./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec0_product09.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 803cd42f Calling Ultimate with: /root/.sdkman/candidates/java/current/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec0_product09.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 3b43506942a12950209750f07d771d1d388e9661c8c19f0364d898e10e246352 --- Real Ultimate output --- This is Ultimate 0.2.5-tmp.dk.eval-assert-order-craig-803cd42-m [2024-11-22 01:50:10,713 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-11-22 01:50:10,764 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-11-22 01:50:10,767 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-11-22 01:50:10,768 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-11-22 01:50:10,788 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-11-22 01:50:10,790 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-11-22 01:50:10,790 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-11-22 01:50:10,791 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-11-22 01:50:10,794 INFO L153 SettingsManager]: * Use memory slicer=true [2024-11-22 01:50:10,794 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-11-22 01:50:10,795 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-11-22 01:50:10,795 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-11-22 01:50:10,795 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-11-22 01:50:10,796 INFO L153 SettingsManager]: * Use SBE=true [2024-11-22 01:50:10,796 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-11-22 01:50:10,796 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-11-22 01:50:10,796 INFO L153 SettingsManager]: * sizeof long=4 [2024-11-22 01:50:10,798 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-11-22 01:50:10,798 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-11-22 01:50:10,799 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-11-22 01:50:10,799 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-11-22 01:50:10,799 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-11-22 01:50:10,800 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-11-22 01:50:10,800 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-11-22 01:50:10,800 INFO L153 SettingsManager]: * sizeof long double=12 [2024-11-22 01:50:10,800 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-11-22 01:50:10,800 INFO L153 SettingsManager]: * Use constant arrays=true [2024-11-22 01:50:10,801 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-11-22 01:50:10,801 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-11-22 01:50:10,801 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-11-22 01:50:10,801 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-11-22 01:50:10,802 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-22 01:50:10,802 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-11-22 01:50:10,802 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-11-22 01:50:10,802 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-11-22 01:50:10,802 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-11-22 01:50:10,802 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-11-22 01:50:10,803 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-11-22 01:50:10,803 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-11-22 01:50:10,803 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-11-22 01:50:10,804 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-11-22 01:50:10,805 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 3b43506942a12950209750f07d771d1d388e9661c8c19f0364d898e10e246352 [2024-11-22 01:50:11,038 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-11-22 01:50:11,059 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-11-22 01:50:11,062 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-11-22 01:50:11,063 INFO L270 PluginConnector]: Initializing CDTParser... [2024-11-22 01:50:11,063 INFO L274 PluginConnector]: CDTParser initialized [2024-11-22 01:50:11,064 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec0_product09.cil.c [2024-11-22 01:50:12,357 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-11-22 01:50:12,591 INFO L384 CDTParser]: Found 1 translation units. [2024-11-22 01:50:12,594 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product09.cil.c [2024-11-22 01:50:12,617 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ea7e45f9d/ef37ba3a993b4032a3b943b7a8cf37de/FLAG261a02453 [2024-11-22 01:50:12,631 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ea7e45f9d/ef37ba3a993b4032a3b943b7a8cf37de [2024-11-22 01:50:12,634 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-11-22 01:50:12,635 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-11-22 01:50:12,638 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-11-22 01:50:12,638 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-11-22 01:50:12,643 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-11-22 01:50:12,643 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 22.11 01:50:12" (1/1) ... [2024-11-22 01:50:12,645 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@31580eed and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:12, skipping insertion in model container [2024-11-22 01:50:12,645 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 22.11 01:50:12" (1/1) ... [2024-11-22 01:50:12,696 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-11-22 01:50:13,148 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product09.cil.c[57372,57385] [2024-11-22 01:50:13,154 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-22 01:50:13,166 INFO L200 MainTranslator]: Completed pre-run [2024-11-22 01:50:13,174 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [48] [2024-11-22 01:50:13,175 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [246] [2024-11-22 01:50:13,175 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [295] [2024-11-22 01:50:13,176 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [448] [2024-11-22 01:50:13,176 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [860] [2024-11-22 01:50:13,176 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [1226] [2024-11-22 01:50:13,177 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2301] [2024-11-22 01:50:13,177 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [2503] [2024-11-22 01:50:13,177 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [2567] [2024-11-22 01:50:13,177 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [2584] [2024-11-22 01:50:13,178 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"DecryptForward_spec.i","") [2593] [2024-11-22 01:50:13,239 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product09.cil.c[57372,57385] [2024-11-22 01:50:13,239 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-22 01:50:13,269 INFO L204 MainTranslator]: Completed translation [2024-11-22 01:50:13,269 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13 WrapperNode [2024-11-22 01:50:13,269 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-11-22 01:50:13,270 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-11-22 01:50:13,270 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-11-22 01:50:13,271 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-11-22 01:50:13,276 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,296 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,335 INFO L138 Inliner]: procedures = 110, calls = 128, calls flagged for inlining = 38, calls inlined = 33, statements flattened = 661 [2024-11-22 01:50:13,336 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-11-22 01:50:13,337 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-11-22 01:50:13,337 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-11-22 01:50:13,337 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-11-22 01:50:13,350 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,350 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,356 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,382 INFO L175 MemorySlicer]: Split 6 memory accesses to 2 slices as follows [2, 4]. 67 percent of accesses are in the largest equivalence class. The 6 initializations are split as follows [2, 4]. The 0 writes are split as follows [0, 0]. [2024-11-22 01:50:13,383 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,383 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,395 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,401 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,403 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,405 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,410 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-11-22 01:50:13,411 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-11-22 01:50:13,411 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-11-22 01:50:13,411 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-11-22 01:50:13,411 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (1/1) ... [2024-11-22 01:50:13,421 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-22 01:50:13,433 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:50:13,460 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-11-22 01:50:13,463 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-11-22 01:50:13,506 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Base [2024-11-22 01:50:13,507 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Base [2024-11-22 01:50:13,507 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2024-11-22 01:50:13,507 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2024-11-22 01:50:13,507 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2024-11-22 01:50:13,507 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2024-11-22 01:50:13,507 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2024-11-22 01:50:13,508 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2024-11-22 01:50:13,508 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2024-11-22 01:50:13,508 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2024-11-22 01:50:13,508 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2024-11-22 01:50:13,508 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2024-11-22 01:50:13,509 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2024-11-22 01:50:13,509 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2024-11-22 01:50:13,509 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-11-22 01:50:13,509 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2024-11-22 01:50:13,509 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2024-11-22 01:50:13,510 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2024-11-22 01:50:13,510 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2024-11-22 01:50:13,510 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2024-11-22 01:50:13,510 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2024-11-22 01:50:13,510 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2024-11-22 01:50:13,510 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2024-11-22 01:50:13,511 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-11-22 01:50:13,511 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#1 [2024-11-22 01:50:13,512 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2024-11-22 01:50:13,512 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2024-11-22 01:50:13,512 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-11-22 01:50:13,512 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-11-22 01:50:13,671 INFO L238 CfgBuilder]: Building ICFG [2024-11-22 01:50:13,673 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-11-22 01:50:14,205 INFO L? ?]: Removed 279 outVars from TransFormulas that were not future-live. [2024-11-22 01:50:14,206 INFO L287 CfgBuilder]: Performing block encoding [2024-11-22 01:50:14,220 INFO L311 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-11-22 01:50:14,220 INFO L316 CfgBuilder]: Removed 1 assume(true) statements. [2024-11-22 01:50:14,221 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 22.11 01:50:14 BoogieIcfgContainer [2024-11-22 01:50:14,221 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-11-22 01:50:14,224 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-11-22 01:50:14,224 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-11-22 01:50:14,227 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-11-22 01:50:14,228 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 22.11 01:50:12" (1/3) ... [2024-11-22 01:50:14,228 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@15a31ce5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 22.11 01:50:14, skipping insertion in model container [2024-11-22 01:50:14,229 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:50:13" (2/3) ... [2024-11-22 01:50:14,229 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@15a31ce5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 22.11 01:50:14, skipping insertion in model container [2024-11-22 01:50:14,229 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 22.11 01:50:14" (3/3) ... [2024-11-22 01:50:14,231 INFO L112 eAbstractionObserver]: Analyzing ICFG email_spec0_product09.cil.c [2024-11-22 01:50:14,247 INFO L214 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-11-22 01:50:14,247 INFO L154 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-11-22 01:50:14,314 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-11-22 01:50:14,320 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@25e86168, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-11-22 01:50:14,321 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-11-22 01:50:14,327 INFO L276 IsEmpty]: Start isEmpty. Operand has 209 states, 169 states have (on average 1.5621301775147929) internal successors, (264), 172 states have internal predecessors, (264), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (26), 25 states have call predecessors, (26), 26 states have call successors, (26) [2024-11-22 01:50:14,342 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 85 [2024-11-22 01:50:14,342 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:50:14,343 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:50:14,344 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:50:14,350 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:50:14,350 INFO L85 PathProgramCache]: Analyzing trace with hash 1774813752, now seen corresponding path program 1 times [2024-11-22 01:50:14,377 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:50:14,378 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [672431167] [2024-11-22 01:50:14,378 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:14,378 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:50:14,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:14,939 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-22 01:50:14,940 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:50:14,940 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [672431167] [2024-11-22 01:50:14,941 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [672431167] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:50:14,942 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1011144080] [2024-11-22 01:50:14,942 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:14,942 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:50:14,943 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:50:14,945 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:50:14,946 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-11-22 01:50:15,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:15,200 INFO L255 TraceCheckSpWp]: Trace formula consists of 831 conjuncts, 1 conjuncts are in the unsatisfiable core [2024-11-22 01:50:15,208 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:50:15,228 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2024-11-22 01:50:15,234 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:50:15,235 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1011144080] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:50:15,235 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:50:15,235 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [5] total 5 [2024-11-22 01:50:15,237 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [504945921] [2024-11-22 01:50:15,237 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:50:15,244 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-11-22 01:50:15,245 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:50:15,270 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-11-22 01:50:15,273 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:50:15,276 INFO L87 Difference]: Start difference. First operand has 209 states, 169 states have (on average 1.5621301775147929) internal successors, (264), 172 states have internal predecessors, (264), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (26), 25 states have call predecessors, (26), 26 states have call successors, (26) Second operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-22 01:50:15,326 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:50:15,326 INFO L93 Difference]: Finished difference Result 329 states and 487 transitions. [2024-11-22 01:50:15,330 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-11-22 01:50:15,331 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 84 [2024-11-22 01:50:15,332 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:50:15,340 INFO L225 Difference]: With dead ends: 329 [2024-11-22 01:50:15,340 INFO L226 Difference]: Without dead ends: 202 [2024-11-22 01:50:15,344 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 88 GetRequests, 85 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:50:15,348 INFO L432 NwaCegarLoop]: 312 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 312 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:50:15,350 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 312 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:50:15,367 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 202 states. [2024-11-22 01:50:15,390 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 202 to 202. [2024-11-22 01:50:15,392 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 202 states, 163 states have (on average 1.5521472392638036) internal successors, (253), 165 states have internal predecessors, (253), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (25), 24 states have call predecessors, (25), 25 states have call successors, (25) [2024-11-22 01:50:15,395 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 202 states to 202 states and 304 transitions. [2024-11-22 01:50:15,397 INFO L78 Accepts]: Start accepts. Automaton has 202 states and 304 transitions. Word has length 84 [2024-11-22 01:50:15,398 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:50:15,398 INFO L471 AbstractCegarLoop]: Abstraction has 202 states and 304 transitions. [2024-11-22 01:50:15,398 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-22 01:50:15,398 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 304 transitions. [2024-11-22 01:50:15,402 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2024-11-22 01:50:15,402 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:50:15,402 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:50:15,411 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2024-11-22 01:50:15,603 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2024-11-22 01:50:15,604 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:50:15,604 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:50:15,604 INFO L85 PathProgramCache]: Analyzing trace with hash 1993537687, now seen corresponding path program 1 times [2024-11-22 01:50:15,604 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:50:15,605 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [625659295] [2024-11-22 01:50:15,605 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:15,605 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:50:15,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:15,774 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-22 01:50:15,775 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:50:15,775 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [625659295] [2024-11-22 01:50:15,775 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [625659295] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:50:15,775 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [893556532] [2024-11-22 01:50:15,775 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:15,776 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:50:15,776 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:50:15,781 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:50:15,783 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2024-11-22 01:50:15,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:15,994 INFO L255 TraceCheckSpWp]: Trace formula consists of 832 conjuncts, 2 conjuncts are in the unsatisfiable core [2024-11-22 01:50:15,997 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:50:16,023 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2024-11-22 01:50:16,026 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:50:16,026 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [893556532] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:50:16,027 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:50:16,027 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2024-11-22 01:50:16,027 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1372171878] [2024-11-22 01:50:16,028 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:50:16,028 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-22 01:50:16,029 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:50:16,030 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-22 01:50:16,030 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-22 01:50:16,030 INFO L87 Difference]: Start difference. First operand 202 states and 304 transitions. Second operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-22 01:50:16,058 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:50:16,059 INFO L93 Difference]: Finished difference Result 319 states and 465 transitions. [2024-11-22 01:50:16,059 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-22 01:50:16,059 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 85 [2024-11-22 01:50:16,060 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:50:16,061 INFO L225 Difference]: With dead ends: 319 [2024-11-22 01:50:16,061 INFO L226 Difference]: Without dead ends: 205 [2024-11-22 01:50:16,062 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 89 GetRequests, 85 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-22 01:50:16,063 INFO L432 NwaCegarLoop]: 302 mSDtfsCounter, 1 mSDsluCounter, 300 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 602 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:50:16,064 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [1 Valid, 602 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:50:16,064 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 205 states. [2024-11-22 01:50:16,095 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 205 to 204. [2024-11-22 01:50:16,096 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 204 states, 165 states have (on average 1.5454545454545454) internal successors, (255), 167 states have internal predecessors, (255), 26 states have call successors, (26), 12 states have call predecessors, (26), 12 states have return successors, (25), 24 states have call predecessors, (25), 25 states have call successors, (25) [2024-11-22 01:50:16,097 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 204 states to 204 states and 306 transitions. [2024-11-22 01:50:16,098 INFO L78 Accepts]: Start accepts. Automaton has 204 states and 306 transitions. Word has length 85 [2024-11-22 01:50:16,098 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:50:16,098 INFO L471 AbstractCegarLoop]: Abstraction has 204 states and 306 transitions. [2024-11-22 01:50:16,098 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2024-11-22 01:50:16,102 INFO L276 IsEmpty]: Start isEmpty. Operand 204 states and 306 transitions. [2024-11-22 01:50:16,104 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 91 [2024-11-22 01:50:16,104 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:50:16,104 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:50:16,120 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2024-11-22 01:50:16,305 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2024-11-22 01:50:16,305 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:50:16,306 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:50:16,306 INFO L85 PathProgramCache]: Analyzing trace with hash -1008731173, now seen corresponding path program 1 times [2024-11-22 01:50:16,306 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:50:16,306 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [223720519] [2024-11-22 01:50:16,306 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:16,306 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:50:16,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:16,481 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2024-11-22 01:50:16,482 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:50:16,484 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [223720519] [2024-11-22 01:50:16,484 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [223720519] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:50:16,484 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [368317315] [2024-11-22 01:50:16,485 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:16,485 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:50:16,485 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:50:16,487 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:50:16,489 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2024-11-22 01:50:16,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:16,676 INFO L255 TraceCheckSpWp]: Trace formula consists of 843 conjuncts, 6 conjuncts are in the unsatisfiable core [2024-11-22 01:50:16,680 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:50:16,751 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2024-11-22 01:50:16,753 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:50:16,754 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [368317315] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:50:16,754 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:50:16,754 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [5] total 8 [2024-11-22 01:50:16,754 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [539831382] [2024-11-22 01:50:16,754 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:50:16,755 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-22 01:50:16,755 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:50:16,755 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-22 01:50:16,756 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-22 01:50:16,757 INFO L87 Difference]: Start difference. First operand 204 states and 306 transitions. Second operand has 5 states, 4 states have (on average 15.0) internal successors, (60), 5 states have internal predecessors, (60), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-22 01:50:16,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:50:16,828 INFO L93 Difference]: Finished difference Result 401 states and 605 transitions. [2024-11-22 01:50:16,828 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-22 01:50:16,829 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 15.0) internal successors, (60), 5 states have internal predecessors, (60), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 90 [2024-11-22 01:50:16,829 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:50:16,831 INFO L225 Difference]: With dead ends: 401 [2024-11-22 01:50:16,833 INFO L226 Difference]: Without dead ends: 206 [2024-11-22 01:50:16,835 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 94 GetRequests, 88 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-22 01:50:16,836 INFO L432 NwaCegarLoop]: 296 mSDtfsCounter, 2 mSDsluCounter, 877 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1173 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:50:16,836 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1173 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:50:16,837 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 206 states. [2024-11-22 01:50:16,850 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 206 to 206. [2024-11-22 01:50:16,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 206 states, 166 states have (on average 1.5421686746987953) internal successors, (256), 169 states have internal predecessors, (256), 26 states have call successors, (26), 12 states have call predecessors, (26), 13 states have return successors, (27), 24 states have call predecessors, (27), 25 states have call successors, (27) [2024-11-22 01:50:16,854 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 206 states to 206 states and 309 transitions. [2024-11-22 01:50:16,856 INFO L78 Accepts]: Start accepts. Automaton has 206 states and 309 transitions. Word has length 90 [2024-11-22 01:50:16,856 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:50:16,857 INFO L471 AbstractCegarLoop]: Abstraction has 206 states and 309 transitions. [2024-11-22 01:50:16,857 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 15.0) internal successors, (60), 5 states have internal predecessors, (60), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-22 01:50:16,859 INFO L276 IsEmpty]: Start isEmpty. Operand 206 states and 309 transitions. [2024-11-22 01:50:16,860 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 92 [2024-11-22 01:50:16,860 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:50:16,861 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:50:16,868 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2024-11-22 01:50:17,061 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:50:17,061 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:50:17,062 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:50:17,062 INFO L85 PathProgramCache]: Analyzing trace with hash -1416843367, now seen corresponding path program 1 times [2024-11-22 01:50:17,062 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:50:17,062 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1141489106] [2024-11-22 01:50:17,062 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:50:17,062 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:50:17,093 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:50:17,181 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2024-11-22 01:50:17,181 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:50:17,181 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1141489106] [2024-11-22 01:50:17,181 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1141489106] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:50:17,182 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-22 01:50:17,182 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-11-22 01:50:17,182 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [89978055] [2024-11-22 01:50:17,182 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:50:17,183 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-22 01:50:17,183 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:50:17,183 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-22 01:50:17,183 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:50:17,184 INFO L87 Difference]: Start difference. First operand 206 states and 309 transitions. Second operand has 5 states, 4 states have (on average 14.75) internal successors, (59), 5 states have internal predecessors, (59), 3 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-22 01:50:17,222 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:50:17,222 INFO L93 Difference]: Finished difference Result 393 states and 593 transitions. [2024-11-22 01:50:17,223 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-22 01:50:17,223 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 14.75) internal successors, (59), 5 states have internal predecessors, (59), 3 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 91 [2024-11-22 01:50:17,223 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:50:17,224 INFO L225 Difference]: With dead ends: 393 [2024-11-22 01:50:17,224 INFO L226 Difference]: Without dead ends: 206 [2024-11-22 01:50:17,225 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:50:17,226 INFO L432 NwaCegarLoop]: 297 mSDtfsCounter, 2 mSDsluCounter, 880 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1177 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:50:17,226 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1177 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:50:17,227 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 206 states. [2024-11-22 01:50:17,234 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 206 to 206. [2024-11-22 01:50:17,234 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 206 states, 166 states have (on average 1.5421686746987953) internal successors, (256), 169 states have internal predecessors, (256), 26 states have call successors, (26), 12 states have call predecessors, (26), 13 states have return successors, (26), 24 states have call predecessors, (26), 25 states have call successors, (26) [2024-11-22 01:50:17,236 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 206 states to 206 states and 308 transitions. [2024-11-22 01:50:17,236 INFO L78 Accepts]: Start accepts. Automaton has 206 states and 308 transitions. Word has length 91 [2024-11-22 01:50:17,237 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:50:17,237 INFO L471 AbstractCegarLoop]: Abstraction has 206 states and 308 transitions. [2024-11-22 01:50:17,237 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 14.75) internal successors, (59), 5 states have internal predecessors, (59), 3 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2024-11-22 01:50:17,237 INFO L276 IsEmpty]: Start isEmpty. Operand 206 states and 308 transitions. [2024-11-22 01:50:17,238 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2024-11-22 01:50:17,238 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:50:17,238 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:50:17,239 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2024-11-22 01:50:17,239 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:50:17,239 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:50:17,240 INFO L85 PathProgramCache]: Analyzing trace with hash -142239273, now seen corresponding path program 2 times [2024-11-22 01:50:17,240 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:50:17,240 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2067045742] [2024-11-22 01:50:17,240 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2024-11-22 01:50:17,240 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:50:17,274 INFO L227 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2024-11-22 01:50:17,274 INFO L228 tOrderPrioritization]: Conjunction of SSA is unsat [2024-11-22 01:50:17,360 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2024-11-22 01:50:17,360 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:50:17,360 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2067045742] [2024-11-22 01:50:17,361 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2067045742] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:50:17,361 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-22 01:50:17,361 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2024-11-22 01:50:17,361 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1442295385] [2024-11-22 01:50:17,361 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:50:17,362 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2024-11-22 01:50:17,362 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:50:17,363 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2024-11-22 01:50:17,363 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-22 01:50:17,363 INFO L87 Difference]: Start difference. First operand 206 states and 308 transitions. Second operand has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 1 states have call successors, (13), 1 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 1 states have call successors, (10) [2024-11-22 01:50:17,400 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:50:17,401 INFO L93 Difference]: Finished difference Result 206 states and 308 transitions. [2024-11-22 01:50:17,402 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-11-22 01:50:17,403 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 1 states have call successors, (13), 1 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 1 states have call successors, (10) Word has length 92 [2024-11-22 01:50:17,403 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:50:17,403 INFO L225 Difference]: With dead ends: 206 [2024-11-22 01:50:17,403 INFO L226 Difference]: Without dead ends: 0 [2024-11-22 01:50:17,404 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-22 01:50:17,405 INFO L432 NwaCegarLoop]: 298 mSDtfsCounter, 0 mSDsluCounter, 1481 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 1779 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:50:17,405 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 1779 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:50:17,405 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-11-22 01:50:17,405 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-11-22 01:50:17,405 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-11-22 01:50:17,406 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-11-22 01:50:17,406 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 92 [2024-11-22 01:50:17,406 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:50:17,406 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-11-22 01:50:17,406 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 1 states have call successors, (13), 1 states have call predecessors, (13), 2 states have return successors, (10), 2 states have call predecessors, (10), 1 states have call successors, (10) [2024-11-22 01:50:17,407 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-11-22 01:50:17,407 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-11-22 01:50:17,409 INFO L782 garLoopResultBuilder]: Registering result SAFE for location outgoing__wrappee__BaseErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-11-22 01:50:17,409 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2024-11-22 01:50:17,411 INFO L407 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1] [2024-11-22 01:50:17,413 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-11-22 01:50:17,456 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2024-11-22 01:50:17,502 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 22.11 01:50:17 BoogieIcfgContainer [2024-11-22 01:50:17,503 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-11-22 01:50:17,504 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-11-22 01:50:17,504 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-11-22 01:50:17,504 INFO L274 PluginConnector]: Witness Printer initialized [2024-11-22 01:50:17,505 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 22.11 01:50:14" (3/4) ... [2024-11-22 01:50:17,507 INFO L142 WitnessPrinter]: Generating witness for correct program [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__wrappee__Base [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookSize [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure sendEmail [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookSize [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookAddress [2024-11-22 01:50:17,511 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2024-11-22 01:50:17,512 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookAddress [2024-11-22 01:50:17,512 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable [2024-11-22 01:50:17,512 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientId [2024-11-22 01:50:17,527 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 57 nodes and edges [2024-11-22 01:50:17,531 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 29 nodes and edges [2024-11-22 01:50:17,533 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2024-11-22 01:50:17,534 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2024-11-22 01:50:17,535 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-22 01:50:17,535 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-22 01:50:17,671 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-11-22 01:50:17,671 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2024-11-22 01:50:17,671 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-11-22 01:50:17,672 INFO L158 Benchmark]: Toolchain (without parser) took 5037.44ms. Allocated memory was 172.0MB in the beginning and 234.9MB in the end (delta: 62.9MB). Free memory was 102.4MB in the beginning and 96.3MB in the end (delta: 6.0MB). Peak memory consumption was 70.4MB. Max. memory is 16.1GB. [2024-11-22 01:50:17,672 INFO L158 Benchmark]: CDTParser took 0.15ms. Allocated memory is still 172.0MB. Free memory is still 133.2MB. There was no memory consumed. Max. memory is 16.1GB. [2024-11-22 01:50:17,672 INFO L158 Benchmark]: CACSL2BoogieTranslator took 631.88ms. Allocated memory is still 172.0MB. Free memory was 102.1MB in the beginning and 122.0MB in the end (delta: -19.9MB). Peak memory consumption was 25.1MB. Max. memory is 16.1GB. [2024-11-22 01:50:17,673 INFO L158 Benchmark]: Boogie Procedure Inliner took 65.82ms. Allocated memory is still 172.0MB. Free memory was 122.0MB in the beginning and 117.8MB in the end (delta: 4.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2024-11-22 01:50:17,673 INFO L158 Benchmark]: Boogie Preprocessor took 73.33ms. Allocated memory is still 172.0MB. Free memory was 117.8MB in the beginning and 112.4MB in the end (delta: 5.4MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-22 01:50:17,674 INFO L158 Benchmark]: RCFGBuilder took 810.39ms. Allocated memory is still 172.0MB. Free memory was 112.4MB in the beginning and 60.0MB in the end (delta: 52.4MB). Peak memory consumption was 52.4MB. Max. memory is 16.1GB. [2024-11-22 01:50:17,674 INFO L158 Benchmark]: TraceAbstraction took 3279.37ms. Allocated memory was 172.0MB in the beginning and 234.9MB in the end (delta: 62.9MB). Free memory was 59.1MB in the beginning and 129.9MB in the end (delta: -70.8MB). There was no memory consumed. Max. memory is 16.1GB. [2024-11-22 01:50:17,674 INFO L158 Benchmark]: Witness Printer took 167.46ms. Allocated memory is still 234.9MB. Free memory was 129.9MB in the beginning and 96.3MB in the end (delta: 33.6MB). Peak memory consumption was 33.6MB. Max. memory is 16.1GB. [2024-11-22 01:50:17,675 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.15ms. Allocated memory is still 172.0MB. Free memory is still 133.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 631.88ms. Allocated memory is still 172.0MB. Free memory was 102.1MB in the beginning and 122.0MB in the end (delta: -19.9MB). Peak memory consumption was 25.1MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 65.82ms. Allocated memory is still 172.0MB. Free memory was 122.0MB in the beginning and 117.8MB in the end (delta: 4.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 73.33ms. Allocated memory is still 172.0MB. Free memory was 117.8MB in the beginning and 112.4MB in the end (delta: 5.4MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * RCFGBuilder took 810.39ms. Allocated memory is still 172.0MB. Free memory was 112.4MB in the beginning and 60.0MB in the end (delta: 52.4MB). Peak memory consumption was 52.4MB. Max. memory is 16.1GB. * TraceAbstraction took 3279.37ms. Allocated memory was 172.0MB in the beginning and 234.9MB in the end (delta: 62.9MB). Free memory was 59.1MB in the beginning and 129.9MB in the end (delta: -70.8MB). There was no memory consumed. Max. memory is 16.1GB. * Witness Printer took 167.46ms. Allocated memory is still 234.9MB. Free memory was 129.9MB in the beginning and 96.3MB in the end (delta: 33.6MB). Peak memory consumption was 33.6MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 48]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [48] - GenericResultAtLocation [Line: 246]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [246] - GenericResultAtLocation [Line: 295]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [295] - GenericResultAtLocation [Line: 448]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [448] - GenericResultAtLocation [Line: 860]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [860] - GenericResultAtLocation [Line: 1226]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [1226] - GenericResultAtLocation [Line: 2301]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2301] - GenericResultAtLocation [Line: 2503]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [2503] - GenericResultAtLocation [Line: 2567]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [2567] - GenericResultAtLocation [Line: 2584]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [2584] - GenericResultAtLocation [Line: 2593]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"DecryptForward_spec.i","") [2593] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 2589]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 13 procedures, 209 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.1s, OverallIterations: 5, TraceHistogramMax: 3, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.0s, AutomataDifference: 0.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 7 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 5 mSDsluCounter, 5043 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3538 mSDsCounter, 0 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 102 IncrementalHoareTripleChecker+Invalid, 102 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 0 mSolverCounterUnsat, 1505 mSDtfsCounter, 102 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 284 GetRequests, 263 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=209occurred in iteration=0, InterpolantAutomatonStates: 22, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 5 MinimizatonAttempts, 1 StatesRemovedByMinimization, 1 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.2s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 1.0s InterpolantComputationTime, 701 NumberOfCodeBlocks, 658 NumberOfCodeBlocksAsserted, 8 NumberOfCheckSat, 693 ConstructedInterpolants, 0 QuantifiedInterpolants, 751 SizeOfPredicates, 1 NumberOfNonLiveVariables, 2506 ConjunctsInSsa, 9 ConjunctsInUnsatCore, 8 InterpolantComputations, 5 PerfectInterpolantSequences, 160/169 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 91]: Loop Invariant Derived loop invariant: 1 - ProcedureContractResult [Line: 2326]: Procedure Contract for outgoing__wrappee__Base Derived contract for procedure outgoing__wrappee__Base. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) - ProcedureContractResult [Line: 2338]: Procedure Contract for outgoing Derived contract for procedure outgoing. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) - ProcedureContractResult [Line: 581]: Procedure Contract for setEmailTo Derived contract for procedure setEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 562]: Procedure Contract for getEmailTo Derived contract for procedure getEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1390]: Procedure Contract for setClientAddressBookSize Derived contract for procedure setClientAddressBookSize. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2431]: Procedure Contract for sendEmail Derived contract for procedure sendEmail. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) - ProcedureContractResult [Line: 1366]: Procedure Contract for getClientAddressBookSize Derived contract for procedure getClientAddressBookSize. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1647]: Procedure Contract for getClientAddressBookAddress Derived contract for procedure getClientAddressBookAddress. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 544]: Procedure Contract for setEmailFrom Derived contract for procedure setEmailFrom. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1716]: Procedure Contract for setClientAddressBookAddress Derived contract for procedure setClientAddressBookAddress. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2534]: Procedure Contract for isReadable Derived contract for procedure isReadable. Ensures: ((\result == 1) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client)))) - ProcedureContractResult [Line: 2281]: Procedure Contract for setClientId Derived contract for procedure setClientId. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) RESULT: Ultimate proved your program to be correct! [2024-11-22 01:50:17,734 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE