./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec9_product35.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec9_product35.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 979399ca852926e8ca1f854d8ed303a24eaf5d25d69a2db1d99b3449cc418039 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:05:16,030 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:05:16,033 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:05:16,082 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:05:16,083 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:05:16,087 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:05:16,089 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:05:16,093 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:05:16,094 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:05:16,101 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:05:16,102 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:05:16,103 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:05:16,104 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:05:16,106 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:05:16,108 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:05:16,111 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:05:16,112 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:05:16,113 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:05:16,120 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:05:16,123 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:05:16,125 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:05:16,126 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:05:16,128 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:05:16,128 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:05:16,132 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:05:16,132 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:05:16,132 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:05:16,134 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:05:16,134 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:05:16,135 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:05:16,135 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:05:16,136 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:05:16,137 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:05:16,137 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:05:16,138 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:05:16,138 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:05:16,139 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:05:16,139 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:05:16,139 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:05:16,140 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:05:16,140 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:05:16,141 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:05:16,168 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:05:16,168 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:05:16,169 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:05:16,169 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:05:16,170 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:05:16,170 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:05:16,171 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:05:16,171 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:05:16,171 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:05:16,171 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:05:16,172 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:05:16,172 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:05:16,172 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:05:16,172 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:05:16,172 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:05:16,173 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:05:16,173 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:05:16,173 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:05:16,173 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:05:16,173 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:05:16,173 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:05:16,173 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:05:16,174 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:05:16,174 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:05:16,174 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:16,174 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:05:16,174 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:05:16,176 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:05:16,176 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:05:16,176 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:05:16,176 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:05:16,176 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:05:16,176 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:05:16,177 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 979399ca852926e8ca1f854d8ed303a24eaf5d25d69a2db1d99b3449cc418039 [2022-02-20 18:05:16,419 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:05:16,439 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:05:16,441 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:05:16,442 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:05:16,443 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:05:16,444 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec9_product35.cil.c [2022-02-20 18:05:16,499 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/918e8404a/2a68af1691ed4aac99840e4a2481895f/FLAGb66274fac [2022-02-20 18:05:17,145 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:05:17,146 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product35.cil.c [2022-02-20 18:05:17,181 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/918e8404a/2a68af1691ed4aac99840e4a2481895f/FLAGb66274fac [2022-02-20 18:05:17,491 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/918e8404a/2a68af1691ed4aac99840e4a2481895f [2022-02-20 18:05:17,494 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:05:17,495 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:05:17,496 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:17,497 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:05:17,499 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:05:17,500 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:17" (1/1) ... [2022-02-20 18:05:17,501 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@636131c7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:17, skipping insertion in model container [2022-02-20 18:05:17,501 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:17" (1/1) ... [2022-02-20 18:05:17,506 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:05:17,541 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:05:17,978 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product35.cil.c[46615,46628] [2022-02-20 18:05:18,045 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:18,057 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:05:18,140 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_product35.cil.c[46615,46628] [2022-02-20 18:05:18,158 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:18,181 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:05:18,182 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18 WrapperNode [2022-02-20 18:05:18,182 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:18,183 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:18,183 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:05:18,183 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:05:18,188 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,216 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,319 INFO L137 Inliner]: procedures = 138, calls = 252, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1162 [2022-02-20 18:05:18,319 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:18,320 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:05:18,320 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:05:18,320 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:05:18,326 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,326 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,334 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,334 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,351 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,359 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,363 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,369 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:05:18,370 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:05:18,370 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:05:18,370 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:05:18,371 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (1/1) ... [2022-02-20 18:05:18,381 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:18,408 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:18,422 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:05:18,431 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:05:18,463 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:05:18,464 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:05:18,464 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:05:18,464 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:05:18,464 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:05:18,464 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:05:18,464 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:05:18,464 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:05:18,465 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:05:18,465 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:05:18,466 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:05:18,466 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:05:18,467 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:05:18,467 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:05:18,468 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:05:18,468 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:05:18,468 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:05:18,468 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:05:18,468 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:05:18,468 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:05:18,468 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:05:18,468 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:05:18,468 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:05:18,681 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:05:18,682 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:05:19,409 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:05:19,419 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:05:19,419 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:05:19,421 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:19 BoogieIcfgContainer [2022-02-20 18:05:19,421 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:05:19,422 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:05:19,422 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:05:19,427 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:05:19,428 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:05:17" (1/3) ... [2022-02-20 18:05:19,428 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6653d9af and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:19, skipping insertion in model container [2022-02-20 18:05:19,428 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:18" (2/3) ... [2022-02-20 18:05:19,429 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6653d9af and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:19, skipping insertion in model container [2022-02-20 18:05:19,429 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:19" (3/3) ... [2022-02-20 18:05:19,430 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec9_product35.cil.c [2022-02-20 18:05:19,433 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:05:19,433 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:05:19,463 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:05:19,467 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:05:19,468 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:05:19,489 INFO L276 IsEmpty]: Start isEmpty. Operand has 467 states, 361 states have (on average 1.5346260387811634) internal successors, (554), 366 states have internal predecessors, (554), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:05:19,500 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 18:05:19,500 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:19,501 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:19,501 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:19,504 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:19,504 INFO L85 PathProgramCache]: Analyzing trace with hash 1305642597, now seen corresponding path program 1 times [2022-02-20 18:05:19,510 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:19,511 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1878783520] [2022-02-20 18:05:19,511 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:19,511 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:19,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:19,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,867 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,867 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,868 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {470#true} #1397#return; {470#true} is VALID [2022-02-20 18:05:19,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:19,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,884 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {470#true} #1399#return; {470#true} is VALID [2022-02-20 18:05:19,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:19,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {532#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:19,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {532#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {533#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:19,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {533#(= |setClientId_#in~handle| 1)} assume true; {533#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:19,919 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {533#(= |setClientId_#in~handle| 1)} {480#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {471#false} is VALID [2022-02-20 18:05:19,920 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:19,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,933 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,934 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1403#return; {471#false} is VALID [2022-02-20 18:05:19,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:19,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,940 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,941 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1405#return; {471#false} is VALID [2022-02-20 18:05:19,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:19,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,947 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1407#return; {471#false} is VALID [2022-02-20 18:05:19,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:05:19,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {534#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,958 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,958 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1319#return; {471#false} is VALID [2022-02-20 18:05:19,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:05:19,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {535#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,969 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1321#return; {471#false} is VALID [2022-02-20 18:05:19,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:19,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~10; {470#true} is VALID [2022-02-20 18:05:19,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {470#true} is VALID [2022-02-20 18:05:19,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1299#return; {471#false} is VALID [2022-02-20 18:05:19,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:05:19,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,976 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~4; {470#true} is VALID [2022-02-20 18:05:19,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {470#true} is VALID [2022-02-20 18:05:19,977 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,977 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1301#return; {471#false} is VALID [2022-02-20 18:05:19,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:05:19,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,980 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~36; {470#true} is VALID [2022-02-20 18:05:19,980 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {470#true} is VALID [2022-02-20 18:05:19,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,981 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1333#return; {471#false} is VALID [2022-02-20 18:05:19,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:05:19,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,984 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {470#true} is VALID [2022-02-20 18:05:19,984 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle; {470#true} is VALID [2022-02-20 18:05:19,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {470#true} is VALID [2022-02-20 18:05:19,985 INFO L290 TraceCheckUtils]: 3: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,985 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {470#true} {471#false} #1335#return; {471#false} is VALID [2022-02-20 18:05:19,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:05:19,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {534#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,989 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1341#return; {471#false} is VALID [2022-02-20 18:05:19,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:05:19,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:19,992 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~39; {470#true} is VALID [2022-02-20 18:05:19,992 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {470#true} is VALID [2022-02-20 18:05:19,992 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,993 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {470#true} {471#false} #1343#return; {471#false} is VALID [2022-02-20 18:05:19,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {470#true} is VALID [2022-02-20 18:05:19,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {470#true} is VALID [2022-02-20 18:05:19,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {470#true} is VALID [2022-02-20 18:05:19,994 INFO L290 TraceCheckUtils]: 3: Hoare triple {470#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {470#true} is VALID [2022-02-20 18:05:19,994 INFO L290 TraceCheckUtils]: 4: Hoare triple {470#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {470#true} is VALID [2022-02-20 18:05:19,994 INFO L290 TraceCheckUtils]: 5: Hoare triple {470#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {470#true} is VALID [2022-02-20 18:05:19,995 INFO L272 TraceCheckUtils]: 6: Hoare triple {470#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:19,996 INFO L290 TraceCheckUtils]: 7: Hoare triple {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,996 INFO L290 TraceCheckUtils]: 8: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,996 INFO L290 TraceCheckUtils]: 9: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,996 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {470#true} {470#true} #1397#return; {470#true} is VALID [2022-02-20 18:05:19,996 INFO L290 TraceCheckUtils]: 11: Hoare triple {470#true} assume { :end_inline_setup_bob__wrappee__Base } true; {470#true} is VALID [2022-02-20 18:05:19,997 INFO L272 TraceCheckUtils]: 12: Hoare triple {470#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:19,997 INFO L290 TraceCheckUtils]: 13: Hoare triple {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:19,997 INFO L290 TraceCheckUtils]: 14: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:19,998 INFO L290 TraceCheckUtils]: 15: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:19,998 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {470#true} {470#true} #1399#return; {470#true} is VALID [2022-02-20 18:05:19,998 INFO L290 TraceCheckUtils]: 17: Hoare triple {470#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {480#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:20,014 INFO L272 TraceCheckUtils]: 18: Hoare triple {480#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:20,015 INFO L290 TraceCheckUtils]: 19: Hoare triple {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {532#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:20,015 INFO L290 TraceCheckUtils]: 20: Hoare triple {532#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {533#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:20,016 INFO L290 TraceCheckUtils]: 21: Hoare triple {533#(= |setClientId_#in~handle| 1)} assume true; {533#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:20,016 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {533#(= |setClientId_#in~handle| 1)} {480#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {471#false} is VALID [2022-02-20 18:05:20,016 INFO L290 TraceCheckUtils]: 23: Hoare triple {471#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {471#false} is VALID [2022-02-20 18:05:20,017 INFO L272 TraceCheckUtils]: 24: Hoare triple {471#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:20,017 INFO L290 TraceCheckUtils]: 25: Hoare triple {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,017 INFO L290 TraceCheckUtils]: 26: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,017 INFO L290 TraceCheckUtils]: 27: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,017 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {470#true} {471#false} #1403#return; {471#false} is VALID [2022-02-20 18:05:20,017 INFO L290 TraceCheckUtils]: 29: Hoare triple {471#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {471#false} is VALID [2022-02-20 18:05:20,018 INFO L272 TraceCheckUtils]: 30: Hoare triple {471#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:20,018 INFO L290 TraceCheckUtils]: 31: Hoare triple {530#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,018 INFO L290 TraceCheckUtils]: 32: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,018 INFO L290 TraceCheckUtils]: 33: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,018 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {470#true} {471#false} #1405#return; {471#false} is VALID [2022-02-20 18:05:20,019 INFO L290 TraceCheckUtils]: 35: Hoare triple {471#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {471#false} is VALID [2022-02-20 18:05:20,019 INFO L272 TraceCheckUtils]: 36: Hoare triple {471#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:20,019 INFO L290 TraceCheckUtils]: 37: Hoare triple {531#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,019 INFO L290 TraceCheckUtils]: 38: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,019 INFO L290 TraceCheckUtils]: 39: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,020 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {470#true} {471#false} #1407#return; {471#false} is VALID [2022-02-20 18:05:20,020 INFO L290 TraceCheckUtils]: 41: Hoare triple {471#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {471#false} is VALID [2022-02-20 18:05:20,020 INFO L290 TraceCheckUtils]: 42: Hoare triple {471#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {471#false} is VALID [2022-02-20 18:05:20,020 INFO L290 TraceCheckUtils]: 43: Hoare triple {471#false} assume !true; {471#false} is VALID [2022-02-20 18:05:20,021 INFO L290 TraceCheckUtils]: 44: Hoare triple {471#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {471#false} is VALID [2022-02-20 18:05:20,021 INFO L272 TraceCheckUtils]: 45: Hoare triple {471#false} call sendEmail(~bob~0, ~rjh~0); {471#false} is VALID [2022-02-20 18:05:20,021 INFO L290 TraceCheckUtils]: 46: Hoare triple {471#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {471#false} is VALID [2022-02-20 18:05:20,021 INFO L272 TraceCheckUtils]: 47: Hoare triple {471#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {534#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:20,021 INFO L290 TraceCheckUtils]: 48: Hoare triple {534#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,022 INFO L290 TraceCheckUtils]: 49: Hoare triple {470#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,022 INFO L290 TraceCheckUtils]: 50: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,022 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {470#true} {471#false} #1319#return; {471#false} is VALID [2022-02-20 18:05:20,022 INFO L272 TraceCheckUtils]: 52: Hoare triple {471#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {535#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:20,022 INFO L290 TraceCheckUtils]: 53: Hoare triple {535#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,022 INFO L290 TraceCheckUtils]: 54: Hoare triple {470#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,023 INFO L290 TraceCheckUtils]: 55: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,023 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {470#true} {471#false} #1321#return; {471#false} is VALID [2022-02-20 18:05:20,023 INFO L290 TraceCheckUtils]: 57: Hoare triple {471#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {471#false} is VALID [2022-02-20 18:05:20,023 INFO L290 TraceCheckUtils]: 58: Hoare triple {471#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {471#false} is VALID [2022-02-20 18:05:20,023 INFO L272 TraceCheckUtils]: 59: Hoare triple {471#false} call outgoing(~sender#1, ~email~0#1); {471#false} is VALID [2022-02-20 18:05:20,024 INFO L290 TraceCheckUtils]: 60: Hoare triple {471#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {471#false} is VALID [2022-02-20 18:05:20,024 INFO L272 TraceCheckUtils]: 61: Hoare triple {471#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {470#true} is VALID [2022-02-20 18:05:20,024 INFO L290 TraceCheckUtils]: 62: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~10; {470#true} is VALID [2022-02-20 18:05:20,024 INFO L290 TraceCheckUtils]: 63: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {470#true} is VALID [2022-02-20 18:05:20,024 INFO L290 TraceCheckUtils]: 64: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,025 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {470#true} {471#false} #1299#return; {471#false} is VALID [2022-02-20 18:05:20,025 INFO L290 TraceCheckUtils]: 66: Hoare triple {471#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {471#false} is VALID [2022-02-20 18:05:20,025 INFO L290 TraceCheckUtils]: 67: Hoare triple {471#false} assume 0 == sign_~privkey~1#1; {471#false} is VALID [2022-02-20 18:05:20,025 INFO L290 TraceCheckUtils]: 68: Hoare triple {471#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {471#false} is VALID [2022-02-20 18:05:20,025 INFO L272 TraceCheckUtils]: 69: Hoare triple {471#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {470#true} is VALID [2022-02-20 18:05:20,026 INFO L290 TraceCheckUtils]: 70: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~4; {470#true} is VALID [2022-02-20 18:05:20,026 INFO L290 TraceCheckUtils]: 71: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {470#true} is VALID [2022-02-20 18:05:20,026 INFO L290 TraceCheckUtils]: 72: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,026 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {470#true} {471#false} #1301#return; {471#false} is VALID [2022-02-20 18:05:20,026 INFO L290 TraceCheckUtils]: 74: Hoare triple {471#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {471#false} is VALID [2022-02-20 18:05:20,027 INFO L290 TraceCheckUtils]: 75: Hoare triple {471#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {471#false} is VALID [2022-02-20 18:05:20,027 INFO L272 TraceCheckUtils]: 76: Hoare triple {471#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {471#false} is VALID [2022-02-20 18:05:20,027 INFO L290 TraceCheckUtils]: 77: Hoare triple {471#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {471#false} is VALID [2022-02-20 18:05:20,027 INFO L272 TraceCheckUtils]: 78: Hoare triple {471#false} call #t~ret90#1 := getEmailTo(~msg#1); {470#true} is VALID [2022-02-20 18:05:20,027 INFO L290 TraceCheckUtils]: 79: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~36; {470#true} is VALID [2022-02-20 18:05:20,027 INFO L290 TraceCheckUtils]: 80: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {470#true} is VALID [2022-02-20 18:05:20,028 INFO L290 TraceCheckUtils]: 81: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,028 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {470#true} {471#false} #1333#return; {471#false} is VALID [2022-02-20 18:05:20,028 INFO L290 TraceCheckUtils]: 83: Hoare triple {471#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {471#false} is VALID [2022-02-20 18:05:20,028 INFO L272 TraceCheckUtils]: 84: Hoare triple {471#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {470#true} is VALID [2022-02-20 18:05:20,028 INFO L290 TraceCheckUtils]: 85: Hoare triple {470#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {470#true} is VALID [2022-02-20 18:05:20,029 INFO L290 TraceCheckUtils]: 86: Hoare triple {470#true} assume 1 == ~handle; {470#true} is VALID [2022-02-20 18:05:20,029 INFO L290 TraceCheckUtils]: 87: Hoare triple {470#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {470#true} is VALID [2022-02-20 18:05:20,029 INFO L290 TraceCheckUtils]: 88: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,029 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {470#true} {471#false} #1335#return; {471#false} is VALID [2022-02-20 18:05:20,029 INFO L290 TraceCheckUtils]: 90: Hoare triple {471#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {471#false} is VALID [2022-02-20 18:05:20,030 INFO L290 TraceCheckUtils]: 91: Hoare triple {471#false} assume !(0 != ~pubkey~0#1); {471#false} is VALID [2022-02-20 18:05:20,030 INFO L290 TraceCheckUtils]: 92: Hoare triple {471#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {471#false} is VALID [2022-02-20 18:05:20,030 INFO L290 TraceCheckUtils]: 93: Hoare triple {471#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {471#false} is VALID [2022-02-20 18:05:20,030 INFO L290 TraceCheckUtils]: 94: Hoare triple {471#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {471#false} is VALID [2022-02-20 18:05:20,030 INFO L272 TraceCheckUtils]: 95: Hoare triple {471#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {534#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:20,031 INFO L290 TraceCheckUtils]: 96: Hoare triple {534#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,031 INFO L290 TraceCheckUtils]: 97: Hoare triple {470#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,031 INFO L290 TraceCheckUtils]: 98: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,031 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {470#true} {471#false} #1341#return; {471#false} is VALID [2022-02-20 18:05:20,031 INFO L290 TraceCheckUtils]: 100: Hoare triple {471#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {471#false} is VALID [2022-02-20 18:05:20,032 INFO L290 TraceCheckUtils]: 101: Hoare triple {471#false} assume 0 != ~in_encrypted~0; {471#false} is VALID [2022-02-20 18:05:20,032 INFO L272 TraceCheckUtils]: 102: Hoare triple {471#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {470#true} is VALID [2022-02-20 18:05:20,032 INFO L290 TraceCheckUtils]: 103: Hoare triple {470#true} ~handle := #in~handle;havoc ~retValue_acc~39; {470#true} is VALID [2022-02-20 18:05:20,032 INFO L290 TraceCheckUtils]: 104: Hoare triple {470#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {470#true} is VALID [2022-02-20 18:05:20,032 INFO L290 TraceCheckUtils]: 105: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,032 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {470#true} {471#false} #1343#return; {471#false} is VALID [2022-02-20 18:05:20,033 INFO L290 TraceCheckUtils]: 107: Hoare triple {471#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {471#false} is VALID [2022-02-20 18:05:20,033 INFO L290 TraceCheckUtils]: 108: Hoare triple {471#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {471#false} is VALID [2022-02-20 18:05:20,033 INFO L290 TraceCheckUtils]: 109: Hoare triple {471#false} assume !false; {471#false} is VALID [2022-02-20 18:05:20,034 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:05:20,034 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:20,035 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1878783520] [2022-02-20 18:05:20,035 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1878783520] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:20,035 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [271515577] [2022-02-20 18:05:20,036 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:20,036 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:20,036 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:20,037 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:20,038 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:05:20,307 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:20,327 INFO L263 TraceCheckSpWp]: Trace formula consists of 1161 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:05:20,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:20,379 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:20,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {470#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {470#true} is VALID [2022-02-20 18:05:20,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {470#true} is VALID [2022-02-20 18:05:20,564 INFO L290 TraceCheckUtils]: 2: Hoare triple {470#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {470#true} is VALID [2022-02-20 18:05:20,565 INFO L290 TraceCheckUtils]: 3: Hoare triple {470#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {470#true} is VALID [2022-02-20 18:05:20,565 INFO L290 TraceCheckUtils]: 4: Hoare triple {470#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {470#true} is VALID [2022-02-20 18:05:20,565 INFO L290 TraceCheckUtils]: 5: Hoare triple {470#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {470#true} is VALID [2022-02-20 18:05:20,565 INFO L272 TraceCheckUtils]: 6: Hoare triple {470#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {470#true} is VALID [2022-02-20 18:05:20,565 INFO L290 TraceCheckUtils]: 7: Hoare triple {470#true} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,566 INFO L290 TraceCheckUtils]: 8: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,566 INFO L290 TraceCheckUtils]: 9: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,566 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {470#true} {470#true} #1397#return; {470#true} is VALID [2022-02-20 18:05:20,566 INFO L290 TraceCheckUtils]: 11: Hoare triple {470#true} assume { :end_inline_setup_bob__wrappee__Base } true; {470#true} is VALID [2022-02-20 18:05:20,566 INFO L272 TraceCheckUtils]: 12: Hoare triple {470#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {470#true} is VALID [2022-02-20 18:05:20,566 INFO L290 TraceCheckUtils]: 13: Hoare triple {470#true} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,567 INFO L290 TraceCheckUtils]: 14: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,567 INFO L290 TraceCheckUtils]: 15: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,567 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {470#true} {470#true} #1399#return; {470#true} is VALID [2022-02-20 18:05:20,567 INFO L290 TraceCheckUtils]: 17: Hoare triple {470#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {470#true} is VALID [2022-02-20 18:05:20,567 INFO L272 TraceCheckUtils]: 18: Hoare triple {470#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {470#true} is VALID [2022-02-20 18:05:20,568 INFO L290 TraceCheckUtils]: 19: Hoare triple {470#true} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,568 INFO L290 TraceCheckUtils]: 20: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,568 INFO L290 TraceCheckUtils]: 21: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,568 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {470#true} {470#true} #1401#return; {470#true} is VALID [2022-02-20 18:05:20,568 INFO L290 TraceCheckUtils]: 23: Hoare triple {470#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {470#true} is VALID [2022-02-20 18:05:20,568 INFO L272 TraceCheckUtils]: 24: Hoare triple {470#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {470#true} is VALID [2022-02-20 18:05:20,569 INFO L290 TraceCheckUtils]: 25: Hoare triple {470#true} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,569 INFO L290 TraceCheckUtils]: 26: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,569 INFO L290 TraceCheckUtils]: 27: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,569 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {470#true} {470#true} #1403#return; {470#true} is VALID [2022-02-20 18:05:20,569 INFO L290 TraceCheckUtils]: 29: Hoare triple {470#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {470#true} is VALID [2022-02-20 18:05:20,569 INFO L272 TraceCheckUtils]: 30: Hoare triple {470#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {470#true} is VALID [2022-02-20 18:05:20,570 INFO L290 TraceCheckUtils]: 31: Hoare triple {470#true} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,570 INFO L290 TraceCheckUtils]: 32: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,570 INFO L290 TraceCheckUtils]: 33: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,570 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {470#true} {470#true} #1405#return; {470#true} is VALID [2022-02-20 18:05:20,570 INFO L290 TraceCheckUtils]: 35: Hoare triple {470#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {470#true} is VALID [2022-02-20 18:05:20,570 INFO L272 TraceCheckUtils]: 36: Hoare triple {470#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {470#true} is VALID [2022-02-20 18:05:20,571 INFO L290 TraceCheckUtils]: 37: Hoare triple {470#true} ~handle := #in~handle;~value := #in~value; {470#true} is VALID [2022-02-20 18:05:20,571 INFO L290 TraceCheckUtils]: 38: Hoare triple {470#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {470#true} is VALID [2022-02-20 18:05:20,571 INFO L290 TraceCheckUtils]: 39: Hoare triple {470#true} assume true; {470#true} is VALID [2022-02-20 18:05:20,571 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {470#true} {470#true} #1407#return; {470#true} is VALID [2022-02-20 18:05:20,571 INFO L290 TraceCheckUtils]: 41: Hoare triple {470#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {470#true} is VALID [2022-02-20 18:05:20,572 INFO L290 TraceCheckUtils]: 42: Hoare triple {470#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {470#true} is VALID [2022-02-20 18:05:20,572 INFO L290 TraceCheckUtils]: 43: Hoare triple {470#true} assume !true; {471#false} is VALID [2022-02-20 18:05:20,572 INFO L290 TraceCheckUtils]: 44: Hoare triple {471#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {471#false} is VALID [2022-02-20 18:05:20,572 INFO L272 TraceCheckUtils]: 45: Hoare triple {471#false} call sendEmail(~bob~0, ~rjh~0); {471#false} is VALID [2022-02-20 18:05:20,572 INFO L290 TraceCheckUtils]: 46: Hoare triple {471#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {471#false} is VALID [2022-02-20 18:05:20,573 INFO L272 TraceCheckUtils]: 47: Hoare triple {471#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {471#false} is VALID [2022-02-20 18:05:20,573 INFO L290 TraceCheckUtils]: 48: Hoare triple {471#false} ~handle := #in~handle;~value := #in~value; {471#false} is VALID [2022-02-20 18:05:20,573 INFO L290 TraceCheckUtils]: 49: Hoare triple {471#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {471#false} is VALID [2022-02-20 18:05:20,573 INFO L290 TraceCheckUtils]: 50: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,573 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {471#false} {471#false} #1319#return; {471#false} is VALID [2022-02-20 18:05:20,573 INFO L272 TraceCheckUtils]: 52: Hoare triple {471#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {471#false} is VALID [2022-02-20 18:05:20,574 INFO L290 TraceCheckUtils]: 53: Hoare triple {471#false} ~handle := #in~handle;~value := #in~value; {471#false} is VALID [2022-02-20 18:05:20,574 INFO L290 TraceCheckUtils]: 54: Hoare triple {471#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {471#false} is VALID [2022-02-20 18:05:20,574 INFO L290 TraceCheckUtils]: 55: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,574 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {471#false} {471#false} #1321#return; {471#false} is VALID [2022-02-20 18:05:20,574 INFO L290 TraceCheckUtils]: 57: Hoare triple {471#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {471#false} is VALID [2022-02-20 18:05:20,575 INFO L290 TraceCheckUtils]: 58: Hoare triple {471#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {471#false} is VALID [2022-02-20 18:05:20,575 INFO L272 TraceCheckUtils]: 59: Hoare triple {471#false} call outgoing(~sender#1, ~email~0#1); {471#false} is VALID [2022-02-20 18:05:20,575 INFO L290 TraceCheckUtils]: 60: Hoare triple {471#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {471#false} is VALID [2022-02-20 18:05:20,575 INFO L272 TraceCheckUtils]: 61: Hoare triple {471#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {471#false} is VALID [2022-02-20 18:05:20,575 INFO L290 TraceCheckUtils]: 62: Hoare triple {471#false} ~handle := #in~handle;havoc ~retValue_acc~10; {471#false} is VALID [2022-02-20 18:05:20,575 INFO L290 TraceCheckUtils]: 63: Hoare triple {471#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {471#false} is VALID [2022-02-20 18:05:20,576 INFO L290 TraceCheckUtils]: 64: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,576 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {471#false} {471#false} #1299#return; {471#false} is VALID [2022-02-20 18:05:20,576 INFO L290 TraceCheckUtils]: 66: Hoare triple {471#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {471#false} is VALID [2022-02-20 18:05:20,576 INFO L290 TraceCheckUtils]: 67: Hoare triple {471#false} assume 0 == sign_~privkey~1#1; {471#false} is VALID [2022-02-20 18:05:20,576 INFO L290 TraceCheckUtils]: 68: Hoare triple {471#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {471#false} is VALID [2022-02-20 18:05:20,576 INFO L272 TraceCheckUtils]: 69: Hoare triple {471#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {471#false} is VALID [2022-02-20 18:05:20,577 INFO L290 TraceCheckUtils]: 70: Hoare triple {471#false} ~handle := #in~handle;havoc ~retValue_acc~4; {471#false} is VALID [2022-02-20 18:05:20,577 INFO L290 TraceCheckUtils]: 71: Hoare triple {471#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {471#false} is VALID [2022-02-20 18:05:20,577 INFO L290 TraceCheckUtils]: 72: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,577 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {471#false} {471#false} #1301#return; {471#false} is VALID [2022-02-20 18:05:20,577 INFO L290 TraceCheckUtils]: 74: Hoare triple {471#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {471#false} is VALID [2022-02-20 18:05:20,577 INFO L290 TraceCheckUtils]: 75: Hoare triple {471#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {471#false} is VALID [2022-02-20 18:05:20,578 INFO L272 TraceCheckUtils]: 76: Hoare triple {471#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {471#false} is VALID [2022-02-20 18:05:20,578 INFO L290 TraceCheckUtils]: 77: Hoare triple {471#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {471#false} is VALID [2022-02-20 18:05:20,578 INFO L272 TraceCheckUtils]: 78: Hoare triple {471#false} call #t~ret90#1 := getEmailTo(~msg#1); {471#false} is VALID [2022-02-20 18:05:20,578 INFO L290 TraceCheckUtils]: 79: Hoare triple {471#false} ~handle := #in~handle;havoc ~retValue_acc~36; {471#false} is VALID [2022-02-20 18:05:20,578 INFO L290 TraceCheckUtils]: 80: Hoare triple {471#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {471#false} is VALID [2022-02-20 18:05:20,578 INFO L290 TraceCheckUtils]: 81: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,579 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {471#false} {471#false} #1333#return; {471#false} is VALID [2022-02-20 18:05:20,579 INFO L290 TraceCheckUtils]: 83: Hoare triple {471#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {471#false} is VALID [2022-02-20 18:05:20,579 INFO L272 TraceCheckUtils]: 84: Hoare triple {471#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {471#false} is VALID [2022-02-20 18:05:20,579 INFO L290 TraceCheckUtils]: 85: Hoare triple {471#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {471#false} is VALID [2022-02-20 18:05:20,579 INFO L290 TraceCheckUtils]: 86: Hoare triple {471#false} assume 1 == ~handle; {471#false} is VALID [2022-02-20 18:05:20,579 INFO L290 TraceCheckUtils]: 87: Hoare triple {471#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {471#false} is VALID [2022-02-20 18:05:20,580 INFO L290 TraceCheckUtils]: 88: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,580 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {471#false} {471#false} #1335#return; {471#false} is VALID [2022-02-20 18:05:20,580 INFO L290 TraceCheckUtils]: 90: Hoare triple {471#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {471#false} is VALID [2022-02-20 18:05:20,580 INFO L290 TraceCheckUtils]: 91: Hoare triple {471#false} assume !(0 != ~pubkey~0#1); {471#false} is VALID [2022-02-20 18:05:20,580 INFO L290 TraceCheckUtils]: 92: Hoare triple {471#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {471#false} is VALID [2022-02-20 18:05:20,580 INFO L290 TraceCheckUtils]: 93: Hoare triple {471#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {471#false} is VALID [2022-02-20 18:05:20,581 INFO L290 TraceCheckUtils]: 94: Hoare triple {471#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {471#false} is VALID [2022-02-20 18:05:20,581 INFO L272 TraceCheckUtils]: 95: Hoare triple {471#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {471#false} is VALID [2022-02-20 18:05:20,581 INFO L290 TraceCheckUtils]: 96: Hoare triple {471#false} ~handle := #in~handle;~value := #in~value; {471#false} is VALID [2022-02-20 18:05:20,581 INFO L290 TraceCheckUtils]: 97: Hoare triple {471#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {471#false} is VALID [2022-02-20 18:05:20,581 INFO L290 TraceCheckUtils]: 98: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,581 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {471#false} {471#false} #1341#return; {471#false} is VALID [2022-02-20 18:05:20,582 INFO L290 TraceCheckUtils]: 100: Hoare triple {471#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {471#false} is VALID [2022-02-20 18:05:20,582 INFO L290 TraceCheckUtils]: 101: Hoare triple {471#false} assume 0 != ~in_encrypted~0; {471#false} is VALID [2022-02-20 18:05:20,582 INFO L272 TraceCheckUtils]: 102: Hoare triple {471#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {471#false} is VALID [2022-02-20 18:05:20,582 INFO L290 TraceCheckUtils]: 103: Hoare triple {471#false} ~handle := #in~handle;havoc ~retValue_acc~39; {471#false} is VALID [2022-02-20 18:05:20,582 INFO L290 TraceCheckUtils]: 104: Hoare triple {471#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {471#false} is VALID [2022-02-20 18:05:20,582 INFO L290 TraceCheckUtils]: 105: Hoare triple {471#false} assume true; {471#false} is VALID [2022-02-20 18:05:20,583 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {471#false} {471#false} #1343#return; {471#false} is VALID [2022-02-20 18:05:20,583 INFO L290 TraceCheckUtils]: 107: Hoare triple {471#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {471#false} is VALID [2022-02-20 18:05:20,583 INFO L290 TraceCheckUtils]: 108: Hoare triple {471#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {471#false} is VALID [2022-02-20 18:05:20,583 INFO L290 TraceCheckUtils]: 109: Hoare triple {471#false} assume !false; {471#false} is VALID [2022-02-20 18:05:20,583 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:20,584 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:20,605 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [271515577] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:20,605 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:20,605 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:05:20,607 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [827631997] [2022-02-20 18:05:20,608 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:20,611 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 110 [2022-02-20 18:05:20,613 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:20,615 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:20,680 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:20,681 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:05:20,681 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:20,694 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:05:20,694 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:20,698 INFO L87 Difference]: Start difference. First operand has 467 states, 361 states have (on average 1.5346260387811634) internal successors, (554), 366 states have internal predecessors, (554), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:21,031 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:21,032 INFO L93 Difference]: Finished difference Result 736 states and 1090 transitions. [2022-02-20 18:05:21,032 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:05:21,033 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 110 [2022-02-20 18:05:21,033 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:21,034 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:21,053 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 1090 transitions. [2022-02-20 18:05:21,054 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:21,068 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 1090 transitions. [2022-02-20 18:05:21,068 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 1090 transitions. [2022-02-20 18:05:21,802 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1090 edges. 1090 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:21,831 INFO L225 Difference]: With dead ends: 736 [2022-02-20 18:05:21,831 INFO L226 Difference]: Without dead ends: 460 [2022-02-20 18:05:21,836 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 141 GetRequests, 134 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:21,838 INFO L933 BasicCegarLoop]: 700 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 700 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:21,839 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 700 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:21,851 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 460 states. [2022-02-20 18:05:21,885 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 460 to 460. [2022-02-20 18:05:21,885 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:21,888 INFO L82 GeneralOperation]: Start isEquivalent. First operand 460 states. Second operand has 460 states, 355 states have (on average 1.5295774647887324) internal successors, (543), 359 states have internal predecessors, (543), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:21,890 INFO L74 IsIncluded]: Start isIncluded. First operand 460 states. Second operand has 460 states, 355 states have (on average 1.5295774647887324) internal successors, (543), 359 states have internal predecessors, (543), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:21,892 INFO L87 Difference]: Start difference. First operand 460 states. Second operand has 460 states, 355 states have (on average 1.5295774647887324) internal successors, (543), 359 states have internal predecessors, (543), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:21,913 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:21,914 INFO L93 Difference]: Finished difference Result 460 states and 692 transitions. [2022-02-20 18:05:21,914 INFO L276 IsEmpty]: Start isEmpty. Operand 460 states and 692 transitions. [2022-02-20 18:05:21,917 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:21,917 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:21,919 INFO L74 IsIncluded]: Start isIncluded. First operand has 460 states, 355 states have (on average 1.5295774647887324) internal successors, (543), 359 states have internal predecessors, (543), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) Second operand 460 states. [2022-02-20 18:05:21,920 INFO L87 Difference]: Start difference. First operand has 460 states, 355 states have (on average 1.5295774647887324) internal successors, (543), 359 states have internal predecessors, (543), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) Second operand 460 states. [2022-02-20 18:05:21,940 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:21,940 INFO L93 Difference]: Finished difference Result 460 states and 692 transitions. [2022-02-20 18:05:21,940 INFO L276 IsEmpty]: Start isEmpty. Operand 460 states and 692 transitions. [2022-02-20 18:05:21,942 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:21,942 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:21,942 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:21,943 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:21,944 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 460 states, 355 states have (on average 1.5295774647887324) internal successors, (543), 359 states have internal predecessors, (543), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:21,962 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 460 states to 460 states and 692 transitions. [2022-02-20 18:05:21,964 INFO L78 Accepts]: Start accepts. Automaton has 460 states and 692 transitions. Word has length 110 [2022-02-20 18:05:21,964 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:21,964 INFO L470 AbstractCegarLoop]: Abstraction has 460 states and 692 transitions. [2022-02-20 18:05:21,965 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:21,965 INFO L276 IsEmpty]: Start isEmpty. Operand 460 states and 692 transitions. [2022-02-20 18:05:21,967 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:05:21,967 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:21,967 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:22,001 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:22,185 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:05:22,186 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:22,186 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:22,186 INFO L85 PathProgramCache]: Analyzing trace with hash 1412794511, now seen corresponding path program 1 times [2022-02-20 18:05:22,186 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:22,187 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1798048465] [2022-02-20 18:05:22,187 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:22,187 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:22,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:22,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,278 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3438#true} #1397#return; {3438#true} is VALID [2022-02-20 18:05:22,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:22,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,286 INFO L290 TraceCheckUtils]: 0: Hoare triple {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,286 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,287 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3438#true} #1399#return; {3438#true} is VALID [2022-02-20 18:05:22,287 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:22,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3500#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:22,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {3500#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3501#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:22,302 INFO L290 TraceCheckUtils]: 2: Hoare triple {3501#(= |setClientId_#in~handle| 1)} assume true; {3501#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:22,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3501#(= |setClientId_#in~handle| 1)} {3448#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {3439#false} is VALID [2022-02-20 18:05:22,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:22,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,307 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1403#return; {3439#false} is VALID [2022-02-20 18:05:22,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:22,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1405#return; {3439#false} is VALID [2022-02-20 18:05:22,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:22,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,315 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1407#return; {3439#false} is VALID [2022-02-20 18:05:22,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:05:22,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {3502#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1319#return; {3439#false} is VALID [2022-02-20 18:05:22,331 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:05:22,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {3503#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,334 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,334 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1321#return; {3439#false} is VALID [2022-02-20 18:05:22,335 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:05:22,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3438#true} is VALID [2022-02-20 18:05:22,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3438#true} is VALID [2022-02-20 18:05:22,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1299#return; {3439#false} is VALID [2022-02-20 18:05:22,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:05:22,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,340 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~4; {3438#true} is VALID [2022-02-20 18:05:22,340 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {3438#true} is VALID [2022-02-20 18:05:22,340 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,340 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1301#return; {3439#false} is VALID [2022-02-20 18:05:22,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:22,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~36; {3438#true} is VALID [2022-02-20 18:05:22,343 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {3438#true} is VALID [2022-02-20 18:05:22,343 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,343 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1333#return; {3439#false} is VALID [2022-02-20 18:05:22,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:05:22,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3438#true} is VALID [2022-02-20 18:05:22,346 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle; {3438#true} is VALID [2022-02-20 18:05:22,346 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3438#true} is VALID [2022-02-20 18:05:22,346 INFO L290 TraceCheckUtils]: 3: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,347 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3438#true} {3439#false} #1335#return; {3439#false} is VALID [2022-02-20 18:05:22,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:05:22,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {3502#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1341#return; {3439#false} is VALID [2022-02-20 18:05:22,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:05:22,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~39; {3438#true} is VALID [2022-02-20 18:05:22,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {3438#true} is VALID [2022-02-20 18:05:22,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3438#true} {3439#false} #1343#return; {3439#false} is VALID [2022-02-20 18:05:22,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3438#true} is VALID [2022-02-20 18:05:22,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {3438#true} is VALID [2022-02-20 18:05:22,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3438#true} is VALID [2022-02-20 18:05:22,353 INFO L290 TraceCheckUtils]: 3: Hoare triple {3438#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {3438#true} is VALID [2022-02-20 18:05:22,354 INFO L290 TraceCheckUtils]: 4: Hoare triple {3438#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {3438#true} is VALID [2022-02-20 18:05:22,354 INFO L290 TraceCheckUtils]: 5: Hoare triple {3438#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3438#true} is VALID [2022-02-20 18:05:22,354 INFO L272 TraceCheckUtils]: 6: Hoare triple {3438#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:22,355 INFO L290 TraceCheckUtils]: 7: Hoare triple {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,355 INFO L290 TraceCheckUtils]: 8: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,355 INFO L290 TraceCheckUtils]: 9: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,355 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3438#true} {3438#true} #1397#return; {3438#true} is VALID [2022-02-20 18:05:22,355 INFO L290 TraceCheckUtils]: 11: Hoare triple {3438#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3438#true} is VALID [2022-02-20 18:05:22,356 INFO L272 TraceCheckUtils]: 12: Hoare triple {3438#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:22,356 INFO L290 TraceCheckUtils]: 13: Hoare triple {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,356 INFO L290 TraceCheckUtils]: 14: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,356 INFO L290 TraceCheckUtils]: 15: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,356 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3438#true} {3438#true} #1399#return; {3438#true} is VALID [2022-02-20 18:05:22,357 INFO L290 TraceCheckUtils]: 17: Hoare triple {3438#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3448#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:22,358 INFO L272 TraceCheckUtils]: 18: Hoare triple {3448#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:22,358 INFO L290 TraceCheckUtils]: 19: Hoare triple {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3500#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:22,358 INFO L290 TraceCheckUtils]: 20: Hoare triple {3500#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3501#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:22,359 INFO L290 TraceCheckUtils]: 21: Hoare triple {3501#(= |setClientId_#in~handle| 1)} assume true; {3501#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:22,359 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3501#(= |setClientId_#in~handle| 1)} {3448#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {3439#false} is VALID [2022-02-20 18:05:22,359 INFO L290 TraceCheckUtils]: 23: Hoare triple {3439#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3439#false} is VALID [2022-02-20 18:05:22,359 INFO L272 TraceCheckUtils]: 24: Hoare triple {3439#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:22,360 INFO L290 TraceCheckUtils]: 25: Hoare triple {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,360 INFO L290 TraceCheckUtils]: 26: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,360 INFO L290 TraceCheckUtils]: 27: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,360 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3438#true} {3439#false} #1403#return; {3439#false} is VALID [2022-02-20 18:05:22,360 INFO L290 TraceCheckUtils]: 29: Hoare triple {3439#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3439#false} is VALID [2022-02-20 18:05:22,360 INFO L272 TraceCheckUtils]: 30: Hoare triple {3439#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:22,361 INFO L290 TraceCheckUtils]: 31: Hoare triple {3498#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,361 INFO L290 TraceCheckUtils]: 32: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,361 INFO L290 TraceCheckUtils]: 33: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,361 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3438#true} {3439#false} #1405#return; {3439#false} is VALID [2022-02-20 18:05:22,361 INFO L290 TraceCheckUtils]: 35: Hoare triple {3439#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3439#false} is VALID [2022-02-20 18:05:22,361 INFO L272 TraceCheckUtils]: 36: Hoare triple {3439#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:22,361 INFO L290 TraceCheckUtils]: 37: Hoare triple {3499#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,361 INFO L290 TraceCheckUtils]: 38: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,362 INFO L290 TraceCheckUtils]: 39: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,362 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3438#true} {3439#false} #1407#return; {3439#false} is VALID [2022-02-20 18:05:22,362 INFO L290 TraceCheckUtils]: 41: Hoare triple {3439#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {3439#false} is VALID [2022-02-20 18:05:22,362 INFO L290 TraceCheckUtils]: 42: Hoare triple {3439#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3439#false} is VALID [2022-02-20 18:05:22,362 INFO L290 TraceCheckUtils]: 43: Hoare triple {3439#false} assume !false; {3439#false} is VALID [2022-02-20 18:05:22,362 INFO L290 TraceCheckUtils]: 44: Hoare triple {3439#false} assume !(test_~splverifierCounter~0#1 < 4); {3439#false} is VALID [2022-02-20 18:05:22,363 INFO L290 TraceCheckUtils]: 45: Hoare triple {3439#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {3439#false} is VALID [2022-02-20 18:05:22,363 INFO L272 TraceCheckUtils]: 46: Hoare triple {3439#false} call sendEmail(~bob~0, ~rjh~0); {3439#false} is VALID [2022-02-20 18:05:22,363 INFO L290 TraceCheckUtils]: 47: Hoare triple {3439#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3439#false} is VALID [2022-02-20 18:05:22,363 INFO L272 TraceCheckUtils]: 48: Hoare triple {3439#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3502#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:22,363 INFO L290 TraceCheckUtils]: 49: Hoare triple {3502#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,363 INFO L290 TraceCheckUtils]: 50: Hoare triple {3438#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,363 INFO L290 TraceCheckUtils]: 51: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,364 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3438#true} {3439#false} #1319#return; {3439#false} is VALID [2022-02-20 18:05:22,364 INFO L272 TraceCheckUtils]: 53: Hoare triple {3439#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3503#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:22,364 INFO L290 TraceCheckUtils]: 54: Hoare triple {3503#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,364 INFO L290 TraceCheckUtils]: 55: Hoare triple {3438#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,364 INFO L290 TraceCheckUtils]: 56: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,364 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3438#true} {3439#false} #1321#return; {3439#false} is VALID [2022-02-20 18:05:22,364 INFO L290 TraceCheckUtils]: 58: Hoare triple {3439#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {3439#false} is VALID [2022-02-20 18:05:22,365 INFO L290 TraceCheckUtils]: 59: Hoare triple {3439#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {3439#false} is VALID [2022-02-20 18:05:22,365 INFO L272 TraceCheckUtils]: 60: Hoare triple {3439#false} call outgoing(~sender#1, ~email~0#1); {3439#false} is VALID [2022-02-20 18:05:22,365 INFO L290 TraceCheckUtils]: 61: Hoare triple {3439#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {3439#false} is VALID [2022-02-20 18:05:22,365 INFO L272 TraceCheckUtils]: 62: Hoare triple {3439#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {3438#true} is VALID [2022-02-20 18:05:22,365 INFO L290 TraceCheckUtils]: 63: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3438#true} is VALID [2022-02-20 18:05:22,365 INFO L290 TraceCheckUtils]: 64: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3438#true} is VALID [2022-02-20 18:05:22,365 INFO L290 TraceCheckUtils]: 65: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,366 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3438#true} {3439#false} #1299#return; {3439#false} is VALID [2022-02-20 18:05:22,366 INFO L290 TraceCheckUtils]: 67: Hoare triple {3439#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {3439#false} is VALID [2022-02-20 18:05:22,366 INFO L290 TraceCheckUtils]: 68: Hoare triple {3439#false} assume 0 == sign_~privkey~1#1; {3439#false} is VALID [2022-02-20 18:05:22,366 INFO L290 TraceCheckUtils]: 69: Hoare triple {3439#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {3439#false} is VALID [2022-02-20 18:05:22,366 INFO L272 TraceCheckUtils]: 70: Hoare triple {3439#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3438#true} is VALID [2022-02-20 18:05:22,366 INFO L290 TraceCheckUtils]: 71: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~4; {3438#true} is VALID [2022-02-20 18:05:22,366 INFO L290 TraceCheckUtils]: 72: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {3438#true} is VALID [2022-02-20 18:05:22,366 INFO L290 TraceCheckUtils]: 73: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,367 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3438#true} {3439#false} #1301#return; {3439#false} is VALID [2022-02-20 18:05:22,367 INFO L290 TraceCheckUtils]: 75: Hoare triple {3439#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {3439#false} is VALID [2022-02-20 18:05:22,367 INFO L290 TraceCheckUtils]: 76: Hoare triple {3439#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {3439#false} is VALID [2022-02-20 18:05:22,367 INFO L272 TraceCheckUtils]: 77: Hoare triple {3439#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3439#false} is VALID [2022-02-20 18:05:22,367 INFO L290 TraceCheckUtils]: 78: Hoare triple {3439#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {3439#false} is VALID [2022-02-20 18:05:22,367 INFO L272 TraceCheckUtils]: 79: Hoare triple {3439#false} call #t~ret90#1 := getEmailTo(~msg#1); {3438#true} is VALID [2022-02-20 18:05:22,367 INFO L290 TraceCheckUtils]: 80: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~36; {3438#true} is VALID [2022-02-20 18:05:22,368 INFO L290 TraceCheckUtils]: 81: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {3438#true} is VALID [2022-02-20 18:05:22,368 INFO L290 TraceCheckUtils]: 82: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,368 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3438#true} {3439#false} #1333#return; {3439#false} is VALID [2022-02-20 18:05:22,368 INFO L290 TraceCheckUtils]: 84: Hoare triple {3439#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {3439#false} is VALID [2022-02-20 18:05:22,368 INFO L272 TraceCheckUtils]: 85: Hoare triple {3439#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {3438#true} is VALID [2022-02-20 18:05:22,368 INFO L290 TraceCheckUtils]: 86: Hoare triple {3438#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3438#true} is VALID [2022-02-20 18:05:22,368 INFO L290 TraceCheckUtils]: 87: Hoare triple {3438#true} assume 1 == ~handle; {3438#true} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 88: Hoare triple {3438#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3438#true} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 89: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,369 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3438#true} {3439#false} #1335#return; {3439#false} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 91: Hoare triple {3439#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {3439#false} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 92: Hoare triple {3439#false} assume !(0 != ~pubkey~0#1); {3439#false} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 93: Hoare triple {3439#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {3439#false} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 94: Hoare triple {3439#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {3439#false} is VALID [2022-02-20 18:05:22,369 INFO L290 TraceCheckUtils]: 95: Hoare triple {3439#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {3439#false} is VALID [2022-02-20 18:05:22,370 INFO L272 TraceCheckUtils]: 96: Hoare triple {3439#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {3502#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:22,370 INFO L290 TraceCheckUtils]: 97: Hoare triple {3502#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,370 INFO L290 TraceCheckUtils]: 98: Hoare triple {3438#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,370 INFO L290 TraceCheckUtils]: 99: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,370 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3438#true} {3439#false} #1341#return; {3439#false} is VALID [2022-02-20 18:05:22,370 INFO L290 TraceCheckUtils]: 101: Hoare triple {3439#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {3439#false} is VALID [2022-02-20 18:05:22,370 INFO L290 TraceCheckUtils]: 102: Hoare triple {3439#false} assume 0 != ~in_encrypted~0; {3439#false} is VALID [2022-02-20 18:05:22,371 INFO L272 TraceCheckUtils]: 103: Hoare triple {3439#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {3438#true} is VALID [2022-02-20 18:05:22,371 INFO L290 TraceCheckUtils]: 104: Hoare triple {3438#true} ~handle := #in~handle;havoc ~retValue_acc~39; {3438#true} is VALID [2022-02-20 18:05:22,371 INFO L290 TraceCheckUtils]: 105: Hoare triple {3438#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {3438#true} is VALID [2022-02-20 18:05:22,371 INFO L290 TraceCheckUtils]: 106: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,371 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {3438#true} {3439#false} #1343#return; {3439#false} is VALID [2022-02-20 18:05:22,371 INFO L290 TraceCheckUtils]: 108: Hoare triple {3439#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {3439#false} is VALID [2022-02-20 18:05:22,371 INFO L290 TraceCheckUtils]: 109: Hoare triple {3439#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {3439#false} is VALID [2022-02-20 18:05:22,372 INFO L290 TraceCheckUtils]: 110: Hoare triple {3439#false} assume !false; {3439#false} is VALID [2022-02-20 18:05:22,372 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:05:22,372 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:22,372 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1798048465] [2022-02-20 18:05:22,372 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1798048465] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:22,373 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2043443268] [2022-02-20 18:05:22,373 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:22,373 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:22,373 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:22,374 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:22,375 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:05:22,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,619 INFO L263 TraceCheckSpWp]: Trace formula consists of 1162 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:05:22,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:22,669 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:22,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {3438#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3438#true} is VALID [2022-02-20 18:05:22,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {3438#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 2: Hoare triple {3438#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 3: Hoare triple {3438#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 4: Hoare triple {3438#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 5: Hoare triple {3438#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L272 TraceCheckUtils]: 6: Hoare triple {3438#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 7: Hoare triple {3438#true} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 8: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,893 INFO L290 TraceCheckUtils]: 9: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,894 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3438#true} {3438#true} #1397#return; {3438#true} is VALID [2022-02-20 18:05:22,894 INFO L290 TraceCheckUtils]: 11: Hoare triple {3438#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3438#true} is VALID [2022-02-20 18:05:22,894 INFO L272 TraceCheckUtils]: 12: Hoare triple {3438#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3438#true} is VALID [2022-02-20 18:05:22,894 INFO L290 TraceCheckUtils]: 13: Hoare triple {3438#true} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,894 INFO L290 TraceCheckUtils]: 14: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,894 INFO L290 TraceCheckUtils]: 15: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3438#true} {3438#true} #1399#return; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L290 TraceCheckUtils]: 17: Hoare triple {3438#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L272 TraceCheckUtils]: 18: Hoare triple {3438#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L290 TraceCheckUtils]: 19: Hoare triple {3438#true} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L290 TraceCheckUtils]: 20: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L290 TraceCheckUtils]: 21: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3438#true} {3438#true} #1401#return; {3438#true} is VALID [2022-02-20 18:05:22,895 INFO L290 TraceCheckUtils]: 23: Hoare triple {3438#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L272 TraceCheckUtils]: 24: Hoare triple {3438#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L290 TraceCheckUtils]: 25: Hoare triple {3438#true} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L290 TraceCheckUtils]: 26: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L290 TraceCheckUtils]: 27: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3438#true} {3438#true} #1403#return; {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L290 TraceCheckUtils]: 29: Hoare triple {3438#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3438#true} is VALID [2022-02-20 18:05:22,896 INFO L272 TraceCheckUtils]: 30: Hoare triple {3438#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L290 TraceCheckUtils]: 31: Hoare triple {3438#true} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L290 TraceCheckUtils]: 32: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L290 TraceCheckUtils]: 33: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3438#true} {3438#true} #1405#return; {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L290 TraceCheckUtils]: 35: Hoare triple {3438#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L272 TraceCheckUtils]: 36: Hoare triple {3438#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3438#true} is VALID [2022-02-20 18:05:22,897 INFO L290 TraceCheckUtils]: 37: Hoare triple {3438#true} ~handle := #in~handle;~value := #in~value; {3438#true} is VALID [2022-02-20 18:05:22,898 INFO L290 TraceCheckUtils]: 38: Hoare triple {3438#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3438#true} is VALID [2022-02-20 18:05:22,898 INFO L290 TraceCheckUtils]: 39: Hoare triple {3438#true} assume true; {3438#true} is VALID [2022-02-20 18:05:22,898 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3438#true} {3438#true} #1407#return; {3438#true} is VALID [2022-02-20 18:05:22,898 INFO L290 TraceCheckUtils]: 41: Hoare triple {3438#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {3438#true} is VALID [2022-02-20 18:05:22,899 INFO L290 TraceCheckUtils]: 42: Hoare triple {3438#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3633#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:22,899 INFO L290 TraceCheckUtils]: 43: Hoare triple {3633#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3633#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:22,899 INFO L290 TraceCheckUtils]: 44: Hoare triple {3633#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3439#false} is VALID [2022-02-20 18:05:22,899 INFO L290 TraceCheckUtils]: 45: Hoare triple {3439#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {3439#false} is VALID [2022-02-20 18:05:22,900 INFO L272 TraceCheckUtils]: 46: Hoare triple {3439#false} call sendEmail(~bob~0, ~rjh~0); {3439#false} is VALID [2022-02-20 18:05:22,900 INFO L290 TraceCheckUtils]: 47: Hoare triple {3439#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3439#false} is VALID [2022-02-20 18:05:22,900 INFO L272 TraceCheckUtils]: 48: Hoare triple {3439#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3439#false} is VALID [2022-02-20 18:05:22,900 INFO L290 TraceCheckUtils]: 49: Hoare triple {3439#false} ~handle := #in~handle;~value := #in~value; {3439#false} is VALID [2022-02-20 18:05:22,901 INFO L290 TraceCheckUtils]: 50: Hoare triple {3439#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3439#false} is VALID [2022-02-20 18:05:22,903 INFO L290 TraceCheckUtils]: 51: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,904 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3439#false} {3439#false} #1319#return; {3439#false} is VALID [2022-02-20 18:05:22,904 INFO L272 TraceCheckUtils]: 53: Hoare triple {3439#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3439#false} is VALID [2022-02-20 18:05:22,904 INFO L290 TraceCheckUtils]: 54: Hoare triple {3439#false} ~handle := #in~handle;~value := #in~value; {3439#false} is VALID [2022-02-20 18:05:22,905 INFO L290 TraceCheckUtils]: 55: Hoare triple {3439#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3439#false} is VALID [2022-02-20 18:05:22,905 INFO L290 TraceCheckUtils]: 56: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,905 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3439#false} {3439#false} #1321#return; {3439#false} is VALID [2022-02-20 18:05:22,906 INFO L290 TraceCheckUtils]: 58: Hoare triple {3439#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {3439#false} is VALID [2022-02-20 18:05:22,906 INFO L290 TraceCheckUtils]: 59: Hoare triple {3439#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {3439#false} is VALID [2022-02-20 18:05:22,906 INFO L272 TraceCheckUtils]: 60: Hoare triple {3439#false} call outgoing(~sender#1, ~email~0#1); {3439#false} is VALID [2022-02-20 18:05:22,906 INFO L290 TraceCheckUtils]: 61: Hoare triple {3439#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {3439#false} is VALID [2022-02-20 18:05:22,906 INFO L272 TraceCheckUtils]: 62: Hoare triple {3439#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {3439#false} is VALID [2022-02-20 18:05:22,907 INFO L290 TraceCheckUtils]: 63: Hoare triple {3439#false} ~handle := #in~handle;havoc ~retValue_acc~10; {3439#false} is VALID [2022-02-20 18:05:22,908 INFO L290 TraceCheckUtils]: 64: Hoare triple {3439#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3439#false} is VALID [2022-02-20 18:05:22,908 INFO L290 TraceCheckUtils]: 65: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3439#false} {3439#false} #1299#return; {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L290 TraceCheckUtils]: 67: Hoare triple {3439#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L290 TraceCheckUtils]: 68: Hoare triple {3439#false} assume 0 == sign_~privkey~1#1; {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L290 TraceCheckUtils]: 69: Hoare triple {3439#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L272 TraceCheckUtils]: 70: Hoare triple {3439#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L290 TraceCheckUtils]: 71: Hoare triple {3439#false} ~handle := #in~handle;havoc ~retValue_acc~4; {3439#false} is VALID [2022-02-20 18:05:22,910 INFO L290 TraceCheckUtils]: 72: Hoare triple {3439#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {3439#false} is VALID [2022-02-20 18:05:22,911 INFO L290 TraceCheckUtils]: 73: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,911 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3439#false} {3439#false} #1301#return; {3439#false} is VALID [2022-02-20 18:05:22,911 INFO L290 TraceCheckUtils]: 75: Hoare triple {3439#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L290 TraceCheckUtils]: 76: Hoare triple {3439#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L272 TraceCheckUtils]: 77: Hoare triple {3439#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L290 TraceCheckUtils]: 78: Hoare triple {3439#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L272 TraceCheckUtils]: 79: Hoare triple {3439#false} call #t~ret90#1 := getEmailTo(~msg#1); {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L290 TraceCheckUtils]: 80: Hoare triple {3439#false} ~handle := #in~handle;havoc ~retValue_acc~36; {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L290 TraceCheckUtils]: 81: Hoare triple {3439#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L290 TraceCheckUtils]: 82: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,912 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3439#false} {3439#false} #1333#return; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L290 TraceCheckUtils]: 84: Hoare triple {3439#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L272 TraceCheckUtils]: 85: Hoare triple {3439#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L290 TraceCheckUtils]: 86: Hoare triple {3439#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L290 TraceCheckUtils]: 87: Hoare triple {3439#false} assume 1 == ~handle; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L290 TraceCheckUtils]: 88: Hoare triple {3439#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L290 TraceCheckUtils]: 89: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3439#false} {3439#false} #1335#return; {3439#false} is VALID [2022-02-20 18:05:22,913 INFO L290 TraceCheckUtils]: 91: Hoare triple {3439#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 92: Hoare triple {3439#false} assume !(0 != ~pubkey~0#1); {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 93: Hoare triple {3439#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 94: Hoare triple {3439#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 95: Hoare triple {3439#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L272 TraceCheckUtils]: 96: Hoare triple {3439#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 97: Hoare triple {3439#false} ~handle := #in~handle;~value := #in~value; {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 98: Hoare triple {3439#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3439#false} is VALID [2022-02-20 18:05:22,914 INFO L290 TraceCheckUtils]: 99: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,915 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3439#false} {3439#false} #1341#return; {3439#false} is VALID [2022-02-20 18:05:22,915 INFO L290 TraceCheckUtils]: 101: Hoare triple {3439#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {3439#false} is VALID [2022-02-20 18:05:22,915 INFO L290 TraceCheckUtils]: 102: Hoare triple {3439#false} assume 0 != ~in_encrypted~0; {3439#false} is VALID [2022-02-20 18:05:22,915 INFO L272 TraceCheckUtils]: 103: Hoare triple {3439#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {3439#false} is VALID [2022-02-20 18:05:22,915 INFO L290 TraceCheckUtils]: 104: Hoare triple {3439#false} ~handle := #in~handle;havoc ~retValue_acc~39; {3439#false} is VALID [2022-02-20 18:05:22,916 INFO L290 TraceCheckUtils]: 105: Hoare triple {3439#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {3439#false} is VALID [2022-02-20 18:05:22,916 INFO L290 TraceCheckUtils]: 106: Hoare triple {3439#false} assume true; {3439#false} is VALID [2022-02-20 18:05:22,916 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {3439#false} {3439#false} #1343#return; {3439#false} is VALID [2022-02-20 18:05:22,916 INFO L290 TraceCheckUtils]: 108: Hoare triple {3439#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {3439#false} is VALID [2022-02-20 18:05:22,916 INFO L290 TraceCheckUtils]: 109: Hoare triple {3439#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {3439#false} is VALID [2022-02-20 18:05:22,916 INFO L290 TraceCheckUtils]: 110: Hoare triple {3439#false} assume !false; {3439#false} is VALID [2022-02-20 18:05:22,917 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:22,917 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:22,917 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2043443268] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:22,917 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:22,917 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:05:22,917 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [24731087] [2022-02-20 18:05:22,918 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:22,919 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 111 [2022-02-20 18:05:22,919 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:22,919 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:22,977 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:22,977 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:22,977 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:22,978 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:22,978 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:22,978 INFO L87 Difference]: Start difference. First operand 460 states and 692 transitions. Second operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:23,489 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:23,489 INFO L93 Difference]: Finished difference Result 726 states and 1068 transitions. [2022-02-20 18:05:23,489 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:23,490 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 111 [2022-02-20 18:05:23,490 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:23,491 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:23,512 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1068 transitions. [2022-02-20 18:05:23,513 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:23,532 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1068 transitions. [2022-02-20 18:05:23,533 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1068 transitions. [2022-02-20 18:05:24,183 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1068 edges. 1068 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:24,210 INFO L225 Difference]: With dead ends: 726 [2022-02-20 18:05:24,210 INFO L226 Difference]: Without dead ends: 463 [2022-02-20 18:05:24,212 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 134 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:24,213 INFO L933 BasicCegarLoop]: 690 mSDtfsCounter, 1 mSDsluCounter, 688 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1378 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:24,213 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1378 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:24,215 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 463 states. [2022-02-20 18:05:24,232 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 463 to 462. [2022-02-20 18:05:24,233 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:24,234 INFO L82 GeneralOperation]: Start isEquivalent. First operand 463 states. Second operand has 462 states, 357 states have (on average 1.526610644257703) internal successors, (545), 361 states have internal predecessors, (545), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:24,236 INFO L74 IsIncluded]: Start isIncluded. First operand 463 states. Second operand has 462 states, 357 states have (on average 1.526610644257703) internal successors, (545), 361 states have internal predecessors, (545), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:24,237 INFO L87 Difference]: Start difference. First operand 463 states. Second operand has 462 states, 357 states have (on average 1.526610644257703) internal successors, (545), 361 states have internal predecessors, (545), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:24,252 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:24,252 INFO L93 Difference]: Finished difference Result 463 states and 695 transitions. [2022-02-20 18:05:24,252 INFO L276 IsEmpty]: Start isEmpty. Operand 463 states and 695 transitions. [2022-02-20 18:05:24,254 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:24,254 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:24,255 INFO L74 IsIncluded]: Start isIncluded. First operand has 462 states, 357 states have (on average 1.526610644257703) internal successors, (545), 361 states have internal predecessors, (545), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) Second operand 463 states. [2022-02-20 18:05:24,256 INFO L87 Difference]: Start difference. First operand has 462 states, 357 states have (on average 1.526610644257703) internal successors, (545), 361 states have internal predecessors, (545), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) Second operand 463 states. [2022-02-20 18:05:24,270 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:24,270 INFO L93 Difference]: Finished difference Result 463 states and 695 transitions. [2022-02-20 18:05:24,270 INFO L276 IsEmpty]: Start isEmpty. Operand 463 states and 695 transitions. [2022-02-20 18:05:24,272 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:24,272 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:24,272 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:24,272 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:24,274 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 462 states, 357 states have (on average 1.526610644257703) internal successors, (545), 361 states have internal predecessors, (545), 75 states have call successors, (75), 29 states have call predecessors, (75), 29 states have return successors, (74), 73 states have call predecessors, (74), 74 states have call successors, (74) [2022-02-20 18:05:24,288 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 462 states to 462 states and 694 transitions. [2022-02-20 18:05:24,289 INFO L78 Accepts]: Start accepts. Automaton has 462 states and 694 transitions. Word has length 111 [2022-02-20 18:05:24,289 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:24,289 INFO L470 AbstractCegarLoop]: Abstraction has 462 states and 694 transitions. [2022-02-20 18:05:24,290 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:24,290 INFO L276 IsEmpty]: Start isEmpty. Operand 462 states and 694 transitions. [2022-02-20 18:05:24,291 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 121 [2022-02-20 18:05:24,292 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:24,292 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:24,320 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:24,512 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:05:24,512 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:24,512 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:24,512 INFO L85 PathProgramCache]: Analyzing trace with hash 389162940, now seen corresponding path program 1 times [2022-02-20 18:05:24,513 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:24,513 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [170296728] [2022-02-20 18:05:24,513 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:24,513 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:24,554 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:24,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,587 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,587 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6403#true} #1397#return; {6403#true} is VALID [2022-02-20 18:05:24,592 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:24,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,600 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6403#true} #1399#return; {6403#true} is VALID [2022-02-20 18:05:24,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:24,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6465#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:24,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {6465#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6466#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:24,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {6466#(= |setClientId_#in~handle| 1)} assume true; {6466#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:24,616 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6466#(= |setClientId_#in~handle| 1)} {6413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {6404#false} is VALID [2022-02-20 18:05:24,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:24,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1403#return; {6404#false} is VALID [2022-02-20 18:05:24,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:24,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,626 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1405#return; {6404#false} is VALID [2022-02-20 18:05:24,626 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:24,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1407#return; {6404#false} is VALID [2022-02-20 18:05:24,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:05:24,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {6467#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,639 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1319#return; {6404#false} is VALID [2022-02-20 18:05:24,646 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:05:24,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {6468#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,650 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1321#return; {6404#false} is VALID [2022-02-20 18:05:24,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:05:24,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~10; {6403#true} is VALID [2022-02-20 18:05:24,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6403#true} is VALID [2022-02-20 18:05:24,654 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,654 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1299#return; {6404#false} is VALID [2022-02-20 18:05:24,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:24,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~4; {6403#true} is VALID [2022-02-20 18:05:24,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {6403#true} is VALID [2022-02-20 18:05:24,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1301#return; {6404#false} is VALID [2022-02-20 18:05:24,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:05:24,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~36; {6403#true} is VALID [2022-02-20 18:05:24,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {6403#true} is VALID [2022-02-20 18:05:24,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1333#return; {6404#false} is VALID [2022-02-20 18:05:24,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:05:24,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,664 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6403#true} is VALID [2022-02-20 18:05:24,664 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle; {6403#true} is VALID [2022-02-20 18:05:24,664 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6403#true} is VALID [2022-02-20 18:05:24,664 INFO L290 TraceCheckUtils]: 3: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,665 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {6403#true} {6404#false} #1335#return; {6404#false} is VALID [2022-02-20 18:05:24,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:05:24,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {6467#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1341#return; {6404#false} is VALID [2022-02-20 18:05:24,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:05:24,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~39; {6403#true} is VALID [2022-02-20 18:05:24,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {6403#true} is VALID [2022-02-20 18:05:24,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,671 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6403#true} {6404#false} #1343#return; {6404#false} is VALID [2022-02-20 18:05:24,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {6403#true} is VALID [2022-02-20 18:05:24,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {6403#true} is VALID [2022-02-20 18:05:24,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6403#true} is VALID [2022-02-20 18:05:24,672 INFO L290 TraceCheckUtils]: 3: Hoare triple {6403#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {6403#true} is VALID [2022-02-20 18:05:24,672 INFO L290 TraceCheckUtils]: 4: Hoare triple {6403#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {6403#true} is VALID [2022-02-20 18:05:24,672 INFO L290 TraceCheckUtils]: 5: Hoare triple {6403#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6403#true} is VALID [2022-02-20 18:05:24,673 INFO L272 TraceCheckUtils]: 6: Hoare triple {6403#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,673 INFO L290 TraceCheckUtils]: 7: Hoare triple {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,673 INFO L290 TraceCheckUtils]: 8: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,673 INFO L290 TraceCheckUtils]: 9: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,673 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6403#true} {6403#true} #1397#return; {6403#true} is VALID [2022-02-20 18:05:24,673 INFO L290 TraceCheckUtils]: 11: Hoare triple {6403#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6403#true} is VALID [2022-02-20 18:05:24,676 INFO L272 TraceCheckUtils]: 12: Hoare triple {6403#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:24,676 INFO L290 TraceCheckUtils]: 13: Hoare triple {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,676 INFO L290 TraceCheckUtils]: 14: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,676 INFO L290 TraceCheckUtils]: 15: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,676 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6403#true} {6403#true} #1399#return; {6403#true} is VALID [2022-02-20 18:05:24,677 INFO L290 TraceCheckUtils]: 17: Hoare triple {6403#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:24,677 INFO L272 TraceCheckUtils]: 18: Hoare triple {6413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,678 INFO L290 TraceCheckUtils]: 19: Hoare triple {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6465#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:24,678 INFO L290 TraceCheckUtils]: 20: Hoare triple {6465#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6466#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:24,678 INFO L290 TraceCheckUtils]: 21: Hoare triple {6466#(= |setClientId_#in~handle| 1)} assume true; {6466#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:24,679 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6466#(= |setClientId_#in~handle| 1)} {6413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {6404#false} is VALID [2022-02-20 18:05:24,679 INFO L290 TraceCheckUtils]: 23: Hoare triple {6404#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6404#false} is VALID [2022-02-20 18:05:24,679 INFO L272 TraceCheckUtils]: 24: Hoare triple {6404#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:24,679 INFO L290 TraceCheckUtils]: 25: Hoare triple {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,679 INFO L290 TraceCheckUtils]: 26: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,679 INFO L290 TraceCheckUtils]: 27: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,680 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6403#true} {6404#false} #1403#return; {6404#false} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 29: Hoare triple {6404#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6404#false} is VALID [2022-02-20 18:05:24,680 INFO L272 TraceCheckUtils]: 30: Hoare triple {6404#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 31: Hoare triple {6463#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 32: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 33: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,680 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6403#true} {6404#false} #1405#return; {6404#false} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 35: Hoare triple {6404#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6404#false} is VALID [2022-02-20 18:05:24,681 INFO L272 TraceCheckUtils]: 36: Hoare triple {6404#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:24,681 INFO L290 TraceCheckUtils]: 37: Hoare triple {6464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,681 INFO L290 TraceCheckUtils]: 38: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,681 INFO L290 TraceCheckUtils]: 39: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,681 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6403#true} {6404#false} #1407#return; {6404#false} is VALID [2022-02-20 18:05:24,681 INFO L290 TraceCheckUtils]: 41: Hoare triple {6404#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {6404#false} is VALID [2022-02-20 18:05:24,681 INFO L290 TraceCheckUtils]: 42: Hoare triple {6404#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6404#false} is VALID [2022-02-20 18:05:24,681 INFO L290 TraceCheckUtils]: 43: Hoare triple {6404#false} assume !false; {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 44: Hoare triple {6404#false} assume test_~splverifierCounter~0#1 < 4; {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 45: Hoare triple {6404#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 46: Hoare triple {6404#false} assume !(0 == test_~op1~0#1); {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 47: Hoare triple {6404#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 48: Hoare triple {6404#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 49: Hoare triple {6404#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {6404#false} is VALID [2022-02-20 18:05:24,682 INFO L290 TraceCheckUtils]: 50: Hoare triple {6404#false} assume { :end_inline_setClientAutoResponse } true; {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L290 TraceCheckUtils]: 51: Hoare triple {6404#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L290 TraceCheckUtils]: 52: Hoare triple {6404#false} assume !false; {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L290 TraceCheckUtils]: 53: Hoare triple {6404#false} assume !(test_~splverifierCounter~0#1 < 4); {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L290 TraceCheckUtils]: 54: Hoare triple {6404#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L272 TraceCheckUtils]: 55: Hoare triple {6404#false} call sendEmail(~bob~0, ~rjh~0); {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L290 TraceCheckUtils]: 56: Hoare triple {6404#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6404#false} is VALID [2022-02-20 18:05:24,683 INFO L272 TraceCheckUtils]: 57: Hoare triple {6404#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6467#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:24,683 INFO L290 TraceCheckUtils]: 58: Hoare triple {6467#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,684 INFO L290 TraceCheckUtils]: 59: Hoare triple {6403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,684 INFO L290 TraceCheckUtils]: 60: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,684 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {6403#true} {6404#false} #1319#return; {6404#false} is VALID [2022-02-20 18:05:24,684 INFO L272 TraceCheckUtils]: 62: Hoare triple {6404#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6468#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:24,684 INFO L290 TraceCheckUtils]: 63: Hoare triple {6468#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,684 INFO L290 TraceCheckUtils]: 64: Hoare triple {6403#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,684 INFO L290 TraceCheckUtils]: 65: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,684 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {6403#true} {6404#false} #1321#return; {6404#false} is VALID [2022-02-20 18:05:24,685 INFO L290 TraceCheckUtils]: 67: Hoare triple {6404#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {6404#false} is VALID [2022-02-20 18:05:24,685 INFO L290 TraceCheckUtils]: 68: Hoare triple {6404#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {6404#false} is VALID [2022-02-20 18:05:24,685 INFO L272 TraceCheckUtils]: 69: Hoare triple {6404#false} call outgoing(~sender#1, ~email~0#1); {6404#false} is VALID [2022-02-20 18:05:24,685 INFO L290 TraceCheckUtils]: 70: Hoare triple {6404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {6404#false} is VALID [2022-02-20 18:05:24,685 INFO L272 TraceCheckUtils]: 71: Hoare triple {6404#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {6403#true} is VALID [2022-02-20 18:05:24,685 INFO L290 TraceCheckUtils]: 72: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~10; {6403#true} is VALID [2022-02-20 18:05:24,685 INFO L290 TraceCheckUtils]: 73: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6403#true} is VALID [2022-02-20 18:05:24,685 INFO L290 TraceCheckUtils]: 74: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,685 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {6403#true} {6404#false} #1299#return; {6404#false} is VALID [2022-02-20 18:05:24,686 INFO L290 TraceCheckUtils]: 76: Hoare triple {6404#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {6404#false} is VALID [2022-02-20 18:05:24,686 INFO L290 TraceCheckUtils]: 77: Hoare triple {6404#false} assume 0 == sign_~privkey~1#1; {6404#false} is VALID [2022-02-20 18:05:24,686 INFO L290 TraceCheckUtils]: 78: Hoare triple {6404#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {6404#false} is VALID [2022-02-20 18:05:24,686 INFO L272 TraceCheckUtils]: 79: Hoare triple {6404#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {6403#true} is VALID [2022-02-20 18:05:24,686 INFO L290 TraceCheckUtils]: 80: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~4; {6403#true} is VALID [2022-02-20 18:05:24,686 INFO L290 TraceCheckUtils]: 81: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {6403#true} is VALID [2022-02-20 18:05:24,686 INFO L290 TraceCheckUtils]: 82: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,686 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {6403#true} {6404#false} #1301#return; {6404#false} is VALID [2022-02-20 18:05:24,687 INFO L290 TraceCheckUtils]: 84: Hoare triple {6404#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {6404#false} is VALID [2022-02-20 18:05:24,687 INFO L290 TraceCheckUtils]: 85: Hoare triple {6404#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {6404#false} is VALID [2022-02-20 18:05:24,687 INFO L272 TraceCheckUtils]: 86: Hoare triple {6404#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {6404#false} is VALID [2022-02-20 18:05:24,687 INFO L290 TraceCheckUtils]: 87: Hoare triple {6404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {6404#false} is VALID [2022-02-20 18:05:24,687 INFO L272 TraceCheckUtils]: 88: Hoare triple {6404#false} call #t~ret90#1 := getEmailTo(~msg#1); {6403#true} is VALID [2022-02-20 18:05:24,687 INFO L290 TraceCheckUtils]: 89: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~36; {6403#true} is VALID [2022-02-20 18:05:24,687 INFO L290 TraceCheckUtils]: 90: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {6403#true} is VALID [2022-02-20 18:05:24,688 INFO L290 TraceCheckUtils]: 91: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,688 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {6403#true} {6404#false} #1333#return; {6404#false} is VALID [2022-02-20 18:05:24,688 INFO L290 TraceCheckUtils]: 93: Hoare triple {6404#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {6404#false} is VALID [2022-02-20 18:05:24,688 INFO L272 TraceCheckUtils]: 94: Hoare triple {6404#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {6403#true} is VALID [2022-02-20 18:05:24,688 INFO L290 TraceCheckUtils]: 95: Hoare triple {6403#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6403#true} is VALID [2022-02-20 18:05:24,688 INFO L290 TraceCheckUtils]: 96: Hoare triple {6403#true} assume 1 == ~handle; {6403#true} is VALID [2022-02-20 18:05:24,688 INFO L290 TraceCheckUtils]: 97: Hoare triple {6403#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6403#true} is VALID [2022-02-20 18:05:24,688 INFO L290 TraceCheckUtils]: 98: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,689 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {6403#true} {6404#false} #1335#return; {6404#false} is VALID [2022-02-20 18:05:24,689 INFO L290 TraceCheckUtils]: 100: Hoare triple {6404#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {6404#false} is VALID [2022-02-20 18:05:24,689 INFO L290 TraceCheckUtils]: 101: Hoare triple {6404#false} assume !(0 != ~pubkey~0#1); {6404#false} is VALID [2022-02-20 18:05:24,689 INFO L290 TraceCheckUtils]: 102: Hoare triple {6404#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {6404#false} is VALID [2022-02-20 18:05:24,689 INFO L290 TraceCheckUtils]: 103: Hoare triple {6404#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {6404#false} is VALID [2022-02-20 18:05:24,689 INFO L290 TraceCheckUtils]: 104: Hoare triple {6404#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {6404#false} is VALID [2022-02-20 18:05:24,689 INFO L272 TraceCheckUtils]: 105: Hoare triple {6404#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {6467#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:24,689 INFO L290 TraceCheckUtils]: 106: Hoare triple {6467#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 107: Hoare triple {6403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 108: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,690 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {6403#true} {6404#false} #1341#return; {6404#false} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 110: Hoare triple {6404#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {6404#false} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 111: Hoare triple {6404#false} assume 0 != ~in_encrypted~0; {6404#false} is VALID [2022-02-20 18:05:24,690 INFO L272 TraceCheckUtils]: 112: Hoare triple {6404#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {6403#true} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 113: Hoare triple {6403#true} ~handle := #in~handle;havoc ~retValue_acc~39; {6403#true} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 114: Hoare triple {6403#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {6403#true} is VALID [2022-02-20 18:05:24,691 INFO L290 TraceCheckUtils]: 115: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:24,691 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {6403#true} {6404#false} #1343#return; {6404#false} is VALID [2022-02-20 18:05:24,691 INFO L290 TraceCheckUtils]: 117: Hoare triple {6404#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {6404#false} is VALID [2022-02-20 18:05:24,691 INFO L290 TraceCheckUtils]: 118: Hoare triple {6404#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {6404#false} is VALID [2022-02-20 18:05:24,691 INFO L290 TraceCheckUtils]: 119: Hoare triple {6404#false} assume !false; {6404#false} is VALID [2022-02-20 18:05:24,691 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:24,692 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:24,692 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [170296728] [2022-02-20 18:05:24,692 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [170296728] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:24,692 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1149820522] [2022-02-20 18:05:24,692 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:24,692 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:24,693 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:24,706 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:24,707 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:05:24,992 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,997 INFO L263 TraceCheckSpWp]: Trace formula consists of 1189 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:05:25,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:25,039 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:25,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {6403#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {6403#true} is VALID [2022-02-20 18:05:25,216 INFO L290 TraceCheckUtils]: 1: Hoare triple {6403#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {6403#true} is VALID [2022-02-20 18:05:25,227 INFO L290 TraceCheckUtils]: 2: Hoare triple {6403#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6403#true} is VALID [2022-02-20 18:05:25,227 INFO L290 TraceCheckUtils]: 3: Hoare triple {6403#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {6403#true} is VALID [2022-02-20 18:05:25,227 INFO L290 TraceCheckUtils]: 4: Hoare triple {6403#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {6403#true} is VALID [2022-02-20 18:05:25,227 INFO L290 TraceCheckUtils]: 5: Hoare triple {6403#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6403#true} is VALID [2022-02-20 18:05:25,227 INFO L272 TraceCheckUtils]: 6: Hoare triple {6403#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 7: Hoare triple {6403#true} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 8: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 9: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6403#true} {6403#true} #1397#return; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 11: Hoare triple {6403#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L272 TraceCheckUtils]: 12: Hoare triple {6403#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 13: Hoare triple {6403#true} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 14: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:25,228 INFO L290 TraceCheckUtils]: 15: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6403#true} {6403#true} #1399#return; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L290 TraceCheckUtils]: 17: Hoare triple {6403#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L272 TraceCheckUtils]: 18: Hoare triple {6403#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L290 TraceCheckUtils]: 19: Hoare triple {6403#true} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L290 TraceCheckUtils]: 20: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L290 TraceCheckUtils]: 21: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6403#true} {6403#true} #1401#return; {6403#true} is VALID [2022-02-20 18:05:25,229 INFO L290 TraceCheckUtils]: 23: Hoare triple {6403#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L272 TraceCheckUtils]: 24: Hoare triple {6403#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 25: Hoare triple {6403#true} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 26: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 27: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6403#true} {6403#true} #1403#return; {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 29: Hoare triple {6403#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L272 TraceCheckUtils]: 30: Hoare triple {6403#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6403#true} is VALID [2022-02-20 18:05:25,230 INFO L290 TraceCheckUtils]: 31: Hoare triple {6403#true} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L290 TraceCheckUtils]: 32: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L290 TraceCheckUtils]: 33: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6403#true} {6403#true} #1405#return; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L290 TraceCheckUtils]: 35: Hoare triple {6403#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L272 TraceCheckUtils]: 36: Hoare triple {6403#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L290 TraceCheckUtils]: 37: Hoare triple {6403#true} ~handle := #in~handle;~value := #in~value; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L290 TraceCheckUtils]: 38: Hoare triple {6403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6403#true} is VALID [2022-02-20 18:05:25,231 INFO L290 TraceCheckUtils]: 39: Hoare triple {6403#true} assume true; {6403#true} is VALID [2022-02-20 18:05:25,232 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6403#true} {6403#true} #1407#return; {6403#true} is VALID [2022-02-20 18:05:25,232 INFO L290 TraceCheckUtils]: 41: Hoare triple {6403#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {6403#true} is VALID [2022-02-20 18:05:25,232 INFO L290 TraceCheckUtils]: 42: Hoare triple {6403#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:25,232 INFO L290 TraceCheckUtils]: 43: Hoare triple {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 44: Hoare triple {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 45: Hoare triple {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 46: Hoare triple {6598#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {6404#false} is VALID [2022-02-20 18:05:25,233 INFO L290 TraceCheckUtils]: 47: Hoare triple {6404#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 48: Hoare triple {6404#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 49: Hoare triple {6404#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 50: Hoare triple {6404#false} assume { :end_inline_setClientAutoResponse } true; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 51: Hoare triple {6404#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 52: Hoare triple {6404#false} assume !false; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 53: Hoare triple {6404#false} assume !(test_~splverifierCounter~0#1 < 4); {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L290 TraceCheckUtils]: 54: Hoare triple {6404#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {6404#false} is VALID [2022-02-20 18:05:25,234 INFO L272 TraceCheckUtils]: 55: Hoare triple {6404#false} call sendEmail(~bob~0, ~rjh~0); {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L290 TraceCheckUtils]: 56: Hoare triple {6404#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L272 TraceCheckUtils]: 57: Hoare triple {6404#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L290 TraceCheckUtils]: 58: Hoare triple {6404#false} ~handle := #in~handle;~value := #in~value; {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L290 TraceCheckUtils]: 59: Hoare triple {6404#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L290 TraceCheckUtils]: 60: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {6404#false} {6404#false} #1319#return; {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L272 TraceCheckUtils]: 62: Hoare triple {6404#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6404#false} is VALID [2022-02-20 18:05:25,235 INFO L290 TraceCheckUtils]: 63: Hoare triple {6404#false} ~handle := #in~handle;~value := #in~value; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 64: Hoare triple {6404#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 65: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {6404#false} {6404#false} #1321#return; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 67: Hoare triple {6404#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 68: Hoare triple {6404#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L272 TraceCheckUtils]: 69: Hoare triple {6404#false} call outgoing(~sender#1, ~email~0#1); {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L290 TraceCheckUtils]: 70: Hoare triple {6404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {6404#false} is VALID [2022-02-20 18:05:25,236 INFO L272 TraceCheckUtils]: 71: Hoare triple {6404#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 72: Hoare triple {6404#false} ~handle := #in~handle;havoc ~retValue_acc~10; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 73: Hoare triple {6404#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 74: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {6404#false} {6404#false} #1299#return; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 76: Hoare triple {6404#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 77: Hoare triple {6404#false} assume 0 == sign_~privkey~1#1; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L290 TraceCheckUtils]: 78: Hoare triple {6404#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {6404#false} is VALID [2022-02-20 18:05:25,237 INFO L272 TraceCheckUtils]: 79: Hoare triple {6404#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 80: Hoare triple {6404#false} ~handle := #in~handle;havoc ~retValue_acc~4; {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 81: Hoare triple {6404#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 82: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {6404#false} {6404#false} #1301#return; {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 84: Hoare triple {6404#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 85: Hoare triple {6404#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L272 TraceCheckUtils]: 86: Hoare triple {6404#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {6404#false} is VALID [2022-02-20 18:05:25,238 INFO L290 TraceCheckUtils]: 87: Hoare triple {6404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L272 TraceCheckUtils]: 88: Hoare triple {6404#false} call #t~ret90#1 := getEmailTo(~msg#1); {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 89: Hoare triple {6404#false} ~handle := #in~handle;havoc ~retValue_acc~36; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 90: Hoare triple {6404#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 91: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {6404#false} {6404#false} #1333#return; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 93: Hoare triple {6404#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L272 TraceCheckUtils]: 94: Hoare triple {6404#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 95: Hoare triple {6404#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6404#false} is VALID [2022-02-20 18:05:25,239 INFO L290 TraceCheckUtils]: 96: Hoare triple {6404#false} assume 1 == ~handle; {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 97: Hoare triple {6404#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 98: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {6404#false} {6404#false} #1335#return; {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 100: Hoare triple {6404#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 101: Hoare triple {6404#false} assume !(0 != ~pubkey~0#1); {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 102: Hoare triple {6404#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {6404#false} is VALID [2022-02-20 18:05:25,243 INFO L290 TraceCheckUtils]: 103: Hoare triple {6404#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 104: Hoare triple {6404#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L272 TraceCheckUtils]: 105: Hoare triple {6404#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 106: Hoare triple {6404#false} ~handle := #in~handle;~value := #in~value; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 107: Hoare triple {6404#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 108: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {6404#false} {6404#false} #1341#return; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 110: Hoare triple {6404#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {6404#false} is VALID [2022-02-20 18:05:25,244 INFO L290 TraceCheckUtils]: 111: Hoare triple {6404#false} assume 0 != ~in_encrypted~0; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L272 TraceCheckUtils]: 112: Hoare triple {6404#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 113: Hoare triple {6404#false} ~handle := #in~handle;havoc ~retValue_acc~39; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 114: Hoare triple {6404#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 115: Hoare triple {6404#false} assume true; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {6404#false} {6404#false} #1343#return; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 117: Hoare triple {6404#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 118: Hoare triple {6404#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {6404#false} is VALID [2022-02-20 18:05:25,245 INFO L290 TraceCheckUtils]: 119: Hoare triple {6404#false} assume !false; {6404#false} is VALID [2022-02-20 18:05:25,246 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:05:25,246 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:25,246 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1149820522] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:25,246 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:25,246 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:05:25,247 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1514532172] [2022-02-20 18:05:25,247 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:25,247 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 120 [2022-02-20 18:05:25,248 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:25,249 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:25,311 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:25,312 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:25,312 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:25,312 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:25,312 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:25,313 INFO L87 Difference]: Start difference. First operand 462 states and 694 transitions. Second operand has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:25,865 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:25,865 INFO L93 Difference]: Finished difference Result 977 states and 1488 transitions. [2022-02-20 18:05:25,866 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:25,866 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 120 [2022-02-20 18:05:25,866 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:25,866 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:25,881 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1486 transitions. [2022-02-20 18:05:25,882 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:25,897 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1486 transitions. [2022-02-20 18:05:25,897 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1486 transitions. [2022-02-20 18:05:26,796 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1486 edges. 1486 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:26,813 INFO L225 Difference]: With dead ends: 977 [2022-02-20 18:05:26,813 INFO L226 Difference]: Without dead ends: 542 [2022-02-20 18:05:26,814 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 151 GetRequests, 143 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:05:26,815 INFO L933 BasicCegarLoop]: 719 mSDtfsCounter, 142 mSDsluCounter, 647 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 160 SdHoareTripleChecker+Valid, 1366 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:26,815 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [160 Valid, 1366 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:26,816 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 542 states. [2022-02-20 18:05:26,842 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 542 to 534. [2022-02-20 18:05:26,842 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:26,843 INFO L82 GeneralOperation]: Start isEquivalent. First operand 542 states. Second operand has 534 states, 415 states have (on average 1.546987951807229) internal successors, (642), 419 states have internal predecessors, (642), 89 states have call successors, (89), 29 states have call predecessors, (89), 29 states have return successors, (88), 87 states have call predecessors, (88), 88 states have call successors, (88) [2022-02-20 18:05:26,845 INFO L74 IsIncluded]: Start isIncluded. First operand 542 states. Second operand has 534 states, 415 states have (on average 1.546987951807229) internal successors, (642), 419 states have internal predecessors, (642), 89 states have call successors, (89), 29 states have call predecessors, (89), 29 states have return successors, (88), 87 states have call predecessors, (88), 88 states have call successors, (88) [2022-02-20 18:05:26,846 INFO L87 Difference]: Start difference. First operand 542 states. Second operand has 534 states, 415 states have (on average 1.546987951807229) internal successors, (642), 419 states have internal predecessors, (642), 89 states have call successors, (89), 29 states have call predecessors, (89), 29 states have return successors, (88), 87 states have call predecessors, (88), 88 states have call successors, (88) [2022-02-20 18:05:26,885 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:26,885 INFO L93 Difference]: Finished difference Result 542 states and 828 transitions. [2022-02-20 18:05:26,885 INFO L276 IsEmpty]: Start isEmpty. Operand 542 states and 828 transitions. [2022-02-20 18:05:26,887 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:26,887 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:26,889 INFO L74 IsIncluded]: Start isIncluded. First operand has 534 states, 415 states have (on average 1.546987951807229) internal successors, (642), 419 states have internal predecessors, (642), 89 states have call successors, (89), 29 states have call predecessors, (89), 29 states have return successors, (88), 87 states have call predecessors, (88), 88 states have call successors, (88) Second operand 542 states. [2022-02-20 18:05:26,890 INFO L87 Difference]: Start difference. First operand has 534 states, 415 states have (on average 1.546987951807229) internal successors, (642), 419 states have internal predecessors, (642), 89 states have call successors, (89), 29 states have call predecessors, (89), 29 states have return successors, (88), 87 states have call predecessors, (88), 88 states have call successors, (88) Second operand 542 states. [2022-02-20 18:05:26,913 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:26,914 INFO L93 Difference]: Finished difference Result 542 states and 828 transitions. [2022-02-20 18:05:26,914 INFO L276 IsEmpty]: Start isEmpty. Operand 542 states and 828 transitions. [2022-02-20 18:05:26,916 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:26,918 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:26,918 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:26,918 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:26,920 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 534 states, 415 states have (on average 1.546987951807229) internal successors, (642), 419 states have internal predecessors, (642), 89 states have call successors, (89), 29 states have call predecessors, (89), 29 states have return successors, (88), 87 states have call predecessors, (88), 88 states have call successors, (88) [2022-02-20 18:05:26,959 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 534 states to 534 states and 819 transitions. [2022-02-20 18:05:26,967 INFO L78 Accepts]: Start accepts. Automaton has 534 states and 819 transitions. Word has length 120 [2022-02-20 18:05:26,968 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:26,968 INFO L470 AbstractCegarLoop]: Abstraction has 534 states and 819 transitions. [2022-02-20 18:05:26,968 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 18:05:26,968 INFO L276 IsEmpty]: Start isEmpty. Operand 534 states and 819 transitions. [2022-02-20 18:05:26,971 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 122 [2022-02-20 18:05:26,983 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:26,983 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:27,014 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:27,184 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:27,185 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:27,185 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:27,186 INFO L85 PathProgramCache]: Analyzing trace with hash 2042303042, now seen corresponding path program 1 times [2022-02-20 18:05:27,186 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:27,186 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [594005548] [2022-02-20 18:05:27,186 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:27,186 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:27,212 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:27,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,241 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,241 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,241 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10009#true} #1397#return; {10009#true} is VALID [2022-02-20 18:05:27,246 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:27,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,253 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10009#true} #1399#return; {10009#true} is VALID [2022-02-20 18:05:27,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:27,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10071#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,270 INFO L290 TraceCheckUtils]: 1: Hoare triple {10071#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10072#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:27,271 INFO L290 TraceCheckUtils]: 2: Hoare triple {10072#(= |setClientId_#in~handle| 1)} assume true; {10072#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:27,271 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10072#(= |setClientId_#in~handle| 1)} {10019#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {10010#false} is VALID [2022-02-20 18:05:27,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:05:27,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,276 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1403#return; {10010#false} is VALID [2022-02-20 18:05:27,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:05:27,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1405#return; {10010#false} is VALID [2022-02-20 18:05:27,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:05:27,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,288 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1407#return; {10010#false} is VALID [2022-02-20 18:05:27,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:05:27,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {10073#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,299 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1319#return; {10010#false} is VALID [2022-02-20 18:05:27,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:05:27,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,309 INFO L290 TraceCheckUtils]: 0: Hoare triple {10074#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,309 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,309 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,310 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1321#return; {10010#false} is VALID [2022-02-20 18:05:27,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:05:27,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,313 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~10; {10009#true} is VALID [2022-02-20 18:05:27,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10009#true} is VALID [2022-02-20 18:05:27,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,314 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1299#return; {10010#false} is VALID [2022-02-20 18:05:27,314 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:05:27,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~4; {10009#true} is VALID [2022-02-20 18:05:27,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {10009#true} is VALID [2022-02-20 18:05:27,316 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,316 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1301#return; {10010#false} is VALID [2022-02-20 18:05:27,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:05:27,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10009#true} is VALID [2022-02-20 18:05:27,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10009#true} is VALID [2022-02-20 18:05:27,319 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,319 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1333#return; {10010#false} is VALID [2022-02-20 18:05:27,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:05:27,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,326 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10009#true} is VALID [2022-02-20 18:05:27,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle; {10009#true} is VALID [2022-02-20 18:05:27,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10009#true} is VALID [2022-02-20 18:05:27,327 INFO L290 TraceCheckUtils]: 3: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,327 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10009#true} {10010#false} #1335#return; {10010#false} is VALID [2022-02-20 18:05:27,327 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:05:27,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {10073#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,335 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1341#return; {10010#false} is VALID [2022-02-20 18:05:27,335 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:05:27,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~39; {10009#true} is VALID [2022-02-20 18:05:27,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10009#true} is VALID [2022-02-20 18:05:27,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,338 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10009#true} {10010#false} #1343#return; {10010#false} is VALID [2022-02-20 18:05:27,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10009#true} is VALID [2022-02-20 18:05:27,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10009#true} is VALID [2022-02-20 18:05:27,339 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10009#true} is VALID [2022-02-20 18:05:27,339 INFO L290 TraceCheckUtils]: 3: Hoare triple {10009#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {10009#true} is VALID [2022-02-20 18:05:27,339 INFO L290 TraceCheckUtils]: 4: Hoare triple {10009#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {10009#true} is VALID [2022-02-20 18:05:27,339 INFO L290 TraceCheckUtils]: 5: Hoare triple {10009#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10009#true} is VALID [2022-02-20 18:05:27,340 INFO L272 TraceCheckUtils]: 6: Hoare triple {10009#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:27,340 INFO L290 TraceCheckUtils]: 7: Hoare triple {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,340 INFO L290 TraceCheckUtils]: 8: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,340 INFO L290 TraceCheckUtils]: 9: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,340 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10009#true} {10009#true} #1397#return; {10009#true} is VALID [2022-02-20 18:05:27,340 INFO L290 TraceCheckUtils]: 11: Hoare triple {10009#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10009#true} is VALID [2022-02-20 18:05:27,341 INFO L272 TraceCheckUtils]: 12: Hoare triple {10009#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:27,341 INFO L290 TraceCheckUtils]: 13: Hoare triple {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,341 INFO L290 TraceCheckUtils]: 14: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,341 INFO L290 TraceCheckUtils]: 15: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,341 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10009#true} {10009#true} #1399#return; {10009#true} is VALID [2022-02-20 18:05:27,342 INFO L290 TraceCheckUtils]: 17: Hoare triple {10009#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10019#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:05:27,342 INFO L272 TraceCheckUtils]: 18: Hoare triple {10019#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:27,343 INFO L290 TraceCheckUtils]: 19: Hoare triple {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10071#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:27,343 INFO L290 TraceCheckUtils]: 20: Hoare triple {10071#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10072#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:27,343 INFO L290 TraceCheckUtils]: 21: Hoare triple {10072#(= |setClientId_#in~handle| 1)} assume true; {10072#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:27,344 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {10072#(= |setClientId_#in~handle| 1)} {10019#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1401#return; {10010#false} is VALID [2022-02-20 18:05:27,344 INFO L290 TraceCheckUtils]: 23: Hoare triple {10010#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {10010#false} is VALID [2022-02-20 18:05:27,344 INFO L272 TraceCheckUtils]: 24: Hoare triple {10010#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:27,344 INFO L290 TraceCheckUtils]: 25: Hoare triple {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,344 INFO L290 TraceCheckUtils]: 26: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,344 INFO L290 TraceCheckUtils]: 27: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,345 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {10009#true} {10010#false} #1403#return; {10010#false} is VALID [2022-02-20 18:05:27,345 INFO L290 TraceCheckUtils]: 29: Hoare triple {10010#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10010#false} is VALID [2022-02-20 18:05:27,345 INFO L272 TraceCheckUtils]: 30: Hoare triple {10010#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:27,345 INFO L290 TraceCheckUtils]: 31: Hoare triple {10069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,345 INFO L290 TraceCheckUtils]: 32: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,345 INFO L290 TraceCheckUtils]: 33: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,345 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {10009#true} {10010#false} #1405#return; {10010#false} is VALID [2022-02-20 18:05:27,345 INFO L290 TraceCheckUtils]: 35: Hoare triple {10010#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10010#false} is VALID [2022-02-20 18:05:27,345 INFO L272 TraceCheckUtils]: 36: Hoare triple {10010#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 37: Hoare triple {10070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 38: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 39: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,346 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {10009#true} {10010#false} #1407#return; {10010#false} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 41: Hoare triple {10010#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10010#false} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 42: Hoare triple {10010#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10010#false} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 43: Hoare triple {10010#false} assume !false; {10010#false} is VALID [2022-02-20 18:05:27,346 INFO L290 TraceCheckUtils]: 44: Hoare triple {10010#false} assume test_~splverifierCounter~0#1 < 4; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 45: Hoare triple {10010#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 46: Hoare triple {10010#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 47: Hoare triple {10010#false} assume !(0 != test_~tmp___9~0#1); {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 48: Hoare triple {10010#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 49: Hoare triple {10010#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 50: Hoare triple {10010#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 51: Hoare triple {10010#false} assume { :end_inline_setClientAutoResponse } true; {10010#false} is VALID [2022-02-20 18:05:27,347 INFO L290 TraceCheckUtils]: 52: Hoare triple {10010#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10010#false} is VALID [2022-02-20 18:05:27,348 INFO L290 TraceCheckUtils]: 53: Hoare triple {10010#false} assume !false; {10010#false} is VALID [2022-02-20 18:05:27,348 INFO L290 TraceCheckUtils]: 54: Hoare triple {10010#false} assume !(test_~splverifierCounter~0#1 < 4); {10010#false} is VALID [2022-02-20 18:05:27,348 INFO L290 TraceCheckUtils]: 55: Hoare triple {10010#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10010#false} is VALID [2022-02-20 18:05:27,348 INFO L272 TraceCheckUtils]: 56: Hoare triple {10010#false} call sendEmail(~bob~0, ~rjh~0); {10010#false} is VALID [2022-02-20 18:05:27,348 INFO L290 TraceCheckUtils]: 57: Hoare triple {10010#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10010#false} is VALID [2022-02-20 18:05:27,348 INFO L272 TraceCheckUtils]: 58: Hoare triple {10010#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10073#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:27,348 INFO L290 TraceCheckUtils]: 59: Hoare triple {10073#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,348 INFO L290 TraceCheckUtils]: 60: Hoare triple {10009#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,349 INFO L290 TraceCheckUtils]: 61: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,349 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {10009#true} {10010#false} #1319#return; {10010#false} is VALID [2022-02-20 18:05:27,349 INFO L272 TraceCheckUtils]: 63: Hoare triple {10010#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10074#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:27,349 INFO L290 TraceCheckUtils]: 64: Hoare triple {10074#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,349 INFO L290 TraceCheckUtils]: 65: Hoare triple {10009#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,349 INFO L290 TraceCheckUtils]: 66: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,349 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {10009#true} {10010#false} #1321#return; {10010#false} is VALID [2022-02-20 18:05:27,349 INFO L290 TraceCheckUtils]: 68: Hoare triple {10010#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {10010#false} is VALID [2022-02-20 18:05:27,349 INFO L290 TraceCheckUtils]: 69: Hoare triple {10010#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {10010#false} is VALID [2022-02-20 18:05:27,350 INFO L272 TraceCheckUtils]: 70: Hoare triple {10010#false} call outgoing(~sender#1, ~email~0#1); {10010#false} is VALID [2022-02-20 18:05:27,350 INFO L290 TraceCheckUtils]: 71: Hoare triple {10010#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {10010#false} is VALID [2022-02-20 18:05:27,350 INFO L272 TraceCheckUtils]: 72: Hoare triple {10010#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {10009#true} is VALID [2022-02-20 18:05:27,350 INFO L290 TraceCheckUtils]: 73: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~10; {10009#true} is VALID [2022-02-20 18:05:27,350 INFO L290 TraceCheckUtils]: 74: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10009#true} is VALID [2022-02-20 18:05:27,350 INFO L290 TraceCheckUtils]: 75: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,350 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {10009#true} {10010#false} #1299#return; {10010#false} is VALID [2022-02-20 18:05:27,350 INFO L290 TraceCheckUtils]: 77: Hoare triple {10010#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {10010#false} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 78: Hoare triple {10010#false} assume 0 == sign_~privkey~1#1; {10010#false} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 79: Hoare triple {10010#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {10010#false} is VALID [2022-02-20 18:05:27,351 INFO L272 TraceCheckUtils]: 80: Hoare triple {10010#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10009#true} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 81: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~4; {10009#true} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 82: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {10009#true} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 83: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,351 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {10009#true} {10010#false} #1301#return; {10010#false} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 85: Hoare triple {10010#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {10010#false} is VALID [2022-02-20 18:05:27,351 INFO L290 TraceCheckUtils]: 86: Hoare triple {10010#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {10010#false} is VALID [2022-02-20 18:05:27,352 INFO L272 TraceCheckUtils]: 87: Hoare triple {10010#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10010#false} is VALID [2022-02-20 18:05:27,352 INFO L290 TraceCheckUtils]: 88: Hoare triple {10010#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {10010#false} is VALID [2022-02-20 18:05:27,352 INFO L272 TraceCheckUtils]: 89: Hoare triple {10010#false} call #t~ret90#1 := getEmailTo(~msg#1); {10009#true} is VALID [2022-02-20 18:05:27,352 INFO L290 TraceCheckUtils]: 90: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10009#true} is VALID [2022-02-20 18:05:27,352 INFO L290 TraceCheckUtils]: 91: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10009#true} is VALID [2022-02-20 18:05:27,352 INFO L290 TraceCheckUtils]: 92: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,352 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {10009#true} {10010#false} #1333#return; {10010#false} is VALID [2022-02-20 18:05:27,352 INFO L290 TraceCheckUtils]: 94: Hoare triple {10010#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {10010#false} is VALID [2022-02-20 18:05:27,353 INFO L272 TraceCheckUtils]: 95: Hoare triple {10010#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {10009#true} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 96: Hoare triple {10009#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10009#true} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 97: Hoare triple {10009#true} assume 1 == ~handle; {10009#true} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 98: Hoare triple {10009#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10009#true} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 99: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,353 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {10009#true} {10010#false} #1335#return; {10010#false} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 101: Hoare triple {10010#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {10010#false} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 102: Hoare triple {10010#false} assume !(0 != ~pubkey~0#1); {10010#false} is VALID [2022-02-20 18:05:27,353 INFO L290 TraceCheckUtils]: 103: Hoare triple {10010#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {10010#false} is VALID [2022-02-20 18:05:27,354 INFO L290 TraceCheckUtils]: 104: Hoare triple {10010#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {10010#false} is VALID [2022-02-20 18:05:27,354 INFO L290 TraceCheckUtils]: 105: Hoare triple {10010#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {10010#false} is VALID [2022-02-20 18:05:27,354 INFO L272 TraceCheckUtils]: 106: Hoare triple {10010#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {10073#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:27,354 INFO L290 TraceCheckUtils]: 107: Hoare triple {10073#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,354 INFO L290 TraceCheckUtils]: 108: Hoare triple {10009#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,354 INFO L290 TraceCheckUtils]: 109: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,354 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {10009#true} {10010#false} #1341#return; {10010#false} is VALID [2022-02-20 18:05:27,354 INFO L290 TraceCheckUtils]: 111: Hoare triple {10010#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {10010#false} is VALID [2022-02-20 18:05:27,355 INFO L290 TraceCheckUtils]: 112: Hoare triple {10010#false} assume 0 != ~in_encrypted~0; {10010#false} is VALID [2022-02-20 18:05:27,355 INFO L272 TraceCheckUtils]: 113: Hoare triple {10010#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10009#true} is VALID [2022-02-20 18:05:27,355 INFO L290 TraceCheckUtils]: 114: Hoare triple {10009#true} ~handle := #in~handle;havoc ~retValue_acc~39; {10009#true} is VALID [2022-02-20 18:05:27,355 INFO L290 TraceCheckUtils]: 115: Hoare triple {10009#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10009#true} is VALID [2022-02-20 18:05:27,355 INFO L290 TraceCheckUtils]: 116: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,355 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {10009#true} {10010#false} #1343#return; {10010#false} is VALID [2022-02-20 18:05:27,355 INFO L290 TraceCheckUtils]: 118: Hoare triple {10010#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {10010#false} is VALID [2022-02-20 18:05:27,355 INFO L290 TraceCheckUtils]: 119: Hoare triple {10010#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {10010#false} is VALID [2022-02-20 18:05:27,356 INFO L290 TraceCheckUtils]: 120: Hoare triple {10010#false} assume !false; {10010#false} is VALID [2022-02-20 18:05:27,356 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:27,358 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:27,359 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [594005548] [2022-02-20 18:05:27,359 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [594005548] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:27,359 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1643090436] [2022-02-20 18:05:27,359 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:27,359 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:27,360 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:27,372 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:27,373 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:05:27,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,627 INFO L263 TraceCheckSpWp]: Trace formula consists of 1196 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:05:27,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:27,675 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:27,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {10009#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10009#true} is VALID [2022-02-20 18:05:27,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {10009#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10009#true} is VALID [2022-02-20 18:05:27,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {10009#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L290 TraceCheckUtils]: 3: Hoare triple {10009#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L290 TraceCheckUtils]: 4: Hoare triple {10009#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L290 TraceCheckUtils]: 5: Hoare triple {10009#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L272 TraceCheckUtils]: 6: Hoare triple {10009#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L290 TraceCheckUtils]: 7: Hoare triple {10009#true} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L290 TraceCheckUtils]: 8: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L290 TraceCheckUtils]: 9: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,980 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10009#true} {10009#true} #1397#return; {10009#true} is VALID [2022-02-20 18:05:27,981 INFO L290 TraceCheckUtils]: 11: Hoare triple {10009#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10009#true} is VALID [2022-02-20 18:05:27,981 INFO L272 TraceCheckUtils]: 12: Hoare triple {10009#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10009#true} is VALID [2022-02-20 18:05:27,981 INFO L290 TraceCheckUtils]: 13: Hoare triple {10009#true} ~handle := #in~handle;~value := #in~value; {10009#true} is VALID [2022-02-20 18:05:27,981 INFO L290 TraceCheckUtils]: 14: Hoare triple {10009#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10009#true} is VALID [2022-02-20 18:05:27,981 INFO L290 TraceCheckUtils]: 15: Hoare triple {10009#true} assume true; {10009#true} is VALID [2022-02-20 18:05:27,981 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10009#true} {10009#true} #1399#return; {10009#true} is VALID [2022-02-20 18:05:27,982 INFO L290 TraceCheckUtils]: 17: Hoare triple {10009#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10129#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:27,982 INFO L272 TraceCheckUtils]: 18: Hoare triple {10129#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10009#true} is VALID [2022-02-20 18:05:27,982 INFO L290 TraceCheckUtils]: 19: Hoare triple {10009#true} ~handle := #in~handle;~value := #in~value; {10136#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:05:27,983 INFO L290 TraceCheckUtils]: 20: Hoare triple {10136#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10140#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:27,983 INFO L290 TraceCheckUtils]: 21: Hoare triple {10140#(<= |setClientId_#in~handle| 1)} assume true; {10140#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:27,984 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {10140#(<= |setClientId_#in~handle| 1)} {10129#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1401#return; {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L290 TraceCheckUtils]: 23: Hoare triple {10010#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L272 TraceCheckUtils]: 24: Hoare triple {10010#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L290 TraceCheckUtils]: 25: Hoare triple {10010#false} ~handle := #in~handle;~value := #in~value; {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L290 TraceCheckUtils]: 26: Hoare triple {10010#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L290 TraceCheckUtils]: 27: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {10010#false} {10010#false} #1403#return; {10010#false} is VALID [2022-02-20 18:05:27,984 INFO L290 TraceCheckUtils]: 29: Hoare triple {10010#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L272 TraceCheckUtils]: 30: Hoare triple {10010#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L290 TraceCheckUtils]: 31: Hoare triple {10010#false} ~handle := #in~handle;~value := #in~value; {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L290 TraceCheckUtils]: 32: Hoare triple {10010#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L290 TraceCheckUtils]: 33: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {10010#false} {10010#false} #1405#return; {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L290 TraceCheckUtils]: 35: Hoare triple {10010#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L272 TraceCheckUtils]: 36: Hoare triple {10010#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10010#false} is VALID [2022-02-20 18:05:27,985 INFO L290 TraceCheckUtils]: 37: Hoare triple {10010#false} ~handle := #in~handle;~value := #in~value; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 38: Hoare triple {10010#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 39: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {10010#false} {10010#false} #1407#return; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 41: Hoare triple {10010#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 42: Hoare triple {10010#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 43: Hoare triple {10010#false} assume !false; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 44: Hoare triple {10010#false} assume test_~splverifierCounter~0#1 < 4; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 45: Hoare triple {10010#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10010#false} is VALID [2022-02-20 18:05:27,986 INFO L290 TraceCheckUtils]: 46: Hoare triple {10010#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 47: Hoare triple {10010#false} assume !(0 != test_~tmp___9~0#1); {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 48: Hoare triple {10010#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 49: Hoare triple {10010#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 50: Hoare triple {10010#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 51: Hoare triple {10010#false} assume { :end_inline_setClientAutoResponse } true; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 52: Hoare triple {10010#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 53: Hoare triple {10010#false} assume !false; {10010#false} is VALID [2022-02-20 18:05:27,987 INFO L290 TraceCheckUtils]: 54: Hoare triple {10010#false} assume !(test_~splverifierCounter~0#1 < 4); {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L290 TraceCheckUtils]: 55: Hoare triple {10010#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L272 TraceCheckUtils]: 56: Hoare triple {10010#false} call sendEmail(~bob~0, ~rjh~0); {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L290 TraceCheckUtils]: 57: Hoare triple {10010#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L272 TraceCheckUtils]: 58: Hoare triple {10010#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L290 TraceCheckUtils]: 59: Hoare triple {10010#false} ~handle := #in~handle;~value := #in~value; {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L290 TraceCheckUtils]: 60: Hoare triple {10010#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L290 TraceCheckUtils]: 61: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,988 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {10010#false} {10010#false} #1319#return; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L272 TraceCheckUtils]: 63: Hoare triple {10010#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L290 TraceCheckUtils]: 64: Hoare triple {10010#false} ~handle := #in~handle;~value := #in~value; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L290 TraceCheckUtils]: 65: Hoare triple {10010#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L290 TraceCheckUtils]: 66: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {10010#false} {10010#false} #1321#return; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L290 TraceCheckUtils]: 68: Hoare triple {10010#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L290 TraceCheckUtils]: 69: Hoare triple {10010#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {10010#false} is VALID [2022-02-20 18:05:27,989 INFO L272 TraceCheckUtils]: 70: Hoare triple {10010#false} call outgoing(~sender#1, ~email~0#1); {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 71: Hoare triple {10010#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L272 TraceCheckUtils]: 72: Hoare triple {10010#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 73: Hoare triple {10010#false} ~handle := #in~handle;havoc ~retValue_acc~10; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 74: Hoare triple {10010#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 75: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {10010#false} {10010#false} #1299#return; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 77: Hoare triple {10010#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 78: Hoare triple {10010#false} assume 0 == sign_~privkey~1#1; {10010#false} is VALID [2022-02-20 18:05:27,990 INFO L290 TraceCheckUtils]: 79: Hoare triple {10010#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L272 TraceCheckUtils]: 80: Hoare triple {10010#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L290 TraceCheckUtils]: 81: Hoare triple {10010#false} ~handle := #in~handle;havoc ~retValue_acc~4; {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L290 TraceCheckUtils]: 82: Hoare triple {10010#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L290 TraceCheckUtils]: 83: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {10010#false} {10010#false} #1301#return; {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L290 TraceCheckUtils]: 85: Hoare triple {10010#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L290 TraceCheckUtils]: 86: Hoare triple {10010#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {10010#false} is VALID [2022-02-20 18:05:27,991 INFO L272 TraceCheckUtils]: 87: Hoare triple {10010#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L290 TraceCheckUtils]: 88: Hoare triple {10010#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L272 TraceCheckUtils]: 89: Hoare triple {10010#false} call #t~ret90#1 := getEmailTo(~msg#1); {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L290 TraceCheckUtils]: 90: Hoare triple {10010#false} ~handle := #in~handle;havoc ~retValue_acc~36; {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L290 TraceCheckUtils]: 91: Hoare triple {10010#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L290 TraceCheckUtils]: 92: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {10010#false} {10010#false} #1333#return; {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L290 TraceCheckUtils]: 94: Hoare triple {10010#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {10010#false} is VALID [2022-02-20 18:05:27,992 INFO L272 TraceCheckUtils]: 95: Hoare triple {10010#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 96: Hoare triple {10010#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 97: Hoare triple {10010#false} assume 1 == ~handle; {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 98: Hoare triple {10010#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 99: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {10010#false} {10010#false} #1335#return; {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 101: Hoare triple {10010#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 102: Hoare triple {10010#false} assume !(0 != ~pubkey~0#1); {10010#false} is VALID [2022-02-20 18:05:27,993 INFO L290 TraceCheckUtils]: 103: Hoare triple {10010#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 104: Hoare triple {10010#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 105: Hoare triple {10010#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L272 TraceCheckUtils]: 106: Hoare triple {10010#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 107: Hoare triple {10010#false} ~handle := #in~handle;~value := #in~value; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 108: Hoare triple {10010#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 109: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {10010#false} {10010#false} #1341#return; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 111: Hoare triple {10010#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {10010#false} is VALID [2022-02-20 18:05:27,994 INFO L290 TraceCheckUtils]: 112: Hoare triple {10010#false} assume 0 != ~in_encrypted~0; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L272 TraceCheckUtils]: 113: Hoare triple {10010#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L290 TraceCheckUtils]: 114: Hoare triple {10010#false} ~handle := #in~handle;havoc ~retValue_acc~39; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L290 TraceCheckUtils]: 115: Hoare triple {10010#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L290 TraceCheckUtils]: 116: Hoare triple {10010#false} assume true; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {10010#false} {10010#false} #1343#return; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L290 TraceCheckUtils]: 118: Hoare triple {10010#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L290 TraceCheckUtils]: 119: Hoare triple {10010#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {10010#false} is VALID [2022-02-20 18:05:27,995 INFO L290 TraceCheckUtils]: 120: Hoare triple {10010#false} assume !false; {10010#false} is VALID [2022-02-20 18:05:27,996 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:05:27,996 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:27,996 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1643090436] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:27,996 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:27,996 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:05:27,997 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [783976975] [2022-02-20 18:05:27,997 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:27,997 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 121 [2022-02-20 18:05:27,998 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:27,998 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:28,074 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 114 edges. 114 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:28,074 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:28,074 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:28,075 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:28,075 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:28,075 INFO L87 Difference]: Start difference. First operand 534 states and 819 transitions. Second operand has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:29,241 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:29,241 INFO L93 Difference]: Finished difference Result 1059 states and 1628 transitions. [2022-02-20 18:05:29,241 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:05:29,242 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 121 [2022-02-20 18:05:29,242 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:29,242 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:29,254 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1374 transitions. [2022-02-20 18:05:29,254 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:29,265 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1374 transitions. [2022-02-20 18:05:29,265 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1374 transitions. [2022-02-20 18:05:30,147 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1374 edges. 1374 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:30,166 INFO L225 Difference]: With dead ends: 1059 [2022-02-20 18:05:30,166 INFO L226 Difference]: Without dead ends: 536 [2022-02-20 18:05:30,167 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 153 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:05:30,168 INFO L933 BasicCegarLoop]: 683 mSDtfsCounter, 160 mSDsluCounter, 1867 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 2550 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:30,168 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 2550 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:30,169 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 536 states. [2022-02-20 18:05:30,220 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 536 to 536. [2022-02-20 18:05:30,220 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:30,222 INFO L82 GeneralOperation]: Start isEquivalent. First operand 536 states. Second operand has 536 states, 416 states have (on average 1.5456730769230769) internal successors, (643), 421 states have internal predecessors, (643), 89 states have call successors, (89), 29 states have call predecessors, (89), 30 states have return successors, (90), 87 states have call predecessors, (90), 88 states have call successors, (90) [2022-02-20 18:05:30,223 INFO L74 IsIncluded]: Start isIncluded. First operand 536 states. Second operand has 536 states, 416 states have (on average 1.5456730769230769) internal successors, (643), 421 states have internal predecessors, (643), 89 states have call successors, (89), 29 states have call predecessors, (89), 30 states have return successors, (90), 87 states have call predecessors, (90), 88 states have call successors, (90) [2022-02-20 18:05:30,224 INFO L87 Difference]: Start difference. First operand 536 states. Second operand has 536 states, 416 states have (on average 1.5456730769230769) internal successors, (643), 421 states have internal predecessors, (643), 89 states have call successors, (89), 29 states have call predecessors, (89), 30 states have return successors, (90), 87 states have call predecessors, (90), 88 states have call successors, (90) [2022-02-20 18:05:30,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:30,237 INFO L93 Difference]: Finished difference Result 536 states and 822 transitions. [2022-02-20 18:05:30,237 INFO L276 IsEmpty]: Start isEmpty. Operand 536 states and 822 transitions. [2022-02-20 18:05:30,239 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:30,239 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:30,240 INFO L74 IsIncluded]: Start isIncluded. First operand has 536 states, 416 states have (on average 1.5456730769230769) internal successors, (643), 421 states have internal predecessors, (643), 89 states have call successors, (89), 29 states have call predecessors, (89), 30 states have return successors, (90), 87 states have call predecessors, (90), 88 states have call successors, (90) Second operand 536 states. [2022-02-20 18:05:30,241 INFO L87 Difference]: Start difference. First operand has 536 states, 416 states have (on average 1.5456730769230769) internal successors, (643), 421 states have internal predecessors, (643), 89 states have call successors, (89), 29 states have call predecessors, (89), 30 states have return successors, (90), 87 states have call predecessors, (90), 88 states have call successors, (90) Second operand 536 states. [2022-02-20 18:05:30,256 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:30,256 INFO L93 Difference]: Finished difference Result 536 states and 822 transitions. [2022-02-20 18:05:30,256 INFO L276 IsEmpty]: Start isEmpty. Operand 536 states and 822 transitions. [2022-02-20 18:05:30,258 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:30,258 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:30,258 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:30,258 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:30,259 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 536 states, 416 states have (on average 1.5456730769230769) internal successors, (643), 421 states have internal predecessors, (643), 89 states have call successors, (89), 29 states have call predecessors, (89), 30 states have return successors, (90), 87 states have call predecessors, (90), 88 states have call successors, (90) [2022-02-20 18:05:30,276 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 536 states to 536 states and 822 transitions. [2022-02-20 18:05:30,277 INFO L78 Accepts]: Start accepts. Automaton has 536 states and 822 transitions. Word has length 121 [2022-02-20 18:05:30,278 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:30,278 INFO L470 AbstractCegarLoop]: Abstraction has 536 states and 822 transitions. [2022-02-20 18:05:30,278 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:30,278 INFO L276 IsEmpty]: Start isEmpty. Operand 536 states and 822 transitions. [2022-02-20 18:05:30,281 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 123 [2022-02-20 18:05:30,281 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:30,281 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:30,315 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:30,501 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:30,501 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:30,502 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:30,502 INFO L85 PathProgramCache]: Analyzing trace with hash -410227042, now seen corresponding path program 1 times [2022-02-20 18:05:30,503 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:30,503 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1288440729] [2022-02-20 18:05:30,503 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:30,503 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:30,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:30,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,611 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13734#true} #1397#return; {13734#true} is VALID [2022-02-20 18:05:30,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:30,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13734#true} #1399#return; {13734#true} is VALID [2022-02-20 18:05:30,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:30,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,648 INFO L290 TraceCheckUtils]: 0: Hoare triple {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13798#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {13798#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {13798#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,649 INFO L290 TraceCheckUtils]: 2: Hoare triple {13798#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13799#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,649 INFO L290 TraceCheckUtils]: 3: Hoare triple {13799#(= 2 |setClientId_#in~handle|)} assume true; {13799#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,650 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13799#(= 2 |setClientId_#in~handle|)} {13744#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1401#return; {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:30,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:30,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13800#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:30,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {13800#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13801#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:30,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {13801#(= |setClientPrivateKey_#in~handle| 1)} assume true; {13801#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:30,671 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13801#(= |setClientPrivateKey_#in~handle| 1)} {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1403#return; {13735#false} is VALID [2022-02-20 18:05:30,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:05:30,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,675 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,675 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,675 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1405#return; {13735#false} is VALID [2022-02-20 18:05:30,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:05:30,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,678 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,678 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1407#return; {13735#false} is VALID [2022-02-20 18:05:30,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:05:30,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {13802#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1319#return; {13735#false} is VALID [2022-02-20 18:05:30,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:05:30,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {13803#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,703 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,703 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1321#return; {13735#false} is VALID [2022-02-20 18:05:30,704 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:05:30,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~10; {13734#true} is VALID [2022-02-20 18:05:30,707 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13734#true} is VALID [2022-02-20 18:05:30,707 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,707 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1299#return; {13735#false} is VALID [2022-02-20 18:05:30,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:05:30,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~4; {13734#true} is VALID [2022-02-20 18:05:30,709 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {13734#true} is VALID [2022-02-20 18:05:30,709 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,713 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1301#return; {13735#false} is VALID [2022-02-20 18:05:30,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:05:30,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13734#true} is VALID [2022-02-20 18:05:30,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13734#true} is VALID [2022-02-20 18:05:30,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,721 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1333#return; {13735#false} is VALID [2022-02-20 18:05:30,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:05:30,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13734#true} is VALID [2022-02-20 18:05:30,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle; {13734#true} is VALID [2022-02-20 18:05:30,724 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13734#true} is VALID [2022-02-20 18:05:30,724 INFO L290 TraceCheckUtils]: 3: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,725 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13734#true} {13735#false} #1335#return; {13735#false} is VALID [2022-02-20 18:05:30,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:05:30,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {13802#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,727 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1341#return; {13735#false} is VALID [2022-02-20 18:05:30,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:05:30,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:30,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~39; {13734#true} is VALID [2022-02-20 18:05:30,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13734#true} is VALID [2022-02-20 18:05:30,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,730 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13734#true} {13735#false} #1343#return; {13735#false} is VALID [2022-02-20 18:05:30,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {13734#true} is VALID [2022-02-20 18:05:30,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {13734#true} is VALID [2022-02-20 18:05:30,731 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13734#true} is VALID [2022-02-20 18:05:30,731 INFO L290 TraceCheckUtils]: 3: Hoare triple {13734#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {13734#true} is VALID [2022-02-20 18:05:30,731 INFO L290 TraceCheckUtils]: 4: Hoare triple {13734#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {13734#true} is VALID [2022-02-20 18:05:30,731 INFO L290 TraceCheckUtils]: 5: Hoare triple {13734#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13734#true} is VALID [2022-02-20 18:05:30,732 INFO L272 TraceCheckUtils]: 6: Hoare triple {13734#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:30,732 INFO L290 TraceCheckUtils]: 7: Hoare triple {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,732 INFO L290 TraceCheckUtils]: 8: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,732 INFO L290 TraceCheckUtils]: 9: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,732 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13734#true} {13734#true} #1397#return; {13734#true} is VALID [2022-02-20 18:05:30,733 INFO L290 TraceCheckUtils]: 11: Hoare triple {13734#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13734#true} is VALID [2022-02-20 18:05:30,733 INFO L272 TraceCheckUtils]: 12: Hoare triple {13734#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:30,733 INFO L290 TraceCheckUtils]: 13: Hoare triple {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,733 INFO L290 TraceCheckUtils]: 14: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,734 INFO L290 TraceCheckUtils]: 15: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,734 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13734#true} {13734#true} #1399#return; {13734#true} is VALID [2022-02-20 18:05:30,734 INFO L290 TraceCheckUtils]: 17: Hoare triple {13734#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13744#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:05:30,735 INFO L272 TraceCheckUtils]: 18: Hoare triple {13744#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:30,735 INFO L290 TraceCheckUtils]: 19: Hoare triple {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13798#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,735 INFO L290 TraceCheckUtils]: 20: Hoare triple {13798#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {13798#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,736 INFO L290 TraceCheckUtils]: 21: Hoare triple {13798#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13799#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,736 INFO L290 TraceCheckUtils]: 22: Hoare triple {13799#(= 2 |setClientId_#in~handle|)} assume true; {13799#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:30,736 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13799#(= 2 |setClientId_#in~handle|)} {13744#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1401#return; {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:30,737 INFO L290 TraceCheckUtils]: 24: Hoare triple {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:05:30,737 INFO L272 TraceCheckUtils]: 25: Hoare triple {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:30,738 INFO L290 TraceCheckUtils]: 26: Hoare triple {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13800#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:30,738 INFO L290 TraceCheckUtils]: 27: Hoare triple {13800#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13801#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:30,738 INFO L290 TraceCheckUtils]: 28: Hoare triple {13801#(= |setClientPrivateKey_#in~handle| 1)} assume true; {13801#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:30,739 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {13801#(= |setClientPrivateKey_#in~handle| 1)} {13750#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1403#return; {13735#false} is VALID [2022-02-20 18:05:30,739 INFO L290 TraceCheckUtils]: 30: Hoare triple {13735#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13735#false} is VALID [2022-02-20 18:05:30,739 INFO L272 TraceCheckUtils]: 31: Hoare triple {13735#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:30,739 INFO L290 TraceCheckUtils]: 32: Hoare triple {13796#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,739 INFO L290 TraceCheckUtils]: 33: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,739 INFO L290 TraceCheckUtils]: 34: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,739 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {13734#true} {13735#false} #1405#return; {13735#false} is VALID [2022-02-20 18:05:30,739 INFO L290 TraceCheckUtils]: 36: Hoare triple {13735#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13735#false} is VALID [2022-02-20 18:05:30,740 INFO L272 TraceCheckUtils]: 37: Hoare triple {13735#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 38: Hoare triple {13797#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 39: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 40: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,740 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13734#true} {13735#false} #1407#return; {13735#false} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 42: Hoare triple {13735#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {13735#false} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 43: Hoare triple {13735#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13735#false} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 44: Hoare triple {13735#false} assume !false; {13735#false} is VALID [2022-02-20 18:05:30,740 INFO L290 TraceCheckUtils]: 45: Hoare triple {13735#false} assume test_~splverifierCounter~0#1 < 4; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 46: Hoare triple {13735#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 47: Hoare triple {13735#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 48: Hoare triple {13735#false} assume !(0 != test_~tmp___9~0#1); {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 49: Hoare triple {13735#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 50: Hoare triple {13735#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 51: Hoare triple {13735#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 52: Hoare triple {13735#false} assume { :end_inline_setClientAutoResponse } true; {13735#false} is VALID [2022-02-20 18:05:30,741 INFO L290 TraceCheckUtils]: 53: Hoare triple {13735#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {13735#false} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 54: Hoare triple {13735#false} assume !false; {13735#false} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 55: Hoare triple {13735#false} assume !(test_~splverifierCounter~0#1 < 4); {13735#false} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 56: Hoare triple {13735#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {13735#false} is VALID [2022-02-20 18:05:30,742 INFO L272 TraceCheckUtils]: 57: Hoare triple {13735#false} call sendEmail(~bob~0, ~rjh~0); {13735#false} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 58: Hoare triple {13735#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13735#false} is VALID [2022-02-20 18:05:30,742 INFO L272 TraceCheckUtils]: 59: Hoare triple {13735#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13802#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 60: Hoare triple {13802#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 61: Hoare triple {13734#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,742 INFO L290 TraceCheckUtils]: 62: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,743 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {13734#true} {13735#false} #1319#return; {13735#false} is VALID [2022-02-20 18:05:30,743 INFO L272 TraceCheckUtils]: 64: Hoare triple {13735#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13803#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:30,743 INFO L290 TraceCheckUtils]: 65: Hoare triple {13803#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,743 INFO L290 TraceCheckUtils]: 66: Hoare triple {13734#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,743 INFO L290 TraceCheckUtils]: 67: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,743 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {13734#true} {13735#false} #1321#return; {13735#false} is VALID [2022-02-20 18:05:30,743 INFO L290 TraceCheckUtils]: 69: Hoare triple {13735#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {13735#false} is VALID [2022-02-20 18:05:30,743 INFO L290 TraceCheckUtils]: 70: Hoare triple {13735#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {13735#false} is VALID [2022-02-20 18:05:30,744 INFO L272 TraceCheckUtils]: 71: Hoare triple {13735#false} call outgoing(~sender#1, ~email~0#1); {13735#false} is VALID [2022-02-20 18:05:30,744 INFO L290 TraceCheckUtils]: 72: Hoare triple {13735#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {13735#false} is VALID [2022-02-20 18:05:30,744 INFO L272 TraceCheckUtils]: 73: Hoare triple {13735#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {13734#true} is VALID [2022-02-20 18:05:30,744 INFO L290 TraceCheckUtils]: 74: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~10; {13734#true} is VALID [2022-02-20 18:05:30,744 INFO L290 TraceCheckUtils]: 75: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13734#true} is VALID [2022-02-20 18:05:30,744 INFO L290 TraceCheckUtils]: 76: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,744 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {13734#true} {13735#false} #1299#return; {13735#false} is VALID [2022-02-20 18:05:30,744 INFO L290 TraceCheckUtils]: 78: Hoare triple {13735#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {13735#false} is VALID [2022-02-20 18:05:30,744 INFO L290 TraceCheckUtils]: 79: Hoare triple {13735#false} assume 0 == sign_~privkey~1#1; {13735#false} is VALID [2022-02-20 18:05:30,745 INFO L290 TraceCheckUtils]: 80: Hoare triple {13735#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {13735#false} is VALID [2022-02-20 18:05:30,745 INFO L272 TraceCheckUtils]: 81: Hoare triple {13735#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {13734#true} is VALID [2022-02-20 18:05:30,745 INFO L290 TraceCheckUtils]: 82: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~4; {13734#true} is VALID [2022-02-20 18:05:30,745 INFO L290 TraceCheckUtils]: 83: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {13734#true} is VALID [2022-02-20 18:05:30,745 INFO L290 TraceCheckUtils]: 84: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,745 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {13734#true} {13735#false} #1301#return; {13735#false} is VALID [2022-02-20 18:05:30,745 INFO L290 TraceCheckUtils]: 86: Hoare triple {13735#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {13735#false} is VALID [2022-02-20 18:05:30,745 INFO L290 TraceCheckUtils]: 87: Hoare triple {13735#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {13735#false} is VALID [2022-02-20 18:05:30,746 INFO L272 TraceCheckUtils]: 88: Hoare triple {13735#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {13735#false} is VALID [2022-02-20 18:05:30,746 INFO L290 TraceCheckUtils]: 89: Hoare triple {13735#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {13735#false} is VALID [2022-02-20 18:05:30,746 INFO L272 TraceCheckUtils]: 90: Hoare triple {13735#false} call #t~ret90#1 := getEmailTo(~msg#1); {13734#true} is VALID [2022-02-20 18:05:30,746 INFO L290 TraceCheckUtils]: 91: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13734#true} is VALID [2022-02-20 18:05:30,746 INFO L290 TraceCheckUtils]: 92: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13734#true} is VALID [2022-02-20 18:05:30,746 INFO L290 TraceCheckUtils]: 93: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,746 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {13734#true} {13735#false} #1333#return; {13735#false} is VALID [2022-02-20 18:05:30,746 INFO L290 TraceCheckUtils]: 95: Hoare triple {13735#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {13735#false} is VALID [2022-02-20 18:05:30,746 INFO L272 TraceCheckUtils]: 96: Hoare triple {13735#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {13734#true} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 97: Hoare triple {13734#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13734#true} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 98: Hoare triple {13734#true} assume 1 == ~handle; {13734#true} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 99: Hoare triple {13734#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13734#true} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 100: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,747 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {13734#true} {13735#false} #1335#return; {13735#false} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 102: Hoare triple {13735#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {13735#false} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 103: Hoare triple {13735#false} assume !(0 != ~pubkey~0#1); {13735#false} is VALID [2022-02-20 18:05:30,747 INFO L290 TraceCheckUtils]: 104: Hoare triple {13735#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {13735#false} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 105: Hoare triple {13735#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {13735#false} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 106: Hoare triple {13735#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {13735#false} is VALID [2022-02-20 18:05:30,748 INFO L272 TraceCheckUtils]: 107: Hoare triple {13735#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {13802#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 108: Hoare triple {13802#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 109: Hoare triple {13734#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 110: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,748 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {13734#true} {13735#false} #1341#return; {13735#false} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 112: Hoare triple {13735#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {13735#false} is VALID [2022-02-20 18:05:30,748 INFO L290 TraceCheckUtils]: 113: Hoare triple {13735#false} assume 0 != ~in_encrypted~0; {13735#false} is VALID [2022-02-20 18:05:30,749 INFO L272 TraceCheckUtils]: 114: Hoare triple {13735#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {13734#true} is VALID [2022-02-20 18:05:30,749 INFO L290 TraceCheckUtils]: 115: Hoare triple {13734#true} ~handle := #in~handle;havoc ~retValue_acc~39; {13734#true} is VALID [2022-02-20 18:05:30,749 INFO L290 TraceCheckUtils]: 116: Hoare triple {13734#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13734#true} is VALID [2022-02-20 18:05:30,749 INFO L290 TraceCheckUtils]: 117: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:30,749 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {13734#true} {13735#false} #1343#return; {13735#false} is VALID [2022-02-20 18:05:30,749 INFO L290 TraceCheckUtils]: 119: Hoare triple {13735#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {13735#false} is VALID [2022-02-20 18:05:30,749 INFO L290 TraceCheckUtils]: 120: Hoare triple {13735#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {13735#false} is VALID [2022-02-20 18:05:30,749 INFO L290 TraceCheckUtils]: 121: Hoare triple {13735#false} assume !false; {13735#false} is VALID [2022-02-20 18:05:30,750 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:30,750 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:30,750 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1288440729] [2022-02-20 18:05:30,750 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1288440729] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:05:30,750 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1233235718] [2022-02-20 18:05:30,750 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:30,750 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:30,751 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:30,768 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:05:30,813 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:05:31,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:31,042 INFO L263 TraceCheckSpWp]: Trace formula consists of 1197 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:05:31,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:31,091 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:05:31,445 INFO L290 TraceCheckUtils]: 0: Hoare triple {13734#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {13734#true} is VALID [2022-02-20 18:05:31,445 INFO L290 TraceCheckUtils]: 1: Hoare triple {13734#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 2: Hoare triple {13734#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 3: Hoare triple {13734#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 4: Hoare triple {13734#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 5: Hoare triple {13734#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L272 TraceCheckUtils]: 6: Hoare triple {13734#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 7: Hoare triple {13734#true} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 8: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:31,446 INFO L290 TraceCheckUtils]: 9: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13734#true} {13734#true} #1397#return; {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L290 TraceCheckUtils]: 11: Hoare triple {13734#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L272 TraceCheckUtils]: 12: Hoare triple {13734#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L290 TraceCheckUtils]: 13: Hoare triple {13734#true} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L290 TraceCheckUtils]: 14: Hoare triple {13734#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L290 TraceCheckUtils]: 15: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:31,447 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13734#true} {13734#true} #1399#return; {13734#true} is VALID [2022-02-20 18:05:31,448 INFO L290 TraceCheckUtils]: 17: Hoare triple {13734#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:31,448 INFO L272 TraceCheckUtils]: 18: Hoare triple {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13734#true} is VALID [2022-02-20 18:05:31,448 INFO L290 TraceCheckUtils]: 19: Hoare triple {13734#true} ~handle := #in~handle;~value := #in~value; {13734#true} is VALID [2022-02-20 18:05:31,448 INFO L290 TraceCheckUtils]: 20: Hoare triple {13734#true} assume !(1 == ~handle); {13734#true} is VALID [2022-02-20 18:05:31,448 INFO L290 TraceCheckUtils]: 21: Hoare triple {13734#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13734#true} is VALID [2022-02-20 18:05:31,448 INFO L290 TraceCheckUtils]: 22: Hoare triple {13734#true} assume true; {13734#true} is VALID [2022-02-20 18:05:31,449 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13734#true} {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1401#return; {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:31,449 INFO L290 TraceCheckUtils]: 24: Hoare triple {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:05:31,449 INFO L272 TraceCheckUtils]: 25: Hoare triple {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13734#true} is VALID [2022-02-20 18:05:31,450 INFO L290 TraceCheckUtils]: 26: Hoare triple {13734#true} ~handle := #in~handle;~value := #in~value; {13886#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:05:31,450 INFO L290 TraceCheckUtils]: 27: Hoare triple {13886#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13890#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:31,450 INFO L290 TraceCheckUtils]: 28: Hoare triple {13890#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {13890#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:31,451 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {13890#(<= |setClientPrivateKey_#in~handle| 1)} {13858#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1403#return; {13735#false} is VALID [2022-02-20 18:05:31,451 INFO L290 TraceCheckUtils]: 30: Hoare triple {13735#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13735#false} is VALID [2022-02-20 18:05:31,451 INFO L272 TraceCheckUtils]: 31: Hoare triple {13735#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13735#false} is VALID [2022-02-20 18:05:31,451 INFO L290 TraceCheckUtils]: 32: Hoare triple {13735#false} ~handle := #in~handle;~value := #in~value; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L290 TraceCheckUtils]: 33: Hoare triple {13735#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L290 TraceCheckUtils]: 34: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {13735#false} {13735#false} #1405#return; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L290 TraceCheckUtils]: 36: Hoare triple {13735#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L272 TraceCheckUtils]: 37: Hoare triple {13735#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L290 TraceCheckUtils]: 38: Hoare triple {13735#false} ~handle := #in~handle;~value := #in~value; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L290 TraceCheckUtils]: 39: Hoare triple {13735#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L290 TraceCheckUtils]: 40: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,452 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13735#false} {13735#false} #1407#return; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 42: Hoare triple {13735#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 43: Hoare triple {13735#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 44: Hoare triple {13735#false} assume !false; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 45: Hoare triple {13735#false} assume test_~splverifierCounter~0#1 < 4; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 46: Hoare triple {13735#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 47: Hoare triple {13735#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 48: Hoare triple {13735#false} assume !(0 != test_~tmp___9~0#1); {13735#false} is VALID [2022-02-20 18:05:31,453 INFO L290 TraceCheckUtils]: 49: Hoare triple {13735#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 50: Hoare triple {13735#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 51: Hoare triple {13735#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 52: Hoare triple {13735#false} assume { :end_inline_setClientAutoResponse } true; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 53: Hoare triple {13735#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 54: Hoare triple {13735#false} assume !false; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 55: Hoare triple {13735#false} assume !(test_~splverifierCounter~0#1 < 4); {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L290 TraceCheckUtils]: 56: Hoare triple {13735#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {13735#false} is VALID [2022-02-20 18:05:31,454 INFO L272 TraceCheckUtils]: 57: Hoare triple {13735#false} call sendEmail(~bob~0, ~rjh~0); {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L290 TraceCheckUtils]: 58: Hoare triple {13735#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L272 TraceCheckUtils]: 59: Hoare triple {13735#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L290 TraceCheckUtils]: 60: Hoare triple {13735#false} ~handle := #in~handle;~value := #in~value; {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L290 TraceCheckUtils]: 61: Hoare triple {13735#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L290 TraceCheckUtils]: 62: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {13735#false} {13735#false} #1319#return; {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L272 TraceCheckUtils]: 64: Hoare triple {13735#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13735#false} is VALID [2022-02-20 18:05:31,455 INFO L290 TraceCheckUtils]: 65: Hoare triple {13735#false} ~handle := #in~handle;~value := #in~value; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L290 TraceCheckUtils]: 66: Hoare triple {13735#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L290 TraceCheckUtils]: 67: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {13735#false} {13735#false} #1321#return; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L290 TraceCheckUtils]: 69: Hoare triple {13735#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L290 TraceCheckUtils]: 70: Hoare triple {13735#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L272 TraceCheckUtils]: 71: Hoare triple {13735#false} call outgoing(~sender#1, ~email~0#1); {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L290 TraceCheckUtils]: 72: Hoare triple {13735#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {13735#false} is VALID [2022-02-20 18:05:31,456 INFO L272 TraceCheckUtils]: 73: Hoare triple {13735#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L290 TraceCheckUtils]: 74: Hoare triple {13735#false} ~handle := #in~handle;havoc ~retValue_acc~10; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L290 TraceCheckUtils]: 75: Hoare triple {13735#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L290 TraceCheckUtils]: 76: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {13735#false} {13735#false} #1299#return; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L290 TraceCheckUtils]: 78: Hoare triple {13735#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L290 TraceCheckUtils]: 79: Hoare triple {13735#false} assume 0 == sign_~privkey~1#1; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L290 TraceCheckUtils]: 80: Hoare triple {13735#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {13735#false} is VALID [2022-02-20 18:05:31,457 INFO L272 TraceCheckUtils]: 81: Hoare triple {13735#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L290 TraceCheckUtils]: 82: Hoare triple {13735#false} ~handle := #in~handle;havoc ~retValue_acc~4; {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L290 TraceCheckUtils]: 83: Hoare triple {13735#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L290 TraceCheckUtils]: 84: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {13735#false} {13735#false} #1301#return; {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L290 TraceCheckUtils]: 86: Hoare triple {13735#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L290 TraceCheckUtils]: 87: Hoare triple {13735#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L272 TraceCheckUtils]: 88: Hoare triple {13735#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L290 TraceCheckUtils]: 89: Hoare triple {13735#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {13735#false} is VALID [2022-02-20 18:05:31,458 INFO L272 TraceCheckUtils]: 90: Hoare triple {13735#false} call #t~ret90#1 := getEmailTo(~msg#1); {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L290 TraceCheckUtils]: 91: Hoare triple {13735#false} ~handle := #in~handle;havoc ~retValue_acc~36; {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L290 TraceCheckUtils]: 92: Hoare triple {13735#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L290 TraceCheckUtils]: 93: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {13735#false} {13735#false} #1333#return; {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L290 TraceCheckUtils]: 95: Hoare triple {13735#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L272 TraceCheckUtils]: 96: Hoare triple {13735#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L290 TraceCheckUtils]: 97: Hoare triple {13735#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13735#false} is VALID [2022-02-20 18:05:31,459 INFO L290 TraceCheckUtils]: 98: Hoare triple {13735#false} assume 1 == ~handle; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 99: Hoare triple {13735#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 100: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {13735#false} {13735#false} #1335#return; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 102: Hoare triple {13735#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 103: Hoare triple {13735#false} assume !(0 != ~pubkey~0#1); {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 104: Hoare triple {13735#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 105: Hoare triple {13735#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L290 TraceCheckUtils]: 106: Hoare triple {13735#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {13735#false} is VALID [2022-02-20 18:05:31,460 INFO L272 TraceCheckUtils]: 107: Hoare triple {13735#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L290 TraceCheckUtils]: 108: Hoare triple {13735#false} ~handle := #in~handle;~value := #in~value; {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L290 TraceCheckUtils]: 109: Hoare triple {13735#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L290 TraceCheckUtils]: 110: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {13735#false} {13735#false} #1341#return; {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L290 TraceCheckUtils]: 112: Hoare triple {13735#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L290 TraceCheckUtils]: 113: Hoare triple {13735#false} assume 0 != ~in_encrypted~0; {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L272 TraceCheckUtils]: 114: Hoare triple {13735#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {13735#false} is VALID [2022-02-20 18:05:31,461 INFO L290 TraceCheckUtils]: 115: Hoare triple {13735#false} ~handle := #in~handle;havoc ~retValue_acc~39; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L290 TraceCheckUtils]: 116: Hoare triple {13735#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L290 TraceCheckUtils]: 117: Hoare triple {13735#false} assume true; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {13735#false} {13735#false} #1343#return; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L290 TraceCheckUtils]: 119: Hoare triple {13735#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L290 TraceCheckUtils]: 120: Hoare triple {13735#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L290 TraceCheckUtils]: 121: Hoare triple {13735#false} assume !false; {13735#false} is VALID [2022-02-20 18:05:31,462 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:05:31,463 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:05:31,463 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1233235718] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:31,463 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:05:31,463 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:05:31,463 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1323097206] [2022-02-20 18:05:31,463 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:31,464 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 122 [2022-02-20 18:05:31,464 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:31,464 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:31,543 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 116 edges. 116 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:31,543 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:31,543 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:31,544 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:31,544 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:05:31,544 INFO L87 Difference]: Start difference. First operand 536 states and 822 transitions. Second operand has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:32,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:32,960 INFO L93 Difference]: Finished difference Result 1061 states and 1633 transitions. [2022-02-20 18:05:32,960 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:05:32,961 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 122 [2022-02-20 18:05:32,961 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:32,961 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:32,977 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1373 transitions. [2022-02-20 18:05:32,977 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:32,992 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1373 transitions. [2022-02-20 18:05:32,993 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1373 transitions. [2022-02-20 18:05:33,871 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1373 edges. 1373 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:33,888 INFO L225 Difference]: With dead ends: 1061 [2022-02-20 18:05:33,888 INFO L226 Difference]: Without dead ends: 538 [2022-02-20 18:05:33,890 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 156 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:05:33,890 INFO L933 BasicCegarLoop]: 681 mSDtfsCounter, 159 mSDsluCounter, 1858 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 2539 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:33,890 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [182 Valid, 2539 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:33,891 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 538 states. [2022-02-20 18:05:33,981 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 538 to 538. [2022-02-20 18:05:33,981 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:33,982 INFO L82 GeneralOperation]: Start isEquivalent. First operand 538 states. Second operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:05:33,983 INFO L74 IsIncluded]: Start isIncluded. First operand 538 states. Second operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:05:33,984 INFO L87 Difference]: Start difference. First operand 538 states. Second operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:05:33,999 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:34,000 INFO L93 Difference]: Finished difference Result 538 states and 828 transitions. [2022-02-20 18:05:34,000 INFO L276 IsEmpty]: Start isEmpty. Operand 538 states and 828 transitions. [2022-02-20 18:05:34,001 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:34,001 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:34,004 INFO L74 IsIncluded]: Start isIncluded. First operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) Second operand 538 states. [2022-02-20 18:05:34,005 INFO L87 Difference]: Start difference. First operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) Second operand 538 states. [2022-02-20 18:05:34,019 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:34,020 INFO L93 Difference]: Finished difference Result 538 states and 828 transitions. [2022-02-20 18:05:34,020 INFO L276 IsEmpty]: Start isEmpty. Operand 538 states and 828 transitions. [2022-02-20 18:05:34,022 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:34,022 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:34,022 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:34,022 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:34,023 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:05:34,041 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 538 states to 538 states and 828 transitions. [2022-02-20 18:05:34,041 INFO L78 Accepts]: Start accepts. Automaton has 538 states and 828 transitions. Word has length 122 [2022-02-20 18:05:34,041 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:34,041 INFO L470 AbstractCegarLoop]: Abstraction has 538 states and 828 transitions. [2022-02-20 18:05:34,042 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:34,042 INFO L276 IsEmpty]: Start isEmpty. Operand 538 states and 828 transitions. [2022-02-20 18:05:34,044 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 124 [2022-02-20 18:05:34,045 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:34,045 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:34,066 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:05:34,259 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:05:34,259 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:34,260 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:34,260 INFO L85 PathProgramCache]: Analyzing trace with hash 1783283689, now seen corresponding path program 1 times [2022-02-20 18:05:34,260 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:34,260 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [97879534] [2022-02-20 18:05:34,260 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:34,260 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:34,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,339 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:34,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,342 INFO L290 TraceCheckUtils]: 0: Hoare triple {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,343 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,343 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,343 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17472#true} #1397#return; {17472#true} is VALID [2022-02-20 18:05:34,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:34,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,354 INFO L290 TraceCheckUtils]: 0: Hoare triple {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,354 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17472#true} #1399#return; {17472#true} is VALID [2022-02-20 18:05:34,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:34,355 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,357 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume !(1 == ~handle); {17472#true} is VALID [2022-02-20 18:05:34,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,358 INFO L290 TraceCheckUtils]: 3: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,358 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17472#true} {17472#true} #1401#return; {17472#true} is VALID [2022-02-20 18:05:34,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:34,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume !(1 == ~handle); {17472#true} is VALID [2022-02-20 18:05:34,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,361 INFO L290 TraceCheckUtils]: 3: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,361 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17472#true} {17472#true} #1403#return; {17472#true} is VALID [2022-02-20 18:05:34,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:34,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17536#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:34,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {17536#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17537#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:34,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {17537#(= |setClientId_#in~handle| 1)} assume true; {17537#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:34,378 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17537#(= |setClientId_#in~handle| 1)} {17492#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {17473#false} is VALID [2022-02-20 18:05:34,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:34,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,382 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,382 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,382 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1407#return; {17473#false} is VALID [2022-02-20 18:05:34,388 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:05:34,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {17538#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,390 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1319#return; {17473#false} is VALID [2022-02-20 18:05:34,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:05:34,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {17539#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,399 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1321#return; {17473#false} is VALID [2022-02-20 18:05:34,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:05:34,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,401 INFO L290 TraceCheckUtils]: 0: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~10; {17472#true} is VALID [2022-02-20 18:05:34,401 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {17472#true} is VALID [2022-02-20 18:05:34,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,401 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1299#return; {17473#false} is VALID [2022-02-20 18:05:34,402 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:05:34,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,403 INFO L290 TraceCheckUtils]: 0: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~4; {17472#true} is VALID [2022-02-20 18:05:34,404 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {17472#true} is VALID [2022-02-20 18:05:34,404 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,404 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1301#return; {17473#false} is VALID [2022-02-20 18:05:34,404 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:05:34,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17472#true} is VALID [2022-02-20 18:05:34,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {17472#true} is VALID [2022-02-20 18:05:34,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,406 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1333#return; {17473#false} is VALID [2022-02-20 18:05:34,406 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:05:34,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,409 INFO L290 TraceCheckUtils]: 0: Hoare triple {17472#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {17472#true} is VALID [2022-02-20 18:05:34,409 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle; {17472#true} is VALID [2022-02-20 18:05:34,409 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {17472#true} is VALID [2022-02-20 18:05:34,409 INFO L290 TraceCheckUtils]: 3: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,409 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17472#true} {17473#false} #1335#return; {17473#false} is VALID [2022-02-20 18:05:34,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:05:34,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,411 INFO L290 TraceCheckUtils]: 0: Hoare triple {17538#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,412 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1341#return; {17473#false} is VALID [2022-02-20 18:05:34,412 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:05:34,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:34,414 INFO L290 TraceCheckUtils]: 0: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~39; {17472#true} is VALID [2022-02-20 18:05:34,414 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {17472#true} is VALID [2022-02-20 18:05:34,414 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,414 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17472#true} {17473#false} #1343#return; {17473#false} is VALID [2022-02-20 18:05:34,414 INFO L290 TraceCheckUtils]: 0: Hoare triple {17472#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {17472#true} is VALID [2022-02-20 18:05:34,415 INFO L290 TraceCheckUtils]: 1: Hoare triple {17472#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {17472#true} is VALID [2022-02-20 18:05:34,415 INFO L290 TraceCheckUtils]: 2: Hoare triple {17472#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17472#true} is VALID [2022-02-20 18:05:34,415 INFO L290 TraceCheckUtils]: 3: Hoare triple {17472#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {17472#true} is VALID [2022-02-20 18:05:34,415 INFO L290 TraceCheckUtils]: 4: Hoare triple {17472#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {17472#true} is VALID [2022-02-20 18:05:34,415 INFO L290 TraceCheckUtils]: 5: Hoare triple {17472#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17472#true} is VALID [2022-02-20 18:05:34,416 INFO L272 TraceCheckUtils]: 6: Hoare triple {17472#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:34,416 INFO L290 TraceCheckUtils]: 7: Hoare triple {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,416 INFO L290 TraceCheckUtils]: 8: Hoare triple {17472#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,416 INFO L290 TraceCheckUtils]: 9: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,416 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17472#true} {17472#true} #1397#return; {17472#true} is VALID [2022-02-20 18:05:34,416 INFO L290 TraceCheckUtils]: 11: Hoare triple {17472#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17472#true} is VALID [2022-02-20 18:05:34,417 INFO L272 TraceCheckUtils]: 12: Hoare triple {17472#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:34,417 INFO L290 TraceCheckUtils]: 13: Hoare triple {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,417 INFO L290 TraceCheckUtils]: 14: Hoare triple {17472#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,417 INFO L290 TraceCheckUtils]: 15: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,417 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17472#true} {17472#true} #1399#return; {17472#true} is VALID [2022-02-20 18:05:34,418 INFO L290 TraceCheckUtils]: 17: Hoare triple {17472#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17472#true} is VALID [2022-02-20 18:05:34,418 INFO L272 TraceCheckUtils]: 18: Hoare triple {17472#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:34,418 INFO L290 TraceCheckUtils]: 19: Hoare triple {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,418 INFO L290 TraceCheckUtils]: 20: Hoare triple {17472#true} assume !(1 == ~handle); {17472#true} is VALID [2022-02-20 18:05:34,418 INFO L290 TraceCheckUtils]: 21: Hoare triple {17472#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,419 INFO L290 TraceCheckUtils]: 22: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,419 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17472#true} {17472#true} #1401#return; {17472#true} is VALID [2022-02-20 18:05:34,419 INFO L290 TraceCheckUtils]: 24: Hoare triple {17472#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17472#true} is VALID [2022-02-20 18:05:34,419 INFO L272 TraceCheckUtils]: 25: Hoare triple {17472#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:34,420 INFO L290 TraceCheckUtils]: 26: Hoare triple {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,420 INFO L290 TraceCheckUtils]: 27: Hoare triple {17472#true} assume !(1 == ~handle); {17472#true} is VALID [2022-02-20 18:05:34,420 INFO L290 TraceCheckUtils]: 28: Hoare triple {17472#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,420 INFO L290 TraceCheckUtils]: 29: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,420 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17472#true} {17472#true} #1403#return; {17472#true} is VALID [2022-02-20 18:05:34,420 INFO L290 TraceCheckUtils]: 31: Hoare triple {17472#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17492#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:34,421 INFO L272 TraceCheckUtils]: 32: Hoare triple {17492#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:34,421 INFO L290 TraceCheckUtils]: 33: Hoare triple {17534#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17536#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:34,422 INFO L290 TraceCheckUtils]: 34: Hoare triple {17536#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17537#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:34,422 INFO L290 TraceCheckUtils]: 35: Hoare triple {17537#(= |setClientId_#in~handle| 1)} assume true; {17537#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:34,422 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17537#(= |setClientId_#in~handle| 1)} {17492#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {17473#false} is VALID [2022-02-20 18:05:34,422 INFO L290 TraceCheckUtils]: 37: Hoare triple {17473#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {17473#false} is VALID [2022-02-20 18:05:34,423 INFO L272 TraceCheckUtils]: 38: Hoare triple {17473#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:34,423 INFO L290 TraceCheckUtils]: 39: Hoare triple {17535#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,423 INFO L290 TraceCheckUtils]: 40: Hoare triple {17472#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,423 INFO L290 TraceCheckUtils]: 41: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,423 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {17472#true} {17473#false} #1407#return; {17473#false} is VALID [2022-02-20 18:05:34,423 INFO L290 TraceCheckUtils]: 43: Hoare triple {17473#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {17473#false} is VALID [2022-02-20 18:05:34,423 INFO L290 TraceCheckUtils]: 44: Hoare triple {17473#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17473#false} is VALID [2022-02-20 18:05:34,423 INFO L290 TraceCheckUtils]: 45: Hoare triple {17473#false} assume !false; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 46: Hoare triple {17473#false} assume test_~splverifierCounter~0#1 < 4; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 47: Hoare triple {17473#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 48: Hoare triple {17473#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 49: Hoare triple {17473#false} assume !(0 != test_~tmp___9~0#1); {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 50: Hoare triple {17473#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 51: Hoare triple {17473#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 52: Hoare triple {17473#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {17473#false} is VALID [2022-02-20 18:05:34,424 INFO L290 TraceCheckUtils]: 53: Hoare triple {17473#false} assume { :end_inline_setClientAutoResponse } true; {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 54: Hoare triple {17473#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 55: Hoare triple {17473#false} assume !false; {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 56: Hoare triple {17473#false} assume !(test_~splverifierCounter~0#1 < 4); {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 57: Hoare triple {17473#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L272 TraceCheckUtils]: 58: Hoare triple {17473#false} call sendEmail(~bob~0, ~rjh~0); {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 59: Hoare triple {17473#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17473#false} is VALID [2022-02-20 18:05:34,425 INFO L272 TraceCheckUtils]: 60: Hoare triple {17473#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17538#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 61: Hoare triple {17538#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,425 INFO L290 TraceCheckUtils]: 62: Hoare triple {17472#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,426 INFO L290 TraceCheckUtils]: 63: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,426 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17472#true} {17473#false} #1319#return; {17473#false} is VALID [2022-02-20 18:05:34,426 INFO L272 TraceCheckUtils]: 65: Hoare triple {17473#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17539#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:34,426 INFO L290 TraceCheckUtils]: 66: Hoare triple {17539#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,426 INFO L290 TraceCheckUtils]: 67: Hoare triple {17472#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,426 INFO L290 TraceCheckUtils]: 68: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,426 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {17472#true} {17473#false} #1321#return; {17473#false} is VALID [2022-02-20 18:05:34,426 INFO L290 TraceCheckUtils]: 70: Hoare triple {17473#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {17473#false} is VALID [2022-02-20 18:05:34,427 INFO L290 TraceCheckUtils]: 71: Hoare triple {17473#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {17473#false} is VALID [2022-02-20 18:05:34,427 INFO L272 TraceCheckUtils]: 72: Hoare triple {17473#false} call outgoing(~sender#1, ~email~0#1); {17473#false} is VALID [2022-02-20 18:05:34,427 INFO L290 TraceCheckUtils]: 73: Hoare triple {17473#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {17473#false} is VALID [2022-02-20 18:05:34,427 INFO L272 TraceCheckUtils]: 74: Hoare triple {17473#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {17472#true} is VALID [2022-02-20 18:05:34,427 INFO L290 TraceCheckUtils]: 75: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~10; {17472#true} is VALID [2022-02-20 18:05:34,427 INFO L290 TraceCheckUtils]: 76: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {17472#true} is VALID [2022-02-20 18:05:34,427 INFO L290 TraceCheckUtils]: 77: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,428 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {17472#true} {17473#false} #1299#return; {17473#false} is VALID [2022-02-20 18:05:34,428 INFO L290 TraceCheckUtils]: 79: Hoare triple {17473#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {17473#false} is VALID [2022-02-20 18:05:34,428 INFO L290 TraceCheckUtils]: 80: Hoare triple {17473#false} assume 0 == sign_~privkey~1#1; {17473#false} is VALID [2022-02-20 18:05:34,428 INFO L290 TraceCheckUtils]: 81: Hoare triple {17473#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {17473#false} is VALID [2022-02-20 18:05:34,428 INFO L272 TraceCheckUtils]: 82: Hoare triple {17473#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {17472#true} is VALID [2022-02-20 18:05:34,428 INFO L290 TraceCheckUtils]: 83: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~4; {17472#true} is VALID [2022-02-20 18:05:34,428 INFO L290 TraceCheckUtils]: 84: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {17472#true} is VALID [2022-02-20 18:05:34,428 INFO L290 TraceCheckUtils]: 85: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,428 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17472#true} {17473#false} #1301#return; {17473#false} is VALID [2022-02-20 18:05:34,429 INFO L290 TraceCheckUtils]: 87: Hoare triple {17473#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {17473#false} is VALID [2022-02-20 18:05:34,429 INFO L290 TraceCheckUtils]: 88: Hoare triple {17473#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {17473#false} is VALID [2022-02-20 18:05:34,429 INFO L272 TraceCheckUtils]: 89: Hoare triple {17473#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {17473#false} is VALID [2022-02-20 18:05:34,429 INFO L290 TraceCheckUtils]: 90: Hoare triple {17473#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {17473#false} is VALID [2022-02-20 18:05:34,429 INFO L272 TraceCheckUtils]: 91: Hoare triple {17473#false} call #t~ret90#1 := getEmailTo(~msg#1); {17472#true} is VALID [2022-02-20 18:05:34,429 INFO L290 TraceCheckUtils]: 92: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17472#true} is VALID [2022-02-20 18:05:34,429 INFO L290 TraceCheckUtils]: 93: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {17472#true} is VALID [2022-02-20 18:05:34,429 INFO L290 TraceCheckUtils]: 94: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,429 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {17472#true} {17473#false} #1333#return; {17473#false} is VALID [2022-02-20 18:05:34,430 INFO L290 TraceCheckUtils]: 96: Hoare triple {17473#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {17473#false} is VALID [2022-02-20 18:05:34,430 INFO L272 TraceCheckUtils]: 97: Hoare triple {17473#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {17472#true} is VALID [2022-02-20 18:05:34,430 INFO L290 TraceCheckUtils]: 98: Hoare triple {17472#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {17472#true} is VALID [2022-02-20 18:05:34,430 INFO L290 TraceCheckUtils]: 99: Hoare triple {17472#true} assume 1 == ~handle; {17472#true} is VALID [2022-02-20 18:05:34,430 INFO L290 TraceCheckUtils]: 100: Hoare triple {17472#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {17472#true} is VALID [2022-02-20 18:05:34,430 INFO L290 TraceCheckUtils]: 101: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,430 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {17472#true} {17473#false} #1335#return; {17473#false} is VALID [2022-02-20 18:05:34,430 INFO L290 TraceCheckUtils]: 103: Hoare triple {17473#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {17473#false} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 104: Hoare triple {17473#false} assume !(0 != ~pubkey~0#1); {17473#false} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 105: Hoare triple {17473#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {17473#false} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 106: Hoare triple {17473#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {17473#false} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 107: Hoare triple {17473#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {17473#false} is VALID [2022-02-20 18:05:34,431 INFO L272 TraceCheckUtils]: 108: Hoare triple {17473#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {17538#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 109: Hoare triple {17538#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17472#true} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 110: Hoare triple {17472#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17472#true} is VALID [2022-02-20 18:05:34,431 INFO L290 TraceCheckUtils]: 111: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,432 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {17472#true} {17473#false} #1341#return; {17473#false} is VALID [2022-02-20 18:05:34,432 INFO L290 TraceCheckUtils]: 113: Hoare triple {17473#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {17473#false} is VALID [2022-02-20 18:05:34,432 INFO L290 TraceCheckUtils]: 114: Hoare triple {17473#false} assume 0 != ~in_encrypted~0; {17473#false} is VALID [2022-02-20 18:05:34,432 INFO L272 TraceCheckUtils]: 115: Hoare triple {17473#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {17472#true} is VALID [2022-02-20 18:05:34,432 INFO L290 TraceCheckUtils]: 116: Hoare triple {17472#true} ~handle := #in~handle;havoc ~retValue_acc~39; {17472#true} is VALID [2022-02-20 18:05:34,432 INFO L290 TraceCheckUtils]: 117: Hoare triple {17472#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {17472#true} is VALID [2022-02-20 18:05:34,432 INFO L290 TraceCheckUtils]: 118: Hoare triple {17472#true} assume true; {17472#true} is VALID [2022-02-20 18:05:34,432 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {17472#true} {17473#false} #1343#return; {17473#false} is VALID [2022-02-20 18:05:34,432 INFO L290 TraceCheckUtils]: 120: Hoare triple {17473#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {17473#false} is VALID [2022-02-20 18:05:34,433 INFO L290 TraceCheckUtils]: 121: Hoare triple {17473#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {17473#false} is VALID [2022-02-20 18:05:34,433 INFO L290 TraceCheckUtils]: 122: Hoare triple {17473#false} assume !false; {17473#false} is VALID [2022-02-20 18:05:34,433 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:34,433 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:34,433 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [97879534] [2022-02-20 18:05:34,433 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [97879534] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:34,434 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:34,434 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:05:34,434 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [636574764] [2022-02-20 18:05:34,434 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:34,435 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 123 [2022-02-20 18:05:34,435 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:34,435 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:34,510 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 112 edges. 112 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:34,510 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:05:34,510 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:34,512 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:05:34,512 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:34,512 INFO L87 Difference]: Start difference. First operand 538 states and 828 transitions. Second operand has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:43,341 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:43,342 INFO L93 Difference]: Finished difference Result 1287 states and 2007 transitions. [2022-02-20 18:05:43,342 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:05:43,342 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 123 [2022-02-20 18:05:43,343 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:43,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:43,361 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1739 transitions. [2022-02-20 18:05:43,362 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:43,379 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1739 transitions. [2022-02-20 18:05:43,380 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1739 transitions. [2022-02-20 18:05:44,918 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1739 edges. 1739 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:44,955 INFO L225 Difference]: With dead ends: 1287 [2022-02-20 18:05:44,955 INFO L226 Difference]: Without dead ends: 772 [2022-02-20 18:05:44,957 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:05:44,957 INFO L933 BasicCegarLoop]: 789 mSDtfsCounter, 1811 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2884 mSolverCounterSat, 771 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1832 SdHoareTripleChecker+Valid, 1823 SdHoareTripleChecker+Invalid, 3655 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 771 IncrementalHoareTripleChecker+Valid, 2884 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:44,958 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1832 Valid, 1823 Invalid, 3655 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [771 Valid, 2884 Invalid, 0 Unknown, 0 Unchecked, 4.0s Time] [2022-02-20 18:05:44,959 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 772 states. [2022-02-20 18:05:45,067 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 772 to 538. [2022-02-20 18:05:45,067 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:45,069 INFO L82 GeneralOperation]: Start isEquivalent. First operand 772 states. Second operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (94), 87 states have call predecessors, (94), 88 states have call successors, (94) [2022-02-20 18:05:45,070 INFO L74 IsIncluded]: Start isIncluded. First operand 772 states. Second operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (94), 87 states have call predecessors, (94), 88 states have call successors, (94) [2022-02-20 18:05:45,071 INFO L87 Difference]: Start difference. First operand 772 states. Second operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (94), 87 states have call predecessors, (94), 88 states have call successors, (94) [2022-02-20 18:05:45,104 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:45,104 INFO L93 Difference]: Finished difference Result 772 states and 1210 transitions. [2022-02-20 18:05:45,105 INFO L276 IsEmpty]: Start isEmpty. Operand 772 states and 1210 transitions. [2022-02-20 18:05:45,109 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:45,109 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:45,110 INFO L74 IsIncluded]: Start isIncluded. First operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (94), 87 states have call predecessors, (94), 88 states have call successors, (94) Second operand 772 states. [2022-02-20 18:05:45,111 INFO L87 Difference]: Start difference. First operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (94), 87 states have call predecessors, (94), 88 states have call successors, (94) Second operand 772 states. [2022-02-20 18:05:45,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:45,143 INFO L93 Difference]: Finished difference Result 772 states and 1210 transitions. [2022-02-20 18:05:45,143 INFO L276 IsEmpty]: Start isEmpty. Operand 772 states and 1210 transitions. [2022-02-20 18:05:45,147 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:45,147 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:45,147 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:45,148 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:45,161 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 538 states, 417 states have (on average 1.5443645083932853) internal successors, (644), 423 states have internal predecessors, (644), 89 states have call successors, (89), 29 states have call predecessors, (89), 31 states have return successors, (94), 87 states have call predecessors, (94), 88 states have call successors, (94) [2022-02-20 18:05:45,181 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 538 states to 538 states and 827 transitions. [2022-02-20 18:05:45,181 INFO L78 Accepts]: Start accepts. Automaton has 538 states and 827 transitions. Word has length 123 [2022-02-20 18:05:45,182 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:45,182 INFO L470 AbstractCegarLoop]: Abstraction has 538 states and 827 transitions. [2022-02-20 18:05:45,183 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:45,183 INFO L276 IsEmpty]: Start isEmpty. Operand 538 states and 827 transitions. [2022-02-20 18:05:45,185 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 125 [2022-02-20 18:05:45,185 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:45,185 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:45,185 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:05:45,185 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:45,186 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:45,186 INFO L85 PathProgramCache]: Analyzing trace with hash -14687389, now seen corresponding path program 2 times [2022-02-20 18:05:45,186 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:45,186 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [716016423] [2022-02-20 18:05:45,186 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:45,186 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:45,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:45,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,240 INFO L290 TraceCheckUtils]: 0: Hoare triple {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,240 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,241 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,241 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21672#true} #1397#return; {21672#true} is VALID [2022-02-20 18:05:45,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:45,246 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,248 INFO L290 TraceCheckUtils]: 0: Hoare triple {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,248 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,248 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,249 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21672#true} #1399#return; {21672#true} is VALID [2022-02-20 18:05:45,249 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:45,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume !(1 == ~handle); {21672#true} is VALID [2022-02-20 18:05:45,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,251 INFO L290 TraceCheckUtils]: 3: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,252 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21672#true} {21672#true} #1401#return; {21672#true} is VALID [2022-02-20 18:05:45,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:45,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume !(1 == ~handle); {21672#true} is VALID [2022-02-20 18:05:45,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,257 INFO L290 TraceCheckUtils]: 3: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,257 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21672#true} {21672#true} #1403#return; {21672#true} is VALID [2022-02-20 18:05:45,257 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:45,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21737#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {21737#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21737#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,271 INFO L290 TraceCheckUtils]: 2: Hoare triple {21737#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21738#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,271 INFO L290 TraceCheckUtils]: 3: Hoare triple {21738#(= 2 |setClientId_#in~handle|)} assume true; {21738#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,272 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21738#(= 2 |setClientId_#in~handle|)} {21692#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {21673#false} is VALID [2022-02-20 18:05:45,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:05:45,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,276 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1407#return; {21673#false} is VALID [2022-02-20 18:05:45,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:45,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {21739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1319#return; {21673#false} is VALID [2022-02-20 18:05:45,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:05:45,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {21740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1321#return; {21673#false} is VALID [2022-02-20 18:05:45,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:05:45,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~10; {21672#true} is VALID [2022-02-20 18:05:45,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {21672#true} is VALID [2022-02-20 18:05:45,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,297 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1299#return; {21673#false} is VALID [2022-02-20 18:05:45,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:05:45,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~4; {21672#true} is VALID [2022-02-20 18:05:45,299 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {21672#true} is VALID [2022-02-20 18:05:45,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,299 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1301#return; {21673#false} is VALID [2022-02-20 18:05:45,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:05:45,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21672#true} is VALID [2022-02-20 18:05:45,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21672#true} is VALID [2022-02-20 18:05:45,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1333#return; {21673#false} is VALID [2022-02-20 18:05:45,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:05:45,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {21672#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {21672#true} is VALID [2022-02-20 18:05:45,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle; {21672#true} is VALID [2022-02-20 18:05:45,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {21672#true} is VALID [2022-02-20 18:05:45,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,307 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21672#true} {21673#false} #1335#return; {21673#false} is VALID [2022-02-20 18:05:45,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:05:45,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,309 INFO L290 TraceCheckUtils]: 0: Hoare triple {21739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,309 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,309 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,310 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1341#return; {21673#false} is VALID [2022-02-20 18:05:45,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:05:45,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21672#true} is VALID [2022-02-20 18:05:45,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21672#true} is VALID [2022-02-20 18:05:45,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21672#true} {21673#false} #1343#return; {21673#false} is VALID [2022-02-20 18:05:45,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {21672#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {21672#true} is VALID [2022-02-20 18:05:45,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {21672#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {21672#true} is VALID [2022-02-20 18:05:45,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {21672#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21672#true} is VALID [2022-02-20 18:05:45,313 INFO L290 TraceCheckUtils]: 3: Hoare triple {21672#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {21672#true} is VALID [2022-02-20 18:05:45,313 INFO L290 TraceCheckUtils]: 4: Hoare triple {21672#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {21672#true} is VALID [2022-02-20 18:05:45,313 INFO L290 TraceCheckUtils]: 5: Hoare triple {21672#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21672#true} is VALID [2022-02-20 18:05:45,314 INFO L272 TraceCheckUtils]: 6: Hoare triple {21672#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,314 INFO L290 TraceCheckUtils]: 7: Hoare triple {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,314 INFO L290 TraceCheckUtils]: 8: Hoare triple {21672#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,314 INFO L290 TraceCheckUtils]: 9: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,314 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21672#true} {21672#true} #1397#return; {21672#true} is VALID [2022-02-20 18:05:45,314 INFO L290 TraceCheckUtils]: 11: Hoare triple {21672#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21672#true} is VALID [2022-02-20 18:05:45,315 INFO L272 TraceCheckUtils]: 12: Hoare triple {21672#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:45,315 INFO L290 TraceCheckUtils]: 13: Hoare triple {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,315 INFO L290 TraceCheckUtils]: 14: Hoare triple {21672#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,315 INFO L290 TraceCheckUtils]: 15: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,315 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21672#true} {21672#true} #1399#return; {21672#true} is VALID [2022-02-20 18:05:45,315 INFO L290 TraceCheckUtils]: 17: Hoare triple {21672#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21672#true} is VALID [2022-02-20 18:05:45,316 INFO L272 TraceCheckUtils]: 18: Hoare triple {21672#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,316 INFO L290 TraceCheckUtils]: 19: Hoare triple {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,316 INFO L290 TraceCheckUtils]: 20: Hoare triple {21672#true} assume !(1 == ~handle); {21672#true} is VALID [2022-02-20 18:05:45,316 INFO L290 TraceCheckUtils]: 21: Hoare triple {21672#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,316 INFO L290 TraceCheckUtils]: 22: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,316 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21672#true} {21672#true} #1401#return; {21672#true} is VALID [2022-02-20 18:05:45,317 INFO L290 TraceCheckUtils]: 24: Hoare triple {21672#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21672#true} is VALID [2022-02-20 18:05:45,317 INFO L272 TraceCheckUtils]: 25: Hoare triple {21672#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:45,317 INFO L290 TraceCheckUtils]: 26: Hoare triple {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,317 INFO L290 TraceCheckUtils]: 27: Hoare triple {21672#true} assume !(1 == ~handle); {21672#true} is VALID [2022-02-20 18:05:45,317 INFO L290 TraceCheckUtils]: 28: Hoare triple {21672#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,318 INFO L290 TraceCheckUtils]: 29: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,318 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21672#true} {21672#true} #1403#return; {21672#true} is VALID [2022-02-20 18:05:45,319 INFO L290 TraceCheckUtils]: 31: Hoare triple {21672#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21692#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:45,319 INFO L272 TraceCheckUtils]: 32: Hoare triple {21692#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,320 INFO L290 TraceCheckUtils]: 33: Hoare triple {21735#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21737#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,320 INFO L290 TraceCheckUtils]: 34: Hoare triple {21737#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21737#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,320 INFO L290 TraceCheckUtils]: 35: Hoare triple {21737#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21738#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,320 INFO L290 TraceCheckUtils]: 36: Hoare triple {21738#(= 2 |setClientId_#in~handle|)} assume true; {21738#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:45,321 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {21738#(= 2 |setClientId_#in~handle|)} {21692#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {21673#false} is VALID [2022-02-20 18:05:45,321 INFO L290 TraceCheckUtils]: 38: Hoare triple {21673#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {21673#false} is VALID [2022-02-20 18:05:45,321 INFO L272 TraceCheckUtils]: 39: Hoare triple {21673#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:45,321 INFO L290 TraceCheckUtils]: 40: Hoare triple {21736#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,321 INFO L290 TraceCheckUtils]: 41: Hoare triple {21672#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 42: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,322 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {21672#true} {21673#false} #1407#return; {21673#false} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 44: Hoare triple {21673#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {21673#false} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 45: Hoare triple {21673#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21673#false} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 46: Hoare triple {21673#false} assume !false; {21673#false} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 47: Hoare triple {21673#false} assume test_~splverifierCounter~0#1 < 4; {21673#false} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 48: Hoare triple {21673#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21673#false} is VALID [2022-02-20 18:05:45,322 INFO L290 TraceCheckUtils]: 49: Hoare triple {21673#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 50: Hoare triple {21673#false} assume !(0 != test_~tmp___9~0#1); {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 51: Hoare triple {21673#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 52: Hoare triple {21673#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 53: Hoare triple {21673#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 54: Hoare triple {21673#false} assume { :end_inline_setClientAutoResponse } true; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 55: Hoare triple {21673#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 56: Hoare triple {21673#false} assume !false; {21673#false} is VALID [2022-02-20 18:05:45,323 INFO L290 TraceCheckUtils]: 57: Hoare triple {21673#false} assume !(test_~splverifierCounter~0#1 < 4); {21673#false} is VALID [2022-02-20 18:05:45,324 INFO L290 TraceCheckUtils]: 58: Hoare triple {21673#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {21673#false} is VALID [2022-02-20 18:05:45,324 INFO L272 TraceCheckUtils]: 59: Hoare triple {21673#false} call sendEmail(~bob~0, ~rjh~0); {21673#false} is VALID [2022-02-20 18:05:45,324 INFO L290 TraceCheckUtils]: 60: Hoare triple {21673#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21673#false} is VALID [2022-02-20 18:05:45,324 INFO L272 TraceCheckUtils]: 61: Hoare triple {21673#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:45,324 INFO L290 TraceCheckUtils]: 62: Hoare triple {21739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,324 INFO L290 TraceCheckUtils]: 63: Hoare triple {21672#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,324 INFO L290 TraceCheckUtils]: 64: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,324 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {21672#true} {21673#false} #1319#return; {21673#false} is VALID [2022-02-20 18:05:45,324 INFO L272 TraceCheckUtils]: 66: Hoare triple {21673#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:45,325 INFO L290 TraceCheckUtils]: 67: Hoare triple {21740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,325 INFO L290 TraceCheckUtils]: 68: Hoare triple {21672#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,325 INFO L290 TraceCheckUtils]: 69: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,325 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {21672#true} {21673#false} #1321#return; {21673#false} is VALID [2022-02-20 18:05:45,325 INFO L290 TraceCheckUtils]: 71: Hoare triple {21673#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {21673#false} is VALID [2022-02-20 18:05:45,325 INFO L290 TraceCheckUtils]: 72: Hoare triple {21673#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {21673#false} is VALID [2022-02-20 18:05:45,325 INFO L272 TraceCheckUtils]: 73: Hoare triple {21673#false} call outgoing(~sender#1, ~email~0#1); {21673#false} is VALID [2022-02-20 18:05:45,325 INFO L290 TraceCheckUtils]: 74: Hoare triple {21673#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {21673#false} is VALID [2022-02-20 18:05:45,325 INFO L272 TraceCheckUtils]: 75: Hoare triple {21673#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {21672#true} is VALID [2022-02-20 18:05:45,326 INFO L290 TraceCheckUtils]: 76: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~10; {21672#true} is VALID [2022-02-20 18:05:45,326 INFO L290 TraceCheckUtils]: 77: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {21672#true} is VALID [2022-02-20 18:05:45,326 INFO L290 TraceCheckUtils]: 78: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,326 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {21672#true} {21673#false} #1299#return; {21673#false} is VALID [2022-02-20 18:05:45,326 INFO L290 TraceCheckUtils]: 80: Hoare triple {21673#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {21673#false} is VALID [2022-02-20 18:05:45,326 INFO L290 TraceCheckUtils]: 81: Hoare triple {21673#false} assume 0 == sign_~privkey~1#1; {21673#false} is VALID [2022-02-20 18:05:45,326 INFO L290 TraceCheckUtils]: 82: Hoare triple {21673#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {21673#false} is VALID [2022-02-20 18:05:45,326 INFO L272 TraceCheckUtils]: 83: Hoare triple {21673#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {21672#true} is VALID [2022-02-20 18:05:45,327 INFO L290 TraceCheckUtils]: 84: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~4; {21672#true} is VALID [2022-02-20 18:05:45,327 INFO L290 TraceCheckUtils]: 85: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {21672#true} is VALID [2022-02-20 18:05:45,327 INFO L290 TraceCheckUtils]: 86: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,327 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {21672#true} {21673#false} #1301#return; {21673#false} is VALID [2022-02-20 18:05:45,327 INFO L290 TraceCheckUtils]: 88: Hoare triple {21673#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {21673#false} is VALID [2022-02-20 18:05:45,327 INFO L290 TraceCheckUtils]: 89: Hoare triple {21673#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {21673#false} is VALID [2022-02-20 18:05:45,327 INFO L272 TraceCheckUtils]: 90: Hoare triple {21673#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {21673#false} is VALID [2022-02-20 18:05:45,327 INFO L290 TraceCheckUtils]: 91: Hoare triple {21673#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {21673#false} is VALID [2022-02-20 18:05:45,328 INFO L272 TraceCheckUtils]: 92: Hoare triple {21673#false} call #t~ret90#1 := getEmailTo(~msg#1); {21672#true} is VALID [2022-02-20 18:05:45,328 INFO L290 TraceCheckUtils]: 93: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21672#true} is VALID [2022-02-20 18:05:45,328 INFO L290 TraceCheckUtils]: 94: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21672#true} is VALID [2022-02-20 18:05:45,328 INFO L290 TraceCheckUtils]: 95: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,328 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {21672#true} {21673#false} #1333#return; {21673#false} is VALID [2022-02-20 18:05:45,328 INFO L290 TraceCheckUtils]: 97: Hoare triple {21673#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {21673#false} is VALID [2022-02-20 18:05:45,328 INFO L272 TraceCheckUtils]: 98: Hoare triple {21673#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {21672#true} is VALID [2022-02-20 18:05:45,328 INFO L290 TraceCheckUtils]: 99: Hoare triple {21672#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {21672#true} is VALID [2022-02-20 18:05:45,328 INFO L290 TraceCheckUtils]: 100: Hoare triple {21672#true} assume 1 == ~handle; {21672#true} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 101: Hoare triple {21672#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {21672#true} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 102: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,329 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {21672#true} {21673#false} #1335#return; {21673#false} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 104: Hoare triple {21673#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {21673#false} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 105: Hoare triple {21673#false} assume !(0 != ~pubkey~0#1); {21673#false} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 106: Hoare triple {21673#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {21673#false} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 107: Hoare triple {21673#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {21673#false} is VALID [2022-02-20 18:05:45,329 INFO L290 TraceCheckUtils]: 108: Hoare triple {21673#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {21673#false} is VALID [2022-02-20 18:05:45,330 INFO L272 TraceCheckUtils]: 109: Hoare triple {21673#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {21739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:45,330 INFO L290 TraceCheckUtils]: 110: Hoare triple {21739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21672#true} is VALID [2022-02-20 18:05:45,330 INFO L290 TraceCheckUtils]: 111: Hoare triple {21672#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21672#true} is VALID [2022-02-20 18:05:45,330 INFO L290 TraceCheckUtils]: 112: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,330 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {21672#true} {21673#false} #1341#return; {21673#false} is VALID [2022-02-20 18:05:45,330 INFO L290 TraceCheckUtils]: 114: Hoare triple {21673#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {21673#false} is VALID [2022-02-20 18:05:45,330 INFO L290 TraceCheckUtils]: 115: Hoare triple {21673#false} assume 0 != ~in_encrypted~0; {21673#false} is VALID [2022-02-20 18:05:45,330 INFO L272 TraceCheckUtils]: 116: Hoare triple {21673#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {21672#true} is VALID [2022-02-20 18:05:45,330 INFO L290 TraceCheckUtils]: 117: Hoare triple {21672#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21672#true} is VALID [2022-02-20 18:05:45,331 INFO L290 TraceCheckUtils]: 118: Hoare triple {21672#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21672#true} is VALID [2022-02-20 18:05:45,331 INFO L290 TraceCheckUtils]: 119: Hoare triple {21672#true} assume true; {21672#true} is VALID [2022-02-20 18:05:45,331 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {21672#true} {21673#false} #1343#return; {21673#false} is VALID [2022-02-20 18:05:45,331 INFO L290 TraceCheckUtils]: 121: Hoare triple {21673#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {21673#false} is VALID [2022-02-20 18:05:45,331 INFO L290 TraceCheckUtils]: 122: Hoare triple {21673#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {21673#false} is VALID [2022-02-20 18:05:45,331 INFO L290 TraceCheckUtils]: 123: Hoare triple {21673#false} assume !false; {21673#false} is VALID [2022-02-20 18:05:45,332 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:05:45,332 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:45,332 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [716016423] [2022-02-20 18:05:45,332 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [716016423] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:45,332 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:45,332 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:05:45,332 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [965818813] [2022-02-20 18:05:45,332 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:45,333 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 124 [2022-02-20 18:05:45,333 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:45,334 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:45,412 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 113 edges. 113 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:45,412 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:05:45,412 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:45,413 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:05:45,413 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:45,413 INFO L87 Difference]: Start difference. First operand 538 states and 827 transitions. Second operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:54,856 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:54,856 INFO L93 Difference]: Finished difference Result 1289 states and 2010 transitions. [2022-02-20 18:05:54,856 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:05:54,857 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 124 [2022-02-20 18:05:54,858 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:54,858 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:54,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1740 transitions. [2022-02-20 18:05:54,879 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:54,895 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1740 transitions. [2022-02-20 18:05:54,896 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1740 transitions. [2022-02-20 18:05:56,241 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1740 edges. 1740 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:56,272 INFO L225 Difference]: With dead ends: 1289 [2022-02-20 18:05:56,272 INFO L226 Difference]: Without dead ends: 774 [2022-02-20 18:05:56,274 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:05:56,275 INFO L933 BasicCegarLoop]: 768 mSDtfsCounter, 1876 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2815 mSolverCounterSat, 781 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1897 SdHoareTripleChecker+Valid, 1802 SdHoareTripleChecker+Invalid, 3596 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 781 IncrementalHoareTripleChecker+Valid, 2815 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:56,275 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1897 Valid, 1802 Invalid, 3596 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [781 Valid, 2815 Invalid, 0 Unknown, 0 Unchecked, 4.3s Time] [2022-02-20 18:05:56,276 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 774 states. [2022-02-20 18:05:56,352 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 774 to 540. [2022-02-20 18:05:56,353 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:56,354 INFO L82 GeneralOperation]: Start isEquivalent. First operand 774 states. Second operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (96), 87 states have call predecessors, (96), 88 states have call successors, (96) [2022-02-20 18:05:56,356 INFO L74 IsIncluded]: Start isIncluded. First operand 774 states. Second operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (96), 87 states have call predecessors, (96), 88 states have call successors, (96) [2022-02-20 18:05:56,356 INFO L87 Difference]: Start difference. First operand 774 states. Second operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (96), 87 states have call predecessors, (96), 88 states have call successors, (96) [2022-02-20 18:05:56,388 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:56,389 INFO L93 Difference]: Finished difference Result 774 states and 1213 transitions. [2022-02-20 18:05:56,389 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 1213 transitions. [2022-02-20 18:05:56,394 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:56,394 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:56,395 INFO L74 IsIncluded]: Start isIncluded. First operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (96), 87 states have call predecessors, (96), 88 states have call successors, (96) Second operand 774 states. [2022-02-20 18:05:56,395 INFO L87 Difference]: Start difference. First operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (96), 87 states have call predecessors, (96), 88 states have call successors, (96) Second operand 774 states. [2022-02-20 18:05:56,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:56,422 INFO L93 Difference]: Finished difference Result 774 states and 1213 transitions. [2022-02-20 18:05:56,422 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 1213 transitions. [2022-02-20 18:05:56,425 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:56,425 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:56,425 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:56,426 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:56,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (96), 87 states have call predecessors, (96), 88 states have call successors, (96) [2022-02-20 18:05:56,441 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 540 states to 540 states and 830 transitions. [2022-02-20 18:05:56,442 INFO L78 Accepts]: Start accepts. Automaton has 540 states and 830 transitions. Word has length 124 [2022-02-20 18:05:56,442 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:56,442 INFO L470 AbstractCegarLoop]: Abstraction has 540 states and 830 transitions. [2022-02-20 18:05:56,442 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 18:05:56,442 INFO L276 IsEmpty]: Start isEmpty. Operand 540 states and 830 transitions. [2022-02-20 18:05:56,444 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 126 [2022-02-20 18:05:56,444 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:56,444 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:56,444 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:05:56,445 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:56,445 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:56,445 INFO L85 PathProgramCache]: Analyzing trace with hash -1844049874, now seen corresponding path program 1 times [2022-02-20 18:05:56,445 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:56,445 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [25793949] [2022-02-20 18:05:56,445 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:56,446 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:56,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:05:56,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,504 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,504 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25881#true} #1397#return; {25881#true} is VALID [2022-02-20 18:05:56,508 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:05:56,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,510 INFO L290 TraceCheckUtils]: 0: Hoare triple {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,510 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,511 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,511 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25881#true} #1399#return; {25881#true} is VALID [2022-02-20 18:05:56,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:56,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,514 INFO L290 TraceCheckUtils]: 0: Hoare triple {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume !(1 == ~handle); {25881#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,515 INFO L290 TraceCheckUtils]: 3: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,515 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25881#true} {25881#true} #1401#return; {25881#true} is VALID [2022-02-20 18:05:56,515 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:05:56,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume !(1 == ~handle); {25881#true} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,518 INFO L290 TraceCheckUtils]: 3: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,518 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25881#true} {25881#true} #1403#return; {25881#true} is VALID [2022-02-20 18:05:56,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:05:56,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25948#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {25948#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25948#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {25948#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25948#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,537 INFO L290 TraceCheckUtils]: 3: Hoare triple {25948#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25949#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,537 INFO L290 TraceCheckUtils]: 4: Hoare triple {25949#(= 3 |setClientId_#in~handle|)} assume true; {25949#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,538 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25949#(= 3 |setClientId_#in~handle|)} {25901#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:56,538 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:05:56,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25950#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:56,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {25950#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25951#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:56,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {25951#(= |setClientPrivateKey_#in~handle| 1)} assume true; {25951#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:56,552 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25951#(= |setClientPrivateKey_#in~handle| 1)} {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1407#return; {25882#false} is VALID [2022-02-20 18:05:56,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:05:56,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {25952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,561 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,561 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1319#return; {25882#false} is VALID [2022-02-20 18:05:56,567 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:05:56,568 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {25953#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,570 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1321#return; {25882#false} is VALID [2022-02-20 18:05:56,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:05:56,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,572 INFO L290 TraceCheckUtils]: 0: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~10; {25881#true} is VALID [2022-02-20 18:05:56,572 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {25881#true} is VALID [2022-02-20 18:05:56,572 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,572 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1299#return; {25882#false} is VALID [2022-02-20 18:05:56,573 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:05:56,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~4; {25881#true} is VALID [2022-02-20 18:05:56,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {25881#true} is VALID [2022-02-20 18:05:56,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1301#return; {25882#false} is VALID [2022-02-20 18:05:56,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:05:56,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25881#true} is VALID [2022-02-20 18:05:56,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {25881#true} is VALID [2022-02-20 18:05:56,578 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,579 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1333#return; {25882#false} is VALID [2022-02-20 18:05:56,579 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:05:56,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {25881#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {25881#true} is VALID [2022-02-20 18:05:56,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle; {25881#true} is VALID [2022-02-20 18:05:56,591 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {25881#true} is VALID [2022-02-20 18:05:56,592 INFO L290 TraceCheckUtils]: 3: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,592 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25881#true} {25882#false} #1335#return; {25882#false} is VALID [2022-02-20 18:05:56,592 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:05:56,593 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {25952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,595 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,595 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1341#return; {25882#false} is VALID [2022-02-20 18:05:56,595 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:05:56,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:56,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~39; {25881#true} is VALID [2022-02-20 18:05:56,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {25881#true} is VALID [2022-02-20 18:05:56,599 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,599 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25881#true} {25882#false} #1343#return; {25882#false} is VALID [2022-02-20 18:05:56,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {25881#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {25881#true} is VALID [2022-02-20 18:05:56,599 INFO L290 TraceCheckUtils]: 1: Hoare triple {25881#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {25881#true} is VALID [2022-02-20 18:05:56,599 INFO L290 TraceCheckUtils]: 2: Hoare triple {25881#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25881#true} is VALID [2022-02-20 18:05:56,599 INFO L290 TraceCheckUtils]: 3: Hoare triple {25881#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {25881#true} is VALID [2022-02-20 18:05:56,599 INFO L290 TraceCheckUtils]: 4: Hoare triple {25881#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {25881#true} is VALID [2022-02-20 18:05:56,600 INFO L290 TraceCheckUtils]: 5: Hoare triple {25881#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25881#true} is VALID [2022-02-20 18:05:56,600 INFO L272 TraceCheckUtils]: 6: Hoare triple {25881#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:56,600 INFO L290 TraceCheckUtils]: 7: Hoare triple {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,600 INFO L290 TraceCheckUtils]: 8: Hoare triple {25881#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,600 INFO L290 TraceCheckUtils]: 9: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,601 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25881#true} {25881#true} #1397#return; {25881#true} is VALID [2022-02-20 18:05:56,601 INFO L290 TraceCheckUtils]: 11: Hoare triple {25881#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25881#true} is VALID [2022-02-20 18:05:56,601 INFO L272 TraceCheckUtils]: 12: Hoare triple {25881#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:56,601 INFO L290 TraceCheckUtils]: 13: Hoare triple {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,601 INFO L290 TraceCheckUtils]: 14: Hoare triple {25881#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,602 INFO L290 TraceCheckUtils]: 15: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,602 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25881#true} {25881#true} #1399#return; {25881#true} is VALID [2022-02-20 18:05:56,602 INFO L290 TraceCheckUtils]: 17: Hoare triple {25881#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25881#true} is VALID [2022-02-20 18:05:56,602 INFO L272 TraceCheckUtils]: 18: Hoare triple {25881#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:56,602 INFO L290 TraceCheckUtils]: 19: Hoare triple {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,602 INFO L290 TraceCheckUtils]: 20: Hoare triple {25881#true} assume !(1 == ~handle); {25881#true} is VALID [2022-02-20 18:05:56,603 INFO L290 TraceCheckUtils]: 21: Hoare triple {25881#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,603 INFO L290 TraceCheckUtils]: 22: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,603 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25881#true} {25881#true} #1401#return; {25881#true} is VALID [2022-02-20 18:05:56,603 INFO L290 TraceCheckUtils]: 24: Hoare triple {25881#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25881#true} is VALID [2022-02-20 18:05:56,603 INFO L272 TraceCheckUtils]: 25: Hoare triple {25881#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:56,604 INFO L290 TraceCheckUtils]: 26: Hoare triple {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,604 INFO L290 TraceCheckUtils]: 27: Hoare triple {25881#true} assume !(1 == ~handle); {25881#true} is VALID [2022-02-20 18:05:56,604 INFO L290 TraceCheckUtils]: 28: Hoare triple {25881#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,604 INFO L290 TraceCheckUtils]: 29: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,604 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25881#true} {25881#true} #1403#return; {25881#true} is VALID [2022-02-20 18:05:56,604 INFO L290 TraceCheckUtils]: 31: Hoare triple {25881#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25901#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:05:56,605 INFO L272 TraceCheckUtils]: 32: Hoare triple {25901#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:56,605 INFO L290 TraceCheckUtils]: 33: Hoare triple {25946#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25948#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,605 INFO L290 TraceCheckUtils]: 34: Hoare triple {25948#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25948#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,606 INFO L290 TraceCheckUtils]: 35: Hoare triple {25948#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25948#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,606 INFO L290 TraceCheckUtils]: 36: Hoare triple {25948#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25949#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,606 INFO L290 TraceCheckUtils]: 37: Hoare triple {25949#(= 3 |setClientId_#in~handle|)} assume true; {25949#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:56,607 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25949#(= 3 |setClientId_#in~handle|)} {25901#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:56,607 INFO L290 TraceCheckUtils]: 39: Hoare triple {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:05:56,608 INFO L272 TraceCheckUtils]: 40: Hoare triple {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:56,608 INFO L290 TraceCheckUtils]: 41: Hoare triple {25947#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25950#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:05:56,608 INFO L290 TraceCheckUtils]: 42: Hoare triple {25950#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25951#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:56,608 INFO L290 TraceCheckUtils]: 43: Hoare triple {25951#(= |setClientPrivateKey_#in~handle| 1)} assume true; {25951#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:05:56,609 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {25951#(= |setClientPrivateKey_#in~handle| 1)} {25908#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1407#return; {25882#false} is VALID [2022-02-20 18:05:56,609 INFO L290 TraceCheckUtils]: 45: Hoare triple {25882#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {25882#false} is VALID [2022-02-20 18:05:56,609 INFO L290 TraceCheckUtils]: 46: Hoare triple {25882#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25882#false} is VALID [2022-02-20 18:05:56,609 INFO L290 TraceCheckUtils]: 47: Hoare triple {25882#false} assume !false; {25882#false} is VALID [2022-02-20 18:05:56,609 INFO L290 TraceCheckUtils]: 48: Hoare triple {25882#false} assume test_~splverifierCounter~0#1 < 4; {25882#false} is VALID [2022-02-20 18:05:56,609 INFO L290 TraceCheckUtils]: 49: Hoare triple {25882#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25882#false} is VALID [2022-02-20 18:05:56,609 INFO L290 TraceCheckUtils]: 50: Hoare triple {25882#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 51: Hoare triple {25882#false} assume !(0 != test_~tmp___9~0#1); {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 52: Hoare triple {25882#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 53: Hoare triple {25882#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 54: Hoare triple {25882#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 55: Hoare triple {25882#false} assume { :end_inline_setClientAutoResponse } true; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 56: Hoare triple {25882#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 57: Hoare triple {25882#false} assume !false; {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 58: Hoare triple {25882#false} assume !(test_~splverifierCounter~0#1 < 4); {25882#false} is VALID [2022-02-20 18:05:56,610 INFO L290 TraceCheckUtils]: 59: Hoare triple {25882#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {25882#false} is VALID [2022-02-20 18:05:56,611 INFO L272 TraceCheckUtils]: 60: Hoare triple {25882#false} call sendEmail(~bob~0, ~rjh~0); {25882#false} is VALID [2022-02-20 18:05:56,611 INFO L290 TraceCheckUtils]: 61: Hoare triple {25882#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25882#false} is VALID [2022-02-20 18:05:56,611 INFO L272 TraceCheckUtils]: 62: Hoare triple {25882#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:56,611 INFO L290 TraceCheckUtils]: 63: Hoare triple {25952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,611 INFO L290 TraceCheckUtils]: 64: Hoare triple {25881#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,611 INFO L290 TraceCheckUtils]: 65: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,611 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25881#true} {25882#false} #1319#return; {25882#false} is VALID [2022-02-20 18:05:56,611 INFO L272 TraceCheckUtils]: 67: Hoare triple {25882#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25953#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:56,612 INFO L290 TraceCheckUtils]: 68: Hoare triple {25953#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,612 INFO L290 TraceCheckUtils]: 69: Hoare triple {25881#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,612 INFO L290 TraceCheckUtils]: 70: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,612 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25881#true} {25882#false} #1321#return; {25882#false} is VALID [2022-02-20 18:05:56,612 INFO L290 TraceCheckUtils]: 72: Hoare triple {25882#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {25882#false} is VALID [2022-02-20 18:05:56,612 INFO L290 TraceCheckUtils]: 73: Hoare triple {25882#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {25882#false} is VALID [2022-02-20 18:05:56,612 INFO L272 TraceCheckUtils]: 74: Hoare triple {25882#false} call outgoing(~sender#1, ~email~0#1); {25882#false} is VALID [2022-02-20 18:05:56,612 INFO L290 TraceCheckUtils]: 75: Hoare triple {25882#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {25882#false} is VALID [2022-02-20 18:05:56,612 INFO L272 TraceCheckUtils]: 76: Hoare triple {25882#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {25881#true} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 77: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~10; {25881#true} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 78: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {25881#true} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 79: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,613 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {25881#true} {25882#false} #1299#return; {25882#false} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 81: Hoare triple {25882#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {25882#false} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 82: Hoare triple {25882#false} assume 0 == sign_~privkey~1#1; {25882#false} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 83: Hoare triple {25882#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {25882#false} is VALID [2022-02-20 18:05:56,613 INFO L272 TraceCheckUtils]: 84: Hoare triple {25882#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {25881#true} is VALID [2022-02-20 18:05:56,613 INFO L290 TraceCheckUtils]: 85: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~4; {25881#true} is VALID [2022-02-20 18:05:56,614 INFO L290 TraceCheckUtils]: 86: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {25881#true} is VALID [2022-02-20 18:05:56,614 INFO L290 TraceCheckUtils]: 87: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,615 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25881#true} {25882#false} #1301#return; {25882#false} is VALID [2022-02-20 18:05:56,615 INFO L290 TraceCheckUtils]: 89: Hoare triple {25882#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {25882#false} is VALID [2022-02-20 18:05:56,616 INFO L290 TraceCheckUtils]: 90: Hoare triple {25882#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {25882#false} is VALID [2022-02-20 18:05:56,616 INFO L272 TraceCheckUtils]: 91: Hoare triple {25882#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {25882#false} is VALID [2022-02-20 18:05:56,616 INFO L290 TraceCheckUtils]: 92: Hoare triple {25882#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {25882#false} is VALID [2022-02-20 18:05:56,616 INFO L272 TraceCheckUtils]: 93: Hoare triple {25882#false} call #t~ret90#1 := getEmailTo(~msg#1); {25881#true} is VALID [2022-02-20 18:05:56,616 INFO L290 TraceCheckUtils]: 94: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25881#true} is VALID [2022-02-20 18:05:56,616 INFO L290 TraceCheckUtils]: 95: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {25881#true} is VALID [2022-02-20 18:05:56,616 INFO L290 TraceCheckUtils]: 96: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,616 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {25881#true} {25882#false} #1333#return; {25882#false} is VALID [2022-02-20 18:05:56,616 INFO L290 TraceCheckUtils]: 98: Hoare triple {25882#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {25882#false} is VALID [2022-02-20 18:05:56,617 INFO L272 TraceCheckUtils]: 99: Hoare triple {25882#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {25881#true} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 100: Hoare triple {25881#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {25881#true} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 101: Hoare triple {25881#true} assume 1 == ~handle; {25881#true} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 102: Hoare triple {25881#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {25881#true} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 103: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,617 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {25881#true} {25882#false} #1335#return; {25882#false} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 105: Hoare triple {25882#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {25882#false} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 106: Hoare triple {25882#false} assume !(0 != ~pubkey~0#1); {25882#false} is VALID [2022-02-20 18:05:56,617 INFO L290 TraceCheckUtils]: 107: Hoare triple {25882#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {25882#false} is VALID [2022-02-20 18:05:56,618 INFO L290 TraceCheckUtils]: 108: Hoare triple {25882#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {25882#false} is VALID [2022-02-20 18:05:56,618 INFO L290 TraceCheckUtils]: 109: Hoare triple {25882#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {25882#false} is VALID [2022-02-20 18:05:56,618 INFO L272 TraceCheckUtils]: 110: Hoare triple {25882#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {25952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:56,618 INFO L290 TraceCheckUtils]: 111: Hoare triple {25952#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25881#true} is VALID [2022-02-20 18:05:56,618 INFO L290 TraceCheckUtils]: 112: Hoare triple {25881#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25881#true} is VALID [2022-02-20 18:05:56,618 INFO L290 TraceCheckUtils]: 113: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,618 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {25881#true} {25882#false} #1341#return; {25882#false} is VALID [2022-02-20 18:05:56,618 INFO L290 TraceCheckUtils]: 115: Hoare triple {25882#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {25882#false} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 116: Hoare triple {25882#false} assume 0 != ~in_encrypted~0; {25882#false} is VALID [2022-02-20 18:05:56,619 INFO L272 TraceCheckUtils]: 117: Hoare triple {25882#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {25881#true} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 118: Hoare triple {25881#true} ~handle := #in~handle;havoc ~retValue_acc~39; {25881#true} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 119: Hoare triple {25881#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {25881#true} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 120: Hoare triple {25881#true} assume true; {25881#true} is VALID [2022-02-20 18:05:56,619 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {25881#true} {25882#false} #1343#return; {25882#false} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 122: Hoare triple {25882#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {25882#false} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 123: Hoare triple {25882#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {25882#false} is VALID [2022-02-20 18:05:56,619 INFO L290 TraceCheckUtils]: 124: Hoare triple {25882#false} assume !false; {25882#false} is VALID [2022-02-20 18:05:56,620 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:05:56,620 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:56,620 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [25793949] [2022-02-20 18:05:56,620 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [25793949] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:56,620 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:56,620 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:05:56,621 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [692956361] [2022-02-20 18:05:56,621 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:56,621 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 125 [2022-02-20 18:05:56,621 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:56,622 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:05:56,686 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:56,686 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:05:56,686 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:56,687 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:05:56,687 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:56,687 INFO L87 Difference]: Start difference. First operand 540 states and 830 transitions. Second operand has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:09,926 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:09,926 INFO L93 Difference]: Finished difference Result 1287 states and 2005 transitions. [2022-02-20 18:06:09,926 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:06:09,926 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 125 [2022-02-20 18:06:09,927 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:09,927 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:09,940 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1741 transitions. [2022-02-20 18:06:09,953 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:09,989 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1741 transitions. [2022-02-20 18:06:09,989 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1741 transitions. [2022-02-20 18:06:10,979 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1741 edges. 1741 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:11,018 INFO L225 Difference]: With dead ends: 1287 [2022-02-20 18:06:11,018 INFO L226 Difference]: Without dead ends: 774 [2022-02-20 18:06:11,019 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:06:11,020 INFO L933 BasicCegarLoop]: 780 mSDtfsCounter, 1952 mSDsluCounter, 1430 mSDsCounter, 0 mSdLazyCounter, 5221 mSolverCounterSat, 801 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 6.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1952 SdHoareTripleChecker+Valid, 2210 SdHoareTripleChecker+Invalid, 6022 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 801 IncrementalHoareTripleChecker+Valid, 5221 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 6.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:11,020 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1952 Valid, 2210 Invalid, 6022 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [801 Valid, 5221 Invalid, 0 Unknown, 0 Unchecked, 6.5s Time] [2022-02-20 18:06:11,021 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 774 states. [2022-02-20 18:06:11,128 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 774 to 540. [2022-02-20 18:06:11,128 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:11,129 INFO L82 GeneralOperation]: Start isEquivalent. First operand 774 states. Second operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:06:11,130 INFO L74 IsIncluded]: Start isIncluded. First operand 774 states. Second operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:06:11,131 INFO L87 Difference]: Start difference. First operand 774 states. Second operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:06:11,159 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:11,160 INFO L93 Difference]: Finished difference Result 774 states and 1212 transitions. [2022-02-20 18:06:11,160 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 1212 transitions. [2022-02-20 18:06:11,163 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:11,163 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:11,165 INFO L74 IsIncluded]: Start isIncluded. First operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) Second operand 774 states. [2022-02-20 18:06:11,165 INFO L87 Difference]: Start difference. First operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) Second operand 774 states. [2022-02-20 18:06:11,193 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:11,194 INFO L93 Difference]: Finished difference Result 774 states and 1212 transitions. [2022-02-20 18:06:11,194 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 1212 transitions. [2022-02-20 18:06:11,197 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:11,197 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:11,197 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:11,198 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:11,199 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 540 states, 418 states have (on average 1.5430622009569377) internal successors, (645), 425 states have internal predecessors, (645), 89 states have call successors, (89), 29 states have call predecessors, (89), 32 states have return successors, (95), 87 states have call predecessors, (95), 88 states have call successors, (95) [2022-02-20 18:06:11,216 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 540 states to 540 states and 829 transitions. [2022-02-20 18:06:11,217 INFO L78 Accepts]: Start accepts. Automaton has 540 states and 829 transitions. Word has length 125 [2022-02-20 18:06:11,217 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:11,217 INFO L470 AbstractCegarLoop]: Abstraction has 540 states and 829 transitions. [2022-02-20 18:06:11,217 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:11,218 INFO L276 IsEmpty]: Start isEmpty. Operand 540 states and 829 transitions. [2022-02-20 18:06:11,220 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 127 [2022-02-20 18:06:11,220 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:11,220 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:11,220 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:06:11,221 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:11,221 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:11,221 INFO L85 PathProgramCache]: Analyzing trace with hash 1768213281, now seen corresponding path program 2 times [2022-02-20 18:06:11,221 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:11,221 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1862251495] [2022-02-20 18:06:11,222 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:11,222 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:11,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:06:11,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30099#true} #1397#return; {30099#true} is VALID [2022-02-20 18:06:11,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:06:11,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30099#true} #1399#return; {30099#true} is VALID [2022-02-20 18:06:11,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:11,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume !(1 == ~handle); {30099#true} is VALID [2022-02-20 18:06:11,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,307 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30099#true} {30099#true} #1401#return; {30099#true} is VALID [2022-02-20 18:06:11,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:06:11,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume !(1 == ~handle); {30099#true} is VALID [2022-02-20 18:06:11,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,313 INFO L290 TraceCheckUtils]: 3: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,313 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30099#true} {30099#true} #1403#return; {30099#true} is VALID [2022-02-20 18:06:11,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:06:11,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {30167#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {30167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {30167#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {30167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,330 INFO L290 TraceCheckUtils]: 3: Hoare triple {30167#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30168#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,330 INFO L290 TraceCheckUtils]: 4: Hoare triple {30168#(= 3 |setClientId_#in~handle|)} assume true; {30168#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,331 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30168#(= 3 |setClientId_#in~handle|)} {30119#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:06:11,331 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:06:11,333 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30170#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,347 INFO L290 TraceCheckUtils]: 3: Hoare triple {30170#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {30170#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,348 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30170#(= 2 |setClientPrivateKey_#in~handle|)} {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1407#return; {30100#false} is VALID [2022-02-20 18:06:11,355 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:06:11,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {30171#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,361 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1319#return; {30100#false} is VALID [2022-02-20 18:06:11,369 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:06:11,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,372 INFO L290 TraceCheckUtils]: 0: Hoare triple {30172#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,372 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,372 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1321#return; {30100#false} is VALID [2022-02-20 18:06:11,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:06:11,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~10; {30099#true} is VALID [2022-02-20 18:06:11,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {30099#true} is VALID [2022-02-20 18:06:11,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,374 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1299#return; {30100#false} is VALID [2022-02-20 18:06:11,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:06:11,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~4; {30099#true} is VALID [2022-02-20 18:06:11,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {30099#true} is VALID [2022-02-20 18:06:11,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1301#return; {30100#false} is VALID [2022-02-20 18:06:11,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:06:11,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30099#true} is VALID [2022-02-20 18:06:11,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30099#true} is VALID [2022-02-20 18:06:11,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,379 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1333#return; {30100#false} is VALID [2022-02-20 18:06:11,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:06:11,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {30099#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {30099#true} is VALID [2022-02-20 18:06:11,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle; {30099#true} is VALID [2022-02-20 18:06:11,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {30099#true} is VALID [2022-02-20 18:06:11,381 INFO L290 TraceCheckUtils]: 3: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,381 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30099#true} {30100#false} #1335#return; {30100#false} is VALID [2022-02-20 18:06:11,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:06:11,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {30171#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,383 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1341#return; {30100#false} is VALID [2022-02-20 18:06:11,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:06:11,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~39; {30099#true} is VALID [2022-02-20 18:06:11,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {30099#true} is VALID [2022-02-20 18:06:11,385 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,385 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30099#true} {30100#false} #1343#return; {30100#false} is VALID [2022-02-20 18:06:11,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {30099#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {30099#true} is VALID [2022-02-20 18:06:11,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {30099#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {30099#true} is VALID [2022-02-20 18:06:11,386 INFO L290 TraceCheckUtils]: 2: Hoare triple {30099#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30099#true} is VALID [2022-02-20 18:06:11,386 INFO L290 TraceCheckUtils]: 3: Hoare triple {30099#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {30099#true} is VALID [2022-02-20 18:06:11,386 INFO L290 TraceCheckUtils]: 4: Hoare triple {30099#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {30099#true} is VALID [2022-02-20 18:06:11,386 INFO L290 TraceCheckUtils]: 5: Hoare triple {30099#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30099#true} is VALID [2022-02-20 18:06:11,387 INFO L272 TraceCheckUtils]: 6: Hoare triple {30099#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,387 INFO L290 TraceCheckUtils]: 7: Hoare triple {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,387 INFO L290 TraceCheckUtils]: 8: Hoare triple {30099#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,387 INFO L290 TraceCheckUtils]: 9: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,387 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30099#true} {30099#true} #1397#return; {30099#true} is VALID [2022-02-20 18:06:11,387 INFO L290 TraceCheckUtils]: 11: Hoare triple {30099#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30099#true} is VALID [2022-02-20 18:06:11,388 INFO L272 TraceCheckUtils]: 12: Hoare triple {30099#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:11,388 INFO L290 TraceCheckUtils]: 13: Hoare triple {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,388 INFO L290 TraceCheckUtils]: 14: Hoare triple {30099#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,388 INFO L290 TraceCheckUtils]: 15: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,388 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30099#true} {30099#true} #1399#return; {30099#true} is VALID [2022-02-20 18:06:11,388 INFO L290 TraceCheckUtils]: 17: Hoare triple {30099#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30099#true} is VALID [2022-02-20 18:06:11,389 INFO L272 TraceCheckUtils]: 18: Hoare triple {30099#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,389 INFO L290 TraceCheckUtils]: 19: Hoare triple {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,389 INFO L290 TraceCheckUtils]: 20: Hoare triple {30099#true} assume !(1 == ~handle); {30099#true} is VALID [2022-02-20 18:06:11,389 INFO L290 TraceCheckUtils]: 21: Hoare triple {30099#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,389 INFO L290 TraceCheckUtils]: 22: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,390 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30099#true} {30099#true} #1401#return; {30099#true} is VALID [2022-02-20 18:06:11,390 INFO L290 TraceCheckUtils]: 24: Hoare triple {30099#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30099#true} is VALID [2022-02-20 18:06:11,390 INFO L272 TraceCheckUtils]: 25: Hoare triple {30099#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:11,390 INFO L290 TraceCheckUtils]: 26: Hoare triple {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,390 INFO L290 TraceCheckUtils]: 27: Hoare triple {30099#true} assume !(1 == ~handle); {30099#true} is VALID [2022-02-20 18:06:11,391 INFO L290 TraceCheckUtils]: 28: Hoare triple {30099#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,391 INFO L290 TraceCheckUtils]: 29: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,391 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30099#true} {30099#true} #1403#return; {30099#true} is VALID [2022-02-20 18:06:11,391 INFO L290 TraceCheckUtils]: 31: Hoare triple {30099#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30119#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:06:11,392 INFO L272 TraceCheckUtils]: 32: Hoare triple {30119#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,392 INFO L290 TraceCheckUtils]: 33: Hoare triple {30165#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,392 INFO L290 TraceCheckUtils]: 34: Hoare triple {30167#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {30167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,393 INFO L290 TraceCheckUtils]: 35: Hoare triple {30167#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {30167#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,393 INFO L290 TraceCheckUtils]: 36: Hoare triple {30167#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30168#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,393 INFO L290 TraceCheckUtils]: 37: Hoare triple {30168#(= 3 |setClientId_#in~handle|)} assume true; {30168#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,394 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30168#(= 3 |setClientId_#in~handle|)} {30119#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1405#return; {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:06:11,394 INFO L290 TraceCheckUtils]: 39: Hoare triple {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:06:11,394 INFO L272 TraceCheckUtils]: 40: Hoare triple {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:11,395 INFO L290 TraceCheckUtils]: 41: Hoare triple {30166#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,395 INFO L290 TraceCheckUtils]: 42: Hoare triple {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,395 INFO L290 TraceCheckUtils]: 43: Hoare triple {30169#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30170#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,395 INFO L290 TraceCheckUtils]: 44: Hoare triple {30170#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {30170#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:11,396 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {30170#(= 2 |setClientPrivateKey_#in~handle|)} {30126#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1407#return; {30100#false} is VALID [2022-02-20 18:06:11,396 INFO L290 TraceCheckUtils]: 46: Hoare triple {30100#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {30100#false} is VALID [2022-02-20 18:06:11,396 INFO L290 TraceCheckUtils]: 47: Hoare triple {30100#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30100#false} is VALID [2022-02-20 18:06:11,396 INFO L290 TraceCheckUtils]: 48: Hoare triple {30100#false} assume !false; {30100#false} is VALID [2022-02-20 18:06:11,396 INFO L290 TraceCheckUtils]: 49: Hoare triple {30100#false} assume test_~splverifierCounter~0#1 < 4; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 50: Hoare triple {30100#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 51: Hoare triple {30100#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 52: Hoare triple {30100#false} assume !(0 != test_~tmp___9~0#1); {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 53: Hoare triple {30100#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 54: Hoare triple {30100#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 55: Hoare triple {30100#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 56: Hoare triple {30100#false} assume { :end_inline_setClientAutoResponse } true; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 57: Hoare triple {30100#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {30100#false} is VALID [2022-02-20 18:06:11,397 INFO L290 TraceCheckUtils]: 58: Hoare triple {30100#false} assume !false; {30100#false} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 59: Hoare triple {30100#false} assume !(test_~splverifierCounter~0#1 < 4); {30100#false} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 60: Hoare triple {30100#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {30100#false} is VALID [2022-02-20 18:06:11,398 INFO L272 TraceCheckUtils]: 61: Hoare triple {30100#false} call sendEmail(~bob~0, ~rjh~0); {30100#false} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 62: Hoare triple {30100#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30100#false} is VALID [2022-02-20 18:06:11,398 INFO L272 TraceCheckUtils]: 63: Hoare triple {30100#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30171#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 64: Hoare triple {30171#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 65: Hoare triple {30099#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 66: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,398 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {30099#true} {30100#false} #1319#return; {30100#false} is VALID [2022-02-20 18:06:11,399 INFO L272 TraceCheckUtils]: 68: Hoare triple {30100#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30172#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:11,399 INFO L290 TraceCheckUtils]: 69: Hoare triple {30172#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,399 INFO L290 TraceCheckUtils]: 70: Hoare triple {30099#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,399 INFO L290 TraceCheckUtils]: 71: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,399 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {30099#true} {30100#false} #1321#return; {30100#false} is VALID [2022-02-20 18:06:11,399 INFO L290 TraceCheckUtils]: 73: Hoare triple {30100#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {30100#false} is VALID [2022-02-20 18:06:11,399 INFO L290 TraceCheckUtils]: 74: Hoare triple {30100#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {30100#false} is VALID [2022-02-20 18:06:11,399 INFO L272 TraceCheckUtils]: 75: Hoare triple {30100#false} call outgoing(~sender#1, ~email~0#1); {30100#false} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 76: Hoare triple {30100#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {30100#false} is VALID [2022-02-20 18:06:11,400 INFO L272 TraceCheckUtils]: 77: Hoare triple {30100#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {30099#true} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 78: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~10; {30099#true} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 79: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {30099#true} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 80: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,400 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30099#true} {30100#false} #1299#return; {30100#false} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 82: Hoare triple {30100#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {30100#false} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 83: Hoare triple {30100#false} assume 0 == sign_~privkey~1#1; {30100#false} is VALID [2022-02-20 18:06:11,400 INFO L290 TraceCheckUtils]: 84: Hoare triple {30100#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {30100#false} is VALID [2022-02-20 18:06:11,401 INFO L272 TraceCheckUtils]: 85: Hoare triple {30100#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30099#true} is VALID [2022-02-20 18:06:11,401 INFO L290 TraceCheckUtils]: 86: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~4; {30099#true} is VALID [2022-02-20 18:06:11,401 INFO L290 TraceCheckUtils]: 87: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {30099#true} is VALID [2022-02-20 18:06:11,401 INFO L290 TraceCheckUtils]: 88: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,401 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {30099#true} {30100#false} #1301#return; {30100#false} is VALID [2022-02-20 18:06:11,402 INFO L290 TraceCheckUtils]: 90: Hoare triple {30100#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {30100#false} is VALID [2022-02-20 18:06:11,402 INFO L290 TraceCheckUtils]: 91: Hoare triple {30100#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {30100#false} is VALID [2022-02-20 18:06:11,403 INFO L272 TraceCheckUtils]: 92: Hoare triple {30100#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30100#false} is VALID [2022-02-20 18:06:11,403 INFO L290 TraceCheckUtils]: 93: Hoare triple {30100#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {30100#false} is VALID [2022-02-20 18:06:11,406 INFO L272 TraceCheckUtils]: 94: Hoare triple {30100#false} call #t~ret90#1 := getEmailTo(~msg#1); {30099#true} is VALID [2022-02-20 18:06:11,406 INFO L290 TraceCheckUtils]: 95: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30099#true} is VALID [2022-02-20 18:06:11,406 INFO L290 TraceCheckUtils]: 96: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {30099#true} is VALID [2022-02-20 18:06:11,406 INFO L290 TraceCheckUtils]: 97: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,406 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30099#true} {30100#false} #1333#return; {30100#false} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 99: Hoare triple {30100#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {30100#false} is VALID [2022-02-20 18:06:11,407 INFO L272 TraceCheckUtils]: 100: Hoare triple {30100#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {30099#true} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 101: Hoare triple {30099#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {30099#true} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 102: Hoare triple {30099#true} assume 1 == ~handle; {30099#true} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 103: Hoare triple {30099#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {30099#true} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 104: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,407 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30099#true} {30100#false} #1335#return; {30100#false} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 106: Hoare triple {30100#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {30100#false} is VALID [2022-02-20 18:06:11,407 INFO L290 TraceCheckUtils]: 107: Hoare triple {30100#false} assume !(0 != ~pubkey~0#1); {30100#false} is VALID [2022-02-20 18:06:11,408 INFO L290 TraceCheckUtils]: 108: Hoare triple {30100#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {30100#false} is VALID [2022-02-20 18:06:11,408 INFO L290 TraceCheckUtils]: 109: Hoare triple {30100#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {30100#false} is VALID [2022-02-20 18:06:11,408 INFO L290 TraceCheckUtils]: 110: Hoare triple {30100#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {30100#false} is VALID [2022-02-20 18:06:11,408 INFO L272 TraceCheckUtils]: 111: Hoare triple {30100#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {30171#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:11,408 INFO L290 TraceCheckUtils]: 112: Hoare triple {30171#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30099#true} is VALID [2022-02-20 18:06:11,408 INFO L290 TraceCheckUtils]: 113: Hoare triple {30099#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30099#true} is VALID [2022-02-20 18:06:11,408 INFO L290 TraceCheckUtils]: 114: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,408 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {30099#true} {30100#false} #1341#return; {30100#false} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 116: Hoare triple {30100#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {30100#false} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 117: Hoare triple {30100#false} assume 0 != ~in_encrypted~0; {30100#false} is VALID [2022-02-20 18:06:11,409 INFO L272 TraceCheckUtils]: 118: Hoare triple {30100#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {30099#true} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 119: Hoare triple {30099#true} ~handle := #in~handle;havoc ~retValue_acc~39; {30099#true} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 120: Hoare triple {30099#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {30099#true} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 121: Hoare triple {30099#true} assume true; {30099#true} is VALID [2022-02-20 18:06:11,409 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {30099#true} {30100#false} #1343#return; {30100#false} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 123: Hoare triple {30100#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {30100#false} is VALID [2022-02-20 18:06:11,409 INFO L290 TraceCheckUtils]: 124: Hoare triple {30100#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {30100#false} is VALID [2022-02-20 18:06:11,410 INFO L290 TraceCheckUtils]: 125: Hoare triple {30100#false} assume !false; {30100#false} is VALID [2022-02-20 18:06:11,412 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:06:11,412 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:11,412 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1862251495] [2022-02-20 18:06:11,412 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1862251495] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:11,412 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:11,413 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:06:11,413 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1829599485] [2022-02-20 18:06:11,413 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:11,413 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 126 [2022-02-20 18:06:11,413 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:11,414 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:11,475 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:11,476 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:06:11,476 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:11,476 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:06:11,477 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:06:11,477 INFO L87 Difference]: Start difference. First operand 540 states and 829 transitions. Second operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:21,916 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:21,917 INFO L93 Difference]: Finished difference Result 1289 states and 2011 transitions. [2022-02-20 18:06:21,917 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:06:21,917 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 126 [2022-02-20 18:06:21,917 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:21,918 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:21,942 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1742 transitions. [2022-02-20 18:06:21,942 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:21,960 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1742 transitions. [2022-02-20 18:06:21,960 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1742 transitions. [2022-02-20 18:06:22,920 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1742 edges. 1742 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:22,987 INFO L225 Difference]: With dead ends: 1289 [2022-02-20 18:06:22,998 INFO L226 Difference]: Without dead ends: 776 [2022-02-20 18:06:23,000 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:06:23,017 INFO L933 BasicCegarLoop]: 783 mSDtfsCounter, 1964 mSDsluCounter, 1430 mSDsCounter, 0 mSdLazyCounter, 5240 mSolverCounterSat, 825 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1964 SdHoareTripleChecker+Valid, 2213 SdHoareTripleChecker+Invalid, 6065 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 825 IncrementalHoareTripleChecker+Valid, 5240 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:23,017 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1964 Valid, 2213 Invalid, 6065 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [825 Valid, 5240 Invalid, 0 Unknown, 0 Unchecked, 4.9s Time] [2022-02-20 18:06:23,018 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 776 states. [2022-02-20 18:06:23,115 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 776 to 542. [2022-02-20 18:06:23,115 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:23,116 INFO L82 GeneralOperation]: Start isEquivalent. First operand 776 states. Second operand has 542 states, 419 states have (on average 1.541766109785203) internal successors, (646), 427 states have internal predecessors, (646), 89 states have call successors, (89), 29 states have call predecessors, (89), 33 states have return successors, (100), 87 states have call predecessors, (100), 88 states have call successors, (100) [2022-02-20 18:06:23,117 INFO L74 IsIncluded]: Start isIncluded. First operand 776 states. Second operand has 542 states, 419 states have (on average 1.541766109785203) internal successors, (646), 427 states have internal predecessors, (646), 89 states have call successors, (89), 29 states have call predecessors, (89), 33 states have return successors, (100), 87 states have call predecessors, (100), 88 states have call successors, (100) [2022-02-20 18:06:23,118 INFO L87 Difference]: Start difference. First operand 776 states. Second operand has 542 states, 419 states have (on average 1.541766109785203) internal successors, (646), 427 states have internal predecessors, (646), 89 states have call successors, (89), 29 states have call predecessors, (89), 33 states have return successors, (100), 87 states have call predecessors, (100), 88 states have call successors, (100) [2022-02-20 18:06:23,158 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:23,159 INFO L93 Difference]: Finished difference Result 776 states and 1218 transitions. [2022-02-20 18:06:23,159 INFO L276 IsEmpty]: Start isEmpty. Operand 776 states and 1218 transitions. [2022-02-20 18:06:23,175 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:23,175 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:23,178 INFO L74 IsIncluded]: Start isIncluded. First operand has 542 states, 419 states have (on average 1.541766109785203) internal successors, (646), 427 states have internal predecessors, (646), 89 states have call successors, (89), 29 states have call predecessors, (89), 33 states have return successors, (100), 87 states have call predecessors, (100), 88 states have call successors, (100) Second operand 776 states. [2022-02-20 18:06:23,179 INFO L87 Difference]: Start difference. First operand has 542 states, 419 states have (on average 1.541766109785203) internal successors, (646), 427 states have internal predecessors, (646), 89 states have call successors, (89), 29 states have call predecessors, (89), 33 states have return successors, (100), 87 states have call predecessors, (100), 88 states have call successors, (100) Second operand 776 states. [2022-02-20 18:06:23,249 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:23,249 INFO L93 Difference]: Finished difference Result 776 states and 1218 transitions. [2022-02-20 18:06:23,249 INFO L276 IsEmpty]: Start isEmpty. Operand 776 states and 1218 transitions. [2022-02-20 18:06:23,252 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:23,252 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:23,253 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:23,253 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:23,254 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 542 states, 419 states have (on average 1.541766109785203) internal successors, (646), 427 states have internal predecessors, (646), 89 states have call successors, (89), 29 states have call predecessors, (89), 33 states have return successors, (100), 87 states have call predecessors, (100), 88 states have call successors, (100) [2022-02-20 18:06:23,270 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 542 states to 542 states and 835 transitions. [2022-02-20 18:06:23,283 INFO L78 Accepts]: Start accepts. Automaton has 542 states and 835 transitions. Word has length 126 [2022-02-20 18:06:23,283 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:23,283 INFO L470 AbstractCegarLoop]: Abstraction has 542 states and 835 transitions. [2022-02-20 18:06:23,284 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 18:06:23,284 INFO L276 IsEmpty]: Start isEmpty. Operand 542 states and 835 transitions. [2022-02-20 18:06:23,295 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 18:06:23,295 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:23,296 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:23,296 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:06:23,296 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:23,296 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:23,296 INFO L85 PathProgramCache]: Analyzing trace with hash -1051089069, now seen corresponding path program 1 times [2022-02-20 18:06:23,297 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:23,297 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1578898149] [2022-02-20 18:06:23,297 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:23,297 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:23,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,406 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:06:23,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,409 INFO L290 TraceCheckUtils]: 0: Hoare triple {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,409 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,409 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,410 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34326#true} #1397#return; {34326#true} is VALID [2022-02-20 18:06:23,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:06:23,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,417 INFO L290 TraceCheckUtils]: 0: Hoare triple {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34326#true} #1399#return; {34326#true} is VALID [2022-02-20 18:06:23,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:23,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34396#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {34396#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34396#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,429 INFO L290 TraceCheckUtils]: 2: Hoare triple {34396#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34397#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,430 INFO L290 TraceCheckUtils]: 3: Hoare triple {34397#(= 2 |setClientId_#in~handle|)} assume true; {34397#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,430 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34397#(= 2 |setClientId_#in~handle|)} {34336#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1401#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:06:23,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,435 INFO L290 TraceCheckUtils]: 0: Hoare triple {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,450 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,451 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34326#true} {34342#(not (= ~rjh~0 1))} #1403#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:06:23,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,469 INFO L290 TraceCheckUtils]: 0: Hoare triple {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,470 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,470 INFO L290 TraceCheckUtils]: 4: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,470 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34326#true} {34342#(not (= ~rjh~0 1))} #1405#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,470 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:06:23,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,473 INFO L290 TraceCheckUtils]: 0: Hoare triple {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,474 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,474 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,474 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,474 INFO L290 TraceCheckUtils]: 4: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,474 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34326#true} {34342#(not (= ~rjh~0 1))} #1407#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:06:23,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,482 INFO L290 TraceCheckUtils]: 0: Hoare triple {34398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,482 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,482 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,482 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1319#return; {34327#false} is VALID [2022-02-20 18:06:23,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:06:23,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {34399#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,489 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,489 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,489 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1321#return; {34327#false} is VALID [2022-02-20 18:06:23,489 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:06:23,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~10; {34326#true} is VALID [2022-02-20 18:06:23,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {34326#true} is VALID [2022-02-20 18:06:23,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,491 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1299#return; {34327#false} is VALID [2022-02-20 18:06:23,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:06:23,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~4; {34326#true} is VALID [2022-02-20 18:06:23,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {34326#true} is VALID [2022-02-20 18:06:23,494 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,494 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1301#return; {34327#false} is VALID [2022-02-20 18:06:23,494 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:06:23,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,495 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~36; {34326#true} is VALID [2022-02-20 18:06:23,495 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {34326#true} is VALID [2022-02-20 18:06:23,496 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,496 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1333#return; {34327#false} is VALID [2022-02-20 18:06:23,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:06:23,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {34326#true} is VALID [2022-02-20 18:06:23,499 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle; {34326#true} is VALID [2022-02-20 18:06:23,499 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {34326#true} is VALID [2022-02-20 18:06:23,499 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,499 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34326#true} {34327#false} #1335#return; {34327#false} is VALID [2022-02-20 18:06:23,499 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:06:23,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {34398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,517 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,517 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1341#return; {34327#false} is VALID [2022-02-20 18:06:23,517 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:06:23,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~39; {34326#true} is VALID [2022-02-20 18:06:23,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {34326#true} is VALID [2022-02-20 18:06:23,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34326#true} {34327#false} #1343#return; {34327#false} is VALID [2022-02-20 18:06:23,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {34326#true} is VALID [2022-02-20 18:06:23,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {34326#true} is VALID [2022-02-20 18:06:23,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 4: Hoare triple {34326#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 5: Hoare triple {34326#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L272 TraceCheckUtils]: 6: Hoare triple {34326#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 7: Hoare triple {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 8: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 9: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {34326#true} {34326#true} #1397#return; {34326#true} is VALID [2022-02-20 18:06:23,520 INFO L290 TraceCheckUtils]: 11: Hoare triple {34326#true} assume { :end_inline_setup_bob__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:23,521 INFO L272 TraceCheckUtils]: 12: Hoare triple {34326#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:23,521 INFO L290 TraceCheckUtils]: 13: Hoare triple {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,521 INFO L290 TraceCheckUtils]: 14: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,521 INFO L290 TraceCheckUtils]: 15: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,521 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34326#true} {34326#true} #1399#return; {34326#true} is VALID [2022-02-20 18:06:23,521 INFO L290 TraceCheckUtils]: 17: Hoare triple {34326#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {34336#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:06:23,522 INFO L272 TraceCheckUtils]: 18: Hoare triple {34336#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:23,522 INFO L290 TraceCheckUtils]: 19: Hoare triple {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34396#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,522 INFO L290 TraceCheckUtils]: 20: Hoare triple {34396#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34396#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,523 INFO L290 TraceCheckUtils]: 21: Hoare triple {34396#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34397#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,523 INFO L290 TraceCheckUtils]: 22: Hoare triple {34397#(= 2 |setClientId_#in~handle|)} assume true; {34397#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:23,523 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {34397#(= 2 |setClientId_#in~handle|)} {34336#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1401#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,523 INFO L290 TraceCheckUtils]: 24: Hoare triple {34342#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,524 INFO L272 TraceCheckUtils]: 25: Hoare triple {34342#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:23,524 INFO L290 TraceCheckUtils]: 26: Hoare triple {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,524 INFO L290 TraceCheckUtils]: 27: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,524 INFO L290 TraceCheckUtils]: 28: Hoare triple {34326#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,524 INFO L290 TraceCheckUtils]: 29: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,524 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {34326#true} {34342#(not (= ~rjh~0 1))} #1403#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,525 INFO L290 TraceCheckUtils]: 31: Hoare triple {34342#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,525 INFO L272 TraceCheckUtils]: 32: Hoare triple {34342#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:23,525 INFO L290 TraceCheckUtils]: 33: Hoare triple {34394#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,525 INFO L290 TraceCheckUtils]: 34: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,526 INFO L290 TraceCheckUtils]: 35: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,526 INFO L290 TraceCheckUtils]: 36: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,526 INFO L290 TraceCheckUtils]: 37: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,526 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {34326#true} {34342#(not (= ~rjh~0 1))} #1405#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,526 INFO L290 TraceCheckUtils]: 39: Hoare triple {34342#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,527 INFO L272 TraceCheckUtils]: 40: Hoare triple {34342#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:23,527 INFO L290 TraceCheckUtils]: 41: Hoare triple {34395#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,527 INFO L290 TraceCheckUtils]: 42: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,527 INFO L290 TraceCheckUtils]: 43: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:23,527 INFO L290 TraceCheckUtils]: 44: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,527 INFO L290 TraceCheckUtils]: 45: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,528 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {34326#true} {34342#(not (= ~rjh~0 1))} #1407#return; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,528 INFO L290 TraceCheckUtils]: 47: Hoare triple {34342#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,528 INFO L290 TraceCheckUtils]: 48: Hoare triple {34342#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,528 INFO L290 TraceCheckUtils]: 49: Hoare triple {34342#(not (= ~rjh~0 1))} assume !false; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,529 INFO L290 TraceCheckUtils]: 50: Hoare triple {34342#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,529 INFO L290 TraceCheckUtils]: 51: Hoare triple {34342#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,529 INFO L290 TraceCheckUtils]: 52: Hoare triple {34342#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,529 INFO L290 TraceCheckUtils]: 53: Hoare triple {34342#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,529 INFO L290 TraceCheckUtils]: 54: Hoare triple {34342#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {34342#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 55: Hoare triple {34342#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {34360#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 56: Hoare triple {34360#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {34327#false} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 57: Hoare triple {34327#false} assume { :end_inline_setClientAutoResponse } true; {34327#false} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 58: Hoare triple {34327#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {34327#false} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 59: Hoare triple {34327#false} assume !false; {34327#false} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 60: Hoare triple {34327#false} assume !(test_~splverifierCounter~0#1 < 4); {34327#false} is VALID [2022-02-20 18:06:23,531 INFO L290 TraceCheckUtils]: 61: Hoare triple {34327#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {34327#false} is VALID [2022-02-20 18:06:23,531 INFO L272 TraceCheckUtils]: 62: Hoare triple {34327#false} call sendEmail(~bob~0, ~rjh~0); {34327#false} is VALID [2022-02-20 18:06:23,531 INFO L290 TraceCheckUtils]: 63: Hoare triple {34327#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34327#false} is VALID [2022-02-20 18:06:23,531 INFO L272 TraceCheckUtils]: 64: Hoare triple {34327#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:23,531 INFO L290 TraceCheckUtils]: 65: Hoare triple {34398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,531 INFO L290 TraceCheckUtils]: 66: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,531 INFO L290 TraceCheckUtils]: 67: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,531 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {34326#true} {34327#false} #1319#return; {34327#false} is VALID [2022-02-20 18:06:23,531 INFO L272 TraceCheckUtils]: 69: Hoare triple {34327#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34399#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:23,532 INFO L290 TraceCheckUtils]: 70: Hoare triple {34399#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,532 INFO L290 TraceCheckUtils]: 71: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,532 INFO L290 TraceCheckUtils]: 72: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,532 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {34326#true} {34327#false} #1321#return; {34327#false} is VALID [2022-02-20 18:06:23,532 INFO L290 TraceCheckUtils]: 74: Hoare triple {34327#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {34327#false} is VALID [2022-02-20 18:06:23,532 INFO L290 TraceCheckUtils]: 75: Hoare triple {34327#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {34327#false} is VALID [2022-02-20 18:06:23,532 INFO L272 TraceCheckUtils]: 76: Hoare triple {34327#false} call outgoing(~sender#1, ~email~0#1); {34327#false} is VALID [2022-02-20 18:06:23,532 INFO L290 TraceCheckUtils]: 77: Hoare triple {34327#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {34327#false} is VALID [2022-02-20 18:06:23,533 INFO L272 TraceCheckUtils]: 78: Hoare triple {34327#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {34326#true} is VALID [2022-02-20 18:06:23,533 INFO L290 TraceCheckUtils]: 79: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~10; {34326#true} is VALID [2022-02-20 18:06:23,533 INFO L290 TraceCheckUtils]: 80: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {34326#true} is VALID [2022-02-20 18:06:23,533 INFO L290 TraceCheckUtils]: 81: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,533 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34326#true} {34327#false} #1299#return; {34327#false} is VALID [2022-02-20 18:06:23,533 INFO L290 TraceCheckUtils]: 83: Hoare triple {34327#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {34327#false} is VALID [2022-02-20 18:06:23,533 INFO L290 TraceCheckUtils]: 84: Hoare triple {34327#false} assume 0 == sign_~privkey~1#1; {34327#false} is VALID [2022-02-20 18:06:23,533 INFO L290 TraceCheckUtils]: 85: Hoare triple {34327#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {34327#false} is VALID [2022-02-20 18:06:23,533 INFO L272 TraceCheckUtils]: 86: Hoare triple {34327#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {34326#true} is VALID [2022-02-20 18:06:23,534 INFO L290 TraceCheckUtils]: 87: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~4; {34326#true} is VALID [2022-02-20 18:06:23,534 INFO L290 TraceCheckUtils]: 88: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {34326#true} is VALID [2022-02-20 18:06:23,534 INFO L290 TraceCheckUtils]: 89: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,534 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {34326#true} {34327#false} #1301#return; {34327#false} is VALID [2022-02-20 18:06:23,534 INFO L290 TraceCheckUtils]: 91: Hoare triple {34327#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {34327#false} is VALID [2022-02-20 18:06:23,534 INFO L290 TraceCheckUtils]: 92: Hoare triple {34327#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {34327#false} is VALID [2022-02-20 18:06:23,534 INFO L272 TraceCheckUtils]: 93: Hoare triple {34327#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {34327#false} is VALID [2022-02-20 18:06:23,534 INFO L290 TraceCheckUtils]: 94: Hoare triple {34327#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {34327#false} is VALID [2022-02-20 18:06:23,534 INFO L272 TraceCheckUtils]: 95: Hoare triple {34327#false} call #t~ret90#1 := getEmailTo(~msg#1); {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 96: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~36; {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 97: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 98: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34326#true} {34327#false} #1333#return; {34327#false} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 100: Hoare triple {34327#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {34327#false} is VALID [2022-02-20 18:06:23,535 INFO L272 TraceCheckUtils]: 101: Hoare triple {34327#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 102: Hoare triple {34326#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 103: Hoare triple {34326#true} assume 1 == ~handle; {34326#true} is VALID [2022-02-20 18:06:23,535 INFO L290 TraceCheckUtils]: 104: Hoare triple {34326#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {34326#true} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 105: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,536 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34326#true} {34327#false} #1335#return; {34327#false} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 107: Hoare triple {34327#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {34327#false} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 108: Hoare triple {34327#false} assume !(0 != ~pubkey~0#1); {34327#false} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 109: Hoare triple {34327#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {34327#false} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 110: Hoare triple {34327#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {34327#false} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 111: Hoare triple {34327#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {34327#false} is VALID [2022-02-20 18:06:23,536 INFO L272 TraceCheckUtils]: 112: Hoare triple {34327#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {34398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:23,536 INFO L290 TraceCheckUtils]: 113: Hoare triple {34398#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:23,537 INFO L290 TraceCheckUtils]: 114: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:23,537 INFO L290 TraceCheckUtils]: 115: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,537 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {34326#true} {34327#false} #1341#return; {34327#false} is VALID [2022-02-20 18:06:23,537 INFO L290 TraceCheckUtils]: 117: Hoare triple {34327#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {34327#false} is VALID [2022-02-20 18:06:23,537 INFO L290 TraceCheckUtils]: 118: Hoare triple {34327#false} assume 0 != ~in_encrypted~0; {34327#false} is VALID [2022-02-20 18:06:23,537 INFO L272 TraceCheckUtils]: 119: Hoare triple {34327#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {34326#true} is VALID [2022-02-20 18:06:23,537 INFO L290 TraceCheckUtils]: 120: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~39; {34326#true} is VALID [2022-02-20 18:06:23,537 INFO L290 TraceCheckUtils]: 121: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {34326#true} is VALID [2022-02-20 18:06:23,538 INFO L290 TraceCheckUtils]: 122: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:23,538 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {34326#true} {34327#false} #1343#return; {34327#false} is VALID [2022-02-20 18:06:23,538 INFO L290 TraceCheckUtils]: 124: Hoare triple {34327#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {34327#false} is VALID [2022-02-20 18:06:23,538 INFO L290 TraceCheckUtils]: 125: Hoare triple {34327#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {34327#false} is VALID [2022-02-20 18:06:23,538 INFO L290 TraceCheckUtils]: 126: Hoare triple {34327#false} assume !false; {34327#false} is VALID [2022-02-20 18:06:23,545 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 18:06:23,545 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:23,545 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1578898149] [2022-02-20 18:06:23,545 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1578898149] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:06:23,546 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [709323749] [2022-02-20 18:06:23,546 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:23,546 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:23,546 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:23,548 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:06:23,549 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:06:23,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,769 INFO L263 TraceCheckSpWp]: Trace formula consists of 1202 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:06:23,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,814 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 4: Hoare triple {34326#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 5: Hoare triple {34326#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L272 TraceCheckUtils]: 6: Hoare triple {34326#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 7: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 8: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 9: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {34326#true} {34326#true} #1397#return; {34326#true} is VALID [2022-02-20 18:06:24,016 INFO L290 TraceCheckUtils]: 11: Hoare triple {34326#true} assume { :end_inline_setup_bob__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L272 TraceCheckUtils]: 12: Hoare triple {34326#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 13: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 14: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 15: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34326#true} {34326#true} #1399#return; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 17: Hoare triple {34326#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L272 TraceCheckUtils]: 18: Hoare triple {34326#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 19: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 20: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 21: Hoare triple {34326#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 22: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {34326#true} {34326#true} #1401#return; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 24: Hoare triple {34326#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L272 TraceCheckUtils]: 25: Hoare triple {34326#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 26: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 27: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 28: Hoare triple {34326#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,017 INFO L290 TraceCheckUtils]: 29: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {34326#true} {34326#true} #1403#return; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 31: Hoare triple {34326#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L272 TraceCheckUtils]: 32: Hoare triple {34326#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 33: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 34: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 35: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 36: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 37: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {34326#true} {34326#true} #1405#return; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 39: Hoare triple {34326#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L272 TraceCheckUtils]: 40: Hoare triple {34326#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 41: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 42: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 43: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 44: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L290 TraceCheckUtils]: 45: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,018 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {34326#true} {34326#true} #1407#return; {34326#true} is VALID [2022-02-20 18:06:24,019 INFO L290 TraceCheckUtils]: 47: Hoare triple {34326#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {34326#true} is VALID [2022-02-20 18:06:24,021 INFO L290 TraceCheckUtils]: 48: Hoare triple {34326#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34547#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:24,021 INFO L290 TraceCheckUtils]: 49: Hoare triple {34547#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {34547#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:24,022 INFO L290 TraceCheckUtils]: 50: Hoare triple {34547#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {34547#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:24,022 INFO L290 TraceCheckUtils]: 51: Hoare triple {34547#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,022 INFO L290 TraceCheckUtils]: 52: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,022 INFO L290 TraceCheckUtils]: 53: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,023 INFO L290 TraceCheckUtils]: 54: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,023 INFO L290 TraceCheckUtils]: 55: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,023 INFO L290 TraceCheckUtils]: 56: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,023 INFO L290 TraceCheckUtils]: 57: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,024 INFO L290 TraceCheckUtils]: 58: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,024 INFO L290 TraceCheckUtils]: 59: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:06:24,024 INFO L290 TraceCheckUtils]: 60: Hoare triple {34557#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {34327#false} is VALID [2022-02-20 18:06:24,024 INFO L290 TraceCheckUtils]: 61: Hoare triple {34327#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {34327#false} is VALID [2022-02-20 18:06:24,024 INFO L272 TraceCheckUtils]: 62: Hoare triple {34327#false} call sendEmail(~bob~0, ~rjh~0); {34327#false} is VALID [2022-02-20 18:06:24,024 INFO L290 TraceCheckUtils]: 63: Hoare triple {34327#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34327#false} is VALID [2022-02-20 18:06:24,024 INFO L272 TraceCheckUtils]: 64: Hoare triple {34327#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 65: Hoare triple {34327#false} ~handle := #in~handle;~value := #in~value; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 66: Hoare triple {34327#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 67: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {34327#false} {34327#false} #1319#return; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L272 TraceCheckUtils]: 69: Hoare triple {34327#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 70: Hoare triple {34327#false} ~handle := #in~handle;~value := #in~value; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 71: Hoare triple {34327#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 72: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {34327#false} {34327#false} #1321#return; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 74: Hoare triple {34327#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 75: Hoare triple {34327#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L272 TraceCheckUtils]: 76: Hoare triple {34327#false} call outgoing(~sender#1, ~email~0#1); {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 77: Hoare triple {34327#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L272 TraceCheckUtils]: 78: Hoare triple {34327#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 79: Hoare triple {34327#false} ~handle := #in~handle;havoc ~retValue_acc~10; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 80: Hoare triple {34327#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {34327#false} is VALID [2022-02-20 18:06:24,025 INFO L290 TraceCheckUtils]: 81: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34327#false} {34327#false} #1299#return; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 83: Hoare triple {34327#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 84: Hoare triple {34327#false} assume 0 == sign_~privkey~1#1; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 85: Hoare triple {34327#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L272 TraceCheckUtils]: 86: Hoare triple {34327#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 87: Hoare triple {34327#false} ~handle := #in~handle;havoc ~retValue_acc~4; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 88: Hoare triple {34327#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 89: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {34327#false} {34327#false} #1301#return; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 91: Hoare triple {34327#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 92: Hoare triple {34327#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L272 TraceCheckUtils]: 93: Hoare triple {34327#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 94: Hoare triple {34327#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L272 TraceCheckUtils]: 95: Hoare triple {34327#false} call #t~ret90#1 := getEmailTo(~msg#1); {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 96: Hoare triple {34327#false} ~handle := #in~handle;havoc ~retValue_acc~36; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 97: Hoare triple {34327#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {34327#false} is VALID [2022-02-20 18:06:24,026 INFO L290 TraceCheckUtils]: 98: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34327#false} {34327#false} #1333#return; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 100: Hoare triple {34327#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L272 TraceCheckUtils]: 101: Hoare triple {34327#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 102: Hoare triple {34327#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 103: Hoare triple {34327#false} assume 1 == ~handle; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 104: Hoare triple {34327#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 105: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34327#false} {34327#false} #1335#return; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 107: Hoare triple {34327#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 108: Hoare triple {34327#false} assume !(0 != ~pubkey~0#1); {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 109: Hoare triple {34327#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 110: Hoare triple {34327#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 111: Hoare triple {34327#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L272 TraceCheckUtils]: 112: Hoare triple {34327#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 113: Hoare triple {34327#false} ~handle := #in~handle;~value := #in~value; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 114: Hoare triple {34327#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34327#false} is VALID [2022-02-20 18:06:24,027 INFO L290 TraceCheckUtils]: 115: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {34327#false} {34327#false} #1341#return; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 117: Hoare triple {34327#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 118: Hoare triple {34327#false} assume 0 != ~in_encrypted~0; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L272 TraceCheckUtils]: 119: Hoare triple {34327#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 120: Hoare triple {34327#false} ~handle := #in~handle;havoc ~retValue_acc~39; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 121: Hoare triple {34327#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 122: Hoare triple {34327#false} assume true; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {34327#false} {34327#false} #1343#return; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 124: Hoare triple {34327#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 125: Hoare triple {34327#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L290 TraceCheckUtils]: 126: Hoare triple {34327#false} assume !false; {34327#false} is VALID [2022-02-20 18:06:24,028 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:06:24,028 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 126: Hoare triple {34327#false} assume !false; {34327#false} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 125: Hoare triple {34327#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~10#1);assume { :begin_inline___automaton_fail } true; {34327#false} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 124: Hoare triple {34327#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret52#1 && __utac_acc__EncryptForward_spec__2_#t~ret52#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~10#1 := __utac_acc__EncryptForward_spec__2_#t~ret52#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret52#1; {34327#false} is VALID [2022-02-20 18:06:24,292 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {34326#true} {34327#false} #1343#return; {34327#false} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 122: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 121: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {34326#true} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 120: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~39; {34326#true} is VALID [2022-02-20 18:06:24,292 INFO L272 TraceCheckUtils]: 119: Hoare triple {34327#false} call __utac_acc__EncryptForward_spec__2_#t~ret52#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {34326#true} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 118: Hoare triple {34327#false} assume 0 != ~in_encrypted~0; {34327#false} is VALID [2022-02-20 18:06:24,292 INFO L290 TraceCheckUtils]: 117: Hoare triple {34327#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret87#1, mail_#t~ret88#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~15#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~15#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1, __utac_acc__EncryptForward_spec__2_#t~nondet51#1, __utac_acc__EncryptForward_spec__2_#t~ret52#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~10#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~10#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret50#1 := puts(23, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret50#1 && __utac_acc__EncryptForward_spec__2_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret50#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 24, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet51#1; {34327#false} is VALID [2022-02-20 18:06:24,292 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {34326#true} {34327#false} #1341#return; {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 115: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 114: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 113: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,293 INFO L272 TraceCheckUtils]: 112: Hoare triple {34327#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1); {34326#true} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 111: Hoare triple {34327#false} outgoing__wrappee__Keys_#t~ret89#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret89#1 && outgoing__wrappee__Keys_#t~ret89#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~16#1 := outgoing__wrappee__Keys_#t~ret89#1;havoc outgoing__wrappee__Keys_#t~ret89#1; {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 110: Hoare triple {34327#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 109: Hoare triple {34327#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret89#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~16#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~16#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 108: Hoare triple {34327#false} assume !(0 != ~pubkey~0#1); {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 107: Hoare triple {34327#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~6#1 := #t~ret91#1;havoc #t~ret91#1;~pubkey~0#1 := ~tmp___0~6#1; {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34326#true} {34327#false} #1335#return; {34327#false} is VALID [2022-02-20 18:06:24,293 INFO L290 TraceCheckUtils]: 105: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 104: Hoare triple {34326#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 103: Hoare triple {34326#true} assume 1 == ~handle; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 102: Hoare triple {34326#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L272 TraceCheckUtils]: 101: Hoare triple {34327#false} call #t~ret91#1 := findPublicKey(~client#1, ~receiver~0#1); {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 100: Hoare triple {34327#false} assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;~tmp~17#1 := #t~ret90#1;havoc #t~ret90#1;~receiver~0#1 := ~tmp~17#1; {34327#false} is VALID [2022-02-20 18:06:24,294 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34326#true} {34327#false} #1333#return; {34327#false} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 98: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 97: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 96: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~36; {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L272 TraceCheckUtils]: 95: Hoare triple {34327#false} call #t~ret90#1 := getEmailTo(~msg#1); {34326#true} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 94: Hoare triple {34327#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~17#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {34327#false} is VALID [2022-02-20 18:06:24,294 INFO L272 TraceCheckUtils]: 93: Hoare triple {34327#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {34327#false} is VALID [2022-02-20 18:06:24,294 INFO L290 TraceCheckUtils]: 92: Hoare triple {34327#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {34327#false} is VALID [2022-02-20 18:06:24,295 INFO L290 TraceCheckUtils]: 91: Hoare triple {34327#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret92#1 && outgoing__wrappee__AddressBook_#t~ret92#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~18#1 := outgoing__wrappee__AddressBook_#t~ret92#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~18#1; {34327#false} is VALID [2022-02-20 18:06:24,295 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {34326#true} {34327#false} #1301#return; {34327#false} is VALID [2022-02-20 18:06:24,295 INFO L290 TraceCheckUtils]: 89: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,295 INFO L290 TraceCheckUtils]: 88: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {34326#true} is VALID [2022-02-20 18:06:24,295 INFO L290 TraceCheckUtils]: 87: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~4; {34326#true} is VALID [2022-02-20 18:06:24,296 INFO L272 TraceCheckUtils]: 86: Hoare triple {34327#false} call outgoing__wrappee__AddressBook_#t~ret92#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {34326#true} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 85: Hoare triple {34327#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_#t~ret93#1, outgoing__wrappee__AddressBook_#t~ret94#1, outgoing__wrappee__AddressBook_#t~ret95#1, outgoing__wrappee__AddressBook_#t~ret96#1, outgoing__wrappee__AddressBook_#t~ret97#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~18#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~18#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 84: Hoare triple {34327#false} assume 0 == sign_~privkey~1#1; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 83: Hoare triple {34327#false} assume -2147483648 <= sign_#t~ret110#1 && sign_#t~ret110#1 <= 2147483647;sign_~tmp~25#1 := sign_#t~ret110#1;havoc sign_#t~ret110#1;sign_~privkey~1#1 := sign_~tmp~25#1; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34326#true} {34327#false} #1299#return; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 81: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 80: Hoare triple {34326#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {34326#true} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 79: Hoare triple {34326#true} ~handle := #in~handle;havoc ~retValue_acc~10; {34326#true} is VALID [2022-02-20 18:06:24,297 INFO L272 TraceCheckUtils]: 78: Hoare triple {34327#false} call sign_#t~ret110#1 := getClientPrivateKey(sign_~client#1); {34326#true} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 77: Hoare triple {34327#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret110#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~25#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~25#1; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L272 TraceCheckUtils]: 76: Hoare triple {34327#false} call outgoing(~sender#1, ~email~0#1); {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 75: Hoare triple {34327#false} #t~ret106#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret106#1 && #t~ret106#1 <= 2147483647;~tmp~23#1 := #t~ret106#1;havoc #t~ret106#1;~email~0#1 := ~tmp~23#1; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L290 TraceCheckUtils]: 74: Hoare triple {34327#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {34327#false} is VALID [2022-02-20 18:06:24,297 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {34326#true} {34327#false} #1321#return; {34327#false} is VALID [2022-02-20 18:06:24,298 INFO L290 TraceCheckUtils]: 72: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L290 TraceCheckUtils]: 71: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L290 TraceCheckUtils]: 70: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L272 TraceCheckUtils]: 69: Hoare triple {34327#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {34326#true} {34327#false} #1319#return; {34327#false} is VALID [2022-02-20 18:06:24,298 INFO L290 TraceCheckUtils]: 67: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L290 TraceCheckUtils]: 66: Hoare triple {34326#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L290 TraceCheckUtils]: 65: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,298 INFO L272 TraceCheckUtils]: 64: Hoare triple {34327#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34326#true} is VALID [2022-02-20 18:06:24,299 INFO L290 TraceCheckUtils]: 63: Hoare triple {34327#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~23#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34327#false} is VALID [2022-02-20 18:06:24,299 INFO L272 TraceCheckUtils]: 62: Hoare triple {34327#false} call sendEmail(~bob~0, ~rjh~0); {34327#false} is VALID [2022-02-20 18:06:24,299 INFO L290 TraceCheckUtils]: 61: Hoare triple {34327#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {34327#false} is VALID [2022-02-20 18:06:24,299 INFO L290 TraceCheckUtils]: 60: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {34327#false} is VALID [2022-02-20 18:06:24,299 INFO L290 TraceCheckUtils]: 59: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,300 INFO L290 TraceCheckUtils]: 58: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,300 INFO L290 TraceCheckUtils]: 57: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,300 INFO L290 TraceCheckUtils]: 56: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,300 INFO L290 TraceCheckUtils]: 55: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,301 INFO L290 TraceCheckUtils]: 54: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,301 INFO L290 TraceCheckUtils]: 53: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,301 INFO L290 TraceCheckUtils]: 52: Hoare triple {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet76#1 && test_#t~nondet76#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet76#1;havoc test_#t~nondet76#1; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,302 INFO L290 TraceCheckUtils]: 51: Hoare triple {35009#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34981#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:06:24,302 INFO L290 TraceCheckUtils]: 50: Hoare triple {35009#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {35009#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:06:24,302 INFO L290 TraceCheckUtils]: 49: Hoare triple {35009#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {35009#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:06:24,302 INFO L290 TraceCheckUtils]: 48: Hoare triple {34326#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {35009#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 47: Hoare triple {34326#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {34326#true} {34326#true} #1407#return; {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 45: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 44: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 43: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 42: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 41: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L272 TraceCheckUtils]: 40: Hoare triple {34326#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {34326#true} is VALID [2022-02-20 18:06:24,303 INFO L290 TraceCheckUtils]: 39: Hoare triple {34326#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {34326#true} {34326#true} #1405#return; {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L290 TraceCheckUtils]: 37: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L290 TraceCheckUtils]: 36: Hoare triple {34326#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L290 TraceCheckUtils]: 35: Hoare triple {34326#true} assume !(2 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L290 TraceCheckUtils]: 34: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L290 TraceCheckUtils]: 33: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L272 TraceCheckUtils]: 32: Hoare triple {34326#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {34326#true} is VALID [2022-02-20 18:06:24,304 INFO L290 TraceCheckUtils]: 31: Hoare triple {34326#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {34326#true} {34326#true} #1403#return; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L290 TraceCheckUtils]: 29: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L290 TraceCheckUtils]: 28: Hoare triple {34326#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L290 TraceCheckUtils]: 27: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L290 TraceCheckUtils]: 26: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L272 TraceCheckUtils]: 25: Hoare triple {34326#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L290 TraceCheckUtils]: 24: Hoare triple {34326#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {34326#true} {34326#true} #1401#return; {34326#true} is VALID [2022-02-20 18:06:24,305 INFO L290 TraceCheckUtils]: 22: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 21: Hoare triple {34326#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 20: Hoare triple {34326#true} assume !(1 == ~handle); {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 19: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L272 TraceCheckUtils]: 18: Hoare triple {34326#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 17: Hoare triple {34326#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34326#true} {34326#true} #1399#return; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 15: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 14: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,306 INFO L290 TraceCheckUtils]: 13: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L272 TraceCheckUtils]: 12: Hoare triple {34326#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L290 TraceCheckUtils]: 11: Hoare triple {34326#true} assume { :end_inline_setup_bob__wrappee__Base } true; {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {34326#true} {34326#true} #1397#return; {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L290 TraceCheckUtils]: 9: Hoare triple {34326#true} assume true; {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L290 TraceCheckUtils]: 8: Hoare triple {34326#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L290 TraceCheckUtils]: 7: Hoare triple {34326#true} ~handle := #in~handle;~value := #in~value; {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L272 TraceCheckUtils]: 6: Hoare triple {34326#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {34326#true} is VALID [2022-02-20 18:06:24,307 INFO L290 TraceCheckUtils]: 5: Hoare triple {34326#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {34326#true} is VALID [2022-02-20 18:06:24,308 INFO L290 TraceCheckUtils]: 4: Hoare triple {34326#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {34326#true} is VALID [2022-02-20 18:06:24,308 INFO L290 TraceCheckUtils]: 3: Hoare triple {34326#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {34326#true} is VALID [2022-02-20 18:06:24,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {34326#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {34326#true} is VALID [2022-02-20 18:06:24,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {34326#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {34326#true} is VALID [2022-02-20 18:06:24,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {34326#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(13, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(17, 21);call #Ultimate.allocInit(17, 22);call #Ultimate.allocInit(13, 23);call #Ultimate.allocInit(17, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(21, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(34, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(20, 41);call #Ultimate.allocInit(22, 42);call #Ultimate.allocInit(21, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~in_encrypted~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {34326#true} is VALID [2022-02-20 18:06:24,308 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:06:24,309 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [709323749] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:06:24,309 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:06:24,309 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 18:06:24,311 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1158807784] [2022-02-20 18:06:24,311 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:06:24,312 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 10.285714285714286) internal successors, (144), 11 states have internal predecessors, (144), 4 states have call successors, (34), 6 states have call predecessors, (34), 3 states have return successors, (26), 3 states have call predecessors, (26), 4 states have call successors, (26) Word has length 127 [2022-02-20 18:06:24,502 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:24,503 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 10.285714285714286) internal successors, (144), 11 states have internal predecessors, (144), 4 states have call successors, (34), 6 states have call predecessors, (34), 3 states have return successors, (26), 3 states have call predecessors, (26), 4 states have call successors, (26) [2022-02-20 18:06:24,584 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 204 edges. 204 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:24,584 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:06:24,584 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:24,585 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:06:24,585 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:06:24,585 INFO L87 Difference]: Start difference. First operand 542 states and 835 transitions. Second operand has 15 states, 14 states have (on average 10.285714285714286) internal successors, (144), 11 states have internal predecessors, (144), 4 states have call successors, (34), 6 states have call predecessors, (34), 3 states have return successors, (26), 3 states have call predecessors, (26), 4 states have call successors, (26)