoResponse } true; {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L290 TraceCheckUtils]: 53: Hoare triple {10484#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L290 TraceCheckUtils]: 54: Hoare triple {10484#false} assume !false; {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L290 TraceCheckUtils]: 55: Hoare triple {10484#false} assume !(test_~splverifierCounter~0#1 < 4); {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L290 TraceCheckUtils]: 56: Hoare triple {10484#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L272 TraceCheckUtils]: 57: Hoare triple {10484#false} call sendEmail(~bob~0, ~rjh~0); {10484#false} is VALID [2022-02-20 18:05:15,843 INFO L290 TraceCheckUtils]: 58: Hoare triple {10484#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10484#false} is VALID [2022-02-20 18:05:15,844 INFO L272 TraceCheckUtils]: 59: Hoare triple {10484#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10484#false} is VALID [2022-02-20 18:05:15,844 INFO L290 TraceCheckUtils]: 60: Hoare triple {10484#false} ~handle := #in~handle;~value := #in~value; {10484#false} is VALID [2022-02-20 18:05:15,844 INFO L290 TraceCheckUtils]: 61: Hoare triple {10484#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10484#false} is VALID [2022-02-20 18:05:15,844 INFO L290 TraceCheckUtils]: 62: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,844 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {10484#false} {10484#false} #1006#return; {10484#false} is VALID [2022-02-20 18:05:15,844 INFO L272 TraceCheckUtils]: 64: Hoare triple {10484#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L290 TraceCheckUtils]: 65: Hoare triple {10484#false} ~handle := #in~handle;~value := #in~value; {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L290 TraceCheckUtils]: 66: Hoare triple {10484#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L290 TraceCheckUtils]: 67: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {10484#false} {10484#false} #1008#return; {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L290 TraceCheckUtils]: 69: Hoare triple {10484#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L290 TraceCheckUtils]: 70: Hoare triple {10484#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {10484#false} is VALID [2022-02-20 18:05:15,845 INFO L272 TraceCheckUtils]: 71: Hoare triple {10484#false} call outgoing(~sender#1, ~email~0#1); {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L290 TraceCheckUtils]: 72: Hoare triple {10484#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L272 TraceCheckUtils]: 73: Hoare triple {10484#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L290 TraceCheckUtils]: 74: Hoare triple {10484#false} ~handle := #in~handle;havoc ~retValue_acc~19; {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L290 TraceCheckUtils]: 75: Hoare triple {10484#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L290 TraceCheckUtils]: 76: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {10484#false} {10484#false} #960#return; {10484#false} is VALID [2022-02-20 18:05:15,846 INFO L290 TraceCheckUtils]: 78: Hoare triple {10484#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {10484#false} is VALID [2022-02-20 18:05:15,847 INFO L290 TraceCheckUtils]: 79: Hoare triple {10484#false} assume 0 == sign_~privkey~1#1; {10484#false} is VALID [2022-02-20 18:05:15,847 INFO L290 TraceCheckUtils]: 80: Hoare triple {10484#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {10484#false} is VALID [2022-02-20 18:05:15,847 INFO L272 TraceCheckUtils]: 81: Hoare triple {10484#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {10484#false} is VALID [2022-02-20 18:05:15,847 INFO L290 TraceCheckUtils]: 82: Hoare triple {10484#false} ~handle := #in~handle;havoc ~retValue_acc~33; {10484#false} is VALID [2022-02-20 18:05:15,847 INFO L290 TraceCheckUtils]: 83: Hoare triple {10484#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10484#false} is VALID [2022-02-20 18:05:15,847 INFO L290 TraceCheckUtils]: 84: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {10484#false} {10484#false} #962#return; {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L290 TraceCheckUtils]: 86: Hoare triple {10484#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L272 TraceCheckUtils]: 87: Hoare triple {10484#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L290 TraceCheckUtils]: 88: Hoare triple {10484#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L290 TraceCheckUtils]: 89: Hoare triple {10484#false} assume 1 == ~handle; {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L290 TraceCheckUtils]: 90: Hoare triple {10484#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {10484#false} is VALID [2022-02-20 18:05:15,848 INFO L290 TraceCheckUtils]: 91: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10484#false} {10484#false} #964#return; {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L290 TraceCheckUtils]: 93: Hoare triple {10484#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L290 TraceCheckUtils]: 94: Hoare triple {10484#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L290 TraceCheckUtils]: 95: Hoare triple {10484#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L290 TraceCheckUtils]: 96: Hoare triple {10484#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L290 TraceCheckUtils]: 97: Hoare triple {10484#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {10484#false} is VALID [2022-02-20 18:05:15,849 INFO L272 TraceCheckUtils]: 98: Hoare triple {10484#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {10484#false} is VALID [2022-02-20 18:05:15,850 INFO L290 TraceCheckUtils]: 99: Hoare triple {10484#false} ~handle := #in~handle;~value := #in~value; {10484#false} is VALID [2022-02-20 18:05:15,850 INFO L290 TraceCheckUtils]: 100: Hoare triple {10484#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10484#false} is VALID [2022-02-20 18:05:15,850 INFO L290 TraceCheckUtils]: 101: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,850 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {10484#false} {10484#false} #970#return; {10484#false} is VALID [2022-02-20 18:05:15,850 INFO L290 TraceCheckUtils]: 103: Hoare triple {10484#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {10484#false} is VALID [2022-02-20 18:05:15,850 INFO L290 TraceCheckUtils]: 104: Hoare triple {10484#false} assume 0 != ~in_encrypted~0; {10484#false} is VALID [2022-02-20 18:05:15,851 INFO L272 TraceCheckUtils]: 105: Hoare triple {10484#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10484#false} is VALID [2022-02-20 18:05:15,851 INFO L290 TraceCheckUtils]: 106: Hoare triple {10484#false} ~handle := #in~handle;havoc ~retValue_acc~36; {10484#false} is VALID [2022-02-20 18:05:15,852 INFO L290 TraceCheckUtils]: 107: Hoare triple {10484#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {10484#false} is VALID [2022-02-20 18:05:15,852 INFO L290 TraceCheckUtils]: 108: Hoare triple {10484#false} assume true; {10484#false} is VALID [2022-02-20 18:05:15,852 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {10484#false} {10484#false} #972#return; {10484#false} is VALID [2022-02-20 18:05:15,852 INFO L290 TraceCheckUtils]: 110: Hoare triple {10484#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {10484#false} is VALID [2022-02-20 18:05:15,852 INFO L290 TraceCheckUtils]: 111: Hoare triple {10484#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {10484#false} is VALID [2022-02-20 18:05:15,852 INFO L290 TraceCheckUtils]: 112: Hoare triple {10484#false} assume !false; {10484#false} is VALID [2022-02-20 18:05:15,853 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:05:15,853 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:15,853 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [26175929] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:15,853 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:15,853 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:05:15,854 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1533357368] [2022-02-20 18:05:15,854 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:15,855 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 18:05:15,855 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:15,856 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:15,920 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:15,921 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:15,921 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:15,921 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:15,921 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:05:15,922 INFO L87 Difference]: Start difference. First operand 394 states and 592 transitions. Second operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:16,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:16,891 INFO L93 Difference]: Finished difference Result 777 states and 1173 transitions. [2022-02-20 18:05:16,891 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:05:16,891 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 18:05:16,891 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:16,892 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:16,900 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 995 transitions. [2022-02-20 18:05:16,901 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:16,908 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 995 transitions. [2022-02-20 18:05:16,908 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 995 transitions. [2022-02-20 18:05:17,513 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 995 edges. 995 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:17,528 INFO L225 Difference]: With dead ends: 777 [2022-02-20 18:05:17,529 INFO L226 Difference]: Without dead ends: 396 [2022-02-20 18:05:17,530 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 145 GetRequests, 131 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:05:17,531 INFO L933 BasicCegarLoop]: 492 mSDtfsCounter, 124 mSDsluCounter, 1329 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1821 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:17,531 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1821 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:05:17,535 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 396 states. [2022-02-20 18:05:17,615 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 396 to 396. [2022-02-20 18:05:17,615 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:17,617 INFO L82 GeneralOperation]: Start isEquivalent. First operand 396 states. Second operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:17,618 INFO L74 IsIncluded]: Start isIncluded. First operand 396 states. Second operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:17,627 INFO L87 Difference]: Start difference. First operand 396 states. Second operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:17,648 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:17,648 INFO L93 Difference]: Finished difference Result 396 states and 598 transitions. [2022-02-20 18:05:17,648 INFO L276 IsEmpty]: Start isEmpty. Operand 396 states and 598 transitions. [2022-02-20 18:05:17,652 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:17,652 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:17,654 INFO L74 IsIncluded]: Start isIncluded. First operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 396 states. [2022-02-20 18:05:17,655 INFO L87 Difference]: Start difference. First operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 396 states. [2022-02-20 18:05:17,669 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:17,669 INFO L93 Difference]: Finished difference Result 396 states and 598 transitions. [2022-02-20 18:05:17,669 INFO L276 IsEmpty]: Start isEmpty. Operand 396 states and 598 transitions. [2022-02-20 18:05:17,671 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:17,671 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:17,671 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:17,671 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:17,673 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:17,687 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 396 states to 396 states and 598 transitions. [2022-02-20 18:05:17,688 INFO L78 Accepts]: Start accepts. Automaton has 396 states and 598 transitions. Word has length 113 [2022-02-20 18:05:17,688 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:17,688 INFO L470 AbstractCegarLoop]: Abstraction has 396 states and 598 transitions. [2022-02-20 18:05:17,689 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:17,689 INFO L276 IsEmpty]: Start isEmpty. Operand 396 states and 598 transitions. [2022-02-20 18:05:17,693 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 18:05:17,693 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:17,693 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:17,723 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:17,911 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:17,911 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:17,912 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:17,912 INFO L85 PathProgramCache]: Analyzing trace with hash -1060391108, now seen corresponding path program 1 times [2022-02-20 18:05:17,912 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:17,912 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1478946355] [2022-02-20 18:05:17,912 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:17,913 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:17,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:17,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:17,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:17,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:17,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:17,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:17,981 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13336#true} #1020#return; {13336#true} is VALID [2022-02-20 18:05:17,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:17,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:17,992 INFO L290 TraceCheckUtils]: 0: Hoare triple {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:17,992 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:17,992 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:17,992 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13336#true} #1022#return; {13336#true} is VALID [2022-02-20 18:05:17,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:17,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:17,997 INFO L290 TraceCheckUtils]: 0: Hoare triple {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:17,997 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume !(1 == ~handle); {13336#true} is VALID [2022-02-20 18:05:17,997 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:17,997 INFO L290 TraceCheckUtils]: 3: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:17,998 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13336#true} {13336#true} #1024#return; {13336#true} is VALID [2022-02-20 18:05:17,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:18,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume !(1 == ~handle); {13336#true} is VALID [2022-02-20 18:05:18,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,002 INFO L290 TraceCheckUtils]: 3: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,002 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13336#true} {13336#true} #1026#return; {13336#true} is VALID [2022-02-20 18:05:18,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:18,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13396#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:18,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {13396#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13397#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:18,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {13397#(= |setClientId_#in~handle| 1)} assume true; {13397#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:18,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13397#(= |setClientId_#in~handle| 1)} {13356#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {13337#false} is VALID [2022-02-20 18:05:18,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:18,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #1030#return; {13337#false} is VALID [2022-02-20 18:05:18,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:05:18,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {13398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,039 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #1006#return; {13337#false} is VALID [2022-02-20 18:05:18,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:05:18,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {13399#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #1008#return; {13337#false} is VALID [2022-02-20 18:05:18,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:05:18,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {13336#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13336#true} is VALID [2022-02-20 18:05:18,053 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {13336#true} is VALID [2022-02-20 18:05:18,053 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,053 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #960#return; {13337#false} is VALID [2022-02-20 18:05:18,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:05:18,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {13336#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13336#true} is VALID [2022-02-20 18:05:18,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13336#true} is VALID [2022-02-20 18:05:18,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,058 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #962#return; {13337#false} is VALID [2022-02-20 18:05:18,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:05:18,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {13336#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {13336#true} is VALID [2022-02-20 18:05:18,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle; {13336#true} is VALID [2022-02-20 18:05:18,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {13336#true} is VALID [2022-02-20 18:05:18,061 INFO L290 TraceCheckUtils]: 3: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,061 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13336#true} {13337#false} #964#return; {13337#false} is VALID [2022-02-20 18:05:18,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:05:18,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {13398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,063 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,063 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,064 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #970#return; {13337#false} is VALID [2022-02-20 18:05:18,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:05:18,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {13336#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13336#true} {13337#false} #972#return; {13337#false} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {13336#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {13336#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {13336#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 3: Hoare triple {13336#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 4: Hoare triple {13336#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {13336#true} is VALID [2022-02-20 18:05:18,066 INFO L290 TraceCheckUtils]: 5: Hoare triple {13336#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13336#true} is VALID [2022-02-20 18:05:18,067 INFO L272 TraceCheckUtils]: 6: Hoare triple {13336#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:18,067 INFO L290 TraceCheckUtils]: 7: Hoare triple {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,067 INFO L290 TraceCheckUtils]: 8: Hoare triple {13336#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,067 INFO L290 TraceCheckUtils]: 9: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,067 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13336#true} {13336#true} #1020#return; {13336#true} is VALID [2022-02-20 18:05:18,067 INFO L290 TraceCheckUtils]: 11: Hoare triple {13336#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13336#true} is VALID [2022-02-20 18:05:18,068 INFO L272 TraceCheckUtils]: 12: Hoare triple {13336#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:18,068 INFO L290 TraceCheckUtils]: 13: Hoare triple {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,068 INFO L290 TraceCheckUtils]: 14: Hoare triple {13336#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,068 INFO L290 TraceCheckUtils]: 15: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,068 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13336#true} {13336#true} #1022#return; {13336#true} is VALID [2022-02-20 18:05:18,068 INFO L290 TraceCheckUtils]: 17: Hoare triple {13336#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13336#true} is VALID [2022-02-20 18:05:18,069 INFO L272 TraceCheckUtils]: 18: Hoare triple {13336#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:18,069 INFO L290 TraceCheckUtils]: 19: Hoare triple {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,069 INFO L290 TraceCheckUtils]: 20: Hoare triple {13336#true} assume !(1 == ~handle); {13336#true} is VALID [2022-02-20 18:05:18,069 INFO L290 TraceCheckUtils]: 21: Hoare triple {13336#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,069 INFO L290 TraceCheckUtils]: 22: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,069 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13336#true} {13336#true} #1024#return; {13336#true} is VALID [2022-02-20 18:05:18,069 INFO L290 TraceCheckUtils]: 24: Hoare triple {13336#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13336#true} is VALID [2022-02-20 18:05:18,070 INFO L272 TraceCheckUtils]: 25: Hoare triple {13336#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:18,070 INFO L290 TraceCheckUtils]: 26: Hoare triple {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,070 INFO L290 TraceCheckUtils]: 27: Hoare triple {13336#true} assume !(1 == ~handle); {13336#true} is VALID [2022-02-20 18:05:18,070 INFO L290 TraceCheckUtils]: 28: Hoare triple {13336#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,070 INFO L290 TraceCheckUtils]: 29: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,070 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13336#true} {13336#true} #1026#return; {13336#true} is VALID [2022-02-20 18:05:18,070 INFO L290 TraceCheckUtils]: 31: Hoare triple {13336#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13356#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:18,071 INFO L272 TraceCheckUtils]: 32: Hoare triple {13356#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:18,071 INFO L290 TraceCheckUtils]: 33: Hoare triple {13394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13396#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:18,071 INFO L290 TraceCheckUtils]: 34: Hoare triple {13396#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13397#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:18,072 INFO L290 TraceCheckUtils]: 35: Hoare triple {13397#(= |setClientId_#in~handle| 1)} assume true; {13397#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:18,072 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13397#(= |setClientId_#in~handle| 1)} {13356#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {13337#false} is VALID [2022-02-20 18:05:18,072 INFO L290 TraceCheckUtils]: 37: Hoare triple {13337#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13337#false} is VALID [2022-02-20 18:05:18,072 INFO L272 TraceCheckUtils]: 38: Hoare triple {13337#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:18,072 INFO L290 TraceCheckUtils]: 39: Hoare triple {13395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,072 INFO L290 TraceCheckUtils]: 40: Hoare triple {13336#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,072 INFO L290 TraceCheckUtils]: 41: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,073 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {13336#true} {13337#false} #1030#return; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 43: Hoare triple {13337#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 44: Hoare triple {13337#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 45: Hoare triple {13337#false} assume !false; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 46: Hoare triple {13337#false} assume test_~splverifierCounter~0#1 < 4; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 47: Hoare triple {13337#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 48: Hoare triple {13337#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 49: Hoare triple {13337#false} assume !(0 != test_~tmp___9~0#1); {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 50: Hoare triple {13337#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 51: Hoare triple {13337#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 52: Hoare triple {13337#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 53: Hoare triple {13337#false} assume { :end_inline_setClientAutoResponse } true; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 54: Hoare triple {13337#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 55: Hoare triple {13337#false} assume !false; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 56: Hoare triple {13337#false} assume !(test_~splverifierCounter~0#1 < 4); {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L290 TraceCheckUtils]: 57: Hoare triple {13337#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {13337#false} is VALID [2022-02-20 18:05:18,073 INFO L272 TraceCheckUtils]: 58: Hoare triple {13337#false} call sendEmail(~bob~0, ~rjh~0); {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 59: Hoare triple {13337#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L272 TraceCheckUtils]: 60: Hoare triple {13337#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 61: Hoare triple {13398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 62: Hoare triple {13336#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 63: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,074 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {13336#true} {13337#false} #1006#return; {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L272 TraceCheckUtils]: 65: Hoare triple {13337#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13399#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 66: Hoare triple {13399#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 67: Hoare triple {13336#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 68: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,074 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {13336#true} {13337#false} #1008#return; {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 70: Hoare triple {13337#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 71: Hoare triple {13337#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L272 TraceCheckUtils]: 72: Hoare triple {13337#false} call outgoing(~sender#1, ~email~0#1); {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L290 TraceCheckUtils]: 73: Hoare triple {13337#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {13337#false} is VALID [2022-02-20 18:05:18,074 INFO L272 TraceCheckUtils]: 74: Hoare triple {13337#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 75: Hoare triple {13336#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 76: Hoare triple {13336#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 77: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {13336#true} {13337#false} #960#return; {13337#false} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 79: Hoare triple {13337#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {13337#false} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 80: Hoare triple {13337#false} assume 0 == sign_~privkey~1#1; {13337#false} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 81: Hoare triple {13337#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {13337#false} is VALID [2022-02-20 18:05:18,075 INFO L272 TraceCheckUtils]: 82: Hoare triple {13337#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 83: Hoare triple {13336#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 84: Hoare triple {13336#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 85: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {13336#true} {13337#false} #962#return; {13337#false} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 87: Hoare triple {13337#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {13337#false} is VALID [2022-02-20 18:05:18,075 INFO L272 TraceCheckUtils]: 88: Hoare triple {13337#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {13336#true} is VALID [2022-02-20 18:05:18,075 INFO L290 TraceCheckUtils]: 89: Hoare triple {13336#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 90: Hoare triple {13336#true} assume 1 == ~handle; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 91: Hoare triple {13336#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 92: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {13336#true} {13337#false} #964#return; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 94: Hoare triple {13337#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 95: Hoare triple {13337#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 96: Hoare triple {13337#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 97: Hoare triple {13337#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 98: Hoare triple {13337#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L272 TraceCheckUtils]: 99: Hoare triple {13337#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {13398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 100: Hoare triple {13398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 101: Hoare triple {13336#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 102: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,076 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {13336#true} {13337#false} #970#return; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 104: Hoare triple {13337#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {13337#false} is VALID [2022-02-20 18:05:18,076 INFO L290 TraceCheckUtils]: 105: Hoare triple {13337#false} assume 0 != ~in_encrypted~0; {13337#false} is VALID [2022-02-20 18:05:18,077 INFO L272 TraceCheckUtils]: 106: Hoare triple {13337#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {13336#true} is VALID [2022-02-20 18:05:18,077 INFO L290 TraceCheckUtils]: 107: Hoare triple {13336#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13336#true} is VALID [2022-02-20 18:05:18,077 INFO L290 TraceCheckUtils]: 108: Hoare triple {13336#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {13336#true} is VALID [2022-02-20 18:05:18,077 INFO L290 TraceCheckUtils]: 109: Hoare triple {13336#true} assume true; {13336#true} is VALID [2022-02-20 18:05:18,077 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {13336#true} {13337#false} #972#return; {13337#false} is VALID [2022-02-20 18:05:18,077 INFO L290 TraceCheckUtils]: 111: Hoare triple {13337#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {13337#false} is VALID [2022-02-20 18:05:18,077 INFO L290 TraceCheckUtils]: 112: Hoare triple {13337#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {13337#false} is VALID [2022-02-20 18:05:18,077 INFO L290 TraceCheckUtils]: 113: Hoare triple {13337#false} assume !false; {13337#false} is VALID [2022-02-20 18:05:18,077 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:18,077 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:18,077 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1478946355] [2022-02-20 18:05:18,077 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1478946355] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:18,078 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:18,078 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:05:18,078 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1489990376] [2022-02-20 18:05:18,078 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:18,078 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 18:05:18,078 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:18,079 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:18,142 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:18,142 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:05:18,142 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:18,143 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:05:18,143 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:18,143 INFO L87 Difference]: Start difference. First operand 396 states and 598 transitions. Second operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:23,900 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:23,901 INFO L93 Difference]: Finished difference Result 885 states and 1338 transitions. [2022-02-20 18:05:23,901 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:05:23,902 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 18:05:23,902 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:23,902 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:23,911 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1152 transitions. [2022-02-20 18:05:23,912 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:23,921 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1152 transitions. [2022-02-20 18:05:23,921 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1152 transitions. [2022-02-20 18:05:24,892 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1152 edges. 1152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:24,907 INFO L225 Difference]: With dead ends: 885 [2022-02-20 18:05:24,907 INFO L226 Difference]: Without dead ends: 512 [2022-02-20 18:05:24,908 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:05:24,909 INFO L933 BasicCegarLoop]: 529 mSDtfsCounter, 1319 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1736 mSolverCounterSat, 438 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1336 SdHoareTripleChecker+Valid, 1344 SdHoareTripleChecker+Invalid, 2174 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 438 IncrementalHoareTripleChecker+Valid, 1736 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:24,909 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1336 Valid, 1344 Invalid, 2174 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [438 Valid, 1736 Invalid, 0 Unknown, 0 Unchecked, 2.5s Time] [2022-02-20 18:05:24,910 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 512 states. [2022-02-20 18:05:25,051 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 512 to 396. [2022-02-20 18:05:25,052 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:25,053 INFO L82 GeneralOperation]: Start isEquivalent. First operand 512 states. Second operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:05:25,054 INFO L74 IsIncluded]: Start isIncluded. First operand 512 states. Second operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:05:25,054 INFO L87 Difference]: Start difference. First operand 512 states. Second operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:05:25,072 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:25,072 INFO L93 Difference]: Finished difference Result 512 states and 771 transitions. [2022-02-20 18:05:25,072 INFO L276 IsEmpty]: Start isEmpty. Operand 512 states and 771 transitions. [2022-02-20 18:05:25,075 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:25,076 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:25,077 INFO L74 IsIncluded]: Start isIncluded. First operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) Second operand 512 states. [2022-02-20 18:05:25,078 INFO L87 Difference]: Start difference. First operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) Second operand 512 states. [2022-02-20 18:05:25,093 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:25,094 INFO L93 Difference]: Finished difference Result 512 states and 771 transitions. [2022-02-20 18:05:25,094 INFO L276 IsEmpty]: Start isEmpty. Operand 512 states and 771 transitions. [2022-02-20 18:05:25,097 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:25,097 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:25,097 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:25,097 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:25,098 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 396 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 311 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:05:25,109 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 396 states to 396 states and 597 transitions. [2022-02-20 18:05:25,110 INFO L78 Accepts]: Start accepts. Automaton has 396 states and 597 transitions. Word has length 114 [2022-02-20 18:05:25,110 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:25,110 INFO L470 AbstractCegarLoop]: Abstraction has 396 states and 597 transitions. [2022-02-20 18:05:25,111 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:25,111 INFO L276 IsEmpty]: Start isEmpty. Operand 396 states and 597 transitions. [2022-02-20 18:05:25,112 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 116 [2022-02-20 18:05:25,112 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:25,113 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:25,113 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:05:25,113 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:25,113 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:25,114 INFO L85 PathProgramCache]: Analyzing trace with hash -1537453393, now seen corresponding path program 2 times [2022-02-20 18:05:25,114 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:25,114 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [416847544] [2022-02-20 18:05:25,114 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:25,114 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:25,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:25,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,166 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,166 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,166 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16260#true} #1020#return; {16260#true} is VALID [2022-02-20 18:05:25,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:25,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16260#true} #1022#return; {16260#true} is VALID [2022-02-20 18:05:25,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:25,176 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume !(1 == ~handle); {16260#true} is VALID [2022-02-20 18:05:25,179 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,179 INFO L290 TraceCheckUtils]: 3: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,179 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16260#true} {16260#true} #1024#return; {16260#true} is VALID [2022-02-20 18:05:25,179 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:25,181 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume !(1 == ~handle); {16260#true} is VALID [2022-02-20 18:05:25,183 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,183 INFO L290 TraceCheckUtils]: 3: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,183 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16260#true} {16260#true} #1026#return; {16260#true} is VALID [2022-02-20 18:05:25,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:25,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16321#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {16321#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16321#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {16321#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16322#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,197 INFO L290 TraceCheckUtils]: 3: Hoare triple {16322#(= 2 |setClientId_#in~handle|)} assume true; {16322#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,197 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16322#(= 2 |setClientId_#in~handle|)} {16280#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {16261#false} is VALID [2022-02-20 18:05:25,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:05:25,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,202 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,202 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #1030#return; {16261#false} is VALID [2022-02-20 18:05:25,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:25,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,210 INFO L290 TraceCheckUtils]: 0: Hoare triple {16323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,211 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,211 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,211 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #1006#return; {16261#false} is VALID [2022-02-20 18:05:25,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:05:25,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {16324#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,219 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #1008#return; {16261#false} is VALID [2022-02-20 18:05:25,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:05:25,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {16260#true} ~handle := #in~handle;havoc ~retValue_acc~19; {16260#true} is VALID [2022-02-20 18:05:25,223 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {16260#true} is VALID [2022-02-20 18:05:25,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,223 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #960#return; {16261#false} is VALID [2022-02-20 18:05:25,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:05:25,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {16260#true} ~handle := #in~handle;havoc ~retValue_acc~33; {16260#true} is VALID [2022-02-20 18:05:25,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {16260#true} is VALID [2022-02-20 18:05:25,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,226 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #962#return; {16261#false} is VALID [2022-02-20 18:05:25,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:05:25,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {16260#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {16260#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle; {16260#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {16260#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 3: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,230 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16260#true} {16261#false} #964#return; {16261#false} is VALID [2022-02-20 18:05:25,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:05:25,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {16323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,233 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #970#return; {16261#false} is VALID [2022-02-20 18:05:25,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:05:25,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {16260#true} ~handle := #in~handle;havoc ~retValue_acc~36; {16260#true} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {16260#true} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16260#true} {16261#false} #972#return; {16261#false} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {16260#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {16260#true} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {16260#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {16260#true} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {16260#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16260#true} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {16260#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {16260#true} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 4: Hoare triple {16260#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {16260#true} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 5: Hoare triple {16260#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16260#true} is VALID [2022-02-20 18:05:25,237 INFO L272 TraceCheckUtils]: 6: Hoare triple {16260#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 7: Hoare triple {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 8: Hoare triple {16260#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 9: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,238 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16260#true} {16260#true} #1020#return; {16260#true} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 11: Hoare triple {16260#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16260#true} is VALID [2022-02-20 18:05:25,238 INFO L272 TraceCheckUtils]: 12: Hoare triple {16260#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 13: Hoare triple {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 14: Hoare triple {16260#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 15: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,239 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16260#true} {16260#true} #1022#return; {16260#true} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 17: Hoare triple {16260#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16260#true} is VALID [2022-02-20 18:05:25,240 INFO L272 TraceCheckUtils]: 18: Hoare triple {16260#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:25,240 INFO L290 TraceCheckUtils]: 19: Hoare triple {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,240 INFO L290 TraceCheckUtils]: 20: Hoare triple {16260#true} assume !(1 == ~handle); {16260#true} is VALID [2022-02-20 18:05:25,240 INFO L290 TraceCheckUtils]: 21: Hoare triple {16260#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,240 INFO L290 TraceCheckUtils]: 22: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,240 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16260#true} {16260#true} #1024#return; {16260#true} is VALID [2022-02-20 18:05:25,240 INFO L290 TraceCheckUtils]: 24: Hoare triple {16260#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16260#true} is VALID [2022-02-20 18:05:25,241 INFO L272 TraceCheckUtils]: 25: Hoare triple {16260#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:25,241 INFO L290 TraceCheckUtils]: 26: Hoare triple {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,241 INFO L290 TraceCheckUtils]: 27: Hoare triple {16260#true} assume !(1 == ~handle); {16260#true} is VALID [2022-02-20 18:05:25,241 INFO L290 TraceCheckUtils]: 28: Hoare triple {16260#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,241 INFO L290 TraceCheckUtils]: 29: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,241 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16260#true} {16260#true} #1026#return; {16260#true} is VALID [2022-02-20 18:05:25,242 INFO L290 TraceCheckUtils]: 31: Hoare triple {16260#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16280#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:25,242 INFO L272 TraceCheckUtils]: 32: Hoare triple {16280#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 33: Hoare triple {16319#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16321#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 34: Hoare triple {16321#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16321#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 35: Hoare triple {16321#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16322#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 36: Hoare triple {16322#(= 2 |setClientId_#in~handle|)} assume true; {16322#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:25,244 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {16322#(= 2 |setClientId_#in~handle|)} {16280#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {16261#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 38: Hoare triple {16261#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {16261#false} is VALID [2022-02-20 18:05:25,244 INFO L272 TraceCheckUtils]: 39: Hoare triple {16261#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 40: Hoare triple {16320#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 41: Hoare triple {16260#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 42: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,245 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {16260#true} {16261#false} #1030#return; {16261#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 44: Hoare triple {16261#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {16261#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 45: Hoare triple {16261#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16261#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 46: Hoare triple {16261#false} assume !false; {16261#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 47: Hoare triple {16261#false} assume test_~splverifierCounter~0#1 < 4; {16261#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 48: Hoare triple {16261#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16261#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 49: Hoare triple {16261#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 50: Hoare triple {16261#false} assume !(0 != test_~tmp___9~0#1); {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 51: Hoare triple {16261#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 52: Hoare triple {16261#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 53: Hoare triple {16261#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 54: Hoare triple {16261#false} assume { :end_inline_setClientAutoResponse } true; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 55: Hoare triple {16261#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 56: Hoare triple {16261#false} assume !false; {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 57: Hoare triple {16261#false} assume !(test_~splverifierCounter~0#1 < 4); {16261#false} is VALID [2022-02-20 18:05:25,246 INFO L290 TraceCheckUtils]: 58: Hoare triple {16261#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {16261#false} is VALID [2022-02-20 18:05:25,247 INFO L272 TraceCheckUtils]: 59: Hoare triple {16261#false} call sendEmail(~bob~0, ~rjh~0); {16261#false} is VALID [2022-02-20 18:05:25,247 INFO L290 TraceCheckUtils]: 60: Hoare triple {16261#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16261#false} is VALID [2022-02-20 18:05:25,247 INFO L272 TraceCheckUtils]: 61: Hoare triple {16261#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:25,247 INFO L290 TraceCheckUtils]: 62: Hoare triple {16323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,247 INFO L290 TraceCheckUtils]: 63: Hoare triple {16260#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,247 INFO L290 TraceCheckUtils]: 64: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,247 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {16260#true} {16261#false} #1006#return; {16261#false} is VALID [2022-02-20 18:05:25,247 INFO L272 TraceCheckUtils]: 66: Hoare triple {16261#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16324#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:25,248 INFO L290 TraceCheckUtils]: 67: Hoare triple {16324#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,248 INFO L290 TraceCheckUtils]: 68: Hoare triple {16260#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,248 INFO L290 TraceCheckUtils]: 69: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,248 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {16260#true} {16261#false} #1008#return; {16261#false} is VALID [2022-02-20 18:05:25,248 INFO L290 TraceCheckUtils]: 71: Hoare triple {16261#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {16261#false} is VALID [2022-02-20 18:05:25,248 INFO L290 TraceCheckUtils]: 72: Hoare triple {16261#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {16261#false} is VALID [2022-02-20 18:05:25,248 INFO L272 TraceCheckUtils]: 73: Hoare triple {16261#false} call outgoing(~sender#1, ~email~0#1); {16261#false} is VALID [2022-02-20 18:05:25,248 INFO L290 TraceCheckUtils]: 74: Hoare triple {16261#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {16261#false} is VALID [2022-02-20 18:05:25,249 INFO L272 TraceCheckUtils]: 75: Hoare triple {16261#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {16260#true} is VALID [2022-02-20 18:05:25,249 INFO L290 TraceCheckUtils]: 76: Hoare triple {16260#true} ~handle := #in~handle;havoc ~retValue_acc~19; {16260#true} is VALID [2022-02-20 18:05:25,249 INFO L290 TraceCheckUtils]: 77: Hoare triple {16260#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {16260#true} is VALID [2022-02-20 18:05:25,249 INFO L290 TraceCheckUtils]: 78: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,249 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {16260#true} {16261#false} #960#return; {16261#false} is VALID [2022-02-20 18:05:25,249 INFO L290 TraceCheckUtils]: 80: Hoare triple {16261#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {16261#false} is VALID [2022-02-20 18:05:25,249 INFO L290 TraceCheckUtils]: 81: Hoare triple {16261#false} assume 0 == sign_~privkey~1#1; {16261#false} is VALID [2022-02-20 18:05:25,249 INFO L290 TraceCheckUtils]: 82: Hoare triple {16261#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {16261#false} is VALID [2022-02-20 18:05:25,250 INFO L272 TraceCheckUtils]: 83: Hoare triple {16261#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {16260#true} is VALID [2022-02-20 18:05:25,250 INFO L290 TraceCheckUtils]: 84: Hoare triple {16260#true} ~handle := #in~handle;havoc ~retValue_acc~33; {16260#true} is VALID [2022-02-20 18:05:25,250 INFO L290 TraceCheckUtils]: 85: Hoare triple {16260#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {16260#true} is VALID [2022-02-20 18:05:25,250 INFO L290 TraceCheckUtils]: 86: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,250 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {16260#true} {16261#false} #962#return; {16261#false} is VALID [2022-02-20 18:05:25,250 INFO L290 TraceCheckUtils]: 88: Hoare triple {16261#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {16261#false} is VALID [2022-02-20 18:05:25,250 INFO L272 TraceCheckUtils]: 89: Hoare triple {16261#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {16260#true} is VALID [2022-02-20 18:05:25,250 INFO L290 TraceCheckUtils]: 90: Hoare triple {16260#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {16260#true} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 91: Hoare triple {16260#true} assume 1 == ~handle; {16260#true} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 92: Hoare triple {16260#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {16260#true} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 93: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,251 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {16260#true} {16261#false} #964#return; {16261#false} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 95: Hoare triple {16261#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {16261#false} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 96: Hoare triple {16261#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {16261#false} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 97: Hoare triple {16261#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {16261#false} is VALID [2022-02-20 18:05:25,251 INFO L290 TraceCheckUtils]: 98: Hoare triple {16261#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {16261#false} is VALID [2022-02-20 18:05:25,252 INFO L290 TraceCheckUtils]: 99: Hoare triple {16261#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {16261#false} is VALID [2022-02-20 18:05:25,252 INFO L272 TraceCheckUtils]: 100: Hoare triple {16261#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {16323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:25,252 INFO L290 TraceCheckUtils]: 101: Hoare triple {16323#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16260#true} is VALID [2022-02-20 18:05:25,252 INFO L290 TraceCheckUtils]: 102: Hoare triple {16260#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16260#true} is VALID [2022-02-20 18:05:25,252 INFO L290 TraceCheckUtils]: 103: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,252 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {16260#true} {16261#false} #970#return; {16261#false} is VALID [2022-02-20 18:05:25,252 INFO L290 TraceCheckUtils]: 105: Hoare triple {16261#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {16261#false} is VALID [2022-02-20 18:05:25,252 INFO L290 TraceCheckUtils]: 106: Hoare triple {16261#false} assume 0 != ~in_encrypted~0; {16261#false} is VALID [2022-02-20 18:05:25,252 INFO L272 TraceCheckUtils]: 107: Hoare triple {16261#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {16260#true} is VALID [2022-02-20 18:05:25,253 INFO L290 TraceCheckUtils]: 108: Hoare triple {16260#true} ~handle := #in~handle;havoc ~retValue_acc~36; {16260#true} is VALID [2022-02-20 18:05:25,253 INFO L290 TraceCheckUtils]: 109: Hoare triple {16260#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {16260#true} is VALID [2022-02-20 18:05:25,253 INFO L290 TraceCheckUtils]: 110: Hoare triple {16260#true} assume true; {16260#true} is VALID [2022-02-20 18:05:25,253 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {16260#true} {16261#false} #972#return; {16261#false} is VALID [2022-02-20 18:05:25,253 INFO L290 TraceCheckUtils]: 112: Hoare triple {16261#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {16261#false} is VALID [2022-02-20 18:05:25,253 INFO L290 TraceCheckUtils]: 113: Hoare triple {16261#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {16261#false} is VALID [2022-02-20 18:05:25,253 INFO L290 TraceCheckUtils]: 114: Hoare triple {16261#false} assume !false; {16261#false} is VALID [2022-02-20 18:05:25,254 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:25,254 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:25,254 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [416847544] [2022-02-20 18:05:25,254 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [416847544] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:25,254 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:25,254 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:05:25,255 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [510577450] [2022-02-20 18:05:25,255 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:25,256 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 18:05:25,256 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:25,256 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:25,323 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:25,323 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:05:25,323 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:25,324 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:05:25,324 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:25,324 INFO L87 Difference]: Start difference. First operand 396 states and 597 transitions. Second operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:30,937 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:30,938 INFO L93 Difference]: Finished difference Result 887 states and 1341 transitions. [2022-02-20 18:05:30,938 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:05:30,938 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 18:05:30,939 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:30,939 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:30,948 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1153 transitions. [2022-02-20 18:05:30,948 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:30,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1153 transitions. [2022-02-20 18:05:30,956 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1153 transitions. [2022-02-20 18:05:31,957 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1153 edges. 1153 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:31,976 INFO L225 Difference]: With dead ends: 887 [2022-02-20 18:05:31,977 INFO L226 Difference]: Without dead ends: 514 [2022-02-20 18:05:31,979 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:05:31,979 INFO L933 BasicCegarLoop]: 558 mSDtfsCounter, 1241 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1827 mSolverCounterSat, 429 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1258 SdHoareTripleChecker+Valid, 1373 SdHoareTripleChecker+Invalid, 2256 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 429 IncrementalHoareTripleChecker+Valid, 1827 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:31,980 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1258 Valid, 1373 Invalid, 2256 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [429 Valid, 1827 Invalid, 0 Unknown, 0 Unchecked, 2.5s Time] [2022-02-20 18:05:31,981 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 514 states. [2022-02-20 18:05:32,075 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 514 to 398. [2022-02-20 18:05:32,076 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:32,077 INFO L82 GeneralOperation]: Start isEquivalent. First operand 514 states. Second operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:05:32,078 INFO L74 IsIncluded]: Start isIncluded. First operand 514 states. Second operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:05:32,078 INFO L87 Difference]: Start difference. First operand 514 states. Second operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:05:32,092 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:32,092 INFO L93 Difference]: Finished difference Result 514 states and 774 transitions. [2022-02-20 18:05:32,092 INFO L276 IsEmpty]: Start isEmpty. Operand 514 states and 774 transitions. [2022-02-20 18:05:32,094 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:32,094 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:32,096 INFO L74 IsIncluded]: Start isIncluded. First operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) Second operand 514 states. [2022-02-20 18:05:32,096 INFO L87 Difference]: Start difference. First operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) Second operand 514 states. [2022-02-20 18:05:32,110 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:32,110 INFO L93 Difference]: Finished difference Result 514 states and 774 transitions. [2022-02-20 18:05:32,110 INFO L276 IsEmpty]: Start isEmpty. Operand 514 states and 774 transitions. [2022-02-20 18:05:32,112 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:32,112 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:32,112 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:32,112 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:32,113 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:05:32,146 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 398 states to 398 states and 600 transitions. [2022-02-20 18:05:32,146 INFO L78 Accepts]: Start accepts. Automaton has 398 states and 600 transitions. Word has length 115 [2022-02-20 18:05:32,146 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:32,147 INFO L470 AbstractCegarLoop]: Abstraction has 398 states and 600 transitions. [2022-02-20 18:05:32,147 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 18:05:32,147 INFO L276 IsEmpty]: Start isEmpty. Operand 398 states and 600 transitions. [2022-02-20 18:05:32,149 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-02-20 18:05:32,149 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:32,149 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:32,149 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:05:32,149 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:32,150 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:32,150 INFO L85 PathProgramCache]: Analyzing trace with hash -2002771209, now seen corresponding path program 1 times [2022-02-20 18:05:32,150 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:32,150 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [253160097] [2022-02-20 18:05:32,150 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:32,151 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:32,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:32,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,201 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,201 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,201 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19193#true} #1020#return; {19193#true} is VALID [2022-02-20 18:05:32,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:32,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,210 INFO L290 TraceCheckUtils]: 0: Hoare triple {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,211 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,211 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,211 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19193#true} #1022#return; {19193#true} is VALID [2022-02-20 18:05:32,211 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:32,212 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,214 INFO L290 TraceCheckUtils]: 0: Hoare triple {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,215 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume !(1 == ~handle); {19193#true} is VALID [2022-02-20 18:05:32,215 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,215 INFO L290 TraceCheckUtils]: 3: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,215 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19193#true} {19193#true} #1024#return; {19193#true} is VALID [2022-02-20 18:05:32,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:32,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume !(1 == ~handle); {19193#true} is VALID [2022-02-20 18:05:32,220 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,220 INFO L290 TraceCheckUtils]: 3: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,220 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19193#true} {19193#true} #1026#return; {19193#true} is VALID [2022-02-20 18:05:32,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:32,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19256#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {19256#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19256#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {19256#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19256#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {19256#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19257#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,237 INFO L290 TraceCheckUtils]: 4: Hoare triple {19257#(= 3 |setClientId_#in~handle|)} assume true; {19257#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,238 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19257#(= 3 |setClientId_#in~handle|)} {19213#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:32,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:32,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19258#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:32,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {19258#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19259#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:32,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {19259#(= |setClientPrivateKey_#in~handle| 1)} assume true; {19259#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:32,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19259#(= |setClientPrivateKey_#in~handle| 1)} {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1030#return; {19194#false} is VALID [2022-02-20 18:05:32,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:05:32,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {19260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,267 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19194#false} #1006#return; {19194#false} is VALID [2022-02-20 18:05:32,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:05:32,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,279 INFO L290 TraceCheckUtils]: 0: Hoare triple {19261#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19194#false} #1008#return; {19194#false} is VALID [2022-02-20 18:05:32,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:05:32,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {19193#true} ~handle := #in~handle;havoc ~retValue_acc~19; {19193#true} is VALID [2022-02-20 18:05:32,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {19193#true} is VALID [2022-02-20 18:05:32,283 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,283 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19194#false} #960#return; {19194#false} is VALID [2022-02-20 18:05:32,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:05:32,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,286 INFO L290 TraceCheckUtils]: 0: Hoare triple {19193#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19193#true} is VALID [2022-02-20 18:05:32,286 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {19193#true} is VALID [2022-02-20 18:05:32,286 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,286 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19194#false} #962#return; {19194#false} is VALID [2022-02-20 18:05:32,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:05:32,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {19193#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {19193#true} is VALID [2022-02-20 18:05:32,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle; {19193#true} is VALID [2022-02-20 18:05:32,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {19193#true} is VALID [2022-02-20 18:05:32,289 INFO L290 TraceCheckUtils]: 3: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,290 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19193#true} {19194#false} #964#return; {19194#false} is VALID [2022-02-20 18:05:32,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:05:32,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {19260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,293 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19194#false} #970#return; {19194#false} is VALID [2022-02-20 18:05:32,293 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:05:32,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {19193#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19193#true} is VALID [2022-02-20 18:05:32,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {19193#true} is VALID [2022-02-20 18:05:32,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,296 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19193#true} {19194#false} #972#return; {19194#false} is VALID [2022-02-20 18:05:32,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {19193#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {19193#true} is VALID [2022-02-20 18:05:32,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {19193#true} is VALID [2022-02-20 18:05:32,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {19193#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19193#true} is VALID [2022-02-20 18:05:32,297 INFO L290 TraceCheckUtils]: 3: Hoare triple {19193#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {19193#true} is VALID [2022-02-20 18:05:32,297 INFO L290 TraceCheckUtils]: 4: Hoare triple {19193#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {19193#true} is VALID [2022-02-20 18:05:32,297 INFO L290 TraceCheckUtils]: 5: Hoare triple {19193#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19193#true} is VALID [2022-02-20 18:05:32,298 INFO L272 TraceCheckUtils]: 6: Hoare triple {19193#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,298 INFO L290 TraceCheckUtils]: 7: Hoare triple {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,298 INFO L290 TraceCheckUtils]: 8: Hoare triple {19193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,298 INFO L290 TraceCheckUtils]: 9: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,298 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19193#true} {19193#true} #1020#return; {19193#true} is VALID [2022-02-20 18:05:32,299 INFO L290 TraceCheckUtils]: 11: Hoare triple {19193#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19193#true} is VALID [2022-02-20 18:05:32,299 INFO L272 TraceCheckUtils]: 12: Hoare triple {19193#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:32,299 INFO L290 TraceCheckUtils]: 13: Hoare triple {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,300 INFO L290 TraceCheckUtils]: 14: Hoare triple {19193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,300 INFO L290 TraceCheckUtils]: 15: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,300 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19193#true} {19193#true} #1022#return; {19193#true} is VALID [2022-02-20 18:05:32,300 INFO L290 TraceCheckUtils]: 17: Hoare triple {19193#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19193#true} is VALID [2022-02-20 18:05:32,301 INFO L272 TraceCheckUtils]: 18: Hoare triple {19193#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,301 INFO L290 TraceCheckUtils]: 19: Hoare triple {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,301 INFO L290 TraceCheckUtils]: 20: Hoare triple {19193#true} assume !(1 == ~handle); {19193#true} is VALID [2022-02-20 18:05:32,301 INFO L290 TraceCheckUtils]: 21: Hoare triple {19193#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,301 INFO L290 TraceCheckUtils]: 22: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,301 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19193#true} {19193#true} #1024#return; {19193#true} is VALID [2022-02-20 18:05:32,301 INFO L290 TraceCheckUtils]: 24: Hoare triple {19193#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19193#true} is VALID [2022-02-20 18:05:32,302 INFO L272 TraceCheckUtils]: 25: Hoare triple {19193#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:32,302 INFO L290 TraceCheckUtils]: 26: Hoare triple {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,302 INFO L290 TraceCheckUtils]: 27: Hoare triple {19193#true} assume !(1 == ~handle); {19193#true} is VALID [2022-02-20 18:05:32,302 INFO L290 TraceCheckUtils]: 28: Hoare triple {19193#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,303 INFO L290 TraceCheckUtils]: 29: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,303 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19193#true} {19193#true} #1026#return; {19193#true} is VALID [2022-02-20 18:05:32,303 INFO L290 TraceCheckUtils]: 31: Hoare triple {19193#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19213#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:32,304 INFO L272 TraceCheckUtils]: 32: Hoare triple {19213#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,304 INFO L290 TraceCheckUtils]: 33: Hoare triple {19254#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19256#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,304 INFO L290 TraceCheckUtils]: 34: Hoare triple {19256#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19256#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,305 INFO L290 TraceCheckUtils]: 35: Hoare triple {19256#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19256#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,305 INFO L290 TraceCheckUtils]: 36: Hoare triple {19256#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19257#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,305 INFO L290 TraceCheckUtils]: 37: Hoare triple {19257#(= 3 |setClientId_#in~handle|)} assume true; {19257#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:32,306 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19257#(= 3 |setClientId_#in~handle|)} {19213#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:32,306 INFO L290 TraceCheckUtils]: 39: Hoare triple {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:32,307 INFO L272 TraceCheckUtils]: 40: Hoare triple {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:32,307 INFO L290 TraceCheckUtils]: 41: Hoare triple {19255#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19258#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:32,308 INFO L290 TraceCheckUtils]: 42: Hoare triple {19258#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19259#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:32,308 INFO L290 TraceCheckUtils]: 43: Hoare triple {19259#(= |setClientPrivateKey_#in~handle| 1)} assume true; {19259#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:32,308 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {19259#(= |setClientPrivateKey_#in~handle| 1)} {19220#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1030#return; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 45: Hoare triple {19194#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 46: Hoare triple {19194#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 47: Hoare triple {19194#false} assume !false; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 48: Hoare triple {19194#false} assume test_~splverifierCounter~0#1 < 4; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 49: Hoare triple {19194#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 50: Hoare triple {19194#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {19194#false} is VALID [2022-02-20 18:05:32,309 INFO L290 TraceCheckUtils]: 51: Hoare triple {19194#false} assume !(0 != test_~tmp___9~0#1); {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 52: Hoare triple {19194#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 53: Hoare triple {19194#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 54: Hoare triple {19194#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 55: Hoare triple {19194#false} assume { :end_inline_setClientAutoResponse } true; {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 56: Hoare triple {19194#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 57: Hoare triple {19194#false} assume !false; {19194#false} is VALID [2022-02-20 18:05:32,310 INFO L290 TraceCheckUtils]: 58: Hoare triple {19194#false} assume !(test_~splverifierCounter~0#1 < 4); {19194#false} is VALID [2022-02-20 18:05:32,311 INFO L290 TraceCheckUtils]: 59: Hoare triple {19194#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {19194#false} is VALID [2022-02-20 18:05:32,311 INFO L272 TraceCheckUtils]: 60: Hoare triple {19194#false} call sendEmail(~bob~0, ~rjh~0); {19194#false} is VALID [2022-02-20 18:05:32,311 INFO L290 TraceCheckUtils]: 61: Hoare triple {19194#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19194#false} is VALID [2022-02-20 18:05:32,311 INFO L272 TraceCheckUtils]: 62: Hoare triple {19194#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:32,311 INFO L290 TraceCheckUtils]: 63: Hoare triple {19260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,311 INFO L290 TraceCheckUtils]: 64: Hoare triple {19193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,311 INFO L290 TraceCheckUtils]: 65: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,312 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {19193#true} {19194#false} #1006#return; {19194#false} is VALID [2022-02-20 18:05:32,312 INFO L272 TraceCheckUtils]: 67: Hoare triple {19194#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19261#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:32,312 INFO L290 TraceCheckUtils]: 68: Hoare triple {19261#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,312 INFO L290 TraceCheckUtils]: 69: Hoare triple {19193#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,312 INFO L290 TraceCheckUtils]: 70: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,312 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {19193#true} {19194#false} #1008#return; {19194#false} is VALID [2022-02-20 18:05:32,312 INFO L290 TraceCheckUtils]: 72: Hoare triple {19194#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {19194#false} is VALID [2022-02-20 18:05:32,312 INFO L290 TraceCheckUtils]: 73: Hoare triple {19194#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {19194#false} is VALID [2022-02-20 18:05:32,313 INFO L272 TraceCheckUtils]: 74: Hoare triple {19194#false} call outgoing(~sender#1, ~email~0#1); {19194#false} is VALID [2022-02-20 18:05:32,313 INFO L290 TraceCheckUtils]: 75: Hoare triple {19194#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {19194#false} is VALID [2022-02-20 18:05:32,313 INFO L272 TraceCheckUtils]: 76: Hoare triple {19194#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {19193#true} is VALID [2022-02-20 18:05:32,313 INFO L290 TraceCheckUtils]: 77: Hoare triple {19193#true} ~handle := #in~handle;havoc ~retValue_acc~19; {19193#true} is VALID [2022-02-20 18:05:32,313 INFO L290 TraceCheckUtils]: 78: Hoare triple {19193#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {19193#true} is VALID [2022-02-20 18:05:32,313 INFO L290 TraceCheckUtils]: 79: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,313 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {19193#true} {19194#false} #960#return; {19194#false} is VALID [2022-02-20 18:05:32,314 INFO L290 TraceCheckUtils]: 81: Hoare triple {19194#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {19194#false} is VALID [2022-02-20 18:05:32,314 INFO L290 TraceCheckUtils]: 82: Hoare triple {19194#false} assume 0 == sign_~privkey~1#1; {19194#false} is VALID [2022-02-20 18:05:32,314 INFO L290 TraceCheckUtils]: 83: Hoare triple {19194#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {19194#false} is VALID [2022-02-20 18:05:32,314 INFO L272 TraceCheckUtils]: 84: Hoare triple {19194#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {19193#true} is VALID [2022-02-20 18:05:32,314 INFO L290 TraceCheckUtils]: 85: Hoare triple {19193#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19193#true} is VALID [2022-02-20 18:05:32,314 INFO L290 TraceCheckUtils]: 86: Hoare triple {19193#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {19193#true} is VALID [2022-02-20 18:05:32,314 INFO L290 TraceCheckUtils]: 87: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,315 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {19193#true} {19194#false} #962#return; {19194#false} is VALID [2022-02-20 18:05:32,315 INFO L290 TraceCheckUtils]: 89: Hoare triple {19194#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {19194#false} is VALID [2022-02-20 18:05:32,315 INFO L272 TraceCheckUtils]: 90: Hoare triple {19194#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {19193#true} is VALID [2022-02-20 18:05:32,315 INFO L290 TraceCheckUtils]: 91: Hoare triple {19193#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {19193#true} is VALID [2022-02-20 18:05:32,315 INFO L290 TraceCheckUtils]: 92: Hoare triple {19193#true} assume 1 == ~handle; {19193#true} is VALID [2022-02-20 18:05:32,315 INFO L290 TraceCheckUtils]: 93: Hoare triple {19193#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {19193#true} is VALID [2022-02-20 18:05:32,315 INFO L290 TraceCheckUtils]: 94: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,315 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {19193#true} {19194#false} #964#return; {19194#false} is VALID [2022-02-20 18:05:32,316 INFO L290 TraceCheckUtils]: 96: Hoare triple {19194#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {19194#false} is VALID [2022-02-20 18:05:32,316 INFO L290 TraceCheckUtils]: 97: Hoare triple {19194#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {19194#false} is VALID [2022-02-20 18:05:32,316 INFO L290 TraceCheckUtils]: 98: Hoare triple {19194#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {19194#false} is VALID [2022-02-20 18:05:32,316 INFO L290 TraceCheckUtils]: 99: Hoare triple {19194#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {19194#false} is VALID [2022-02-20 18:05:32,316 INFO L290 TraceCheckUtils]: 100: Hoare triple {19194#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {19194#false} is VALID [2022-02-20 18:05:32,316 INFO L272 TraceCheckUtils]: 101: Hoare triple {19194#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {19260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:32,316 INFO L290 TraceCheckUtils]: 102: Hoare triple {19260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19193#true} is VALID [2022-02-20 18:05:32,317 INFO L290 TraceCheckUtils]: 103: Hoare triple {19193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19193#true} is VALID [2022-02-20 18:05:32,317 INFO L290 TraceCheckUtils]: 104: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,317 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {19193#true} {19194#false} #970#return; {19194#false} is VALID [2022-02-20 18:05:32,317 INFO L290 TraceCheckUtils]: 106: Hoare triple {19194#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {19194#false} is VALID [2022-02-20 18:05:32,317 INFO L290 TraceCheckUtils]: 107: Hoare triple {19194#false} assume 0 != ~in_encrypted~0; {19194#false} is VALID [2022-02-20 18:05:32,317 INFO L272 TraceCheckUtils]: 108: Hoare triple {19194#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {19193#true} is VALID [2022-02-20 18:05:32,317 INFO L290 TraceCheckUtils]: 109: Hoare triple {19193#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19193#true} is VALID [2022-02-20 18:05:32,318 INFO L290 TraceCheckUtils]: 110: Hoare triple {19193#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {19193#true} is VALID [2022-02-20 18:05:32,318 INFO L290 TraceCheckUtils]: 111: Hoare triple {19193#true} assume true; {19193#true} is VALID [2022-02-20 18:05:32,318 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {19193#true} {19194#false} #972#return; {19194#false} is VALID [2022-02-20 18:05:32,318 INFO L290 TraceCheckUtils]: 113: Hoare triple {19194#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {19194#false} is VALID [2022-02-20 18:05:32,318 INFO L290 TraceCheckUtils]: 114: Hoare triple {19194#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {19194#false} is VALID [2022-02-20 18:05:32,318 INFO L290 TraceCheckUtils]: 115: Hoare triple {19194#false} assume !false; {19194#false} is VALID [2022-02-20 18:05:32,319 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:32,319 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:32,319 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [253160097] [2022-02-20 18:05:32,319 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [253160097] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:32,319 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:32,319 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:05:32,320 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [921424397] [2022-02-20 18:05:32,320 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:32,320 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 18:05:32,320 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:32,321 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:32,393 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:32,394 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:05:32,394 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:32,394 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:05:32,394 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:32,395 INFO L87 Difference]: Start difference. First operand 398 states and 600 transitions. Second operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:40,456 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:40,456 INFO L93 Difference]: Finished difference Result 885 states and 1336 transitions. [2022-02-20 18:05:40,457 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:05:40,457 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 18:05:40,457 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:40,457 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:40,465 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1154 transitions. [2022-02-20 18:05:40,466 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:40,473 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1154 transitions. [2022-02-20 18:05:40,473 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1154 transitions. [2022-02-20 18:05:41,390 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1154 edges. 1154 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:41,413 INFO L225 Difference]: With dead ends: 885 [2022-02-20 18:05:41,413 INFO L226 Difference]: Without dead ends: 514 [2022-02-20 18:05:41,414 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:05:41,415 INFO L933 BasicCegarLoop]: 540 mSDtfsCounter, 1360 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3290 mSolverCounterSat, 485 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1360 SdHoareTripleChecker+Valid, 1672 SdHoareTripleChecker+Invalid, 3775 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 485 IncrementalHoareTripleChecker+Valid, 3290 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:41,415 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1360 Valid, 1672 Invalid, 3775 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [485 Valid, 3290 Invalid, 0 Unknown, 0 Unchecked, 3.7s Time] [2022-02-20 18:05:41,416 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 514 states. [2022-02-20 18:05:41,543 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 514 to 398. [2022-02-20 18:05:41,544 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:41,556 INFO L82 GeneralOperation]: Start isEquivalent. First operand 514 states. Second operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:41,558 INFO L74 IsIncluded]: Start isIncluded. First operand 514 states. Second operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:41,560 INFO L87 Difference]: Start difference. First operand 514 states. Second operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:41,574 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:41,574 INFO L93 Difference]: Finished difference Result 514 states and 773 transitions. [2022-02-20 18:05:41,575 INFO L276 IsEmpty]: Start isEmpty. Operand 514 states and 773 transitions. [2022-02-20 18:05:41,577 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:41,577 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:41,578 INFO L74 IsIncluded]: Start isIncluded. First operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 514 states. [2022-02-20 18:05:41,578 INFO L87 Difference]: Start difference. First operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 514 states. [2022-02-20 18:05:41,593 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:41,593 INFO L93 Difference]: Finished difference Result 514 states and 773 transitions. [2022-02-20 18:05:41,593 INFO L276 IsEmpty]: Start isEmpty. Operand 514 states and 773 transitions. [2022-02-20 18:05:41,595 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:41,595 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:41,595 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:41,595 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:41,597 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 398 states, 307 states have (on average 1.514657980456026) internal successors, (465), 313 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:05:41,607 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 398 states to 398 states and 599 transitions. [2022-02-20 18:05:41,607 INFO L78 Accepts]: Start accepts. Automaton has 398 states and 599 transitions. Word has length 116 [2022-02-20 18:05:41,607 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:41,607 INFO L470 AbstractCegarLoop]: Abstraction has 398 states and 599 transitions. [2022-02-20 18:05:41,608 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:41,608 INFO L276 IsEmpty]: Start isEmpty. Operand 398 states and 599 transitions. [2022-02-20 18:05:41,609 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 18:05:41,609 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:41,609 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:41,609 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:05:41,609 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:41,610 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:41,610 INFO L85 PathProgramCache]: Analyzing trace with hash -1002334185, now seen corresponding path program 2 times [2022-02-20 18:05:41,610 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:41,610 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1142496098] [2022-02-20 18:05:41,610 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:41,610 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:41,648 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:41,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,673 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22135#true} #1020#return; {22135#true} is VALID [2022-02-20 18:05:41,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:41,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,683 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22135#true} #1022#return; {22135#true} is VALID [2022-02-20 18:05:41,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:41,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,685 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume !(1 == ~handle); {22135#true} is VALID [2022-02-20 18:05:41,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,686 INFO L290 TraceCheckUtils]: 3: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,686 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22135#true} {22135#true} #1024#return; {22135#true} is VALID [2022-02-20 18:05:41,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:41,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume !(1 == ~handle); {22135#true} is VALID [2022-02-20 18:05:41,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,690 INFO L290 TraceCheckUtils]: 3: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,690 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22135#true} {22135#true} #1026#return; {22135#true} is VALID [2022-02-20 18:05:41,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:41,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,715 INFO L290 TraceCheckUtils]: 0: Hoare triple {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22199#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,716 INFO L290 TraceCheckUtils]: 1: Hoare triple {22199#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22199#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,716 INFO L290 TraceCheckUtils]: 2: Hoare triple {22199#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22199#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,716 INFO L290 TraceCheckUtils]: 3: Hoare triple {22199#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22200#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,717 INFO L290 TraceCheckUtils]: 4: Hoare triple {22200#(= 3 |setClientId_#in~handle|)} assume true; {22200#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,717 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22200#(= 3 |setClientId_#in~handle|)} {22155#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:05:41,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:41,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,734 INFO L290 TraceCheckUtils]: 1: Hoare triple {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,734 INFO L290 TraceCheckUtils]: 2: Hoare triple {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22202#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,735 INFO L290 TraceCheckUtils]: 3: Hoare triple {22202#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {22202#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,735 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22202#(= 2 |setClientPrivateKey_#in~handle|)} {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1030#return; {22136#false} is VALID [2022-02-20 18:05:41,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:05:41,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {22203#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22136#false} #1006#return; {22136#false} is VALID [2022-02-20 18:05:41,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:05:41,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,756 INFO L290 TraceCheckUtils]: 0: Hoare triple {22204#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,756 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,756 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,756 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22136#false} #1008#return; {22136#false} is VALID [2022-02-20 18:05:41,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:05:41,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {22135#true} ~handle := #in~handle;havoc ~retValue_acc~19; {22135#true} is VALID [2022-02-20 18:05:41,759 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {22135#true} is VALID [2022-02-20 18:05:41,759 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,759 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22136#false} #960#return; {22136#false} is VALID [2022-02-20 18:05:41,759 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:05:41,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,762 INFO L290 TraceCheckUtils]: 0: Hoare triple {22135#true} ~handle := #in~handle;havoc ~retValue_acc~33; {22135#true} is VALID [2022-02-20 18:05:41,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {22135#true} is VALID [2022-02-20 18:05:41,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,763 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22136#false} #962#return; {22136#false} is VALID [2022-02-20 18:05:41,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:05:41,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {22135#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {22135#true} is VALID [2022-02-20 18:05:41,766 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle; {22135#true} is VALID [2022-02-20 18:05:41,766 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {22135#true} is VALID [2022-02-20 18:05:41,766 INFO L290 TraceCheckUtils]: 3: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,767 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22135#true} {22136#false} #964#return; {22136#false} is VALID [2022-02-20 18:05:41,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:05:41,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,770 INFO L290 TraceCheckUtils]: 0: Hoare triple {22203#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,770 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,770 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22136#false} #970#return; {22136#false} is VALID [2022-02-20 18:05:41,770 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:05:41,771 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:41,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {22135#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22135#true} is VALID [2022-02-20 18:05:41,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {22135#true} is VALID [2022-02-20 18:05:41,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,773 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22135#true} {22136#false} #972#return; {22136#false} is VALID [2022-02-20 18:05:41,773 INFO L290 TraceCheckUtils]: 0: Hoare triple {22135#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {22135#true} is VALID [2022-02-20 18:05:41,773 INFO L290 TraceCheckUtils]: 1: Hoare triple {22135#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {22135#true} is VALID [2022-02-20 18:05:41,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {22135#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22135#true} is VALID [2022-02-20 18:05:41,773 INFO L290 TraceCheckUtils]: 3: Hoare triple {22135#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {22135#true} is VALID [2022-02-20 18:05:41,773 INFO L290 TraceCheckUtils]: 4: Hoare triple {22135#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {22135#true} is VALID [2022-02-20 18:05:41,773 INFO L290 TraceCheckUtils]: 5: Hoare triple {22135#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22135#true} is VALID [2022-02-20 18:05:41,774 INFO L272 TraceCheckUtils]: 6: Hoare triple {22135#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:41,774 INFO L290 TraceCheckUtils]: 7: Hoare triple {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,774 INFO L290 TraceCheckUtils]: 8: Hoare triple {22135#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,774 INFO L290 TraceCheckUtils]: 9: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,774 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22135#true} {22135#true} #1020#return; {22135#true} is VALID [2022-02-20 18:05:41,775 INFO L290 TraceCheckUtils]: 11: Hoare triple {22135#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22135#true} is VALID [2022-02-20 18:05:41,775 INFO L272 TraceCheckUtils]: 12: Hoare triple {22135#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:41,775 INFO L290 TraceCheckUtils]: 13: Hoare triple {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,775 INFO L290 TraceCheckUtils]: 14: Hoare triple {22135#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,775 INFO L290 TraceCheckUtils]: 15: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,776 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22135#true} {22135#true} #1022#return; {22135#true} is VALID [2022-02-20 18:05:41,776 INFO L290 TraceCheckUtils]: 17: Hoare triple {22135#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22135#true} is VALID [2022-02-20 18:05:41,776 INFO L272 TraceCheckUtils]: 18: Hoare triple {22135#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:41,776 INFO L290 TraceCheckUtils]: 19: Hoare triple {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,776 INFO L290 TraceCheckUtils]: 20: Hoare triple {22135#true} assume !(1 == ~handle); {22135#true} is VALID [2022-02-20 18:05:41,776 INFO L290 TraceCheckUtils]: 21: Hoare triple {22135#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,777 INFO L290 TraceCheckUtils]: 22: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,777 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22135#true} {22135#true} #1024#return; {22135#true} is VALID [2022-02-20 18:05:41,777 INFO L290 TraceCheckUtils]: 24: Hoare triple {22135#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22135#true} is VALID [2022-02-20 18:05:41,777 INFO L272 TraceCheckUtils]: 25: Hoare triple {22135#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:41,777 INFO L290 TraceCheckUtils]: 26: Hoare triple {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,778 INFO L290 TraceCheckUtils]: 27: Hoare triple {22135#true} assume !(1 == ~handle); {22135#true} is VALID [2022-02-20 18:05:41,778 INFO L290 TraceCheckUtils]: 28: Hoare triple {22135#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,778 INFO L290 TraceCheckUtils]: 29: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,778 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22135#true} {22135#true} #1026#return; {22135#true} is VALID [2022-02-20 18:05:41,778 INFO L290 TraceCheckUtils]: 31: Hoare triple {22135#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22155#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:41,779 INFO L272 TraceCheckUtils]: 32: Hoare triple {22155#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:41,779 INFO L290 TraceCheckUtils]: 33: Hoare triple {22197#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22199#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,779 INFO L290 TraceCheckUtils]: 34: Hoare triple {22199#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22199#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,780 INFO L290 TraceCheckUtils]: 35: Hoare triple {22199#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22199#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,780 INFO L290 TraceCheckUtils]: 36: Hoare triple {22199#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22200#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,780 INFO L290 TraceCheckUtils]: 37: Hoare triple {22200#(= 3 |setClientId_#in~handle|)} assume true; {22200#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:41,781 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22200#(= 3 |setClientId_#in~handle|)} {22155#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1028#return; {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:05:41,781 INFO L290 TraceCheckUtils]: 39: Hoare triple {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:05:41,781 INFO L272 TraceCheckUtils]: 40: Hoare triple {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:41,782 INFO L290 TraceCheckUtils]: 41: Hoare triple {22198#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,782 INFO L290 TraceCheckUtils]: 42: Hoare triple {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,782 INFO L290 TraceCheckUtils]: 43: Hoare triple {22201#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22202#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,783 INFO L290 TraceCheckUtils]: 44: Hoare triple {22202#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {22202#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:41,783 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {22202#(= 2 |setClientPrivateKey_#in~handle|)} {22162#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1030#return; {22136#false} is VALID [2022-02-20 18:05:41,783 INFO L290 TraceCheckUtils]: 46: Hoare triple {22136#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {22136#false} is VALID [2022-02-20 18:05:41,783 INFO L290 TraceCheckUtils]: 47: Hoare triple {22136#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22136#false} is VALID [2022-02-20 18:05:41,783 INFO L290 TraceCheckUtils]: 48: Hoare triple {22136#false} assume !false; {22136#false} is VALID [2022-02-20 18:05:41,783 INFO L290 TraceCheckUtils]: 49: Hoare triple {22136#false} assume test_~splverifierCounter~0#1 < 4; {22136#false} is VALID [2022-02-20 18:05:41,784 INFO L290 TraceCheckUtils]: 50: Hoare triple {22136#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22136#false} is VALID [2022-02-20 18:05:41,784 INFO L290 TraceCheckUtils]: 51: Hoare triple {22136#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {22136#false} is VALID [2022-02-20 18:05:41,784 INFO L290 TraceCheckUtils]: 52: Hoare triple {22136#false} assume !(0 != test_~tmp___9~0#1); {22136#false} is VALID [2022-02-20 18:05:41,784 INFO L290 TraceCheckUtils]: 53: Hoare triple {22136#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {22136#false} is VALID [2022-02-20 18:05:41,785 INFO L290 TraceCheckUtils]: 54: Hoare triple {22136#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L290 TraceCheckUtils]: 55: Hoare triple {22136#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L290 TraceCheckUtils]: 56: Hoare triple {22136#false} assume { :end_inline_setClientAutoResponse } true; {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L290 TraceCheckUtils]: 57: Hoare triple {22136#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L290 TraceCheckUtils]: 58: Hoare triple {22136#false} assume !false; {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L290 TraceCheckUtils]: 59: Hoare triple {22136#false} assume !(test_~splverifierCounter~0#1 < 4); {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L290 TraceCheckUtils]: 60: Hoare triple {22136#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {22136#false} is VALID [2022-02-20 18:05:41,786 INFO L272 TraceCheckUtils]: 61: Hoare triple {22136#false} call sendEmail(~bob~0, ~rjh~0); {22136#false} is VALID [2022-02-20 18:05:41,787 INFO L290 TraceCheckUtils]: 62: Hoare triple {22136#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22136#false} is VALID [2022-02-20 18:05:41,787 INFO L272 TraceCheckUtils]: 63: Hoare triple {22136#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22203#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:41,787 INFO L290 TraceCheckUtils]: 64: Hoare triple {22203#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,787 INFO L290 TraceCheckUtils]: 65: Hoare triple {22135#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,787 INFO L290 TraceCheckUtils]: 66: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,787 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {22135#true} {22136#false} #1006#return; {22136#false} is VALID [2022-02-20 18:05:41,787 INFO L272 TraceCheckUtils]: 68: Hoare triple {22136#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22204#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:41,787 INFO L290 TraceCheckUtils]: 69: Hoare triple {22204#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,787 INFO L290 TraceCheckUtils]: 70: Hoare triple {22135#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,788 INFO L290 TraceCheckUtils]: 71: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,788 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {22135#true} {22136#false} #1008#return; {22136#false} is VALID [2022-02-20 18:05:41,788 INFO L290 TraceCheckUtils]: 73: Hoare triple {22136#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {22136#false} is VALID [2022-02-20 18:05:41,788 INFO L290 TraceCheckUtils]: 74: Hoare triple {22136#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {22136#false} is VALID [2022-02-20 18:05:41,788 INFO L272 TraceCheckUtils]: 75: Hoare triple {22136#false} call outgoing(~sender#1, ~email~0#1); {22136#false} is VALID [2022-02-20 18:05:41,788 INFO L290 TraceCheckUtils]: 76: Hoare triple {22136#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {22136#false} is VALID [2022-02-20 18:05:41,788 INFO L272 TraceCheckUtils]: 77: Hoare triple {22136#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {22135#true} is VALID [2022-02-20 18:05:41,788 INFO L290 TraceCheckUtils]: 78: Hoare triple {22135#true} ~handle := #in~handle;havoc ~retValue_acc~19; {22135#true} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 79: Hoare triple {22135#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {22135#true} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 80: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,789 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {22135#true} {22136#false} #960#return; {22136#false} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 82: Hoare triple {22136#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {22136#false} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 83: Hoare triple {22136#false} assume 0 == sign_~privkey~1#1; {22136#false} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 84: Hoare triple {22136#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {22136#false} is VALID [2022-02-20 18:05:41,789 INFO L272 TraceCheckUtils]: 85: Hoare triple {22136#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {22135#true} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 86: Hoare triple {22135#true} ~handle := #in~handle;havoc ~retValue_acc~33; {22135#true} is VALID [2022-02-20 18:05:41,789 INFO L290 TraceCheckUtils]: 87: Hoare triple {22135#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {22135#true} is VALID [2022-02-20 18:05:41,790 INFO L290 TraceCheckUtils]: 88: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,790 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {22135#true} {22136#false} #962#return; {22136#false} is VALID [2022-02-20 18:05:41,790 INFO L290 TraceCheckUtils]: 90: Hoare triple {22136#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {22136#false} is VALID [2022-02-20 18:05:41,790 INFO L272 TraceCheckUtils]: 91: Hoare triple {22136#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {22135#true} is VALID [2022-02-20 18:05:41,794 INFO L290 TraceCheckUtils]: 92: Hoare triple {22135#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {22135#true} is VALID [2022-02-20 18:05:41,794 INFO L290 TraceCheckUtils]: 93: Hoare triple {22135#true} assume 1 == ~handle; {22135#true} is VALID [2022-02-20 18:05:41,794 INFO L290 TraceCheckUtils]: 94: Hoare triple {22135#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {22135#true} is VALID [2022-02-20 18:05:41,795 INFO L290 TraceCheckUtils]: 95: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,795 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {22135#true} {22136#false} #964#return; {22136#false} is VALID [2022-02-20 18:05:41,795 INFO L290 TraceCheckUtils]: 97: Hoare triple {22136#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {22136#false} is VALID [2022-02-20 18:05:41,795 INFO L290 TraceCheckUtils]: 98: Hoare triple {22136#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {22136#false} is VALID [2022-02-20 18:05:41,795 INFO L290 TraceCheckUtils]: 99: Hoare triple {22136#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {22136#false} is VALID [2022-02-20 18:05:41,795 INFO L290 TraceCheckUtils]: 100: Hoare triple {22136#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {22136#false} is VALID [2022-02-20 18:05:41,795 INFO L290 TraceCheckUtils]: 101: Hoare triple {22136#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {22136#false} is VALID [2022-02-20 18:05:41,795 INFO L272 TraceCheckUtils]: 102: Hoare triple {22136#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {22203#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:41,796 INFO L290 TraceCheckUtils]: 103: Hoare triple {22203#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22135#true} is VALID [2022-02-20 18:05:41,796 INFO L290 TraceCheckUtils]: 104: Hoare triple {22135#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22135#true} is VALID [2022-02-20 18:05:41,796 INFO L290 TraceCheckUtils]: 105: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,796 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {22135#true} {22136#false} #970#return; {22136#false} is VALID [2022-02-20 18:05:41,796 INFO L290 TraceCheckUtils]: 107: Hoare triple {22136#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {22136#false} is VALID [2022-02-20 18:05:41,796 INFO L290 TraceCheckUtils]: 108: Hoare triple {22136#false} assume 0 != ~in_encrypted~0; {22136#false} is VALID [2022-02-20 18:05:41,796 INFO L272 TraceCheckUtils]: 109: Hoare triple {22136#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {22135#true} is VALID [2022-02-20 18:05:41,796 INFO L290 TraceCheckUtils]: 110: Hoare triple {22135#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22135#true} is VALID [2022-02-20 18:05:41,797 INFO L290 TraceCheckUtils]: 111: Hoare triple {22135#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {22135#true} is VALID [2022-02-20 18:05:41,797 INFO L290 TraceCheckUtils]: 112: Hoare triple {22135#true} assume true; {22135#true} is VALID [2022-02-20 18:05:41,797 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {22135#true} {22136#false} #972#return; {22136#false} is VALID [2022-02-20 18:05:41,797 INFO L290 TraceCheckUtils]: 114: Hoare triple {22136#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {22136#false} is VALID [2022-02-20 18:05:41,797 INFO L290 TraceCheckUtils]: 115: Hoare triple {22136#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {22136#false} is VALID [2022-02-20 18:05:41,797 INFO L290 TraceCheckUtils]: 116: Hoare triple {22136#false} assume !false; {22136#false} is VALID [2022-02-20 18:05:41,797 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:41,798 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:41,798 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1142496098] [2022-02-20 18:05:41,798 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1142496098] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:41,798 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:41,798 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:05:41,798 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2059668221] [2022-02-20 18:05:41,798 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:41,799 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 18:05:41,799 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:41,799 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:41,865 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:41,865 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:05:41,865 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:41,866 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:05:41,866 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:41,866 INFO L87 Difference]: Start difference. First operand 398 states and 599 transitions. Second operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:50,036 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:50,037 INFO L93 Difference]: Finished difference Result 887 states and 1342 transitions. [2022-02-20 18:05:50,037 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:05:50,037 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 18:05:50,037 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:50,037 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:50,045 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1155 transitions. [2022-02-20 18:05:50,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:50,053 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1155 transitions. [2022-02-20 18:05:50,053 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1155 transitions. [2022-02-20 18:05:50,986 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1155 edges. 1155 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:51,007 INFO L225 Difference]: With dead ends: 887 [2022-02-20 18:05:51,008 INFO L226 Difference]: Without dead ends: 516 [2022-02-20 18:05:51,009 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:05:51,011 INFO L933 BasicCegarLoop]: 545 mSDtfsCounter, 1340 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3356 mSolverCounterSat, 478 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1340 SdHoareTripleChecker+Valid, 1677 SdHoareTripleChecker+Invalid, 3834 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 478 IncrementalHoareTripleChecker+Valid, 3356 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:51,011 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1340 Valid, 1677 Invalid, 3834 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [478 Valid, 3356 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 18:05:51,012 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 516 states. [2022-02-20 18:05:51,093 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 516 to 400. [2022-02-20 18:05:51,093 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:51,094 INFO L82 GeneralOperation]: Start isEquivalent. First operand 516 states. Second operand has 400 states, 308 states have (on average 1.5129870129870129) internal successors, (466), 315 states have internal predecessors, (466), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:05:51,095 INFO L74 IsIncluded]: Start isIncluded. First operand 516 states. Second operand has 400 states, 308 states have (on average 1.5129870129870129) internal successors, (466), 315 states have internal predecessors, (466), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:05:51,095 INFO L87 Difference]: Start difference. First operand 516 states. Second operand has 400 states, 308 states have (on average 1.5129870129870129) internal successors, (466), 315 states have internal predecessors, (466), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:05:51,109 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:51,110 INFO L93 Difference]: Finished difference Result 516 states and 779 transitions. [2022-02-20 18:05:51,110 INFO L276 IsEmpty]: Start isEmpty. Operand 516 states and 779 transitions. [2022-02-20 18:05:51,112 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:51,112 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:51,113 INFO L74 IsIncluded]: Start isIncluded. First operand has 400 states, 308 states have (on average 1.5129870129870129) internal successors, (466), 315 states have internal predecessors, (466), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) Second operand 516 states. [2022-02-20 18:05:51,114 INFO L87 Difference]: Start difference. First operand has 400 states, 308 states have (on average 1.5129870129870129) internal successors, (466), 315 states have internal predecessors, (466), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) Second operand 516 states. [2022-02-20 18:05:51,127 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:51,127 INFO L93 Difference]: Finished difference Result 516 states and 779 transitions. [2022-02-20 18:05:51,127 INFO L276 IsEmpty]: Start isEmpty. Operand 516 states and 779 transitions. [2022-02-20 18:05:51,129 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:51,129 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:51,129 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:51,130 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:51,130 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 400 states, 308 states have (on average 1.5129870129870129) internal successors, (466), 315 states have internal predecessors, (466), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:05:51,140 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 400 states to 400 states and 605 transitions. [2022-02-20 18:05:51,140 INFO L78 Accepts]: Start accepts. Automaton has 400 states and 605 transitions. Word has length 117 [2022-02-20 18:05:51,141 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:51,141 INFO L470 AbstractCegarLoop]: Abstraction has 400 states and 605 transitions. [2022-02-20 18:05:51,141 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 18:05:51,141 INFO L276 IsEmpty]: Start isEmpty. Operand 400 states and 605 transitions. [2022-02-20 18:05:51,143 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 119 [2022-02-20 18:05:51,143 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:51,143 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:51,144 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:05:51,144 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:51,144 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:51,144 INFO L85 PathProgramCache]: Analyzing trace with hash -2130467694, now seen corresponding path program 1 times [2022-02-20 18:05:51,144 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:51,144 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [967754790] [2022-02-20 18:05:51,145 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:51,145 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:51,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:51,201 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,203 INFO L290 TraceCheckUtils]: 0: Hoare triple {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,203 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,204 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,204 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25086#true} #1020#return; {25086#true} is VALID [2022-02-20 18:05:51,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:51,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,213 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25086#true} #1022#return; {25086#true} is VALID [2022-02-20 18:05:51,213 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:51,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25152#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {25152#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25152#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {25152#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25153#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,230 INFO L290 TraceCheckUtils]: 3: Hoare triple {25153#(= 2 |setClientId_#in~handle|)} assume true; {25153#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,230 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25153#(= 2 |setClientId_#in~handle|)} {25096#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1024#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:51,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,236 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,237 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25086#true} {25102#(not (= ~rjh~0 1))} #1026#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:51,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,242 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,242 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,242 INFO L290 TraceCheckUtils]: 4: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,242 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25086#true} {25102#(not (= ~rjh~0 1))} #1028#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:51,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,246 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,247 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,247 INFO L290 TraceCheckUtils]: 4: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,247 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25086#true} {25102#(not (= ~rjh~0 1))} #1030#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:05:51,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {25154#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25087#false} #1006#return; {25087#false} is VALID [2022-02-20 18:05:51,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:05:51,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {25155#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,267 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,267 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,267 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25087#false} #1008#return; {25087#false} is VALID [2022-02-20 18:05:51,267 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:05:51,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25086#true} is VALID [2022-02-20 18:05:51,270 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25086#true} is VALID [2022-02-20 18:05:51,270 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,270 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25087#false} #960#return; {25087#false} is VALID [2022-02-20 18:05:51,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:05:51,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25086#true} is VALID [2022-02-20 18:05:51,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25086#true} is VALID [2022-02-20 18:05:51,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,272 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25087#false} #962#return; {25087#false} is VALID [2022-02-20 18:05:51,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:05:51,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25086#true} is VALID [2022-02-20 18:05:51,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle; {25086#true} is VALID [2022-02-20 18:05:51,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25086#true} is VALID [2022-02-20 18:05:51,276 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,276 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25086#true} {25087#false} #964#return; {25087#false} is VALID [2022-02-20 18:05:51,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:05:51,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,279 INFO L290 TraceCheckUtils]: 0: Hoare triple {25154#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,279 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25087#false} #970#return; {25087#false} is VALID [2022-02-20 18:05:51,279 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:05:51,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25086#true} is VALID [2022-02-20 18:05:51,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {25086#true} is VALID [2022-02-20 18:05:51,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25086#true} {25087#false} #972#return; {25087#false} is VALID [2022-02-20 18:05:51,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25086#true} is VALID [2022-02-20 18:05:51,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {25086#true} is VALID [2022-02-20 18:05:51,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25086#true} is VALID [2022-02-20 18:05:51,282 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {25086#true} is VALID [2022-02-20 18:05:51,282 INFO L290 TraceCheckUtils]: 4: Hoare triple {25086#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {25086#true} is VALID [2022-02-20 18:05:51,283 INFO L290 TraceCheckUtils]: 5: Hoare triple {25086#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25086#true} is VALID [2022-02-20 18:05:51,283 INFO L272 TraceCheckUtils]: 6: Hoare triple {25086#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:51,283 INFO L290 TraceCheckUtils]: 7: Hoare triple {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,283 INFO L290 TraceCheckUtils]: 8: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,283 INFO L290 TraceCheckUtils]: 9: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,284 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25086#true} {25086#true} #1020#return; {25086#true} is VALID [2022-02-20 18:05:51,284 INFO L290 TraceCheckUtils]: 11: Hoare triple {25086#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:51,284 INFO L272 TraceCheckUtils]: 12: Hoare triple {25086#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:51,284 INFO L290 TraceCheckUtils]: 13: Hoare triple {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,284 INFO L290 TraceCheckUtils]: 14: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,285 INFO L290 TraceCheckUtils]: 15: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,285 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25086#true} {25086#true} #1022#return; {25086#true} is VALID [2022-02-20 18:05:51,285 INFO L290 TraceCheckUtils]: 17: Hoare triple {25086#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25096#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:51,286 INFO L272 TraceCheckUtils]: 18: Hoare triple {25096#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:51,286 INFO L290 TraceCheckUtils]: 19: Hoare triple {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25152#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,286 INFO L290 TraceCheckUtils]: 20: Hoare triple {25152#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25152#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,287 INFO L290 TraceCheckUtils]: 21: Hoare triple {25152#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25153#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,287 INFO L290 TraceCheckUtils]: 22: Hoare triple {25153#(= 2 |setClientId_#in~handle|)} assume true; {25153#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:51,287 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25153#(= 2 |setClientId_#in~handle|)} {25096#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1024#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,288 INFO L290 TraceCheckUtils]: 24: Hoare triple {25102#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,288 INFO L272 TraceCheckUtils]: 25: Hoare triple {25102#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:51,288 INFO L290 TraceCheckUtils]: 26: Hoare triple {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,288 INFO L290 TraceCheckUtils]: 27: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,289 INFO L290 TraceCheckUtils]: 28: Hoare triple {25086#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,289 INFO L290 TraceCheckUtils]: 29: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,289 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25086#true} {25102#(not (= ~rjh~0 1))} #1026#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,289 INFO L290 TraceCheckUtils]: 31: Hoare triple {25102#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,290 INFO L272 TraceCheckUtils]: 32: Hoare triple {25102#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:51,290 INFO L290 TraceCheckUtils]: 33: Hoare triple {25150#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,290 INFO L290 TraceCheckUtils]: 34: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,290 INFO L290 TraceCheckUtils]: 35: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,290 INFO L290 TraceCheckUtils]: 36: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,290 INFO L290 TraceCheckUtils]: 37: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,291 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25086#true} {25102#(not (= ~rjh~0 1))} #1028#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,291 INFO L290 TraceCheckUtils]: 39: Hoare triple {25102#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,292 INFO L272 TraceCheckUtils]: 40: Hoare triple {25102#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:51,292 INFO L290 TraceCheckUtils]: 41: Hoare triple {25151#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,292 INFO L290 TraceCheckUtils]: 42: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,292 INFO L290 TraceCheckUtils]: 43: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,292 INFO L290 TraceCheckUtils]: 44: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,292 INFO L290 TraceCheckUtils]: 45: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,293 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {25086#true} {25102#(not (= ~rjh~0 1))} #1030#return; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,293 INFO L290 TraceCheckUtils]: 47: Hoare triple {25102#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,293 INFO L290 TraceCheckUtils]: 48: Hoare triple {25102#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,293 INFO L290 TraceCheckUtils]: 49: Hoare triple {25102#(not (= ~rjh~0 1))} assume !false; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,294 INFO L290 TraceCheckUtils]: 50: Hoare triple {25102#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,294 INFO L290 TraceCheckUtils]: 51: Hoare triple {25102#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,294 INFO L290 TraceCheckUtils]: 52: Hoare triple {25102#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,295 INFO L290 TraceCheckUtils]: 53: Hoare triple {25102#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,295 INFO L290 TraceCheckUtils]: 54: Hoare triple {25102#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {25102#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:05:51,295 INFO L290 TraceCheckUtils]: 55: Hoare triple {25102#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25120#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 56: Hoare triple {25120#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 57: Hoare triple {25087#false} assume { :end_inline_setClientAutoResponse } true; {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 58: Hoare triple {25087#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 59: Hoare triple {25087#false} assume !false; {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 60: Hoare triple {25087#false} assume !(test_~splverifierCounter~0#1 < 4); {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 61: Hoare triple {25087#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L272 TraceCheckUtils]: 62: Hoare triple {25087#false} call sendEmail(~bob~0, ~rjh~0); {25087#false} is VALID [2022-02-20 18:05:51,296 INFO L290 TraceCheckUtils]: 63: Hoare triple {25087#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25087#false} is VALID [2022-02-20 18:05:51,297 INFO L272 TraceCheckUtils]: 64: Hoare triple {25087#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25154#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:51,297 INFO L290 TraceCheckUtils]: 65: Hoare triple {25154#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,297 INFO L290 TraceCheckUtils]: 66: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,297 INFO L290 TraceCheckUtils]: 67: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,297 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {25086#true} {25087#false} #1006#return; {25087#false} is VALID [2022-02-20 18:05:51,297 INFO L272 TraceCheckUtils]: 69: Hoare triple {25087#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25155#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:51,297 INFO L290 TraceCheckUtils]: 70: Hoare triple {25155#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,297 INFO L290 TraceCheckUtils]: 71: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,298 INFO L290 TraceCheckUtils]: 72: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,298 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {25086#true} {25087#false} #1008#return; {25087#false} is VALID [2022-02-20 18:05:51,298 INFO L290 TraceCheckUtils]: 74: Hoare triple {25087#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {25087#false} is VALID [2022-02-20 18:05:51,298 INFO L290 TraceCheckUtils]: 75: Hoare triple {25087#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {25087#false} is VALID [2022-02-20 18:05:51,298 INFO L272 TraceCheckUtils]: 76: Hoare triple {25087#false} call outgoing(~sender#1, ~email~0#1); {25087#false} is VALID [2022-02-20 18:05:51,298 INFO L290 TraceCheckUtils]: 77: Hoare triple {25087#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {25087#false} is VALID [2022-02-20 18:05:51,298 INFO L272 TraceCheckUtils]: 78: Hoare triple {25087#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {25086#true} is VALID [2022-02-20 18:05:51,298 INFO L290 TraceCheckUtils]: 79: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25086#true} is VALID [2022-02-20 18:05:51,298 INFO L290 TraceCheckUtils]: 80: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25086#true} is VALID [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 81: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,299 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {25086#true} {25087#false} #960#return; {25087#false} is VALID [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 83: Hoare triple {25087#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {25087#false} is VALID [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 84: Hoare triple {25087#false} assume 0 == sign_~privkey~1#1; {25087#false} is VALID [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 85: Hoare triple {25087#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {25087#false} is VALID [2022-02-20 18:05:51,299 INFO L272 TraceCheckUtils]: 86: Hoare triple {25087#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {25086#true} is VALID [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 87: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25086#true} is VALID [2022-02-20 18:05:51,299 INFO L290 TraceCheckUtils]: 88: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 89: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {25086#true} {25087#false} #962#return; {25087#false} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 91: Hoare triple {25087#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {25087#false} is VALID [2022-02-20 18:05:51,300 INFO L272 TraceCheckUtils]: 92: Hoare triple {25087#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 93: Hoare triple {25086#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 94: Hoare triple {25086#true} assume 1 == ~handle; {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 95: Hoare triple {25086#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L290 TraceCheckUtils]: 96: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,300 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {25086#true} {25087#false} #964#return; {25087#false} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 98: Hoare triple {25087#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {25087#false} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 99: Hoare triple {25087#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {25087#false} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 100: Hoare triple {25087#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {25087#false} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 101: Hoare triple {25087#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {25087#false} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 102: Hoare triple {25087#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {25087#false} is VALID [2022-02-20 18:05:51,301 INFO L272 TraceCheckUtils]: 103: Hoare triple {25087#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {25154#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 104: Hoare triple {25154#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,301 INFO L290 TraceCheckUtils]: 105: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,302 INFO L290 TraceCheckUtils]: 106: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,302 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {25086#true} {25087#false} #970#return; {25087#false} is VALID [2022-02-20 18:05:51,302 INFO L290 TraceCheckUtils]: 108: Hoare triple {25087#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {25087#false} is VALID [2022-02-20 18:05:51,302 INFO L290 TraceCheckUtils]: 109: Hoare triple {25087#false} assume 0 != ~in_encrypted~0; {25087#false} is VALID [2022-02-20 18:05:51,302 INFO L272 TraceCheckUtils]: 110: Hoare triple {25087#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {25086#true} is VALID [2022-02-20 18:05:51,302 INFO L290 TraceCheckUtils]: 111: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25086#true} is VALID [2022-02-20 18:05:51,302 INFO L290 TraceCheckUtils]: 112: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {25086#true} is VALID [2022-02-20 18:05:51,302 INFO L290 TraceCheckUtils]: 113: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,302 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {25086#true} {25087#false} #972#return; {25087#false} is VALID [2022-02-20 18:05:51,303 INFO L290 TraceCheckUtils]: 115: Hoare triple {25087#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {25087#false} is VALID [2022-02-20 18:05:51,303 INFO L290 TraceCheckUtils]: 116: Hoare triple {25087#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {25087#false} is VALID [2022-02-20 18:05:51,303 INFO L290 TraceCheckUtils]: 117: Hoare triple {25087#false} assume !false; {25087#false} is VALID [2022-02-20 18:05:51,304 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 18:05:51,304 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:51,304 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [967754790] [2022-02-20 18:05:51,304 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [967754790] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:51,304 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1433847119] [2022-02-20 18:05:51,305 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:51,305 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:51,305 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:51,306 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:51,307 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:05:51,508 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,512 INFO L263 TraceCheckSpWp]: Trace formula consists of 1103 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:05:51,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:51,555 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:51,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25086#true} is VALID [2022-02-20 18:05:51,823 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {25086#true} is VALID [2022-02-20 18:05:51,823 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25086#true} is VALID [2022-02-20 18:05:51,823 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 4: Hoare triple {25086#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 5: Hoare triple {25086#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L272 TraceCheckUtils]: 6: Hoare triple {25086#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 7: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 8: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 9: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25086#true} {25086#true} #1020#return; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 11: Hoare triple {25086#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L272 TraceCheckUtils]: 12: Hoare triple {25086#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 13: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 14: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 15: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25086#true} {25086#true} #1022#return; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 17: Hoare triple {25086#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L272 TraceCheckUtils]: 18: Hoare triple {25086#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25086#true} is VALID [2022-02-20 18:05:51,824 INFO L290 TraceCheckUtils]: 19: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 20: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 21: Hoare triple {25086#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 22: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25086#true} {25086#true} #1024#return; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 24: Hoare triple {25086#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L272 TraceCheckUtils]: 25: Hoare triple {25086#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 26: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 27: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 28: Hoare triple {25086#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 29: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25086#true} {25086#true} #1026#return; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 31: Hoare triple {25086#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L272 TraceCheckUtils]: 32: Hoare triple {25086#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 33: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,825 INFO L290 TraceCheckUtils]: 34: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 35: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 36: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 37: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25086#true} {25086#true} #1028#return; {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 39: Hoare triple {25086#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L272 TraceCheckUtils]: 40: Hoare triple {25086#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 41: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 42: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 43: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 44: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:51,839 INFO L290 TraceCheckUtils]: 45: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:51,840 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {25086#true} {25086#true} #1030#return; {25086#true} is VALID [2022-02-20 18:05:51,840 INFO L290 TraceCheckUtils]: 47: Hoare triple {25086#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {25086#true} is VALID [2022-02-20 18:05:51,840 INFO L290 TraceCheckUtils]: 48: Hoare triple {25086#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25303#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:51,840 INFO L290 TraceCheckUtils]: 49: Hoare triple {25303#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {25303#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:51,841 INFO L290 TraceCheckUtils]: 50: Hoare triple {25303#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25303#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:51,841 INFO L290 TraceCheckUtils]: 51: Hoare triple {25303#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,841 INFO L290 TraceCheckUtils]: 52: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,842 INFO L290 TraceCheckUtils]: 53: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,842 INFO L290 TraceCheckUtils]: 54: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,843 INFO L290 TraceCheckUtils]: 55: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,843 INFO L290 TraceCheckUtils]: 56: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,844 INFO L290 TraceCheckUtils]: 57: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,844 INFO L290 TraceCheckUtils]: 58: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,844 INFO L290 TraceCheckUtils]: 59: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 60: Hoare triple {25313#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 61: Hoare triple {25087#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L272 TraceCheckUtils]: 62: Hoare triple {25087#false} call sendEmail(~bob~0, ~rjh~0); {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 63: Hoare triple {25087#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L272 TraceCheckUtils]: 64: Hoare triple {25087#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 65: Hoare triple {25087#false} ~handle := #in~handle;~value := #in~value; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 66: Hoare triple {25087#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 67: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {25087#false} {25087#false} #1006#return; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L272 TraceCheckUtils]: 69: Hoare triple {25087#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 70: Hoare triple {25087#false} ~handle := #in~handle;~value := #in~value; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 71: Hoare triple {25087#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 72: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {25087#false} {25087#false} #1008#return; {25087#false} is VALID [2022-02-20 18:05:51,845 INFO L290 TraceCheckUtils]: 74: Hoare triple {25087#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L290 TraceCheckUtils]: 75: Hoare triple {25087#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L272 TraceCheckUtils]: 76: Hoare triple {25087#false} call outgoing(~sender#1, ~email~0#1); {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L290 TraceCheckUtils]: 77: Hoare triple {25087#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L272 TraceCheckUtils]: 78: Hoare triple {25087#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L290 TraceCheckUtils]: 79: Hoare triple {25087#false} ~handle := #in~handle;havoc ~retValue_acc~19; {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L290 TraceCheckUtils]: 80: Hoare triple {25087#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25087#false} is VALID [2022-02-20 18:05:51,846 INFO L290 TraceCheckUtils]: 81: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {25087#false} {25087#false} #960#return; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 83: Hoare triple {25087#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 84: Hoare triple {25087#false} assume 0 == sign_~privkey~1#1; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 85: Hoare triple {25087#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L272 TraceCheckUtils]: 86: Hoare triple {25087#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 87: Hoare triple {25087#false} ~handle := #in~handle;havoc ~retValue_acc~33; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 88: Hoare triple {25087#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 89: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {25087#false} {25087#false} #962#return; {25087#false} is VALID [2022-02-20 18:05:51,847 INFO L290 TraceCheckUtils]: 91: Hoare triple {25087#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L272 TraceCheckUtils]: 92: Hoare triple {25087#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 93: Hoare triple {25087#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 94: Hoare triple {25087#false} assume 1 == ~handle; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 95: Hoare triple {25087#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 96: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {25087#false} {25087#false} #964#return; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 98: Hoare triple {25087#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 99: Hoare triple {25087#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 100: Hoare triple {25087#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 101: Hoare triple {25087#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 102: Hoare triple {25087#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L272 TraceCheckUtils]: 103: Hoare triple {25087#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 104: Hoare triple {25087#false} ~handle := #in~handle;~value := #in~value; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 105: Hoare triple {25087#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 106: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {25087#false} {25087#false} #970#return; {25087#false} is VALID [2022-02-20 18:05:51,848 INFO L290 TraceCheckUtils]: 108: Hoare triple {25087#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 109: Hoare triple {25087#false} assume 0 != ~in_encrypted~0; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L272 TraceCheckUtils]: 110: Hoare triple {25087#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 111: Hoare triple {25087#false} ~handle := #in~handle;havoc ~retValue_acc~36; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 112: Hoare triple {25087#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 113: Hoare triple {25087#false} assume true; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {25087#false} {25087#false} #972#return; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 115: Hoare triple {25087#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 116: Hoare triple {25087#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L290 TraceCheckUtils]: 117: Hoare triple {25087#false} assume !false; {25087#false} is VALID [2022-02-20 18:05:51,849 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:51,849 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:05:52,155 INFO L290 TraceCheckUtils]: 117: Hoare triple {25087#false} assume !false; {25087#false} is VALID [2022-02-20 18:05:52,155 INFO L290 TraceCheckUtils]: 116: Hoare triple {25087#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~20#1);assume { :begin_inline___automaton_fail } true; {25087#false} is VALID [2022-02-20 18:05:52,155 INFO L290 TraceCheckUtils]: 115: Hoare triple {25087#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret75#1 && __utac_acc__EncryptForward_spec__2_#t~ret75#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~20#1 := __utac_acc__EncryptForward_spec__2_#t~ret75#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret75#1; {25087#false} is VALID [2022-02-20 18:05:52,155 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {25086#true} {25087#false} #972#return; {25087#false} is VALID [2022-02-20 18:05:52,155 INFO L290 TraceCheckUtils]: 113: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 112: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 111: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L272 TraceCheckUtils]: 110: Hoare triple {25087#false} call __utac_acc__EncryptForward_spec__2_#t~ret75#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 109: Hoare triple {25087#false} assume 0 != ~in_encrypted~0; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 108: Hoare triple {25087#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret24#1, mail_#t~ret25#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1, __utac_acc__EncryptForward_spec__2_#t~nondet74#1, __utac_acc__EncryptForward_spec__2_#t~ret75#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~20#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~20#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret73#1 := puts(27, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret73#1 && __utac_acc__EncryptForward_spec__2_#t~ret73#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret73#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 28, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet74#1; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {25086#true} {25087#false} #970#return; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 106: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 105: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 104: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L272 TraceCheckUtils]: 103: Hoare triple {25087#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {25086#true} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 102: Hoare triple {25087#false} outgoing__wrappee__Keys_#t~ret26#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret26#1 && outgoing__wrappee__Keys_#t~ret26#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret26#1;havoc outgoing__wrappee__Keys_#t~ret26#1; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 101: Hoare triple {25087#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 100: Hoare triple {25087#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret26#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 99: Hoare triple {25087#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 98: Hoare triple {25087#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret28#1 && outgoing__wrappee__AutoResponder_#t~ret28#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~2#1 := outgoing__wrappee__AutoResponder_#t~ret28#1;havoc outgoing__wrappee__AutoResponder_#t~ret28#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~2#1; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {25086#true} {25087#false} #964#return; {25087#false} is VALID [2022-02-20 18:05:52,156 INFO L290 TraceCheckUtils]: 96: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 95: Hoare triple {25086#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 94: Hoare triple {25086#true} assume 1 == ~handle; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 93: Hoare triple {25086#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L272 TraceCheckUtils]: 92: Hoare triple {25087#false} call outgoing__wrappee__AutoResponder_#t~ret28#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 91: Hoare triple {25087#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret27#1 && outgoing__wrappee__AutoResponder_#t~ret27#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~5#1 := outgoing__wrappee__AutoResponder_#t~ret27#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~5#1; {25087#false} is VALID [2022-02-20 18:05:52,157 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {25086#true} {25087#false} #962#return; {25087#false} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 89: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 88: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 87: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L272 TraceCheckUtils]: 86: Hoare triple {25087#false} call outgoing__wrappee__AutoResponder_#t~ret27#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 85: Hoare triple {25087#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret27#1, outgoing__wrappee__AutoResponder_#t~ret28#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~5#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~2#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~5#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~2#1; {25087#false} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 84: Hoare triple {25087#false} assume 0 == sign_~privkey~1#1; {25087#false} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 83: Hoare triple {25087#false} assume -2147483648 <= sign_#t~ret40#1 && sign_#t~ret40#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret40#1;havoc sign_#t~ret40#1;sign_~privkey~1#1 := sign_~tmp~11#1; {25087#false} is VALID [2022-02-20 18:05:52,157 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {25086#true} {25087#false} #960#return; {25087#false} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 81: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 80: Hoare triple {25086#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25086#true} is VALID [2022-02-20 18:05:52,157 INFO L290 TraceCheckUtils]: 79: Hoare triple {25086#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L272 TraceCheckUtils]: 78: Hoare triple {25087#false} call sign_#t~ret40#1 := getClientPrivateKey(sign_~client#1); {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 77: Hoare triple {25087#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret40#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L272 TraceCheckUtils]: 76: Hoare triple {25087#false} call outgoing(~sender#1, ~email~0#1); {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 75: Hoare triple {25087#false} #t~ret36#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret36#1 && #t~ret36#1 <= 2147483647;~tmp~9#1 := #t~ret36#1;havoc #t~ret36#1;~email~0#1 := ~tmp~9#1; {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 74: Hoare triple {25087#false} createEmail_~retValue_acc~9#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~9#1; {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {25086#true} {25087#false} #1008#return; {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 72: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 71: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 70: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L272 TraceCheckUtils]: 69: Hoare triple {25087#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {25086#true} {25087#false} #1006#return; {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 67: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 66: Hoare triple {25086#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 65: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L272 TraceCheckUtils]: 64: Hoare triple {25087#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25086#true} is VALID [2022-02-20 18:05:52,158 INFO L290 TraceCheckUtils]: 63: Hoare triple {25087#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~9#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~9#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25087#false} is VALID [2022-02-20 18:05:52,158 INFO L272 TraceCheckUtils]: 62: Hoare triple {25087#false} call sendEmail(~bob~0, ~rjh~0); {25087#false} is VALID [2022-02-20 18:05:52,159 INFO L290 TraceCheckUtils]: 61: Hoare triple {25087#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {25087#false} is VALID [2022-02-20 18:05:52,159 INFO L290 TraceCheckUtils]: 60: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {25087#false} is VALID [2022-02-20 18:05:52,159 INFO L290 TraceCheckUtils]: 59: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,159 INFO L290 TraceCheckUtils]: 58: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,181 INFO L290 TraceCheckUtils]: 57: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,181 INFO L290 TraceCheckUtils]: 56: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,181 INFO L290 TraceCheckUtils]: 55: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,182 INFO L290 TraceCheckUtils]: 54: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet101#1 && test_#t~nondet101#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet101#1;havoc test_#t~nondet101#1; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,182 INFO L290 TraceCheckUtils]: 53: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,182 INFO L290 TraceCheckUtils]: 52: Hoare triple {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet100#1 && test_#t~nondet100#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet100#1;havoc test_#t~nondet100#1; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,183 INFO L290 TraceCheckUtils]: 51: Hoare triple {25711#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25683#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:05:52,183 INFO L290 TraceCheckUtils]: 50: Hoare triple {25711#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {25711#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:05:52,183 INFO L290 TraceCheckUtils]: 49: Hoare triple {25711#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {25711#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 48: Hoare triple {25086#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_#t~nondet107#1, test_#t~nondet108#1, test_#t~nondet109#1, test_#t~nondet110#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25711#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 47: Hoare triple {25086#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {25086#true} {25086#true} #1030#return; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 45: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 44: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 43: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 42: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 41: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L272 TraceCheckUtils]: 40: Hoare triple {25086#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 39: Hoare triple {25086#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25086#true} {25086#true} #1028#return; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 37: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 36: Hoare triple {25086#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 35: Hoare triple {25086#true} assume !(2 == ~handle); {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 34: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L290 TraceCheckUtils]: 33: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,184 INFO L272 TraceCheckUtils]: 32: Hoare triple {25086#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 31: Hoare triple {25086#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25086#true} {25086#true} #1026#return; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 29: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 28: Hoare triple {25086#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 27: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 26: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L272 TraceCheckUtils]: 25: Hoare triple {25086#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 24: Hoare triple {25086#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25086#true} {25086#true} #1024#return; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 22: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 21: Hoare triple {25086#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 20: Hoare triple {25086#true} assume !(1 == ~handle); {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 19: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L272 TraceCheckUtils]: 18: Hoare triple {25086#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 17: Hoare triple {25086#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25086#true} {25086#true} #1022#return; {25086#true} is VALID [2022-02-20 18:05:52,185 INFO L290 TraceCheckUtils]: 15: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 14: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 13: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L272 TraceCheckUtils]: 12: Hoare triple {25086#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 11: Hoare triple {25086#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25086#true} {25086#true} #1020#return; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 9: Hoare triple {25086#true} assume true; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 8: Hoare triple {25086#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 7: Hoare triple {25086#true} ~handle := #in~handle;~value := #in~value; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L272 TraceCheckUtils]: 6: Hoare triple {25086#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 5: Hoare triple {25086#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 4: Hoare triple {25086#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 3: Hoare triple {25086#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 2: Hoare triple {25086#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 1: Hoare triple {25086#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {25086#true} is VALID [2022-02-20 18:05:52,186 INFO L290 TraceCheckUtils]: 0: Hoare triple {25086#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(22, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(12, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(18, 19);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(13, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(17, 25);call #Ultimate.allocInit(17, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(17, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25086#true} is VALID [2022-02-20 18:05:52,187 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:05:52,187 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1433847119] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:05:52,187 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:05:52,187 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 18:05:52,187 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [308044957] [2022-02-20 18:05:52,187 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:05:52,188 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 118 [2022-02-20 18:05:52,229 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:52,230 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:05:52,328 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 190 edges. 190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:52,328 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:05:52,328 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:52,328 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:05:52,329 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:05:52,329 INFO L87 Difference]: Start difference. First operand 400 states and 605 transitions. Second operand has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24)