./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec11_product18.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 3061b6dc Calling Ultimate with: /root/.sdkman/candidates/java/11.0.12-open/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec11_product18.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 58fd69d2f74506159a7a57598b08a18ff098ebf1233f7e6688a335d4e30dd566 --- Real Ultimate output --- This is Ultimate 0.2.5-tmp.dk.eval-assert-order-craig-3061b6d-m [2024-11-18 14:06:35,804 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-11-18 14:06:35,887 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-11-18 14:06:35,893 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-11-18 14:06:35,894 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-11-18 14:06:35,945 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-11-18 14:06:35,946 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-11-18 14:06:35,946 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-11-18 14:06:35,947 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-11-18 14:06:35,950 INFO L153 SettingsManager]: * Use memory slicer=true [2024-11-18 14:06:35,951 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-11-18 14:06:35,951 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-11-18 14:06:35,952 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-11-18 14:06:35,954 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-11-18 14:06:35,955 INFO L153 SettingsManager]: * Use SBE=true [2024-11-18 14:06:35,955 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-11-18 14:06:35,955 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-11-18 14:06:35,956 INFO L153 SettingsManager]: * sizeof long=4 [2024-11-18 14:06:35,956 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-11-18 14:06:35,956 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-11-18 14:06:35,956 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-11-18 14:06:35,960 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-11-18 14:06:35,961 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-11-18 14:06:35,961 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-11-18 14:06:35,961 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-11-18 14:06:35,961 INFO L153 SettingsManager]: * sizeof long double=12 [2024-11-18 14:06:35,961 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-11-18 14:06:35,962 INFO L153 SettingsManager]: * Use constant arrays=true [2024-11-18 14:06:35,962 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-11-18 14:06:35,962 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-11-18 14:06:35,962 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-11-18 14:06:35,962 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-11-18 14:06:35,963 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-18 14:06:35,963 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-11-18 14:06:35,963 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-11-18 14:06:35,963 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-11-18 14:06:35,964 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-11-18 14:06:35,964 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-11-18 14:06:35,964 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-11-18 14:06:35,967 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-11-18 14:06:35,967 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-11-18 14:06:35,967 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-11-18 14:06:35,968 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 58fd69d2f74506159a7a57598b08a18ff098ebf1233f7e6688a335d4e30dd566 [2024-11-18 14:06:36,248 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-11-18 14:06:36,281 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-11-18 14:06:36,284 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-11-18 14:06:36,286 INFO L270 PluginConnector]: Initializing CDTParser... [2024-11-18 14:06:36,288 INFO L274 PluginConnector]: CDTParser initialized [2024-11-18 14:06:36,290 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec11_product18.cil.c [2024-11-18 14:06:37,972 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-11-18 14:06:38,298 INFO L384 CDTParser]: Found 1 translation units. [2024-11-18 14:06:38,299 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_product18.cil.c [2024-11-18 14:06:38,329 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/bc06320f4/d5ba3f09fe6a41039e3a17798f0e6735/FLAG7292c1746 [2024-11-18 14:06:38,349 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/bc06320f4/d5ba3f09fe6a41039e3a17798f0e6735 [2024-11-18 14:06:38,353 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-11-18 14:06:38,356 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-11-18 14:06:38,357 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-11-18 14:06:38,357 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-11-18 14:06:38,365 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-11-18 14:06:38,366 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 02:06:38" (1/1) ... [2024-11-18 14:06:38,367 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@746c3275 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:38, skipping insertion in model container [2024-11-18 14:06:38,367 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 02:06:38" (1/1) ... [2024-11-18 14:06:38,443 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-11-18 14:06:39,151 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_product18.cil.c[57905,57918] [2024-11-18 14:06:39,191 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-18 14:06:39,210 INFO L200 MainTranslator]: Completed pre-run [2024-11-18 14:06:39,221 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [48] [2024-11-18 14:06:39,224 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [167] [2024-11-18 14:06:39,224 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [392] [2024-11-18 14:06:39,224 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [409] [2024-11-18 14:06:39,225 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [447] [2024-11-18 14:06:39,225 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [851] [2024-11-18 14:06:39,225 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [1931] [2024-11-18 14:06:39,225 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2297] [2024-11-18 14:06:39,226 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [2591] [2024-11-18 14:06:39,226 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"DecryptAutoResponder_spec.i","") [2600] [2024-11-18 14:06:39,226 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [2619] [2024-11-18 14:06:39,303 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_product18.cil.c[57905,57918] [2024-11-18 14:06:39,313 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-18 14:06:39,351 INFO L204 MainTranslator]: Completed translation [2024-11-18 14:06:39,352 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39 WrapperNode [2024-11-18 14:06:39,352 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-11-18 14:06:39,353 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-11-18 14:06:39,353 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-11-18 14:06:39,353 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-11-18 14:06:39,360 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,394 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,461 INFO L138 Inliner]: procedures = 127, calls = 184, calls flagged for inlining = 59, calls inlined = 50, statements flattened = 911 [2024-11-18 14:06:39,462 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-11-18 14:06:39,464 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-11-18 14:06:39,465 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-11-18 14:06:39,465 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-11-18 14:06:39,481 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,482 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,492 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,526 INFO L175 MemorySlicer]: Split 14 memory accesses to 4 slices as follows [2, 4, 4, 4]. 29 percent of accesses are in the largest equivalence class. The 14 initializations are split as follows [2, 4, 4, 4]. The 0 writes are split as follows [0, 0, 0, 0]. [2024-11-18 14:06:39,530 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,530 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,552 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,566 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,570 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,577 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,589 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-11-18 14:06:39,590 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-11-18 14:06:39,590 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-11-18 14:06:39,591 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-11-18 14:06:39,592 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (1/1) ... [2024-11-18 14:06:39,603 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-18 14:06:39,617 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:06:39,638 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-11-18 14:06:39,641 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-11-18 14:06:39,693 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2024-11-18 14:06:39,693 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2024-11-18 14:06:39,694 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2024-11-18 14:06:39,694 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2024-11-18 14:06:39,694 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2024-11-18 14:06:39,694 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2024-11-18 14:06:39,694 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2024-11-18 14:06:39,695 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2024-11-18 14:06:39,695 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2024-11-18 14:06:39,695 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2024-11-18 14:06:39,695 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2024-11-18 14:06:39,696 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2024-11-18 14:06:39,696 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2024-11-18 14:06:39,720 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2024-11-18 14:06:39,721 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2024-11-18 14:06:39,721 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2024-11-18 14:06:39,721 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-11-18 14:06:39,721 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2024-11-18 14:06:39,721 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2024-11-18 14:06:39,721 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2024-11-18 14:06:39,721 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2024-11-18 14:06:39,721 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2024-11-18 14:06:39,721 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2024-11-18 14:06:39,722 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2024-11-18 14:06:39,722 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2024-11-18 14:06:39,722 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2024-11-18 14:06:39,722 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2024-11-18 14:06:39,722 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2024-11-18 14:06:39,723 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2024-11-18 14:06:39,723 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#1 [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#2 [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#3 [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2024-11-18 14:06:39,723 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2024-11-18 14:06:39,723 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-11-18 14:06:39,723 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-11-18 14:06:40,006 INFO L238 CfgBuilder]: Building ICFG [2024-11-18 14:06:40,009 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-11-18 14:06:40,832 INFO L? ?]: Removed 396 outVars from TransFormulas that were not future-live. [2024-11-18 14:06:40,832 INFO L287 CfgBuilder]: Performing block encoding [2024-11-18 14:06:40,862 INFO L311 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-11-18 14:06:40,862 INFO L316 CfgBuilder]: Removed 1 assume(true) statements. [2024-11-18 14:06:40,863 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:06:40 BoogieIcfgContainer [2024-11-18 14:06:40,863 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-11-18 14:06:40,866 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-11-18 14:06:40,866 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-11-18 14:06:40,869 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-11-18 14:06:40,870 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 18.11 02:06:38" (1/3) ... [2024-11-18 14:06:40,871 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1e0e6c31 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 02:06:40, skipping insertion in model container [2024-11-18 14:06:40,871 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:06:39" (2/3) ... [2024-11-18 14:06:40,871 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1e0e6c31 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 02:06:40, skipping insertion in model container [2024-11-18 14:06:40,872 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:06:40" (3/3) ... [2024-11-18 14:06:40,873 INFO L112 eAbstractionObserver]: Analyzing ICFG email_spec11_product18.cil.c [2024-11-18 14:06:40,892 INFO L214 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-11-18 14:06:40,892 INFO L154 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-11-18 14:06:40,978 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-11-18 14:06:40,986 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@1e39da1b, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-11-18 14:06:40,987 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-11-18 14:06:40,998 INFO L276 IsEmpty]: Start isEmpty. Operand has 284 states, 228 states have (on average 1.5482456140350878) internal successors, (353), 230 states have internal predecessors, (353), 38 states have call successors, (38), 16 states have call predecessors, (38), 16 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2024-11-18 14:06:41,020 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2024-11-18 14:06:41,021 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:41,022 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:41,022 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:41,028 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:41,029 INFO L85 PathProgramCache]: Analyzing trace with hash -420694025, now seen corresponding path program 1 times [2024-11-18 14:06:41,039 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:41,040 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1223123065] [2024-11-18 14:06:41,040 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:41,041 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:41,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:41,773 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2024-11-18 14:06:41,775 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:41,776 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1223123065] [2024-11-18 14:06:41,777 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1223123065] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:06:41,778 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2134897119] [2024-11-18 14:06:41,778 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:41,779 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:41,779 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:06:41,781 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:06:41,784 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-11-18 14:06:42,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:42,166 INFO L255 TraceCheckSpWp]: Trace formula consists of 1004 conjuncts, 1 conjuncts are in the unsatisfiable core [2024-11-18 14:06:42,177 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:06:42,204 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2024-11-18 14:06:42,207 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:06:42,207 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2134897119] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:42,207 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:06:42,208 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [5] total 5 [2024-11-18 14:06:42,210 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [753666900] [2024-11-18 14:06:42,211 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:42,217 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-11-18 14:06:42,218 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:42,247 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-11-18 14:06:42,248 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:06:42,251 INFO L87 Difference]: Start difference. First operand has 284 states, 228 states have (on average 1.5482456140350878) internal successors, (353), 230 states have internal predecessors, (353), 38 states have call successors, (38), 16 states have call predecessors, (38), 16 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand has 2 states, 2 states have (on average 27.5) internal successors, (55), 2 states have internal predecessors, (55), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-18 14:06:42,318 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:42,321 INFO L93 Difference]: Finished difference Result 414 states and 612 transitions. [2024-11-18 14:06:42,323 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-11-18 14:06:42,324 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 27.5) internal successors, (55), 2 states have internal predecessors, (55), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2024-11-18 14:06:42,325 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:42,340 INFO L225 Difference]: With dead ends: 414 [2024-11-18 14:06:42,340 INFO L226 Difference]: Without dead ends: 277 [2024-11-18 14:06:42,345 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 102 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:06:42,351 INFO L432 NwaCegarLoop]: 425 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 425 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:42,352 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 425 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:42,372 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 277 states. [2024-11-18 14:06:42,421 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 277 to 277. [2024-11-18 14:06:42,423 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 277 states, 222 states have (on average 1.5405405405405406) internal successors, (342), 223 states have internal predecessors, (342), 38 states have call successors, (38), 16 states have call predecessors, (38), 16 states have return successors, (37), 37 states have call predecessors, (37), 37 states have call successors, (37) [2024-11-18 14:06:42,427 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 277 states to 277 states and 417 transitions. [2024-11-18 14:06:42,433 INFO L78 Accepts]: Start accepts. Automaton has 277 states and 417 transitions. Word has length 98 [2024-11-18 14:06:42,434 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:42,434 INFO L471 AbstractCegarLoop]: Abstraction has 277 states and 417 transitions. [2024-11-18 14:06:42,437 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 27.5) internal successors, (55), 2 states have internal predecessors, (55), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-18 14:06:42,437 INFO L276 IsEmpty]: Start isEmpty. Operand 277 states and 417 transitions. [2024-11-18 14:06:42,445 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2024-11-18 14:06:42,445 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:42,446 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:42,470 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2024-11-18 14:06:42,646 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2024-11-18 14:06:42,647 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:42,647 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:42,647 INFO L85 PathProgramCache]: Analyzing trace with hash -2127493050, now seen corresponding path program 1 times [2024-11-18 14:06:42,647 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:42,648 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2129116402] [2024-11-18 14:06:42,648 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:42,648 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:42,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:42,958 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2024-11-18 14:06:42,959 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:42,959 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2129116402] [2024-11-18 14:06:42,959 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2129116402] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:06:42,959 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1527200963] [2024-11-18 14:06:42,960 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:42,960 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:42,960 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:06:42,965 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:06:42,969 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2024-11-18 14:06:43,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:43,313 INFO L255 TraceCheckSpWp]: Trace formula consists of 1005 conjuncts, 2 conjuncts are in the unsatisfiable core [2024-11-18 14:06:43,318 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:06:43,360 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2024-11-18 14:06:43,360 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:06:43,361 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1527200963] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:43,361 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:06:43,361 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2024-11-18 14:06:43,361 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1260108473] [2024-11-18 14:06:43,361 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:43,362 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:06:43,363 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:43,363 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:06:43,363 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-18 14:06:43,364 INFO L87 Difference]: Start difference. First operand 277 states and 417 transitions. Second operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-18 14:06:43,416 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:43,416 INFO L93 Difference]: Finished difference Result 404 states and 593 transitions. [2024-11-18 14:06:43,417 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:06:43,417 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2024-11-18 14:06:43,418 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:43,421 INFO L225 Difference]: With dead ends: 404 [2024-11-18 14:06:43,421 INFO L226 Difference]: Without dead ends: 280 [2024-11-18 14:06:43,422 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 103 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-18 14:06:43,424 INFO L432 NwaCegarLoop]: 415 mSDtfsCounter, 1 mSDsluCounter, 413 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 828 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:43,424 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [1 Valid, 828 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:43,425 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 280 states. [2024-11-18 14:06:43,448 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 280 to 279. [2024-11-18 14:06:43,449 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 279 states, 224 states have (on average 1.5357142857142858) internal successors, (344), 225 states have internal predecessors, (344), 38 states have call successors, (38), 16 states have call predecessors, (38), 16 states have return successors, (37), 37 states have call predecessors, (37), 37 states have call successors, (37) [2024-11-18 14:06:43,451 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 279 states to 279 states and 419 transitions. [2024-11-18 14:06:43,451 INFO L78 Accepts]: Start accepts. Automaton has 279 states and 419 transitions. Word has length 99 [2024-11-18 14:06:43,452 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:43,452 INFO L471 AbstractCegarLoop]: Abstraction has 279 states and 419 transitions. [2024-11-18 14:06:43,452 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-18 14:06:43,452 INFO L276 IsEmpty]: Start isEmpty. Operand 279 states and 419 transitions. [2024-11-18 14:06:43,459 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2024-11-18 14:06:43,460 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:43,460 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:43,479 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2024-11-18 14:06:43,660 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2024-11-18 14:06:43,661 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:43,661 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:43,662 INFO L85 PathProgramCache]: Analyzing trace with hash -1018330324, now seen corresponding path program 1 times [2024-11-18 14:06:43,662 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:43,662 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1428886498] [2024-11-18 14:06:43,662 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:43,662 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:43,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:43,890 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2024-11-18 14:06:43,890 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:43,890 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1428886498] [2024-11-18 14:06:43,890 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1428886498] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:06:43,890 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [73923931] [2024-11-18 14:06:43,890 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:43,891 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:43,891 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:06:43,892 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:06:43,894 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2024-11-18 14:06:44,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:44,183 INFO L255 TraceCheckSpWp]: Trace formula consists of 1030 conjuncts, 3 conjuncts are in the unsatisfiable core [2024-11-18 14:06:44,188 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:06:44,207 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2024-11-18 14:06:44,207 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:06:44,207 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [73923931] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:44,207 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:06:44,207 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2024-11-18 14:06:44,208 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [133546335] [2024-11-18 14:06:44,208 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:44,208 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:06:44,208 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:44,209 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:06:44,209 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-18 14:06:44,209 INFO L87 Difference]: Start difference. First operand 279 states and 419 transitions. Second operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-18 14:06:44,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:44,237 INFO L93 Difference]: Finished difference Result 588 states and 897 transitions. [2024-11-18 14:06:44,238 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:06:44,238 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 108 [2024-11-18 14:06:44,239 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:44,242 INFO L225 Difference]: With dead ends: 588 [2024-11-18 14:06:44,242 INFO L226 Difference]: Without dead ends: 336 [2024-11-18 14:06:44,248 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 112 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-18 14:06:44,249 INFO L432 NwaCegarLoop]: 420 mSDtfsCounter, 107 mSDsluCounter, 368 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 788 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:44,249 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [122 Valid, 788 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:44,254 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 336 states. [2024-11-18 14:06:44,286 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 336 to 328. [2024-11-18 14:06:44,287 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 328 states, 262 states have (on average 1.549618320610687) internal successors, (406), 263 states have internal predecessors, (406), 49 states have call successors, (49), 16 states have call predecessors, (49), 16 states have return successors, (48), 48 states have call predecessors, (48), 48 states have call successors, (48) [2024-11-18 14:06:44,289 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 328 states to 328 states and 503 transitions. [2024-11-18 14:06:44,289 INFO L78 Accepts]: Start accepts. Automaton has 328 states and 503 transitions. Word has length 108 [2024-11-18 14:06:44,290 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:44,290 INFO L471 AbstractCegarLoop]: Abstraction has 328 states and 503 transitions. [2024-11-18 14:06:44,290 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-18 14:06:44,292 INFO L276 IsEmpty]: Start isEmpty. Operand 328 states and 503 transitions. [2024-11-18 14:06:44,295 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2024-11-18 14:06:44,295 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:44,295 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:44,315 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2024-11-18 14:06:44,495 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:44,497 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:44,497 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:44,498 INFO L85 PathProgramCache]: Analyzing trace with hash -1552258535, now seen corresponding path program 1 times [2024-11-18 14:06:44,498 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:44,498 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [592675909] [2024-11-18 14:06:44,498 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:44,498 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:44,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:44,665 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2024-11-18 14:06:44,665 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:44,666 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [592675909] [2024-11-18 14:06:44,666 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [592675909] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:06:44,666 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [190551843] [2024-11-18 14:06:44,666 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:44,666 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:44,666 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:06:44,668 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:06:44,670 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2024-11-18 14:06:44,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:44,978 INFO L255 TraceCheckSpWp]: Trace formula consists of 1035 conjuncts, 8 conjuncts are in the unsatisfiable core [2024-11-18 14:06:44,983 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:06:45,053 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-18 14:06:45,053 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:06:45,054 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [190551843] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:45,054 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:06:45,054 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [5] total 8 [2024-11-18 14:06:45,054 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [861313106] [2024-11-18 14:06:45,054 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:45,055 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-18 14:06:45,057 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:45,058 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-18 14:06:45,058 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-18 14:06:45,058 INFO L87 Difference]: Start difference. First operand 328 states and 503 transitions. Second operand has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-18 14:06:45,134 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:45,134 INFO L93 Difference]: Finished difference Result 647 states and 996 transitions. [2024-11-18 14:06:45,139 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-18 14:06:45,140 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2024-11-18 14:06:45,140 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:45,152 INFO L225 Difference]: With dead ends: 647 [2024-11-18 14:06:45,153 INFO L226 Difference]: Without dead ends: 330 [2024-11-18 14:06:45,154 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 113 GetRequests, 107 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-18 14:06:45,155 INFO L432 NwaCegarLoop]: 409 mSDtfsCounter, 2 mSDsluCounter, 1216 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1625 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:45,161 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1625 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:45,162 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 330 states. [2024-11-18 14:06:45,182 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 330 to 330. [2024-11-18 14:06:45,183 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 330 states, 263 states have (on average 1.5475285171102662) internal successors, (407), 265 states have internal predecessors, (407), 49 states have call successors, (49), 16 states have call predecessors, (49), 17 states have return successors, (50), 48 states have call predecessors, (50), 48 states have call successors, (50) [2024-11-18 14:06:45,185 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 330 states to 330 states and 506 transitions. [2024-11-18 14:06:45,186 INFO L78 Accepts]: Start accepts. Automaton has 330 states and 506 transitions. Word has length 109 [2024-11-18 14:06:45,186 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:45,186 INFO L471 AbstractCegarLoop]: Abstraction has 330 states and 506 transitions. [2024-11-18 14:06:45,187 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-18 14:06:45,187 INFO L276 IsEmpty]: Start isEmpty. Operand 330 states and 506 transitions. [2024-11-18 14:06:45,192 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2024-11-18 14:06:45,193 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:45,193 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:45,213 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2024-11-18 14:06:45,393 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:45,393 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:45,394 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:45,394 INFO L85 PathProgramCache]: Analyzing trace with hash 618315860, now seen corresponding path program 1 times [2024-11-18 14:06:45,394 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:45,394 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2121684060] [2024-11-18 14:06:45,394 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:45,394 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:45,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:45,572 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2024-11-18 14:06:45,573 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:45,573 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2121684060] [2024-11-18 14:06:45,573 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2121684060] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:06:45,573 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1083718661] [2024-11-18 14:06:45,573 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:45,573 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:45,574 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:06:45,576 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:06:45,578 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2024-11-18 14:06:45,898 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:45,903 INFO L255 TraceCheckSpWp]: Trace formula consists of 1036 conjuncts, 6 conjuncts are in the unsatisfiable core [2024-11-18 14:06:45,908 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:06:45,960 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-18 14:06:45,963 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:06:45,964 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1083718661] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:45,964 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:06:45,964 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2024-11-18 14:06:45,965 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1852882766] [2024-11-18 14:06:45,965 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:45,965 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-18 14:06:45,965 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:45,966 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-18 14:06:45,966 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2024-11-18 14:06:45,967 INFO L87 Difference]: Start difference. First operand 330 states and 506 transitions. Second operand has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-18 14:06:46,041 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:46,041 INFO L93 Difference]: Finished difference Result 649 states and 1001 transitions. [2024-11-18 14:06:46,044 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-18 14:06:46,044 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110 [2024-11-18 14:06:46,044 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:46,047 INFO L225 Difference]: With dead ends: 649 [2024-11-18 14:06:46,048 INFO L226 Difference]: Without dead ends: 332 [2024-11-18 14:06:46,049 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 117 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2024-11-18 14:06:46,050 INFO L432 NwaCegarLoop]: 407 mSDtfsCounter, 2 mSDsluCounter, 1204 mSDsCounter, 0 mSdLazyCounter, 49 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1611 SdHoareTripleChecker+Invalid, 49 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 49 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:46,051 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1611 Invalid, 49 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 49 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:46,052 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 332 states. [2024-11-18 14:06:46,067 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 332 to 332. [2024-11-18 14:06:46,069 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 332 states, 264 states have (on average 1.5454545454545454) internal successors, (408), 267 states have internal predecessors, (408), 49 states have call successors, (49), 16 states have call predecessors, (49), 18 states have return successors, (55), 48 states have call predecessors, (55), 48 states have call successors, (55) [2024-11-18 14:06:46,073 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 332 states to 332 states and 512 transitions. [2024-11-18 14:06:46,074 INFO L78 Accepts]: Start accepts. Automaton has 332 states and 512 transitions. Word has length 110 [2024-11-18 14:06:46,075 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:46,075 INFO L471 AbstractCegarLoop]: Abstraction has 332 states and 512 transitions. [2024-11-18 14:06:46,075 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-18 14:06:46,075 INFO L276 IsEmpty]: Start isEmpty. Operand 332 states and 512 transitions. [2024-11-18 14:06:46,078 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2024-11-18 14:06:46,078 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:46,079 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:46,099 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0 [2024-11-18 14:06:46,283 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:06:46,285 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:46,285 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:46,285 INFO L85 PathProgramCache]: Analyzing trace with hash 231538481, now seen corresponding path program 1 times [2024-11-18 14:06:46,286 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:46,286 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [896384530] [2024-11-18 14:06:46,286 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:06:46,286 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:46,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:06:46,439 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2024-11-18 14:06:46,440 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:46,440 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [896384530] [2024-11-18 14:06:46,440 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [896384530] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:46,440 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:06:46,440 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-11-18 14:06:46,441 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1647166673] [2024-11-18 14:06:46,441 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:46,441 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-18 14:06:46,441 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:46,442 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-18 14:06:46,442 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:06:46,442 INFO L87 Difference]: Start difference. First operand 332 states and 512 transitions. Second operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-18 14:06:46,483 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:46,484 INFO L93 Difference]: Finished difference Result 641 states and 992 transitions. [2024-11-18 14:06:46,484 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-18 14:06:46,485 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 111 [2024-11-18 14:06:46,485 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:46,487 INFO L225 Difference]: With dead ends: 641 [2024-11-18 14:06:46,487 INFO L226 Difference]: Without dead ends: 332 [2024-11-18 14:06:46,489 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:06:46,490 INFO L432 NwaCegarLoop]: 410 mSDtfsCounter, 2 mSDsluCounter, 1219 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1629 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:46,490 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1629 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:46,491 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 332 states. [2024-11-18 14:06:46,499 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 332 to 332. [2024-11-18 14:06:46,500 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 332 states, 264 states have (on average 1.5454545454545454) internal successors, (408), 267 states have internal predecessors, (408), 49 states have call successors, (49), 16 states have call predecessors, (49), 18 states have return successors, (54), 48 states have call predecessors, (54), 48 states have call successors, (54) [2024-11-18 14:06:46,502 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 332 states to 332 states and 511 transitions. [2024-11-18 14:06:46,503 INFO L78 Accepts]: Start accepts. Automaton has 332 states and 511 transitions. Word has length 111 [2024-11-18 14:06:46,503 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:46,503 INFO L471 AbstractCegarLoop]: Abstraction has 332 states and 511 transitions. [2024-11-18 14:06:46,503 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-18 14:06:46,504 INFO L276 IsEmpty]: Start isEmpty. Operand 332 states and 511 transitions. [2024-11-18 14:06:46,505 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2024-11-18 14:06:46,505 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:06:46,506 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:06:46,506 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2024-11-18 14:06:46,506 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:06:46,507 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:06:46,507 INFO L85 PathProgramCache]: Analyzing trace with hash 1338357194, now seen corresponding path program 2 times [2024-11-18 14:06:46,507 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:06:46,507 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [391485589] [2024-11-18 14:06:46,507 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2024-11-18 14:06:46,507 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:06:46,532 INFO L227 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2024-11-18 14:06:46,532 INFO L228 tOrderPrioritization]: Conjunction of SSA is unsat [2024-11-18 14:06:46,617 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2024-11-18 14:06:46,618 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:06:46,618 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [391485589] [2024-11-18 14:06:46,618 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [391485589] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:06:46,618 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:06:46,618 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2024-11-18 14:06:46,618 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1099286955] [2024-11-18 14:06:46,618 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:06:46,619 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2024-11-18 14:06:46,619 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:06:46,620 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2024-11-18 14:06:46,620 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-18 14:06:46,620 INFO L87 Difference]: Start difference. First operand 332 states and 511 transitions. Second operand has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 6 states have internal predecessors, (71), 1 states have call successors, (14), 1 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) [2024-11-18 14:06:46,655 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:06:46,656 INFO L93 Difference]: Finished difference Result 332 states and 511 transitions. [2024-11-18 14:06:46,656 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-11-18 14:06:46,657 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 6 states have internal predecessors, (71), 1 states have call successors, (14), 1 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) Word has length 112 [2024-11-18 14:06:46,657 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:06:46,658 INFO L225 Difference]: With dead ends: 332 [2024-11-18 14:06:46,658 INFO L226 Difference]: Without dead ends: 0 [2024-11-18 14:06:46,659 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-18 14:06:46,660 INFO L432 NwaCegarLoop]: 411 mSDtfsCounter, 0 mSDsluCounter, 2046 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 2457 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:06:46,660 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 2457 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:06:46,660 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-11-18 14:06:46,661 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-11-18 14:06:46,661 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-11-18 14:06:46,661 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-11-18 14:06:46,661 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 112 [2024-11-18 14:06:46,662 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:06:46,662 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-11-18 14:06:46,662 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 6 states have internal predecessors, (71), 1 states have call successors, (14), 1 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) [2024-11-18 14:06:46,662 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-11-18 14:06:46,662 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-11-18 14:06:46,665 INFO L782 garLoopResultBuilder]: Registering result SAFE for location outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-11-18 14:06:46,666 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2024-11-18 14:06:46,668 INFO L407 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1] [2024-11-18 14:06:46,671 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-11-18 14:06:46,747 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2024-11-18 14:06:46,814 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 18.11 02:06:46 BoogieIcfgContainer [2024-11-18 14:06:46,815 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-11-18 14:06:46,815 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-11-18 14:06:46,815 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-11-18 14:06:46,815 INFO L274 PluginConnector]: Witness Printer initialized [2024-11-18 14:06:46,816 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:06:40" (3/4) ... [2024-11-18 14:06:46,818 INFO L142 WitnessPrinter]: Generating witness for correct program [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailSignKey [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isSigned [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientPrivateKey [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure chuckKeyAdd [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure createClientKeyringEntry [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure generateKeyPair [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringUser [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure sendEmail [2024-11-18 14:06:46,823 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2024-11-18 14:06:46,824 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailFrom [2024-11-18 14:06:46,824 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable [2024-11-18 14:06:46,824 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringPublicKey [2024-11-18 14:06:46,824 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientId [2024-11-18 14:06:46,843 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 79 nodes and edges [2024-11-18 14:06:46,848 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 44 nodes and edges [2024-11-18 14:06:46,850 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 8 nodes and edges [2024-11-18 14:06:46,851 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 3 nodes and edges [2024-11-18 14:06:46,853 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-18 14:06:46,855 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-18 14:06:47,057 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-11-18 14:06:47,057 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2024-11-18 14:06:47,057 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-11-18 14:06:47,058 INFO L158 Benchmark]: Toolchain (without parser) took 8702.44ms. Allocated memory was 159.4MB in the beginning and 293.6MB in the end (delta: 134.2MB). Free memory was 102.6MB in the beginning and 195.6MB in the end (delta: -93.0MB). Peak memory consumption was 43.3MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,058 INFO L158 Benchmark]: CDTParser took 0.37ms. Allocated memory is still 159.4MB. Free memory is still 124.6MB. There was no memory consumed. Max. memory is 16.1GB. [2024-11-18 14:06:47,058 INFO L158 Benchmark]: CACSL2BoogieTranslator took 995.12ms. Allocated memory is still 159.4MB. Free memory was 102.3MB in the beginning and 59.2MB in the end (delta: 43.1MB). Peak memory consumption was 41.9MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,059 INFO L158 Benchmark]: Boogie Procedure Inliner took 108.82ms. Allocated memory is still 159.4MB. Free memory was 59.2MB in the beginning and 53.7MB in the end (delta: 5.5MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,059 INFO L158 Benchmark]: Boogie Preprocessor took 125.17ms. Allocated memory is still 159.4MB. Free memory was 53.7MB in the beginning and 47.8MB in the end (delta: 5.9MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,059 INFO L158 Benchmark]: RCFGBuilder took 1272.75ms. Allocated memory is still 159.4MB. Free memory was 47.8MB in the beginning and 60.8MB in the end (delta: -13.0MB). Peak memory consumption was 11.6MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,059 INFO L158 Benchmark]: TraceAbstraction took 5949.04ms. Allocated memory was 159.4MB in the beginning and 293.6MB in the end (delta: 134.2MB). Free memory was 59.9MB in the beginning and 239.7MB in the end (delta: -179.7MB). Peak memory consumption was 112.7MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,060 INFO L158 Benchmark]: Witness Printer took 242.11ms. Allocated memory is still 293.6MB. Free memory was 239.7MB in the beginning and 195.6MB in the end (delta: 44.0MB). Peak memory consumption was 44.0MB. Max. memory is 16.1GB. [2024-11-18 14:06:47,062 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.37ms. Allocated memory is still 159.4MB. Free memory is still 124.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 995.12ms. Allocated memory is still 159.4MB. Free memory was 102.3MB in the beginning and 59.2MB in the end (delta: 43.1MB). Peak memory consumption was 41.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 108.82ms. Allocated memory is still 159.4MB. Free memory was 59.2MB in the beginning and 53.7MB in the end (delta: 5.5MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Preprocessor took 125.17ms. Allocated memory is still 159.4MB. Free memory was 53.7MB in the beginning and 47.8MB in the end (delta: 5.9MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * RCFGBuilder took 1272.75ms. Allocated memory is still 159.4MB. Free memory was 47.8MB in the beginning and 60.8MB in the end (delta: -13.0MB). Peak memory consumption was 11.6MB. Max. memory is 16.1GB. * TraceAbstraction took 5949.04ms. Allocated memory was 159.4MB in the beginning and 293.6MB in the end (delta: 134.2MB). Free memory was 59.9MB in the beginning and 239.7MB in the end (delta: -179.7MB). Peak memory consumption was 112.7MB. Max. memory is 16.1GB. * Witness Printer took 242.11ms. Allocated memory is still 293.6MB. Free memory was 239.7MB in the beginning and 195.6MB in the end (delta: 44.0MB). Peak memory consumption was 44.0MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 48]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [48] - GenericResultAtLocation [Line: 167]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [167] - GenericResultAtLocation [Line: 392]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [392] - GenericResultAtLocation [Line: 409]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [409] - GenericResultAtLocation [Line: 447]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [447] - GenericResultAtLocation [Line: 851]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [851] - GenericResultAtLocation [Line: 1931]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [1931] - GenericResultAtLocation [Line: 2297]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2297] - GenericResultAtLocation [Line: 2591]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [2591] - GenericResultAtLocation [Line: 2600]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"DecryptAutoResponder_spec.i","") [2600] - GenericResultAtLocation [Line: 2619]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [2619] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 2596]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 17 procedures, 284 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 5.7s, OverallIterations: 7, TraceHistogramMax: 3, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.1s, AutomataDifference: 0.5s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 132 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 114 mSDsluCounter, 9363 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 6466 mSDsCounter, 1 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 154 IncrementalHoareTripleChecker+Invalid, 155 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1 mSolverCounterUnsat, 2897 mSDtfsCounter, 154 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 560 GetRequests, 526 SyntacticMatches, 0 SemanticMatches, 34 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.2s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=332occurred in iteration=5, InterpolantAutomatonStates: 30, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 7 MinimizatonAttempts, 9 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.4s SsaConstructionTime, 0.8s SatisfiabilityAnalysisTime, 1.7s InterpolantComputationTime, 1271 NumberOfCodeBlocks, 1203 NumberOfCodeBlocksAsserted, 12 NumberOfCheckSat, 1259 ConstructedInterpolants, 0 QuantifiedInterpolants, 1370 SizeOfPredicates, 3 NumberOfNonLiveVariables, 5110 ConjunctsInSsa, 20 ConjunctsInUnsatCore, 12 InterpolantComputations, 7 PerfectInterpolantSequences, 371/389 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 216]: Loop Invariant Derived loop invariant: 1 - ProcedureContractResult [Line: 779]: Procedure Contract for getEmailSignKey Derived contract for procedure getEmailSignKey. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 2341]: Procedure Contract for outgoing Derived contract for procedure outgoing. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 742]: Procedure Contract for isSigned Derived contract for procedure isSigned. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 1476]: Procedure Contract for setClientPrivateKey Derived contract for procedure setClientPrivateKey. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 2830]: Procedure Contract for chuckKeyAdd Derived contract for procedure chuckKeyAdd. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 572]: Procedure Contract for setEmailTo Derived contract for procedure setEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 553]: Procedure Contract for getEmailTo Derived contract for procedure getEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 1543]: Procedure Contract for createClientKeyringEntry Derived contract for procedure createClientKeyringEntry. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 2491]: Procedure Contract for generateKeyPair Derived contract for procedure generateKeyPair. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 1631]: Procedure Contract for setClientKeyringUser Derived contract for procedure setClientKeyringUser. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 2416]: Procedure Contract for sendEmail Derived contract for procedure sendEmail. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 535]: Procedure Contract for setEmailFrom Derived contract for procedure setEmailFrom. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 516]: Procedure Contract for getEmailFrom Derived contract for procedure getEmailFrom. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 134]: Procedure Contract for isReadable Derived contract for procedure isReadable. Ensures: ((\result == 1) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck)))) - ProcedureContractResult [Line: 1792]: Procedure Contract for setClientKeyringPublicKey Derived contract for procedure setClientKeyringPublicKey. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) - ProcedureContractResult [Line: 1911]: Procedure Contract for setClientId Derived contract for procedure setClientId. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (head == \old(head))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) RESULT: Ultimate proved your program to be correct! [2024-11-18 14:06:47,127 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE