./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 3061b6dc Calling Ultimate with: /root/.sdkman/candidates/java/11.0.12-open/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1d8908adfa5a1758f016a2fa64af2c05db2b3cc5d1fb9ac5b8aa70e5689b8434 --- Real Ultimate output --- This is Ultimate 0.2.5-tmp.dk.eval-assert-order-craig-3061b6d-m [2024-11-18 14:14:42,024 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-11-18 14:14:42,138 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-11-18 14:14:42,143 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-11-18 14:14:42,143 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-11-18 14:14:42,176 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-11-18 14:14:42,178 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-11-18 14:14:42,179 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-11-18 14:14:42,179 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-11-18 14:14:42,181 INFO L153 SettingsManager]: * Use memory slicer=true [2024-11-18 14:14:42,182 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-11-18 14:14:42,182 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-11-18 14:14:42,183 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-11-18 14:14:42,183 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-11-18 14:14:42,186 INFO L153 SettingsManager]: * Use SBE=true [2024-11-18 14:14:42,186 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-11-18 14:14:42,186 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-11-18 14:14:42,186 INFO L153 SettingsManager]: * sizeof long=4 [2024-11-18 14:14:42,187 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-11-18 14:14:42,187 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-11-18 14:14:42,187 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-11-18 14:14:42,191 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-11-18 14:14:42,191 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-11-18 14:14:42,192 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-11-18 14:14:42,192 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-11-18 14:14:42,192 INFO L153 SettingsManager]: * sizeof long double=12 [2024-11-18 14:14:42,192 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-11-18 14:14:42,193 INFO L153 SettingsManager]: * Use constant arrays=true [2024-11-18 14:14:42,193 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-11-18 14:14:42,193 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-11-18 14:14:42,194 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-11-18 14:14:42,194 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-11-18 14:14:42,194 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-18 14:14:42,194 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-11-18 14:14:42,195 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-11-18 14:14:42,195 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-11-18 14:14:42,195 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-11-18 14:14:42,195 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-11-18 14:14:42,196 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-11-18 14:14:42,196 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-11-18 14:14:42,196 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-11-18 14:14:42,198 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-11-18 14:14:42,198 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1d8908adfa5a1758f016a2fa64af2c05db2b3cc5d1fb9ac5b8aa70e5689b8434 [2024-11-18 14:14:42,481 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-11-18 14:14:42,507 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-11-18 14:14:42,511 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-11-18 14:14:42,513 INFO L270 PluginConnector]: Initializing CDTParser... [2024-11-18 14:14:42,513 INFO L274 PluginConnector]: CDTParser initialized [2024-11-18 14:14:42,514 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c [2024-11-18 14:14:44,022 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-11-18 14:14:44,403 INFO L384 CDTParser]: Found 1 translation units. [2024-11-18 14:14:44,405 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c [2024-11-18 14:14:44,439 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/23209db47/5fa8900174ff4e4a9baa4d90b134135b/FLAG1a0f621cd [2024-11-18 14:14:44,458 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/23209db47/5fa8900174ff4e4a9baa4d90b134135b [2024-11-18 14:14:44,460 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-11-18 14:14:44,462 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-11-18 14:14:44,464 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-11-18 14:14:44,465 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-11-18 14:14:44,470 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-11-18 14:14:44,471 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 02:14:44" (1/1) ... [2024-11-18 14:14:44,472 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6231309a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:44, skipping insertion in model container [2024-11-18 14:14:44,474 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 02:14:44" (1/1) ... [2024-11-18 14:14:44,549 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-11-18 14:14:45,178 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c[72622,72635] [2024-11-18 14:14:45,182 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-18 14:14:45,203 INFO L200 MainTranslator]: Completed pre-run [2024-11-18 14:14:45,216 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [48] [2024-11-18 14:14:45,217 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [642] [2024-11-18 14:14:45,218 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1041] [2024-11-18 14:14:45,218 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EncryptVerify_spec.i","") [1416] [2024-11-18 14:14:45,218 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [1435] [2024-11-18 14:14:45,219 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [1639] [2024-11-18 14:14:45,219 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [2699] [2024-11-18 14:14:45,220 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [2965] [2024-11-18 14:14:45,220 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [3072] [2024-11-18 14:14:45,220 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [3089] [2024-11-18 14:14:45,220 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [3455] [2024-11-18 14:14:45,377 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c[72622,72635] [2024-11-18 14:14:45,377 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-18 14:14:45,444 INFO L204 MainTranslator]: Completed translation [2024-11-18 14:14:45,444 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45 WrapperNode [2024-11-18 14:14:45,445 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-11-18 14:14:45,446 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-11-18 14:14:45,446 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-11-18 14:14:45,446 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-11-18 14:14:45,453 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,501 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,584 INFO L138 Inliner]: procedures = 151, calls = 262, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1306 [2024-11-18 14:14:45,584 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-11-18 14:14:45,585 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-11-18 14:14:45,585 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-11-18 14:14:45,586 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-11-18 14:14:45,594 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,594 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,603 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,632 INFO L175 MemorySlicer]: Split 14 memory accesses to 4 slices as follows [2, 4, 4, 4]. 29 percent of accesses are in the largest equivalence class. The 14 initializations are split as follows [2, 4, 4, 4]. The 0 writes are split as follows [0, 0, 0, 0]. [2024-11-18 14:14:45,633 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,633 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,661 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,675 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,682 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,688 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,698 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-11-18 14:14:45,699 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-11-18 14:14:45,700 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-11-18 14:14:45,700 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-11-18 14:14:45,701 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (1/1) ... [2024-11-18 14:14:45,706 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-18 14:14:45,724 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:14:45,748 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-11-18 14:14:45,761 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-11-18 14:14:45,808 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2024-11-18 14:14:45,809 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2024-11-18 14:14:45,809 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2024-11-18 14:14:45,809 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2024-11-18 14:14:45,809 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2024-11-18 14:14:45,809 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2024-11-18 14:14:45,810 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2024-11-18 14:14:45,810 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2024-11-18 14:14:45,811 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2024-11-18 14:14:45,811 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2024-11-18 14:14:45,811 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2024-11-18 14:14:45,811 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2024-11-18 14:14:45,812 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2024-11-18 14:14:45,812 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2024-11-18 14:14:45,813 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2024-11-18 14:14:45,813 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2024-11-18 14:14:45,813 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2024-11-18 14:14:45,813 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2024-11-18 14:14:45,815 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2024-11-18 14:14:45,815 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2024-11-18 14:14:45,816 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2024-11-18 14:14:45,816 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2024-11-18 14:14:45,817 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2024-11-18 14:14:45,817 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2024-11-18 14:14:45,817 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2024-11-18 14:14:45,817 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2024-11-18 14:14:45,817 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2024-11-18 14:14:45,817 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2024-11-18 14:14:45,817 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2024-11-18 14:14:45,817 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2024-11-18 14:14:45,817 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2024-11-18 14:14:45,817 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2024-11-18 14:14:45,818 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2024-11-18 14:14:45,818 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2024-11-18 14:14:45,818 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2024-11-18 14:14:45,818 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2024-11-18 14:14:45,818 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2024-11-18 14:14:45,819 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2024-11-18 14:14:45,819 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2024-11-18 14:14:45,819 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2024-11-18 14:14:45,819 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2024-11-18 14:14:45,820 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2024-11-18 14:14:45,820 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2024-11-18 14:14:45,820 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2024-11-18 14:14:45,820 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2024-11-18 14:14:45,820 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2024-11-18 14:14:45,820 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-11-18 14:14:45,821 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2024-11-18 14:14:45,821 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2024-11-18 14:14:45,821 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2024-11-18 14:14:45,821 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2024-11-18 14:14:45,821 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2024-11-18 14:14:45,821 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2024-11-18 14:14:45,821 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2024-11-18 14:14:45,822 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2024-11-18 14:14:45,822 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2024-11-18 14:14:45,822 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2024-11-18 14:14:45,822 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2024-11-18 14:14:45,822 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2024-11-18 14:14:45,822 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2024-11-18 14:14:45,822 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2024-11-18 14:14:45,822 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2024-11-18 14:14:45,822 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2024-11-18 14:14:45,823 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2024-11-18 14:14:45,823 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2024-11-18 14:14:45,823 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2024-11-18 14:14:45,823 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2024-11-18 14:14:45,823 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2024-11-18 14:14:45,824 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2024-11-18 14:14:45,825 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2024-11-18 14:14:45,825 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2024-11-18 14:14:45,825 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2024-11-18 14:14:45,825 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2024-11-18 14:14:45,825 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2024-11-18 14:14:45,825 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2024-11-18 14:14:45,826 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2024-11-18 14:14:45,826 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2024-11-18 14:14:45,826 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2024-11-18 14:14:45,826 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2024-11-18 14:14:45,827 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-11-18 14:14:45,827 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#1 [2024-11-18 14:14:45,827 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#2 [2024-11-18 14:14:45,827 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#3 [2024-11-18 14:14:45,827 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2024-11-18 14:14:45,828 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2024-11-18 14:14:45,828 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2024-11-18 14:14:45,828 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2024-11-18 14:14:45,828 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2024-11-18 14:14:45,828 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2024-11-18 14:14:45,828 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2024-11-18 14:14:45,829 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2024-11-18 14:14:45,829 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-11-18 14:14:45,829 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-11-18 14:14:46,047 INFO L238 CfgBuilder]: Building ICFG [2024-11-18 14:14:46,052 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-11-18 14:14:47,379 INFO L? ?]: Removed 623 outVars from TransFormulas that were not future-live. [2024-11-18 14:14:47,379 INFO L287 CfgBuilder]: Performing block encoding [2024-11-18 14:14:47,412 INFO L311 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-11-18 14:14:47,416 INFO L316 CfgBuilder]: Removed 1 assume(true) statements. [2024-11-18 14:14:47,417 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:14:47 BoogieIcfgContainer [2024-11-18 14:14:47,417 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-11-18 14:14:47,419 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-11-18 14:14:47,419 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-11-18 14:14:47,424 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-11-18 14:14:47,424 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 18.11 02:14:44" (1/3) ... [2024-11-18 14:14:47,425 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@79ae73bc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 02:14:47, skipping insertion in model container [2024-11-18 14:14:47,426 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 02:14:45" (2/3) ... [2024-11-18 14:14:47,426 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@79ae73bc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 02:14:47, skipping insertion in model container [2024-11-18 14:14:47,426 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:14:47" (3/3) ... [2024-11-18 14:14:47,428 INFO L112 eAbstractionObserver]: Analyzing ICFG email_spec7_productSimulator.cil.c [2024-11-18 14:14:47,445 INFO L214 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-11-18 14:14:47,446 INFO L154 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-11-18 14:14:47,540 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-11-18 14:14:47,549 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@59ea1666, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-11-18 14:14:47,550 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-11-18 14:14:47,561 INFO L276 IsEmpty]: Start isEmpty. Operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2024-11-18 14:14:47,599 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 149 [2024-11-18 14:14:47,600 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:47,601 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:47,602 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:47,608 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:47,608 INFO L85 PathProgramCache]: Analyzing trace with hash 1997672025, now seen corresponding path program 1 times [2024-11-18 14:14:47,617 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:47,617 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [569623729] [2024-11-18 14:14:47,617 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:47,618 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:47,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:48,090 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2024-11-18 14:14:48,092 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:48,092 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [569623729] [2024-11-18 14:14:48,093 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [569623729] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:48,093 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:48,094 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2024-11-18 14:14:48,095 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1054699718] [2024-11-18 14:14:48,096 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:48,101 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-11-18 14:14:48,103 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:48,130 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-11-18 14:14:48,131 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2024-11-18 14:14:48,136 INFO L87 Difference]: Start difference. First operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2024-11-18 14:14:48,233 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:48,233 INFO L93 Difference]: Finished difference Result 931 states and 1369 transitions. [2024-11-18 14:14:48,235 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-11-18 14:14:48,238 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 148 [2024-11-18 14:14:48,239 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:48,259 INFO L225 Difference]: With dead ends: 931 [2024-11-18 14:14:48,259 INFO L226 Difference]: Without dead ends: 593 [2024-11-18 14:14:48,266 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2024-11-18 14:14:48,272 INFO L432 NwaCegarLoop]: 890 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 890 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:48,273 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 890 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:48,292 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 593 states. [2024-11-18 14:14:48,376 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 593 to 593. [2024-11-18 14:14:48,380 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2024-11-18 14:14:48,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 882 transitions. [2024-11-18 14:14:48,393 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 882 transitions. Word has length 148 [2024-11-18 14:14:48,394 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:48,396 INFO L471 AbstractCegarLoop]: Abstraction has 593 states and 882 transitions. [2024-11-18 14:14:48,396 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2024-11-18 14:14:48,397 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 882 transitions. [2024-11-18 14:14:48,404 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 143 [2024-11-18 14:14:48,405 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:48,405 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:48,406 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2024-11-18 14:14:48,406 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:48,407 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:48,407 INFO L85 PathProgramCache]: Analyzing trace with hash 730030555, now seen corresponding path program 1 times [2024-11-18 14:14:48,407 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:48,408 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [793738492] [2024-11-18 14:14:48,408 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:48,408 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:48,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:48,783 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2024-11-18 14:14:48,784 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:48,784 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [793738492] [2024-11-18 14:14:48,784 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [793738492] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:48,784 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:48,784 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-11-18 14:14:48,784 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1000313200] [2024-11-18 14:14:48,785 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:48,786 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-18 14:14:48,786 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:48,788 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-18 14:14:48,788 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:14:48,788 INFO L87 Difference]: Start difference. First operand 593 states and 882 transitions. Second operand has 5 states, 5 states have (on average 14.6) internal successors, (73), 5 states have internal predecessors, (73), 2 states have call successors, (26), 2 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2024-11-18 14:14:48,886 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:48,886 INFO L93 Difference]: Finished difference Result 1150 states and 1708 transitions. [2024-11-18 14:14:48,888 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-18 14:14:48,888 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.6) internal successors, (73), 5 states have internal predecessors, (73), 2 states have call successors, (26), 2 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 142 [2024-11-18 14:14:48,888 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:48,896 INFO L225 Difference]: With dead ends: 1150 [2024-11-18 14:14:48,897 INFO L226 Difference]: Without dead ends: 593 [2024-11-18 14:14:48,899 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-18 14:14:48,902 INFO L432 NwaCegarLoop]: 880 mSDtfsCounter, 0 mSDsluCounter, 2628 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 3508 SdHoareTripleChecker+Invalid, 19 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:48,902 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 3508 Invalid, 19 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:48,905 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 593 states. [2024-11-18 14:14:48,946 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 593 to 593. [2024-11-18 14:14:48,951 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2024-11-18 14:14:48,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 875 transitions. [2024-11-18 14:14:48,957 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 875 transitions. Word has length 142 [2024-11-18 14:14:48,958 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:48,959 INFO L471 AbstractCegarLoop]: Abstraction has 593 states and 875 transitions. [2024-11-18 14:14:48,960 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.6) internal successors, (73), 5 states have internal predecessors, (73), 2 states have call successors, (26), 2 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2024-11-18 14:14:48,960 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 875 transitions. [2024-11-18 14:14:48,965 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 148 [2024-11-18 14:14:48,966 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:48,966 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:48,967 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2024-11-18 14:14:48,967 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:48,967 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:48,969 INFO L85 PathProgramCache]: Analyzing trace with hash -1478514306, now seen corresponding path program 1 times [2024-11-18 14:14:48,969 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:48,969 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [854096331] [2024-11-18 14:14:48,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:48,969 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:49,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:49,186 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2024-11-18 14:14:49,187 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:49,187 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [854096331] [2024-11-18 14:14:49,187 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [854096331] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:49,187 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:49,187 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-11-18 14:14:49,187 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [446043120] [2024-11-18 14:14:49,187 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:49,188 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:49,188 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:49,189 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:49,189 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,191 INFO L87 Difference]: Start difference. First operand 593 states and 875 transitions. Second operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 2 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2024-11-18 14:14:49,251 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:49,252 INFO L93 Difference]: Finished difference Result 1154 states and 1716 transitions. [2024-11-18 14:14:49,253 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:49,253 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 2 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) Word has length 147 [2024-11-18 14:14:49,253 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:49,259 INFO L225 Difference]: With dead ends: 1154 [2024-11-18 14:14:49,259 INFO L226 Difference]: Without dead ends: 594 [2024-11-18 14:14:49,262 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,264 INFO L432 NwaCegarLoop]: 866 mSDtfsCounter, 837 mSDsluCounter, 24 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 837 SdHoareTripleChecker+Valid, 890 SdHoareTripleChecker+Invalid, 7 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:49,265 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [837 Valid, 890 Invalid, 7 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:49,267 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 594 states. [2024-11-18 14:14:49,302 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 594 to 594. [2024-11-18 14:14:49,303 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2024-11-18 14:14:49,308 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 870 transitions. [2024-11-18 14:14:49,309 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 870 transitions. Word has length 147 [2024-11-18 14:14:49,309 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:49,310 INFO L471 AbstractCegarLoop]: Abstraction has 594 states and 870 transitions. [2024-11-18 14:14:49,310 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 2 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2024-11-18 14:14:49,310 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 870 transitions. [2024-11-18 14:14:49,313 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 156 [2024-11-18 14:14:49,313 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:49,313 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:49,314 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2024-11-18 14:14:49,314 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:49,315 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:49,315 INFO L85 PathProgramCache]: Analyzing trace with hash -1147784420, now seen corresponding path program 1 times [2024-11-18 14:14:49,315 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:49,316 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [978817022] [2024-11-18 14:14:49,316 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:49,316 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:49,363 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:49,433 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2024-11-18 14:14:49,433 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:49,433 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [978817022] [2024-11-18 14:14:49,433 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [978817022] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:49,433 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:49,433 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-11-18 14:14:49,434 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2060610376] [2024-11-18 14:14:49,434 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:49,434 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:49,434 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:49,435 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:49,435 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,438 INFO L87 Difference]: Start difference. First operand 594 states and 870 transitions. Second operand has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2024-11-18 14:14:49,519 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:49,519 INFO L93 Difference]: Finished difference Result 1694 states and 2517 transitions. [2024-11-18 14:14:49,522 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:49,522 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 155 [2024-11-18 14:14:49,524 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:49,533 INFO L225 Difference]: With dead ends: 1694 [2024-11-18 14:14:49,533 INFO L226 Difference]: Without dead ends: 1134 [2024-11-18 14:14:49,536 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,540 INFO L432 NwaCegarLoop]: 876 mSDtfsCounter, 826 mSDsluCounter, 834 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 826 SdHoareTripleChecker+Valid, 1710 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:49,540 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [826 Valid, 1710 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:49,544 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1134 states. [2024-11-18 14:14:49,647 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1134 to 1132. [2024-11-18 14:14:49,650 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) [2024-11-18 14:14:49,657 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1132 states to 1132 states and 1671 transitions. [2024-11-18 14:14:49,659 INFO L78 Accepts]: Start accepts. Automaton has 1132 states and 1671 transitions. Word has length 155 [2024-11-18 14:14:49,659 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:49,660 INFO L471 AbstractCegarLoop]: Abstraction has 1132 states and 1671 transitions. [2024-11-18 14:14:49,660 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2024-11-18 14:14:49,662 INFO L276 IsEmpty]: Start isEmpty. Operand 1132 states and 1671 transitions. [2024-11-18 14:14:49,666 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 157 [2024-11-18 14:14:49,666 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:49,667 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:49,667 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2024-11-18 14:14:49,667 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:49,668 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:49,668 INFO L85 PathProgramCache]: Analyzing trace with hash -1336648270, now seen corresponding path program 1 times [2024-11-18 14:14:49,669 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:49,669 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [170854827] [2024-11-18 14:14:49,669 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:49,669 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:49,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:49,778 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2024-11-18 14:14:49,778 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:49,779 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [170854827] [2024-11-18 14:14:49,781 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [170854827] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:49,781 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:49,781 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-11-18 14:14:49,781 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1080858823] [2024-11-18 14:14:49,781 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:49,782 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:49,782 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:49,783 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:49,783 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,784 INFO L87 Difference]: Start difference. First operand 1132 states and 1671 transitions. Second operand has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2024-11-18 14:14:49,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:49,849 INFO L93 Difference]: Finished difference Result 1134 states and 1672 transitions. [2024-11-18 14:14:49,850 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:49,850 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2024-11-18 14:14:49,851 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:49,855 INFO L225 Difference]: With dead ends: 1134 [2024-11-18 14:14:49,856 INFO L226 Difference]: Without dead ends: 595 [2024-11-18 14:14:49,857 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,858 INFO L432 NwaCegarLoop]: 856 mSDtfsCounter, 817 mSDsluCounter, 37 mSDsCounter, 0 mSdLazyCounter, 6 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 817 SdHoareTripleChecker+Valid, 893 SdHoareTripleChecker+Invalid, 8 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 6 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:49,859 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [817 Valid, 893 Invalid, 8 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 6 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:49,862 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 595 states. [2024-11-18 14:14:49,886 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 595 to 595. [2024-11-18 14:14:49,887 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2024-11-18 14:14:49,890 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 864 transitions. [2024-11-18 14:14:49,891 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 864 transitions. Word has length 156 [2024-11-18 14:14:49,891 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:49,891 INFO L471 AbstractCegarLoop]: Abstraction has 595 states and 864 transitions. [2024-11-18 14:14:49,892 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 2 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2024-11-18 14:14:49,892 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 864 transitions. [2024-11-18 14:14:49,895 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 166 [2024-11-18 14:14:49,895 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:49,896 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:49,896 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2024-11-18 14:14:49,896 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:49,896 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:49,896 INFO L85 PathProgramCache]: Analyzing trace with hash -921177640, now seen corresponding path program 1 times [2024-11-18 14:14:49,897 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:49,897 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1518715075] [2024-11-18 14:14:49,897 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:49,897 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:49,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:49,994 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2024-11-18 14:14:49,994 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:49,994 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1518715075] [2024-11-18 14:14:49,995 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1518715075] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:49,995 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:49,995 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-11-18 14:14:49,995 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [570631400] [2024-11-18 14:14:49,995 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:49,995 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:49,996 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:49,996 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:49,996 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:49,997 INFO L87 Difference]: Start difference. First operand 595 states and 864 transitions. Second operand has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 2 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2024-11-18 14:14:50,096 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:50,096 INFO L93 Difference]: Finished difference Result 1144 states and 1668 transitions. [2024-11-18 14:14:50,097 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:50,097 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 2 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 165 [2024-11-18 14:14:50,098 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:50,102 INFO L225 Difference]: With dead ends: 1144 [2024-11-18 14:14:50,102 INFO L226 Difference]: Without dead ends: 598 [2024-11-18 14:14:50,104 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-11-18 14:14:50,106 INFO L432 NwaCegarLoop]: 837 mSDtfsCounter, 799 mSDsluCounter, 41 mSDsCounter, 0 mSdLazyCounter, 14 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 799 SdHoareTripleChecker+Valid, 878 SdHoareTripleChecker+Invalid, 25 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 14 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:50,107 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [799 Valid, 878 Invalid, 25 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 14 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:50,110 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 598 states. [2024-11-18 14:14:50,140 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 598 to 592. [2024-11-18 14:14:50,142 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2024-11-18 14:14:50,146 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 592 states to 592 states and 847 transitions. [2024-11-18 14:14:50,147 INFO L78 Accepts]: Start accepts. Automaton has 592 states and 847 transitions. Word has length 165 [2024-11-18 14:14:50,147 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:50,148 INFO L471 AbstractCegarLoop]: Abstraction has 592 states and 847 transitions. [2024-11-18 14:14:50,148 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 2 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2024-11-18 14:14:50,148 INFO L276 IsEmpty]: Start isEmpty. Operand 592 states and 847 transitions. [2024-11-18 14:14:50,151 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 177 [2024-11-18 14:14:50,151 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:50,151 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:50,152 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2024-11-18 14:14:50,152 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:50,152 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:50,153 INFO L85 PathProgramCache]: Analyzing trace with hash 1879216936, now seen corresponding path program 1 times [2024-11-18 14:14:50,153 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:50,153 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1643435026] [2024-11-18 14:14:50,153 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:50,153 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:50,212 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:50,529 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2024-11-18 14:14:50,530 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:50,530 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1643435026] [2024-11-18 14:14:50,530 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1643435026] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:14:50,530 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [735918858] [2024-11-18 14:14:50,530 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:50,530 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:50,531 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:14:50,536 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:14:50,539 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-11-18 14:14:50,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:50,980 INFO L255 TraceCheckSpWp]: Trace formula consists of 1428 conjuncts, 2 conjuncts are in the unsatisfiable core [2024-11-18 14:14:50,990 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:14:51,039 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2024-11-18 14:14:51,039 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:14:51,043 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [735918858] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:51,043 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:14:51,043 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2024-11-18 14:14:51,044 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1500089113] [2024-11-18 14:14:51,044 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:51,044 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:51,044 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:51,045 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:51,045 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:51,045 INFO L87 Difference]: Start difference. First operand 592 states and 847 transitions. Second operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2024-11-18 14:14:51,091 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:51,091 INFO L93 Difference]: Finished difference Result 916 states and 1293 transitions. [2024-11-18 14:14:51,092 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:51,092 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 176 [2024-11-18 14:14:51,093 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:51,096 INFO L225 Difference]: With dead ends: 916 [2024-11-18 14:14:51,097 INFO L226 Difference]: Without dead ends: 595 [2024-11-18 14:14:51,099 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 183 GetRequests, 176 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:51,099 INFO L432 NwaCegarLoop]: 841 mSDtfsCounter, 1 mSDsluCounter, 839 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1680 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:51,100 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [1 Valid, 1680 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:51,101 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 595 states. [2024-11-18 14:14:51,161 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 595 to 594. [2024-11-18 14:14:51,163 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2024-11-18 14:14:51,166 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 849 transitions. [2024-11-18 14:14:51,167 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 849 transitions. Word has length 176 [2024-11-18 14:14:51,167 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:51,167 INFO L471 AbstractCegarLoop]: Abstraction has 594 states and 849 transitions. [2024-11-18 14:14:51,168 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2024-11-18 14:14:51,168 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 849 transitions. [2024-11-18 14:14:51,171 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 192 [2024-11-18 14:14:51,171 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:51,171 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:51,197 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2024-11-18 14:14:51,373 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:51,374 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:51,374 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:51,375 INFO L85 PathProgramCache]: Analyzing trace with hash -1077589851, now seen corresponding path program 1 times [2024-11-18 14:14:51,375 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:51,375 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1149310115] [2024-11-18 14:14:51,375 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:51,375 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:51,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:51,676 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2024-11-18 14:14:51,677 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:51,677 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1149310115] [2024-11-18 14:14:51,677 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1149310115] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:14:51,677 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1447336890] [2024-11-18 14:14:51,677 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:51,678 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:51,678 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:14:51,679 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:14:51,681 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2024-11-18 14:14:52,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:52,116 INFO L255 TraceCheckSpWp]: Trace formula consists of 1472 conjuncts, 3 conjuncts are in the unsatisfiable core [2024-11-18 14:14:52,127 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:14:52,183 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2024-11-18 14:14:52,187 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:14:52,187 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1447336890] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:52,188 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:14:52,188 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2024-11-18 14:14:52,188 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [48079852] [2024-11-18 14:14:52,188 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:52,188 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:52,189 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:52,192 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:52,192 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:52,193 INFO L87 Difference]: Start difference. First operand 594 states and 849 transitions. Second operand has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 2 states have call successors, (31), 2 states have call predecessors, (31), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2024-11-18 14:14:52,244 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:52,244 INFO L93 Difference]: Finished difference Result 1205 states and 1757 transitions. [2024-11-18 14:14:52,245 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:52,245 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 2 states have call successors, (31), 2 states have call predecessors, (31), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 191 [2024-11-18 14:14:52,245 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:52,250 INFO L225 Difference]: With dead ends: 1205 [2024-11-18 14:14:52,251 INFO L226 Difference]: Without dead ends: 692 [2024-11-18 14:14:52,253 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 198 GetRequests, 191 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:52,254 INFO L432 NwaCegarLoop]: 858 mSDtfsCounter, 165 mSDsluCounter, 794 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1652 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:52,255 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [183 Valid, 1652 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:52,256 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 692 states. [2024-11-18 14:14:52,291 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 692 to 684. [2024-11-18 14:14:52,293 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) [2024-11-18 14:14:52,297 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 684 states to 684 states and 995 transitions. [2024-11-18 14:14:52,299 INFO L78 Accepts]: Start accepts. Automaton has 684 states and 995 transitions. Word has length 191 [2024-11-18 14:14:52,300 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:52,300 INFO L471 AbstractCegarLoop]: Abstraction has 684 states and 995 transitions. [2024-11-18 14:14:52,300 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 2 states have call successors, (31), 2 states have call predecessors, (31), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2024-11-18 14:14:52,300 INFO L276 IsEmpty]: Start isEmpty. Operand 684 states and 995 transitions. [2024-11-18 14:14:52,304 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 193 [2024-11-18 14:14:52,304 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:52,305 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:52,326 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2024-11-18 14:14:52,506 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable7 [2024-11-18 14:14:52,508 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:52,508 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:52,508 INFO L85 PathProgramCache]: Analyzing trace with hash -1772098749, now seen corresponding path program 1 times [2024-11-18 14:14:52,509 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:52,509 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1778509491] [2024-11-18 14:14:52,509 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:52,509 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:52,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:52,785 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2024-11-18 14:14:52,785 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:52,785 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1778509491] [2024-11-18 14:14:52,786 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1778509491] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:14:52,786 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1083408995] [2024-11-18 14:14:52,786 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:52,786 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:52,786 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:14:52,788 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:14:52,789 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2024-11-18 14:14:53,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:53,282 INFO L255 TraceCheckSpWp]: Trace formula consists of 1477 conjuncts, 3 conjuncts are in the unsatisfiable core [2024-11-18 14:14:53,289 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:14:53,498 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 114 trivial. 0 not checked. [2024-11-18 14:14:53,501 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:14:53,501 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1083408995] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:53,502 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:14:53,502 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2024-11-18 14:14:53,502 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [419755696] [2024-11-18 14:14:53,502 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:53,503 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-18 14:14:53,504 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:53,505 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-18 14:14:53,505 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:53,506 INFO L87 Difference]: Start difference. First operand 684 states and 995 transitions. Second operand has 3 states, 3 states have (on average 35.333333333333336) internal successors, (106), 3 states have internal predecessors, (106), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (25), 3 states have call predecessors, (25), 3 states have call successors, (25) [2024-11-18 14:14:53,606 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:53,607 INFO L93 Difference]: Finished difference Result 1632 states and 2374 transitions. [2024-11-18 14:14:53,607 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-18 14:14:53,608 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 35.333333333333336) internal successors, (106), 3 states have internal predecessors, (106), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (25), 3 states have call predecessors, (25), 3 states have call successors, (25) Word has length 192 [2024-11-18 14:14:53,608 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:53,618 INFO L225 Difference]: With dead ends: 1632 [2024-11-18 14:14:53,618 INFO L226 Difference]: Without dead ends: 1319 [2024-11-18 14:14:53,621 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 199 GetRequests, 192 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:53,622 INFO L432 NwaCegarLoop]: 857 mSDtfsCounter, 708 mSDsluCounter, 807 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 708 SdHoareTripleChecker+Valid, 1664 SdHoareTripleChecker+Invalid, 7 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:53,623 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [708 Valid, 1664 Invalid, 7 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:53,625 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1319 states. [2024-11-18 14:14:53,690 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1319 to 1317. [2024-11-18 14:14:53,693 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1317 states, 1013 states have (on average 1.4718657453109576) internal successors, (1491), 1030 states have internal predecessors, (1491), 216 states have call successors, (216), 87 states have call predecessors, (216), 87 states have return successors, (223), 212 states have call predecessors, (223), 214 states have call successors, (223) [2024-11-18 14:14:53,701 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1317 states to 1317 states and 1930 transitions. [2024-11-18 14:14:53,703 INFO L78 Accepts]: Start accepts. Automaton has 1317 states and 1930 transitions. Word has length 192 [2024-11-18 14:14:53,703 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:53,703 INFO L471 AbstractCegarLoop]: Abstraction has 1317 states and 1930 transitions. [2024-11-18 14:14:53,704 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 35.333333333333336) internal successors, (106), 3 states have internal predecessors, (106), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (25), 3 states have call predecessors, (25), 3 states have call successors, (25) [2024-11-18 14:14:53,704 INFO L276 IsEmpty]: Start isEmpty. Operand 1317 states and 1930 transitions. [2024-11-18 14:14:53,709 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 186 [2024-11-18 14:14:53,709 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:53,709 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:53,731 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2024-11-18 14:14:53,910 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:53,911 INFO L396 AbstractCegarLoop]: === Iteration 10 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:53,911 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:53,911 INFO L85 PathProgramCache]: Analyzing trace with hash 2019287498, now seen corresponding path program 1 times [2024-11-18 14:14:53,912 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:53,912 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1543111072] [2024-11-18 14:14:53,912 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:53,912 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:53,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:54,197 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2024-11-18 14:14:54,197 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:54,198 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1543111072] [2024-11-18 14:14:54,198 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1543111072] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:14:54,198 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [525854000] [2024-11-18 14:14:54,198 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:54,198 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:54,198 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:14:54,200 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:14:54,202 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2024-11-18 14:14:54,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:54,597 INFO L255 TraceCheckSpWp]: Trace formula consists of 1447 conjuncts, 10 conjuncts are in the unsatisfiable core [2024-11-18 14:14:54,603 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:14:54,714 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2024-11-18 14:14:54,715 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:14:54,715 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [525854000] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:54,715 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:14:54,715 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [8] total 14 [2024-11-18 14:14:54,715 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1757894771] [2024-11-18 14:14:54,715 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:54,716 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2024-11-18 14:14:54,716 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:54,717 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2024-11-18 14:14:54,718 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=31, Invalid=151, Unknown=0, NotChecked=0, Total=182 [2024-11-18 14:14:54,718 INFO L87 Difference]: Start difference. First operand 1317 states and 1930 transitions. Second operand has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:54,865 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:54,865 INFO L93 Difference]: Finished difference Result 2555 states and 3770 transitions. [2024-11-18 14:14:54,866 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2024-11-18 14:14:54,866 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 185 [2024-11-18 14:14:54,866 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:54,875 INFO L225 Difference]: With dead ends: 2555 [2024-11-18 14:14:54,875 INFO L226 Difference]: Without dead ends: 1321 [2024-11-18 14:14:54,880 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 193 GetRequests, 180 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=35, Invalid=175, Unknown=0, NotChecked=0, Total=210 [2024-11-18 14:14:54,881 INFO L432 NwaCegarLoop]: 832 mSDtfsCounter, 4 mSDsluCounter, 4975 mSDsCounter, 0 mSdLazyCounter, 83 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 5807 SdHoareTripleChecker+Invalid, 83 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 83 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:54,882 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 5807 Invalid, 83 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 83 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-11-18 14:14:54,884 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1321 states. [2024-11-18 14:14:54,943 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1321 to 1321. [2024-11-18 14:14:54,946 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1321 states, 1015 states have (on average 1.470935960591133) internal successors, (1493), 1034 states have internal predecessors, (1493), 216 states have call successors, (216), 87 states have call predecessors, (216), 89 states have return successors, (227), 212 states have call predecessors, (227), 214 states have call successors, (227) [2024-11-18 14:14:54,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1321 states to 1321 states and 1936 transitions. [2024-11-18 14:14:54,961 INFO L78 Accepts]: Start accepts. Automaton has 1321 states and 1936 transitions. Word has length 185 [2024-11-18 14:14:54,961 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:54,961 INFO L471 AbstractCegarLoop]: Abstraction has 1321 states and 1936 transitions. [2024-11-18 14:14:54,962 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:54,962 INFO L276 IsEmpty]: Start isEmpty. Operand 1321 states and 1936 transitions. [2024-11-18 14:14:54,967 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 187 [2024-11-18 14:14:54,968 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:54,968 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:54,990 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2024-11-18 14:14:55,168 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:55,169 INFO L396 AbstractCegarLoop]: === Iteration 11 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:55,171 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:55,171 INFO L85 PathProgramCache]: Analyzing trace with hash 35090114, now seen corresponding path program 1 times [2024-11-18 14:14:55,171 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:55,171 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1235835549] [2024-11-18 14:14:55,171 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:55,171 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:55,204 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:55,430 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2024-11-18 14:14:55,430 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:55,430 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1235835549] [2024-11-18 14:14:55,431 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1235835549] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-18 14:14:55,431 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [542398577] [2024-11-18 14:14:55,431 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:55,431 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-18 14:14:55,431 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-18 14:14:55,433 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-18 14:14:55,434 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2024-11-18 14:14:55,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:55,819 INFO L255 TraceCheckSpWp]: Trace formula consists of 1448 conjuncts, 8 conjuncts are in the unsatisfiable core [2024-11-18 14:14:55,824 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-18 14:14:55,893 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2024-11-18 14:14:55,893 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-18 14:14:55,893 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [542398577] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:55,893 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-18 14:14:55,893 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [9] total 13 [2024-11-18 14:14:55,895 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1703942931] [2024-11-18 14:14:55,895 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:55,895 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2024-11-18 14:14:55,896 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:55,896 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2024-11-18 14:14:55,896 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=26, Invalid=130, Unknown=0, NotChecked=0, Total=156 [2024-11-18 14:14:55,897 INFO L87 Difference]: Start difference. First operand 1321 states and 1936 transitions. Second operand has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2024-11-18 14:14:56,013 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:56,014 INFO L93 Difference]: Finished difference Result 2557 states and 3778 transitions. [2024-11-18 14:14:56,014 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2024-11-18 14:14:56,015 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) Word has length 186 [2024-11-18 14:14:56,015 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:56,023 INFO L225 Difference]: With dead ends: 2557 [2024-11-18 14:14:56,023 INFO L226 Difference]: Without dead ends: 1325 [2024-11-18 14:14:56,027 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 194 GetRequests, 183 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=26, Invalid=130, Unknown=0, NotChecked=0, Total=156 [2024-11-18 14:14:56,028 INFO L432 NwaCegarLoop]: 832 mSDtfsCounter, 2 mSDsluCounter, 3311 mSDsCounter, 0 mSdLazyCounter, 64 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 4143 SdHoareTripleChecker+Invalid, 64 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 64 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:56,028 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 4143 Invalid, 64 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 64 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:56,030 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1325 states. [2024-11-18 14:14:56,079 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1325 to 1325. [2024-11-18 14:14:56,083 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1325 states, 1017 states have (on average 1.4700098328416913) internal successors, (1495), 1038 states have internal predecessors, (1495), 216 states have call successors, (216), 87 states have call predecessors, (216), 91 states have return successors, (237), 212 states have call predecessors, (237), 214 states have call successors, (237) [2024-11-18 14:14:56,090 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1325 states to 1325 states and 1948 transitions. [2024-11-18 14:14:56,093 INFO L78 Accepts]: Start accepts. Automaton has 1325 states and 1948 transitions. Word has length 186 [2024-11-18 14:14:56,093 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:56,093 INFO L471 AbstractCegarLoop]: Abstraction has 1325 states and 1948 transitions. [2024-11-18 14:14:56,094 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2024-11-18 14:14:56,094 INFO L276 IsEmpty]: Start isEmpty. Operand 1325 states and 1948 transitions. [2024-11-18 14:14:56,100 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 188 [2024-11-18 14:14:56,100 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:56,100 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:56,125 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0 [2024-11-18 14:14:56,301 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2024-11-18 14:14:56,302 INFO L396 AbstractCegarLoop]: === Iteration 12 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:56,302 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:56,302 INFO L85 PathProgramCache]: Analyzing trace with hash 1806409998, now seen corresponding path program 1 times [2024-11-18 14:14:56,302 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:56,302 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [282046643] [2024-11-18 14:14:56,302 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:56,302 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:56,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:56,615 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2024-11-18 14:14:56,615 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:56,615 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [282046643] [2024-11-18 14:14:56,615 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [282046643] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:56,616 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:56,616 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2024-11-18 14:14:56,616 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [14796633] [2024-11-18 14:14:56,616 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:56,617 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2024-11-18 14:14:56,617 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:56,618 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2024-11-18 14:14:56,619 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2024-11-18 14:14:56,619 INFO L87 Difference]: Start difference. First operand 1325 states and 1948 transitions. Second operand has 8 states, 6 states have (on average 18.0) internal successors, (108), 8 states have internal predecessors, (108), 4 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:56,747 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:56,747 INFO L93 Difference]: Finished difference Result 2533 states and 3752 transitions. [2024-11-18 14:14:56,747 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2024-11-18 14:14:56,748 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 18.0) internal successors, (108), 8 states have internal predecessors, (108), 4 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 187 [2024-11-18 14:14:56,748 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:56,757 INFO L225 Difference]: With dead ends: 2533 [2024-11-18 14:14:56,757 INFO L226 Difference]: Without dead ends: 1325 [2024-11-18 14:14:56,761 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=55, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:56,762 INFO L432 NwaCegarLoop]: 833 mSDtfsCounter, 4 mSDsluCounter, 4981 mSDsCounter, 0 mSdLazyCounter, 76 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 5814 SdHoareTripleChecker+Invalid, 76 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 76 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:56,762 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 5814 Invalid, 76 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 76 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-11-18 14:14:56,764 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1325 states. [2024-11-18 14:14:56,812 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1325 to 1325. [2024-11-18 14:14:56,815 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1325 states, 1017 states have (on average 1.4700098328416913) internal successors, (1495), 1038 states have internal predecessors, (1495), 216 states have call successors, (216), 87 states have call predecessors, (216), 91 states have return successors, (235), 212 states have call predecessors, (235), 214 states have call successors, (235) [2024-11-18 14:14:56,821 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1325 states to 1325 states and 1946 transitions. [2024-11-18 14:14:56,823 INFO L78 Accepts]: Start accepts. Automaton has 1325 states and 1946 transitions. Word has length 187 [2024-11-18 14:14:56,824 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:56,824 INFO L471 AbstractCegarLoop]: Abstraction has 1325 states and 1946 transitions. [2024-11-18 14:14:56,825 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 18.0) internal successors, (108), 8 states have internal predecessors, (108), 4 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:56,825 INFO L276 IsEmpty]: Start isEmpty. Operand 1325 states and 1946 transitions. [2024-11-18 14:14:56,830 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 189 [2024-11-18 14:14:56,830 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:56,831 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:56,831 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2024-11-18 14:14:56,831 INFO L396 AbstractCegarLoop]: === Iteration 13 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:56,831 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:56,831 INFO L85 PathProgramCache]: Analyzing trace with hash -1076011524, now seen corresponding path program 2 times [2024-11-18 14:14:56,832 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:56,832 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [124368287] [2024-11-18 14:14:56,832 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2024-11-18 14:14:56,832 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:56,859 INFO L227 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2024-11-18 14:14:56,860 INFO L228 tOrderPrioritization]: Conjunction of SSA is unsat [2024-11-18 14:14:57,059 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 115 trivial. 0 not checked. [2024-11-18 14:14:57,060 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:57,060 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [124368287] [2024-11-18 14:14:57,060 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [124368287] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:57,060 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:57,060 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2024-11-18 14:14:57,061 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [227771926] [2024-11-18 14:14:57,061 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:57,061 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2024-11-18 14:14:57,061 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:57,062 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2024-11-18 14:14:57,063 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2024-11-18 14:14:57,063 INFO L87 Difference]: Start difference. First operand 1325 states and 1946 transitions. Second operand has 10 states, 10 states have (on average 10.5) internal successors, (105), 8 states have internal predecessors, (105), 1 states have call successors, (30), 1 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 1 states have call successors, (24) [2024-11-18 14:14:57,179 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:57,180 INFO L93 Difference]: Finished difference Result 1335 states and 1961 transitions. [2024-11-18 14:14:57,180 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2024-11-18 14:14:57,181 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 10.5) internal successors, (105), 8 states have internal predecessors, (105), 1 states have call successors, (30), 1 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 1 states have call successors, (24) Word has length 188 [2024-11-18 14:14:57,182 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:57,190 INFO L225 Difference]: With dead ends: 1335 [2024-11-18 14:14:57,190 INFO L226 Difference]: Without dead ends: 1333 [2024-11-18 14:14:57,191 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2024-11-18 14:14:57,192 INFO L432 NwaCegarLoop]: 837 mSDtfsCounter, 0 mSDsluCounter, 6683 mSDsCounter, 0 mSdLazyCounter, 60 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 7520 SdHoareTripleChecker+Invalid, 60 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 60 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:57,193 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 7520 Invalid, 60 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 60 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:57,195 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1333 states. [2024-11-18 14:14:57,240 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1333 to 1333. [2024-11-18 14:14:57,243 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1333 states, 1023 states have (on average 1.4672531769305963) internal successors, (1501), 1044 states have internal predecessors, (1501), 216 states have call successors, (216), 87 states have call predecessors, (216), 93 states have return successors, (241), 214 states have call predecessors, (241), 214 states have call successors, (241) [2024-11-18 14:14:57,248 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1333 states to 1333 states and 1958 transitions. [2024-11-18 14:14:57,250 INFO L78 Accepts]: Start accepts. Automaton has 1333 states and 1958 transitions. Word has length 188 [2024-11-18 14:14:57,251 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:57,251 INFO L471 AbstractCegarLoop]: Abstraction has 1333 states and 1958 transitions. [2024-11-18 14:14:57,251 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 10.5) internal successors, (105), 8 states have internal predecessors, (105), 1 states have call successors, (30), 1 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 1 states have call successors, (24) [2024-11-18 14:14:57,251 INFO L276 IsEmpty]: Start isEmpty. Operand 1333 states and 1958 transitions. [2024-11-18 14:14:57,256 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 192 [2024-11-18 14:14:57,256 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:57,256 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:57,256 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2024-11-18 14:14:57,257 INFO L396 AbstractCegarLoop]: === Iteration 14 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:57,258 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:57,258 INFO L85 PathProgramCache]: Analyzing trace with hash -170831920, now seen corresponding path program 1 times [2024-11-18 14:14:57,258 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:57,258 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [703049218] [2024-11-18 14:14:57,259 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:57,259 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:57,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:57,532 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2024-11-18 14:14:57,532 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:57,532 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [703049218] [2024-11-18 14:14:57,532 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [703049218] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:57,532 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:57,533 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2024-11-18 14:14:57,533 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [76993945] [2024-11-18 14:14:57,533 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:57,534 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2024-11-18 14:14:57,534 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:57,534 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2024-11-18 14:14:57,535 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2024-11-18 14:14:57,535 INFO L87 Difference]: Start difference. First operand 1333 states and 1958 transitions. Second operand has 8 states, 6 states have (on average 18.666666666666668) internal successors, (112), 8 states have internal predecessors, (112), 4 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:57,689 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:57,689 INFO L93 Difference]: Finished difference Result 2553 states and 3782 transitions. [2024-11-18 14:14:57,690 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2024-11-18 14:14:57,690 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 18.666666666666668) internal successors, (112), 8 states have internal predecessors, (112), 4 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 191 [2024-11-18 14:14:57,690 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:57,700 INFO L225 Difference]: With dead ends: 2553 [2024-11-18 14:14:57,700 INFO L226 Difference]: Without dead ends: 1337 [2024-11-18 14:14:57,705 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=55, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:57,706 INFO L432 NwaCegarLoop]: 834 mSDtfsCounter, 3 mSDsluCounter, 4986 mSDsCounter, 0 mSdLazyCounter, 83 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 7 SdHoareTripleChecker+Valid, 5820 SdHoareTripleChecker+Invalid, 83 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 83 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:57,706 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [7 Valid, 5820 Invalid, 83 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 83 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-18 14:14:57,708 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1337 states. [2024-11-18 14:14:57,760 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1337 to 1337. [2024-11-18 14:14:57,763 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1337 states, 1025 states have (on average 1.4663414634146341) internal successors, (1503), 1048 states have internal predecessors, (1503), 216 states have call successors, (216), 87 states have call predecessors, (216), 95 states have return successors, (245), 214 states have call predecessors, (245), 214 states have call successors, (245) [2024-11-18 14:14:57,769 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1337 states to 1337 states and 1964 transitions. [2024-11-18 14:14:57,772 INFO L78 Accepts]: Start accepts. Automaton has 1337 states and 1964 transitions. Word has length 191 [2024-11-18 14:14:57,772 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:57,773 INFO L471 AbstractCegarLoop]: Abstraction has 1337 states and 1964 transitions. [2024-11-18 14:14:57,773 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 18.666666666666668) internal successors, (112), 8 states have internal predecessors, (112), 4 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:57,773 INFO L276 IsEmpty]: Start isEmpty. Operand 1337 states and 1964 transitions. [2024-11-18 14:14:57,778 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 193 [2024-11-18 14:14:57,778 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:57,779 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:57,779 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable13 [2024-11-18 14:14:57,779 INFO L396 AbstractCegarLoop]: === Iteration 15 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:57,780 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:57,780 INFO L85 PathProgramCache]: Analyzing trace with hash 731886233, now seen corresponding path program 1 times [2024-11-18 14:14:57,780 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:57,780 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1946409166] [2024-11-18 14:14:57,780 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-18 14:14:57,780 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:57,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-18 14:14:57,986 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2024-11-18 14:14:57,986 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:57,986 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1946409166] [2024-11-18 14:14:57,987 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1946409166] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:57,987 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:57,987 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2024-11-18 14:14:57,987 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [523531106] [2024-11-18 14:14:57,987 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:57,988 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2024-11-18 14:14:57,988 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:57,988 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2024-11-18 14:14:57,989 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2024-11-18 14:14:57,989 INFO L87 Difference]: Start difference. First operand 1337 states and 1964 transitions. Second operand has 9 states, 7 states have (on average 16.571428571428573) internal successors, (116), 8 states have internal predecessors, (116), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 4 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:58,163 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:58,163 INFO L93 Difference]: Finished difference Result 2547 states and 3770 transitions. [2024-11-18 14:14:58,164 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2024-11-18 14:14:58,164 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 7 states have (on average 16.571428571428573) internal successors, (116), 8 states have internal predecessors, (116), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 4 states have call predecessors, (24), 4 states have call successors, (24) Word has length 192 [2024-11-18 14:14:58,165 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:58,179 INFO L225 Difference]: With dead ends: 2547 [2024-11-18 14:14:58,180 INFO L226 Difference]: Without dead ends: 1337 [2024-11-18 14:14:58,186 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=23, Invalid=87, Unknown=0, NotChecked=0, Total=110 [2024-11-18 14:14:58,186 INFO L432 NwaCegarLoop]: 826 mSDtfsCounter, 7 mSDsluCounter, 5752 mSDsCounter, 0 mSdLazyCounter, 162 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 9 SdHoareTripleChecker+Valid, 6578 SdHoareTripleChecker+Invalid, 162 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 162 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:58,187 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [9 Valid, 6578 Invalid, 162 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 162 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-11-18 14:14:58,189 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1337 states. [2024-11-18 14:14:58,244 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1337 to 1337. [2024-11-18 14:14:58,286 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1337 states, 1025 states have (on average 1.4663414634146341) internal successors, (1503), 1048 states have internal predecessors, (1503), 216 states have call successors, (216), 87 states have call predecessors, (216), 95 states have return successors, (243), 214 states have call predecessors, (243), 214 states have call successors, (243) [2024-11-18 14:14:58,292 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1337 states to 1337 states and 1962 transitions. [2024-11-18 14:14:58,294 INFO L78 Accepts]: Start accepts. Automaton has 1337 states and 1962 transitions. Word has length 192 [2024-11-18 14:14:58,294 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:58,295 INFO L471 AbstractCegarLoop]: Abstraction has 1337 states and 1962 transitions. [2024-11-18 14:14:58,295 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 7 states have (on average 16.571428571428573) internal successors, (116), 8 states have internal predecessors, (116), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 4 states have call predecessors, (24), 4 states have call successors, (24) [2024-11-18 14:14:58,295 INFO L276 IsEmpty]: Start isEmpty. Operand 1337 states and 1962 transitions. [2024-11-18 14:14:58,299 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 194 [2024-11-18 14:14:58,300 INFO L207 NwaCegarLoop]: Found error trace [2024-11-18 14:14:58,300 INFO L215 NwaCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:58,300 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable14 [2024-11-18 14:14:58,300 INFO L396 AbstractCegarLoop]: === Iteration 16 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-18 14:14:58,301 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-18 14:14:58,301 INFO L85 PathProgramCache]: Analyzing trace with hash 1764675991, now seen corresponding path program 2 times [2024-11-18 14:14:58,301 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-18 14:14:58,301 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1883409310] [2024-11-18 14:14:58,301 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2024-11-18 14:14:58,301 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-18 14:14:58,327 INFO L227 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2024-11-18 14:14:58,328 INFO L228 tOrderPrioritization]: Conjunction of SSA is unsat [2024-11-18 14:14:58,369 INFO L134 CoverageAnalysis]: Checked inductivity of 116 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2024-11-18 14:14:58,369 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-18 14:14:58,369 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1883409310] [2024-11-18 14:14:58,370 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1883409310] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-18 14:14:58,370 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-18 14:14:58,370 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2024-11-18 14:14:58,370 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [893474902] [2024-11-18 14:14:58,370 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-18 14:14:58,371 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2024-11-18 14:14:58,371 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-18 14:14:58,371 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2024-11-18 14:14:58,372 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2024-11-18 14:14:58,372 INFO L87 Difference]: Start difference. First operand 1337 states and 1962 transitions. Second operand has 4 states, 4 states have (on average 27.5) internal successors, (110), 4 states have internal predecessors, (110), 3 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 4 states have call predecessors, (24), 3 states have call successors, (24) [2024-11-18 14:14:58,820 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-18 14:14:58,820 INFO L93 Difference]: Finished difference Result 2841 states and 4261 transitions. [2024-11-18 14:14:58,821 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2024-11-18 14:14:58,821 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 27.5) internal successors, (110), 4 states have internal predecessors, (110), 3 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 4 states have call predecessors, (24), 3 states have call successors, (24) Word has length 193 [2024-11-18 14:14:58,821 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-18 14:14:58,824 INFO L225 Difference]: With dead ends: 2841 [2024-11-18 14:14:58,824 INFO L226 Difference]: Without dead ends: 0 [2024-11-18 14:14:58,832 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2024-11-18 14:14:58,832 INFO L432 NwaCegarLoop]: 1278 mSDtfsCounter, 1212 mSDsluCounter, 1042 mSDsCounter, 0 mSdLazyCounter, 268 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1212 SdHoareTripleChecker+Valid, 2320 SdHoareTripleChecker+Invalid, 277 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 268 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2024-11-18 14:14:58,833 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [1212 Valid, 2320 Invalid, 277 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 268 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2024-11-18 14:14:58,834 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-11-18 14:14:58,834 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-11-18 14:14:58,834 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-11-18 14:14:58,835 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-11-18 14:14:58,836 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 193 [2024-11-18 14:14:58,836 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-18 14:14:58,836 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-11-18 14:14:58,836 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 27.5) internal successors, (110), 4 states have internal predecessors, (110), 3 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 4 states have call predecessors, (24), 3 states have call successors, (24) [2024-11-18 14:14:58,836 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-11-18 14:14:58,837 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-11-18 14:14:58,839 INFO L782 garLoopResultBuilder]: Registering result SAFE for location incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-11-18 14:14:58,840 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable15 [2024-11-18 14:14:58,842 INFO L407 BasicCegarLoop]: Path program histogram: [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-18 14:14:58,844 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-11-18 14:15:05,070 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2024-11-18 14:15:05,301 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 18.11 02:15:05 BoogieIcfgContainer [2024-11-18 14:15:05,302 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-11-18 14:15:05,302 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-11-18 14:15:05,302 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-11-18 14:15:05,303 INFO L274 PluginConnector]: Witness Printer initialized [2024-11-18 14:15:05,303 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 02:14:47" (3/4) ... [2024-11-18 14:15:05,306 INFO L142 WitnessPrinter]: Generating witness for correct program [2024-11-18 14:15:05,310 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable__before__Encrypt [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isSigned [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isKeyPairValid [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure createClientKeyringEntry [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming__before__Decrypt [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure findPublicKey [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientPrivateKey [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__before__AddressBook [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_chuck__before__Keys [2024-11-18 14:15:05,311 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__before__Sign [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure sendEmail [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookSize [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailEncryptionKey [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isEncrypted [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure printMail__before__Encrypt [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__before__Encrypt [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_rjh__before__Keys [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookAddress [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailIsEncrypted [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming__before__Verify [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailEncryptionKey [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure printMail__before__Verify [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailSignKey [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientPrivateKey [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure chuckKeyAdd [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming__before__AutoResponder [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2024-11-18 14:15:05,312 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure generateKeyPair [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookSize [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure printMail__before__Sign [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringUser [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure select_one [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookAddress [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming__before__Forward [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_bob__before__Keys [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailFrom [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure queue [2024-11-18 14:15:05,313 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringPublicKey [2024-11-18 14:15:05,314 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientId [2024-11-18 14:15:05,347 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 134 nodes and edges [2024-11-18 14:15:05,350 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 63 nodes and edges [2024-11-18 14:15:05,352 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 9 nodes and edges [2024-11-18 14:15:05,354 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 3 nodes and edges [2024-11-18 14:15:05,357 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2024-11-18 14:15:05,359 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-18 14:15:05,575 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-11-18 14:15:05,576 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2024-11-18 14:15:05,576 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-11-18 14:15:05,577 INFO L158 Benchmark]: Toolchain (without parser) took 21114.88ms. Allocated memory was 163.6MB in the beginning and 553.6MB in the end (delta: 390.1MB). Free memory was 105.4MB in the beginning and 402.4MB in the end (delta: -297.0MB). Peak memory consumption was 95.4MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,577 INFO L158 Benchmark]: CDTParser took 0.21ms. Allocated memory is still 163.6MB. Free memory is still 124.8MB. There was no memory consumed. Max. memory is 16.1GB. [2024-11-18 14:15:05,578 INFO L158 Benchmark]: CACSL2BoogieTranslator took 980.85ms. Allocated memory was 163.6MB in the beginning and 213.9MB in the end (delta: 50.3MB). Free memory was 105.4MB in the beginning and 169.4MB in the end (delta: -64.0MB). Peak memory consumption was 56.8MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,578 INFO L158 Benchmark]: Boogie Procedure Inliner took 138.78ms. Allocated memory is still 213.9MB. Free memory was 169.4MB in the beginning and 162.2MB in the end (delta: 7.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,579 INFO L158 Benchmark]: Boogie Preprocessor took 113.35ms. Allocated memory is still 213.9MB. Free memory was 162.2MB in the beginning and 153.8MB in the end (delta: 8.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,579 INFO L158 Benchmark]: RCFGBuilder took 1717.44ms. Allocated memory is still 213.9MB. Free memory was 152.7MB in the beginning and 131.7MB in the end (delta: 21.1MB). Peak memory consumption was 102.8MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,579 INFO L158 Benchmark]: TraceAbstraction took 17883.20ms. Allocated memory was 213.9MB in the beginning and 553.6MB in the end (delta: 339.7MB). Free memory was 130.6MB in the beginning and 497.9MB in the end (delta: -367.2MB). Peak memory consumption was 299.6MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,580 INFO L158 Benchmark]: Witness Printer took 273.46ms. Allocated memory is still 553.6MB. Free memory was 497.9MB in the beginning and 402.4MB in the end (delta: 95.4MB). Peak memory consumption was 96.5MB. Max. memory is 16.1GB. [2024-11-18 14:15:05,582 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.21ms. Allocated memory is still 163.6MB. Free memory is still 124.8MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 980.85ms. Allocated memory was 163.6MB in the beginning and 213.9MB in the end (delta: 50.3MB). Free memory was 105.4MB in the beginning and 169.4MB in the end (delta: -64.0MB). Peak memory consumption was 56.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 138.78ms. Allocated memory is still 213.9MB. Free memory was 169.4MB in the beginning and 162.2MB in the end (delta: 7.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Preprocessor took 113.35ms. Allocated memory is still 213.9MB. Free memory was 162.2MB in the beginning and 153.8MB in the end (delta: 8.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * RCFGBuilder took 1717.44ms. Allocated memory is still 213.9MB. Free memory was 152.7MB in the beginning and 131.7MB in the end (delta: 21.1MB). Peak memory consumption was 102.8MB. Max. memory is 16.1GB. * TraceAbstraction took 17883.20ms. Allocated memory was 213.9MB in the beginning and 553.6MB in the end (delta: 339.7MB). Free memory was 130.6MB in the beginning and 497.9MB in the end (delta: -367.2MB). Peak memory consumption was 299.6MB. Max. memory is 16.1GB. * Witness Printer took 273.46ms. Allocated memory is still 553.6MB. Free memory was 497.9MB in the beginning and 402.4MB in the end (delta: 95.4MB). Peak memory consumption was 96.5MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 48]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [48] - GenericResultAtLocation [Line: 642]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [642] - GenericResultAtLocation [Line: 1041]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1041] - GenericResultAtLocation [Line: 1416]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EncryptVerify_spec.i","") [1416] - GenericResultAtLocation [Line: 1435]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [1435] - GenericResultAtLocation [Line: 1639]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [1639] - GenericResultAtLocation [Line: 2699]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [2699] - GenericResultAtLocation [Line: 2965]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [2965] - GenericResultAtLocation [Line: 3072]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [3072] - GenericResultAtLocation [Line: 3089]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [3089] - GenericResultAtLocation [Line: 3455]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [3455] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 3460]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 44 procedures, 600 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 11.3s, OverallIterations: 16, TraceHistogramMax: 8, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.1s, AutomataDifference: 2.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 5418 SdHoareTripleChecker+Valid, 0.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 5385 mSDsluCounter, 51767 SdHoareTripleChecker+Invalid, 0.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 37734 mSDsCounter, 39 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 855 IncrementalHoareTripleChecker+Invalid, 894 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 39 mSolverCounterUnsat, 14033 mSDtfsCounter, 855 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1032 GetRequests, 947 SyntacticMatches, 0 SemanticMatches, 85 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 0.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1337occurred in iteration=14, InterpolantAutomatonStates: 82, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 1.0s AutomataMinimizationTime, 16 MinimizatonAttempts, 19 StatesRemovedByMinimization, 5 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.5s SsaConstructionTime, 1.3s SatisfiabilityAnalysisTime, 3.6s InterpolantComputationTime, 3724 NumberOfCodeBlocks, 3498 NumberOfCodeBlocksAsserted, 21 NumberOfCheckSat, 3703 ConstructedInterpolants, 0 QuantifiedInterpolants, 4349 SizeOfPredicates, 3 NumberOfNonLiveVariables, 7272 ConjunctsInSsa, 26 ConjunctsInUnsatCore, 21 InterpolantComputations, 16 PerfectInterpolantSequences, 2313/2331 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 2739]: Loop Invariant Derived loop invariant: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) - ProcedureContractResult [Line: 1568]: Procedure Contract for isReadable__before__Encrypt Derived contract for procedure isReadable__before__Encrypt. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: (((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (\result == 1)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 239]: Procedure Contract for outgoing Derived contract for procedure outgoing. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 932]: Procedure Contract for isSigned Derived contract for procedure isSigned. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 500]: Procedure Contract for isKeyPairValid Derived contract for procedure isKeyPairValid. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2311]: Procedure Contract for createClientKeyringEntry Derived contract for procedure createClientKeyringEntry. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 360]: Procedure Contract for incoming__before__Decrypt Derived contract for procedure incoming__before__Decrypt. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2506]: Procedure Contract for findPublicKey Derived contract for procedure findPublicKey. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2220]: Procedure Contract for getClientPrivateKey Derived contract for procedure getClientPrivateKey. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 157]: Procedure Contract for outgoing__before__AddressBook Derived contract for procedure outgoing__before__AddressBook. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1155]: Procedure Contract for setup_chuck__before__Keys Derived contract for procedure setup_chuck__before__Keys. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (head == \old(head)))) - ProcedureContractResult [Line: 211]: Procedure Contract for outgoing__before__Sign Derived contract for procedure outgoing__before__Sign. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 450]: Procedure Contract for sendEmail Derived contract for procedure sendEmail. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1764]: Procedure Contract for getClientAddressBookSize Derived contract for procedure getClientAddressBookSize. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 914]: Procedure Contract for setEmailEncryptionKey Derived contract for procedure setEmailEncryptionKey. Requires: ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0)) Ensures: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 858]: Procedure Contract for isEncrypted Derived contract for procedure isEncrypted. Requires: 0 Ensures: (0 && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1437]: Procedure Contract for printMail__before__Encrypt Derived contract for procedure printMail__before__Encrypt. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 118]: Procedure Contract for outgoing__before__Encrypt Derived contract for procedure outgoing__before__Encrypt. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1117]: Procedure Contract for setup_rjh__before__Keys Derived contract for procedure setup_rjh__before__Keys. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (head == \old(head)))) - ProcedureContractResult [Line: 2114]: Procedure Contract for setClientAddressBookAddress Derived contract for procedure setClientAddressBookAddress. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 877]: Procedure Contract for setEmailIsEncrypted Derived contract for procedure setEmailIsEncrypted. Requires: ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0)) Ensures: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 332]: Procedure Contract for incoming__before__Verify Derived contract for procedure incoming__before__Verify. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 895]: Procedure Contract for getEmailEncryptionKey Derived contract for procedure getEmailEncryptionKey. Requires: 0 Ensures: (0 && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1520]: Procedure Contract for printMail__before__Verify Derived contract for procedure printMail__before__Verify. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 969]: Procedure Contract for getEmailSignKey Derived contract for procedure getEmailSignKey. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2244]: Procedure Contract for setClientPrivateKey Derived contract for procedure setClientPrivateKey. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1329]: Procedure Contract for chuckKeyAdd Derived contract for procedure chuckKeyAdd. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 266]: Procedure Contract for incoming__before__AutoResponder Derived contract for procedure incoming__before__AutoResponder. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 762]: Procedure Contract for setEmailTo Derived contract for procedure setEmailTo. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 743]: Procedure Contract for getEmailTo Derived contract for procedure getEmailTo. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 525]: Procedure Contract for generateKeyPair Derived contract for procedure generateKeyPair. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1788]: Procedure Contract for setClientAddressBookSize Derived contract for procedure setClientAddressBookSize. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1484]: Procedure Contract for printMail__before__Sign Derived contract for procedure printMail__before__Sign. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2399]: Procedure Contract for setClientKeyringUser Derived contract for procedure setClientKeyringUser. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2967]: Procedure Contract for select_one Derived contract for procedure select_one. Requires: (__SELECTED_FEATURE_Decrypt == 0) Ensures: ((__SELECTED_FEATURE_Decrypt == 0) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2045]: Procedure Contract for getClientAddressBookAddress Derived contract for procedure getClientAddressBookAddress. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 294]: Procedure Contract for incoming__before__Forward Derived contract for procedure incoming__before__Forward. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1079]: Procedure Contract for setup_bob__before__Keys Derived contract for procedure setup_bob__before__Keys. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (head == \old(head)))) - ProcedureContractResult [Line: 725]: Procedure Contract for setEmailFrom Derived contract for procedure setEmailFrom. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 706]: Procedure Contract for getEmailFrom Derived contract for procedure getEmailFrom. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 1597]: Procedure Contract for isReadable Derived contract for procedure isReadable. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: (((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && (\result == 1)) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 463]: Procedure Contract for queue Derived contract for procedure queue. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Encrypt == 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2560]: Procedure Contract for setClientKeyringPublicKey Derived contract for procedure setClientKeyringPublicKey. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (head == \old(head)))) - ProcedureContractResult [Line: 2679]: Procedure Contract for setClientId Derived contract for procedure setClientId. Requires: (((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) Ensures: ((((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Decrypt == 0)) && (__SELECTED_FEATURE_Sign != 0)) || ((((__SELECTED_FEATURE_Verify == 1) && (__SELECTED_FEATURE_Keys != 0)) && (__SELECTED_FEATURE_Sign != 0)) && (__SELECTED_FEATURE_Encrypt != 0))) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (head == \old(head)))) RESULT: Ultimate proved your program to be correct! [2024-11-18 14:15:05,722 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE