./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec0_product09.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 3061b6dc Calling Ultimate with: /root/.sdkman/candidates/java/11.0.12-open/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec0_product09.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 3b43506942a12950209750f07d771d1d388e9661c8c19f0364d898e10e246352 --- Real Ultimate output --- This is Ultimate 0.2.5-tmp.dk.eval-assert-order-craig-3061b6d-m [2024-11-18 14:05:01,447 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-11-18 14:05:01,515 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-11-18 14:05:01,522 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-11-18 14:05:01,522 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-11-18 14:05:01,552 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-11-18 14:05:01,553 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-11-18 14:05:01,553 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-11-18 14:05:01,554 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-11-18 14:05:01,555 INFO L153 SettingsManager]: * Use memory slicer=true [2024-11-18 14:05:01,556 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-11-18 14:05:01,556 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-11-18 14:05:01,557 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-11-18 14:05:01,557 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-11-18 14:05:01,559 INFO L153 SettingsManager]: * Use SBE=true [2024-11-18 14:05:01,559 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-11-18 14:05:01,560 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-11-18 14:05:01,560 INFO L153 SettingsManager]: * sizeof long=4 [2024-11-18 14:05:01,560 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-11-18 14:05:01,561 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-11-18 14:05:01,561 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-11-18 14:05:01,561 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-11-18 14:05:01,565 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-11-18 14:05:01,587 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-11-18 14:05:01,588 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-11-18 14:05:01,588 INFO L153 SettingsManager]: * sizeof long double=12 [2024-11-18 14:05:01,588 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-11-18 14:05:01,588 INFO L153 SettingsManager]: * Use constant arrays=true [2024-11-18 14:05:01,589 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-11-18 14:05:01,589 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-11-18 14:05:01,589 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-11-18 14:05:01,590 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-11-18 14:05:01,590 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-18 14:05:01,590 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-11-18 14:05:01,590 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-11-18 14:05:01,591 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-11-18 14:05:01,591 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-11-18 14:05:01,592 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-11-18 14:05:01,592 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-11-18 14:05:01,592 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-11-18 14:05:01,592 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-11-18 14:05:01,593 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-11-18 14:05:01,593 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 3b43506942a12950209750f07d771d1d388e9661c8c19f0364d898e10e246352 [2024-11-18 14:05:01,855 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-11-18 14:05:01,886 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-11-18 14:05:01,890 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-11-18 14:05:01,891 INFO L270 PluginConnector]: Initializing CDTParser... [2024-11-18 14:05:01,891 INFO L274 PluginConnector]: CDTParser initialized [2024-11-18 14:05:01,893 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec0_product09.cil.c [2024-11-18 14:05:03,382 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-11-18 14:05:03,690 INFO L384 CDTParser]: Found 1 translation units. [2024-11-18 14:05:03,691 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product09.cil.c [2024-11-18 14:05:03,711 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/233c2d039/32a9a04efa794c01a053e9f01b641afb/FLAG9f8564fc6 [2024-11-18 14:05:03,727 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/233c2d039/32a9a04efa794c01a053e9f01b641afb [2024-11-18 14:05:03,731 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-11-18 14:05:03,732 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-11-18 14:05:03,736 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-11-18 14:05:03,737 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-11-18 14:05:03,742 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-11-18 14:05:03,743 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 02:05:03" (1/1) ... [2024-11-18 14:05:03,746 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4376e1b0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:03, skipping insertion in model container [2024-11-18 14:05:03,746 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 02:05:03" (1/1) ... [2024-11-18 14:05:03,819 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-11-18 14:05:04,369 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product09.cil.c[57372,57385] [2024-11-18 14:05:04,376 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-18 14:05:04,394 INFO L200 MainTranslator]: Completed pre-run [2024-11-18 14:05:04,405 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [48] [2024-11-18 14:05:04,407 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [246] [2024-11-18 14:05:04,407 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [295] [2024-11-18 14:05:04,407 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [448] [2024-11-18 14:05:04,407 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [860] [2024-11-18 14:05:04,407 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [1226] [2024-11-18 14:05:04,408 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2301] [2024-11-18 14:05:04,408 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [2503] [2024-11-18 14:05:04,408 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [2567] [2024-11-18 14:05:04,408 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [2584] [2024-11-18 14:05:04,408 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"DecryptForward_spec.i","") [2593] [2024-11-18 14:05:04,509 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product09.cil.c[57372,57385] [2024-11-18 14:05:04,510 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-18 14:05:04,561 INFO L204 MainTranslator]: Completed translation [2024-11-18 14:05:04,561 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04 WrapperNode [2024-11-18 14:05:04,561 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-11-18 14:05:04,563 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-11-18 14:05:04,563 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-11-18 14:05:04,563 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-11-18 14:05:04,570 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,608 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,670 INFO L138 Inliner]: procedures = 110, calls = 128, calls flagged for inlining = 38, calls inlined = 33, statements flattened = 661 [2024-11-18 14:05:04,674 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-11-18 14:05:04,675 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-11-18 14:05:04,675 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-11-18 14:05:04,675 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-11-18 14:05:04,693 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,694 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,700 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,750 INFO L175 MemorySlicer]: Split 6 memory accesses to 2 slices as follows [2, 4]. 67 percent of accesses are in the largest equivalence class. The 6 initializations are split as follows [2, 4]. The 0 writes are split as follows [0, 0]. [2024-11-18 14:05:04,754 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,755 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,793 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,807 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,814 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,822 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,832 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-11-18 14:05:04,836 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-11-18 14:05:04,840 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-11-18 14:05:04,840 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-11-18 14:05:04,841 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (1/1) ... [2024-11-18 14:05:04,850 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-18 14:05:04,865 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:05:04,884 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-11-18 14:05:04,886 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-11-18 14:05:04,936 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Base [2024-11-18 14:05:04,937 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Base [2024-11-18 14:05:04,937 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2024-11-18 14:05:04,937 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2024-11-18 14:05:04,937 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2024-11-18 14:05:04,937 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2024-11-18 14:05:04,937 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2024-11-18 14:05:04,939 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2024-11-18 14:05:04,939 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2024-11-18 14:05:04,939 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2024-11-18 14:05:04,939 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2024-11-18 14:05:04,939 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2024-11-18 14:05:04,940 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2024-11-18 14:05:04,940 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2024-11-18 14:05:04,940 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-11-18 14:05:04,940 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2024-11-18 14:05:04,940 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2024-11-18 14:05:04,940 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2024-11-18 14:05:04,940 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2024-11-18 14:05:04,940 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2024-11-18 14:05:04,941 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2024-11-18 14:05:04,941 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2024-11-18 14:05:04,941 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2024-11-18 14:05:04,941 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-11-18 14:05:04,941 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#1 [2024-11-18 14:05:04,941 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2024-11-18 14:05:04,941 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2024-11-18 14:05:04,941 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-11-18 14:05:04,941 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-11-18 14:05:05,109 INFO L238 CfgBuilder]: Building ICFG [2024-11-18 14:05:05,111 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-11-18 14:05:05,737 INFO L? ?]: Removed 279 outVars from TransFormulas that were not future-live. [2024-11-18 14:05:05,737 INFO L287 CfgBuilder]: Performing block encoding [2024-11-18 14:05:05,760 INFO L311 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-11-18 14:05:05,762 INFO L316 CfgBuilder]: Removed 1 assume(true) statements. [2024-11-18 14:05:05,763 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:05:05 BoogieIcfgContainer [2024-11-18 14:05:05,763 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-11-18 14:05:05,770 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-11-18 14:05:05,770 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-11-18 14:05:05,774 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-11-18 14:05:05,778 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 18.11 02:05:03" (1/3) ... [2024-11-18 14:05:05,779 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@19a8522f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 02:05:05, skipping insertion in model container [2024-11-18 14:05:05,780 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:05:04" (2/3) ... [2024-11-18 14:05:05,780 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@19a8522f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 02:05:05, skipping insertion in model container [2024-11-18 14:05:05,780 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:05:05" (3/3) ... [2024-11-18 14:05:05,782 INFO L112 eAbstractionObserver]: Analyzing ICFG email_spec0_product09.cil.c [2024-11-18 14:05:05,815 INFO L214 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-11-18 14:05:05,815 INFO L154 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-11-18 14:05:05,940 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-11-18 14:05:05,947 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@4f170e00, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-11-18 14:05:05,948 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-11-18 14:05:05,954 INFO L276 IsEmpty]: Start isEmpty. Operand has 209 states, 169 states have (on average 1.5621301775147929) internal successors, (264), 172 states have internal predecessors, (264), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (26), 25 states have call predecessors, (26), 26 states have call successors, (26) [2024-11-18 14:05:05,965 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 85 [2024-11-18 14:05:05,965 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:05:05,966 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:05:05,966 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:05:05,971 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:05:05,971 INFO L85 PathProgramCache]: Analyzing trace with hash 1774813752, now seen corresponding path program 1 times [2024-11-18 14:05:05,979 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:05:05,979 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1038685811] [2024-11-18 14:05:05,979 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:05,980 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:05:06,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:06,667 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-18 14:05:06,667 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:05:06,667 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1038685811] [2024-11-18 14:05:06,668 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1038685811] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:05:06,668 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [960748179] [2024-11-18 14:05:06,668 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:06,668 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:05:06,669 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:05:06,670 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:05:06,672 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-11-18 14:05:07,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:07,035 INFO L255 TraceCheckSpWp]: Trace formula consists of 831 conjuncts, 1 conjuncts are in the unsatisfiable core [2024-11-18 14:05:07,045 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:05:07,064 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2024-11-18 14:05:07,064 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:05:07,065 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [960748179] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:05:07,065 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:05:07,065 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [5] total 5 [2024-11-18 14:05:07,068 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1292556784] [2024-11-18 14:05:07,068 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:05:07,073 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-11-18 14:05:07,074 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:05:07,096 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-11-18 14:05:07,098 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:05:07,101 INFO L87 Difference]: Start difference. First operand has 209 states, 169 states have (on average 1.5621301775147929) internal successors, (264), 172 states have internal predecessors, (264), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (26), 25 states have call predecessors, (26), 26 states have call successors, (26) Second operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-18 14:05:07,144 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:05:07,145 INFO L93 Difference]: Finished difference Result 329 states and 487 transitions. [2024-11-18 14:05:07,146 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-11-18 14:05:07,147 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 84 [2024-11-18 14:05:07,148 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:05:07,158 INFO L225 Difference]: With dead ends: 329 [2024-11-18 14:05:07,158 INFO L226 Difference]: Without dead ends: 202 [2024-11-18 14:05:07,163 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 88 GetRequests, 85 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:05:07,166 INFO L432 NwaCegarLoop]: 312 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 312 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:05:07,166 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 312 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:05:07,184 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 202 states. [2024-11-18 14:05:07,216 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 202 to 202. [2024-11-18 14:05:07,218 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 202 states, 163 states have (on average 1.5521472392638036) internal successors, (253), 165 states have internal predecessors, (253), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (25), 24 states have call predecessors, (25), 25 states have call successors, (25) [2024-11-18 14:05:07,223 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 202 states to 202 states and 304 transitions. [2024-11-18 14:05:07,225 INFO L78 Accepts]: Start accepts. Automaton has 202 states and 304 transitions. Word has length 84 [2024-11-18 14:05:07,227 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:05:07,227 INFO L471 AbstractCegarLoop]: Abstraction has 202 states and 304 transitions. [2024-11-18 14:05:07,227 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-18 14:05:07,228 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 304 transitions. [2024-11-18 14:05:07,232 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2024-11-18 14:05:07,232 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:05:07,232 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:05:07,247 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2024-11-18 14:05:07,435 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2024-11-18 14:05:07,435 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:05:07,436 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:05:07,436 INFO L85 PathProgramCache]: Analyzing trace with hash 1993537687, now seen corresponding path program 1 times [2024-11-18 14:05:07,436 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:05:07,437 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1035673559] [2024-11-18 14:05:07,437 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:07,437 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:05:07,475 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:07,635 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-18 14:05:07,636 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:05:07,636 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1035673559] [2024-11-18 14:05:07,637 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1035673559] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:05:07,638 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [783155334] [2024-11-18 14:05:07,638 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:07,638 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:05:07,638 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:05:07,640 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:05:07,642 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2024-11-18 14:05:07,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:07,950 INFO L255 TraceCheckSpWp]: Trace formula consists of 832 conjuncts, 2 conjuncts are in the unsatisfiable core [2024-11-18 14:05:07,955 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:05:07,989 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2024-11-18 14:05:07,992 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:05:07,993 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [783155334] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:05:07,993 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:05:07,993 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2024-11-18 14:05:07,994 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [30860967] [2024-11-18 14:05:07,995 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:05:07,996 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:05:07,997 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:05:07,998 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:05:07,998 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-18 14:05:07,998 INFO L87 Difference]: Start difference. First operand 202 states and 304 transitions. Second operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-18 14:05:08,048 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:05:08,048 INFO L93 Difference]: Finished difference Result 319 states and 465 transitions. [2024-11-18 14:05:08,049 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:05:08,049 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 85 [2024-11-18 14:05:08,049 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:05:08,052 INFO L225 Difference]: With dead ends: 319 [2024-11-18 14:05:08,052 INFO L226 Difference]: Without dead ends: 205 [2024-11-18 14:05:08,053 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 89 GetRequests, 85 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-18 14:05:08,055 INFO L432 NwaCegarLoop]: 302 mSDtfsCounter, 1 mSDsluCounter, 300 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 602 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:05:08,055 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [1 Valid, 602 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:05:08,057 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 205 states. [2024-11-18 14:05:08,070 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 205 to 204. [2024-11-18 14:05:08,073 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 204 states, 165 states have (on average 1.5454545454545454) internal successors, (255), 167 states have internal predecessors, (255), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (25), 24 states have call predecessors, (25), 25 states have call successors, (25) [2024-11-18 14:05:08,075 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 204 states to 204 states and 306 transitions. [2024-11-18 14:05:08,077 INFO L78 Accepts]: Start accepts. Automaton has 204 states and 306 transitions. Word has length 85 [2024-11-18 14:05:08,077 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:05:08,078 INFO L471 AbstractCegarLoop]: Abstraction has 204 states and 306 transitions. [2024-11-18 14:05:08,078 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-18 14:05:08,079 INFO L276 IsEmpty]: Start isEmpty. Operand 204 states and 306 transitions. [2024-11-18 14:05:08,082 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 91 [2024-11-18 14:05:08,083 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:05:08,083 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:05:08,099 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2024-11-18 14:05:08,284 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2024-11-18 14:05:08,285 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:05:08,285 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:05:08,286 INFO L85 PathProgramCache]: Analyzing trace with hash -1008731173, now seen corresponding path program 1 times [2024-11-18 14:05:08,286 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:05:08,286 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1827136479] [2024-11-18 14:05:08,286 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:08,286 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:05:08,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:08,511 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2024-11-18 14:05:08,514 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:05:08,514 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1827136479] [2024-11-18 14:05:08,514 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1827136479] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:05:08,514 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1044724663] [2024-11-18 14:05:08,514 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:08,515 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:05:08,515 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:05:08,517 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:05:08,519 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2024-11-18 14:05:08,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:08,771 INFO L255 TraceCheckSpWp]: Trace formula consists of 843 conjuncts, 6 conjuncts are in the unsatisfiable core [2024-11-18 14:05:08,783 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:05:08,839 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2024-11-18 14:05:08,839 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:05:08,839 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1044724663] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:05:08,840 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:05:08,840 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [5] total 8 [2024-11-18 14:05:08,840 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [985982881] [2024-11-18 14:05:08,840 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:05:08,841 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-18 14:05:08,841 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:05:08,842 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-18 14:05:08,842 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-18 14:05:08,842 INFO L87 Difference]: Start difference. First operand 204 states and 306 transitions. Second operand has 5 states, 4 states have (on average 15.0) internal successors, (60), 5 states have internal predecessors, (60), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-18 14:05:08,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:05:08,894 INFO L93 Difference]: Finished difference Result 401 states and 605 transitions. [2024-11-18 14:05:08,894 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-18 14:05:08,895 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 15.0) internal successors, (60), 5 states have internal predecessors, (60), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 90 [2024-11-18 14:05:08,895 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:05:08,897 INFO L225 Difference]: With dead ends: 401 [2024-11-18 14:05:08,897 INFO L226 Difference]: Without dead ends: 206 [2024-11-18 14:05:08,899 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 94 GetRequests, 88 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-18 14:05:08,900 INFO L432 NwaCegarLoop]: 296 mSDtfsCounter, 2 mSDsluCounter, 877 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1173 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:05:08,900 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1173 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:05:08,901 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 206 states. [2024-11-18 14:05:08,911 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 206 to 206. [2024-11-18 14:05:08,912 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 206 states, 166 states have (on average 1.5421686746987953) internal successors, (256), 169 states have internal predecessors, (256), 26 states have call successors, (26), 12 states have call predecessors, (26), 13 states have return successors, (27), 24 states have call predecessors, (27), 25 states have call successors, (27) [2024-11-18 14:05:08,914 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 206 states to 206 states and 309 transitions. [2024-11-18 14:05:08,914 INFO L78 Accepts]: Start accepts. Automaton has 206 states and 309 transitions. Word has length 90 [2024-11-18 14:05:08,915 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:05:08,915 INFO L471 AbstractCegarLoop]: Abstraction has 206 states and 309 transitions. [2024-11-18 14:05:08,915 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 15.0) internal successors, (60), 5 states have internal predecessors, (60), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-18 14:05:08,915 INFO L276 IsEmpty]: Start isEmpty. Operand 206 states and 309 transitions. [2024-11-18 14:05:08,918 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 92 [2024-11-18 14:05:08,918 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:05:08,918 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:05:08,939 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2024-11-18 14:05:09,119 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:05:09,120 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:05:09,121 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:05:09,121 INFO L85 PathProgramCache]: Analyzing trace with hash -1416843367, now seen corresponding path program 1 times [2024-11-18 14:05:09,121 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:05:09,121 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [171695660] [2024-11-18 14:05:09,121 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:05:09,122 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:05:09,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:05:09,360 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2024-11-18 14:05:09,361 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:05:09,361 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [171695660] [2024-11-18 14:05:09,361 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [171695660] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:05:09,361 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:05:09,361 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-11-18 14:05:09,362 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [589278952] [2024-11-18 14:05:09,362 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:05:09,362 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-18 14:05:09,362 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:05:09,363 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-18 14:05:09,363 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:05:09,364 INFO L87 Difference]: Start difference. First operand 206 states and 309 transitions. Second operand has 5 states, 4 states have (on average 14.75) internal successors, (59), 5 states have internal predecessors, (59), 3 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-18 14:05:09,402 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:05:09,403 INFO L93 Difference]: Finished difference Result 393 states and 593 transitions. [2024-11-18 14:05:09,403 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-18 14:05:09,403 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 14.75) internal successors, (59), 5 states have internal predecessors, (59), 3 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 91 [2024-11-18 14:05:09,404 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:05:09,405 INFO L225 Difference]: With dead ends: 393 [2024-11-18 14:05:09,406 INFO L226 Difference]: Without dead ends: 206 [2024-11-18 14:05:09,406 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:05:09,407 INFO L432 NwaCegarLoop]: 297 mSDtfsCounter, 2 mSDsluCounter, 880 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1177 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:05:09,408 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1177 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:05:09,409 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 206 states. [2024-11-18 14:05:09,425 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 206 to 206. [2024-11-18 14:05:09,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 206 states, 166 states have (on average 1.5421686746987953) internal successors, (256), 169 states have internal predecessors, (256), 26 states have call successors, (26), 12 states have call predecessors, (26), 13 states have return successors, (26), 24 states have call predecessors, (26), 25 states have call successors, (26) [2024-11-18 14:05:09,429 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 206 states to 206 states and 308 transitions. [2024-11-18 14:05:09,430 INFO L78 Accepts]: Start accepts. Automaton has 206 states and 308 transitions. Word has length 91 [2024-11-18 14:05:09,431 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:05:09,431 INFO L471 AbstractCegarLoop]: Abstraction has 206 states and 308 transitions. [2024-11-18 14:05:09,431 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 14.75) internal successors, (59), 5 states have internal predecessors, (59), 3 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-18 14:05:09,431 INFO L276 IsEmpty]: Start isEmpty. Operand 206 states and 308 transitions. [2024-11-18 14:05:09,434 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2024-11-18 14:05:09,435 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:05:09,435 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:05:09,435 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2024-11-18 14:05:09,435 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:05:09,436 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:05:09,436 INFO L85 PathProgramCache]: Analyzing trace with hash -142239273, now seen corresponding path program 2 times [2024-11-18 14:05:09,436 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:05:09,437 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1155876139] [2024-11-18 14:05:09,438 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2024-11-18 14:05:09,438 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:05:09,466 INFO L227 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2024-11-18 14:05:09,467 INFO L228 tOrderPrioritization]: Conjunction of SSA is unsat [2024-11-18 14:05:09,572 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2024-11-18 14:05:09,573 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:05:09,573 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1155876139] [2024-11-18 14:05:09,574 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1155876139] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:05:09,574 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:05:09,574 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2024-11-18 14:05:09,574 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1153001048] [2024-11-18 14:05:09,574 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:05:09,575 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2024-11-18 14:05:09,576 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:05:09,577 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2024-11-18 14:05:09,577 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-18 14:05:09,577 INFO L87 Difference]: Start difference. First operand 206 states and 308 transitions. Second operand has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 1 states have call successors, (13), 1 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 1 states have call successors, (10) [2024-11-18 14:05:09,617 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:05:09,619 INFO L93 Difference]: Finished difference Result 206 states and 308 transitions. [2024-11-18 14:05:09,619 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-11-18 14:05:09,619 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 1 states have call successors, (13), 1 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 1 states have call successors, (10) Word has length 92 [2024-11-18 14:05:09,620 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:05:09,621 INFO L225 Difference]: With dead ends: 206 [2024-11-18 14:05:09,621 INFO L226 Difference]: Without dead ends: 0 [2024-11-18 14:05:09,622 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-18 14:05:09,622 INFO L432 NwaCegarLoop]: 298 mSDtfsCounter, 0 mSDsluCounter, 1481 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 1779 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:05:09,624 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 1779 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:05:09,624 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-11-18 14:05:09,625 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-11-18 14:05:09,625 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-11-18 14:05:09,625 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-11-18 14:05:09,626 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 92 [2024-11-18 14:05:09,626 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:05:09,626 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-11-18 14:05:09,626 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 1 states have call successors, (13), 1 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 1 states have call successors, (10) [2024-11-18 14:05:09,626 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-11-18 14:05:09,627 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-11-18 14:05:09,629 INFO L782 garLoopResultBuilder]: Registering result SAFE for location outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-11-18 14:05:09,630 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2024-11-18 14:05:09,632 INFO L407 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1] [2024-11-18 14:05:09,634 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-11-18 14:05:09,715 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2024-11-18 14:05:09,795 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 18.11 02:05:09 BoogieIcfgContainer [2024-11-18 14:05:09,795 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-11-18 14:05:09,796 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-11-18 14:05:09,796 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-11-18 14:05:09,797 INFO L274 PluginConnector]: Witness Printer initialized [2024-11-18 14:05:09,797 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:05:05" (3/4) ... [2024-11-18 14:05:09,800 INFO L142 WitnessPrinter]: Generating witness for correct program [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__wrappee__Base [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookSize [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure sendEmail [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookSize [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookAddress [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2024-11-18 14:05:09,804 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookAddress [2024-11-18 14:05:09,805 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable [2024-11-18 14:05:09,805 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientId [2024-11-18 14:05:09,819 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 57 nodes and edges [2024-11-18 14:05:09,821 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 29 nodes and edges [2024-11-18 14:05:09,822 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2024-11-18 14:05:09,823 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2024-11-18 14:05:09,824 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-18 14:05:09,825 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-18 14:05:09,983 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-11-18 14:05:09,984 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2024-11-18 14:05:09,984 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-11-18 14:05:09,985 INFO L158 Benchmark]: Toolchain (without parser) took 6252.62ms. Allocated memory was 184.5MB in the beginning and 234.9MB in the end (delta: 50.3MB). Free memory was 134.6MB in the beginning and 181.7MB in the end (delta: -47.0MB). Peak memory consumption was 125.6MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,985 INFO L158 Benchmark]: CDTParser took 0.18ms. Allocated memory is still 184.5MB. Free memory is still 153.4MB. There was no memory consumed. Max. memory is 16.1GB. [2024-11-18 14:05:09,985 INFO L158 Benchmark]: CACSL2BoogieTranslator took 825.41ms. Allocated memory is still 184.5MB. Free memory was 134.6MB in the beginning and 93.4MB in the end (delta: 41.2MB). Peak memory consumption was 39.8MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,986 INFO L158 Benchmark]: Boogie Procedure Inliner took 112.02ms. Allocated memory is still 184.5MB. Free memory was 93.4MB in the beginning and 89.2MB in the end (delta: 4.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,986 INFO L158 Benchmark]: Boogie Preprocessor took 159.88ms. Allocated memory is still 184.5MB. Free memory was 89.2MB in the beginning and 84.3MB in the end (delta: 4.9MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,986 INFO L158 Benchmark]: RCFGBuilder took 927.33ms. Allocated memory is still 184.5MB. Free memory was 84.3MB in the beginning and 113.4MB in the end (delta: -29.1MB). Peak memory consumption was 26.3MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,986 INFO L158 Benchmark]: TraceAbstraction took 4025.87ms. Allocated memory was 184.5MB in the beginning and 234.9MB in the end (delta: 50.3MB). Free memory was 112.3MB in the beginning and 79.9MB in the end (delta: 32.4MB). Peak memory consumption was 81.6MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,987 INFO L158 Benchmark]: Witness Printer took 188.14ms. Allocated memory is still 234.9MB. Free memory was 79.9MB in the beginning and 181.7MB in the end (delta: -101.8MB). Peak memory consumption was 19.9MB. Max. memory is 16.1GB. [2024-11-18 14:05:09,988 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.18ms. Allocated memory is still 184.5MB. Free memory is still 153.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 825.41ms. Allocated memory is still 184.5MB. Free memory was 134.6MB in the beginning and 93.4MB in the end (delta: 41.2MB). Peak memory consumption was 39.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 112.02ms. Allocated memory is still 184.5MB. Free memory was 93.4MB in the beginning and 89.2MB in the end (delta: 4.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 159.88ms. Allocated memory is still 184.5MB. Free memory was 89.2MB in the beginning and 84.3MB in the end (delta: 4.9MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * RCFGBuilder took 927.33ms. Allocated memory is still 184.5MB. Free memory was 84.3MB in the beginning and 113.4MB in the end (delta: -29.1MB). Peak memory consumption was 26.3MB. Max. memory is 16.1GB. * TraceAbstraction took 4025.87ms. Allocated memory was 184.5MB in the beginning and 234.9MB in the end (delta: 50.3MB). Free memory was 112.3MB in the beginning and 79.9MB in the end (delta: 32.4MB). Peak memory consumption was 81.6MB. Max. memory is 16.1GB. * Witness Printer took 188.14ms. Allocated memory is still 234.9MB. Free memory was 79.9MB in the beginning and 181.7MB in the end (delta: -101.8MB). Peak memory consumption was 19.9MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 48]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [48] - GenericResultAtLocation [Line: 246]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [246] - GenericResultAtLocation [Line: 295]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [295] - GenericResultAtLocation [Line: 448]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [448] - GenericResultAtLocation [Line: 860]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [860] - GenericResultAtLocation [Line: 1226]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [1226] - GenericResultAtLocation [Line: 2301]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2301] - GenericResultAtLocation [Line: 2503]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [2503] - GenericResultAtLocation [Line: 2567]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [2567] - GenericResultAtLocation [Line: 2584]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [2584] - GenericResultAtLocation [Line: 2593]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"DecryptForward_spec.i","") [2593] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 2589]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 13 procedures, 209 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.7s, OverallIterations: 5, TraceHistogramMax: 3, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.0s, AutomataDifference: 0.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 7 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 5 mSDsluCounter, 5043 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3538 mSDsCounter, 0 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 102 IncrementalHoareTripleChecker+Invalid, 102 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 0 mSolverCounterUnsat, 1505 mSDtfsCounter, 102 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 284 GetRequests, 263 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=209occurred in iteration=0, InterpolantAutomatonStates: 22, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 5 MinimizatonAttempts, 1 StatesRemovedByMinimization, 1 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.2s SsaConstructionTime, 0.6s SatisfiabilityAnalysisTime, 1.2s InterpolantComputationTime, 701 NumberOfCodeBlocks, 658 NumberOfCodeBlocksAsserted, 8 NumberOfCheckSat, 693 ConstructedInterpolants, 0 QuantifiedInterpolants, 751 SizeOfPredicates, 1 NumberOfNonLiveVariables, 2506 ConjunctsInSsa, 9 ConjunctsInUnsatCore, 8 InterpolantComputations, 5 PerfectInterpolantSequences, 160/169 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 91]: Loop Invariant Derived loop invariant: 1 - ProcedureContractResult [Line: 2326]: Procedure Contract for outgoing__wrappee__Base Derived contract for procedure outgoing__wrappee__Base. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) - ProcedureContractResult [Line: 2338]: Procedure Contract for outgoing Derived contract for procedure outgoing. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) - ProcedureContractResult [Line: 581]: Procedure Contract for setEmailTo Derived contract for procedure setEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 562]: Procedure Contract for getEmailTo Derived contract for procedure getEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1390]: Procedure Contract for setClientAddressBookSize Derived contract for procedure setClientAddressBookSize. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2431]: Procedure Contract for sendEmail Derived contract for procedure sendEmail. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) - ProcedureContractResult [Line: 1366]: Procedure Contract for getClientAddressBookSize Derived contract for procedure getClientAddressBookSize. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1647]: Procedure Contract for getClientAddressBookAddress Derived contract for procedure getClientAddressBookAddress. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 544]: Procedure Contract for setEmailFrom Derived contract for procedure setEmailFrom. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1716]: Procedure Contract for setClientAddressBookAddress Derived contract for procedure setClientAddressBookAddress. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2534]: Procedure Contract for isReadable Derived contract for procedure isReadable. Ensures: ((\result == 1) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client)))) - ProcedureContractResult [Line: 2281]: Procedure Contract for setClientId Derived contract for procedure setClientId. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) RESULT: Ultimate proved your program to be correct! [2024-11-18 14:05:10,049 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE