./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec11_product24.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 803cd42f Calling Ultimate with: /root/.sdkman/candidates/java/current/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec11_product24.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 51fa488e776e831bac86701b44da2398387b953b2cee791cda39a1547c039fcd --- Real Ultimate output --- This is Ultimate 0.2.5-tmp.dk.eval-assert-order-craig-803cd42-m [2024-11-22 01:51:50,702 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-11-22 01:51:50,765 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-11-22 01:51:50,772 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-11-22 01:51:50,774 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-11-22 01:51:50,791 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-11-22 01:51:50,792 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-11-22 01:51:50,792 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-11-22 01:51:50,792 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-11-22 01:51:50,793 INFO L153 SettingsManager]: * Use memory slicer=true [2024-11-22 01:51:50,793 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-11-22 01:51:50,793 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-11-22 01:51:50,794 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-11-22 01:51:50,794 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-11-22 01:51:50,795 INFO L153 SettingsManager]: * Use SBE=true [2024-11-22 01:51:50,795 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-11-22 01:51:50,795 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-11-22 01:51:50,795 INFO L153 SettingsManager]: * sizeof long=4 [2024-11-22 01:51:50,796 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-11-22 01:51:50,796 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-11-22 01:51:50,796 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-11-22 01:51:50,800 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-11-22 01:51:50,800 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-11-22 01:51:50,801 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-11-22 01:51:50,801 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-11-22 01:51:50,801 INFO L153 SettingsManager]: * sizeof long double=12 [2024-11-22 01:51:50,801 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-11-22 01:51:50,802 INFO L153 SettingsManager]: * Use constant arrays=true [2024-11-22 01:51:50,802 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-11-22 01:51:50,802 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-11-22 01:51:50,802 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-11-22 01:51:50,803 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-11-22 01:51:50,803 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-22 01:51:50,803 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-11-22 01:51:50,803 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-11-22 01:51:50,803 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-11-22 01:51:50,804 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-11-22 01:51:50,804 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-11-22 01:51:50,804 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-11-22 01:51:50,804 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-11-22 01:51:50,805 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-11-22 01:51:50,805 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-11-22 01:51:50,805 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 51fa488e776e831bac86701b44da2398387b953b2cee791cda39a1547c039fcd [2024-11-22 01:51:51,164 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-11-22 01:51:51,184 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-11-22 01:51:51,194 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-11-22 01:51:51,195 INFO L270 PluginConnector]: Initializing CDTParser... [2024-11-22 01:51:51,196 INFO L274 PluginConnector]: CDTParser initialized [2024-11-22 01:51:51,198 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec11_product24.cil.c [2024-11-22 01:51:52,921 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-11-22 01:51:53,446 INFO L384 CDTParser]: Found 1 translation units. [2024-11-22 01:51:53,450 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_product24.cil.c [2024-11-22 01:51:53,495 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/da994b7d5/9ac7cd18e8924ff7bfedfa3a0904cdbf/FLAGd21533aaa [2024-11-22 01:51:53,513 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/da994b7d5/9ac7cd18e8924ff7bfedfa3a0904cdbf [2024-11-22 01:51:53,519 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-11-22 01:51:53,524 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-11-22 01:51:53,528 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-11-22 01:51:53,528 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-11-22 01:51:53,536 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-11-22 01:51:53,541 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 22.11 01:51:53" (1/1) ... [2024-11-22 01:51:53,542 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@62a2748d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:53, skipping insertion in model container [2024-11-22 01:51:53,542 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 22.11 01:51:53" (1/1) ... [2024-11-22 01:51:53,636 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-11-22 01:51:53,914 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_product24.cil.c[16887,16900] [2024-11-22 01:51:54,091 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-22 01:51:54,102 INFO L200 MainTranslator]: Completed pre-run [2024-11-22 01:51:54,110 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [48] [2024-11-22 01:51:54,111 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [375] [2024-11-22 01:51:54,112 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [741] [2024-11-22 01:51:54,112 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [750] [2024-11-22 01:51:54,112 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [1821] [2024-11-22 01:51:54,112 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [1856] [2024-11-22 01:51:54,112 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [1963] [2024-11-22 01:51:54,112 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [2367] [2024-11-22 01:51:54,113 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"DecryptAutoResponder_spec.i","") [2384] [2024-11-22 01:51:54,113 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [2403] [2024-11-22 01:51:54,114 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2622] [2024-11-22 01:51:54,160 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_product24.cil.c[16887,16900] [2024-11-22 01:51:54,241 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-11-22 01:51:54,289 INFO L204 MainTranslator]: Completed translation [2024-11-22 01:51:54,290 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54 WrapperNode [2024-11-22 01:51:54,290 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-11-22 01:51:54,291 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-11-22 01:51:54,292 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-11-22 01:51:54,292 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-11-22 01:51:54,307 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,349 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,422 INFO L138 Inliner]: procedures = 130, calls = 192, calls flagged for inlining = 64, calls inlined = 59, statements flattened = 1058 [2024-11-22 01:51:54,423 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-11-22 01:51:54,423 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-11-22 01:51:54,424 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-11-22 01:51:54,424 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-11-22 01:51:54,446 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,446 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,463 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,524 INFO L175 MemorySlicer]: Split 14 memory accesses to 4 slices as follows [2, 4, 4, 4]. 29 percent of accesses are in the largest equivalence class. The 14 initializations are split as follows [2, 4, 4, 4]. The 0 writes are split as follows [0, 0, 0, 0]. [2024-11-22 01:51:54,524 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,524 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,551 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,561 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,570 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,581 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,591 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-11-22 01:51:54,596 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-11-22 01:51:54,596 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-11-22 01:51:54,596 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-11-22 01:51:54,597 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (1/1) ... [2024-11-22 01:51:54,612 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-11-22 01:51:54,630 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:51:54,684 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-11-22 01:51:54,693 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-11-22 01:51:54,749 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2024-11-22 01:51:54,749 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2024-11-22 01:51:54,749 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2024-11-22 01:51:54,749 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2024-11-22 01:51:54,749 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2024-11-22 01:51:54,750 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2024-11-22 01:51:54,750 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2024-11-22 01:51:54,750 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2024-11-22 01:51:54,750 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2024-11-22 01:51:54,751 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2024-11-22 01:51:54,751 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2024-11-22 01:51:54,751 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2024-11-22 01:51:54,751 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2024-11-22 01:51:54,751 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2024-11-22 01:51:54,752 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2024-11-22 01:51:54,752 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2024-11-22 01:51:54,752 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2024-11-22 01:51:54,752 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2024-11-22 01:51:54,753 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-11-22 01:51:54,753 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2024-11-22 01:51:54,753 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2024-11-22 01:51:54,754 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2024-11-22 01:51:54,754 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2024-11-22 01:51:54,754 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2024-11-22 01:51:54,754 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2024-11-22 01:51:54,754 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2024-11-22 01:51:54,754 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2024-11-22 01:51:54,754 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2024-11-22 01:51:54,755 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2024-11-22 01:51:54,755 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2024-11-22 01:51:54,755 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2024-11-22 01:51:54,755 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2024-11-22 01:51:54,755 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2024-11-22 01:51:54,755 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-11-22 01:51:54,755 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#1 [2024-11-22 01:51:54,755 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#2 [2024-11-22 01:51:54,755 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#3 [2024-11-22 01:51:54,756 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2024-11-22 01:51:54,756 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2024-11-22 01:51:54,756 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-11-22 01:51:54,756 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-11-22 01:51:54,946 INFO L238 CfgBuilder]: Building ICFG [2024-11-22 01:51:54,948 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-11-22 01:51:55,693 INFO L? ?]: Removed 460 outVars from TransFormulas that were not future-live. [2024-11-22 01:51:55,693 INFO L287 CfgBuilder]: Performing block encoding [2024-11-22 01:51:55,716 INFO L311 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-11-22 01:51:55,719 INFO L316 CfgBuilder]: Removed 1 assume(true) statements. [2024-11-22 01:51:55,719 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 22.11 01:51:55 BoogieIcfgContainer [2024-11-22 01:51:55,720 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-11-22 01:51:55,721 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-11-22 01:51:55,721 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-11-22 01:51:55,724 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-11-22 01:51:55,724 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 22.11 01:51:53" (1/3) ... [2024-11-22 01:51:55,724 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@f603c39 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 22.11 01:51:55, skipping insertion in model container [2024-11-22 01:51:55,724 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 22.11 01:51:54" (2/3) ... [2024-11-22 01:51:55,724 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@f603c39 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 22.11 01:51:55, skipping insertion in model container [2024-11-22 01:51:55,724 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 22.11 01:51:55" (3/3) ... [2024-11-22 01:51:55,727 INFO L112 eAbstractionObserver]: Analyzing ICFG email_spec11_product24.cil.c [2024-11-22 01:51:55,741 INFO L214 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-11-22 01:51:55,742 INFO L154 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-11-22 01:51:55,829 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-11-22 01:51:55,843 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@65c25172, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-11-22 01:51:55,847 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-11-22 01:51:55,856 INFO L276 IsEmpty]: Start isEmpty. Operand has 320 states, 255 states have (on average 1.5333333333333334) internal successors, (391), 257 states have internal predecessors, (391), 46 states have call successors, (46), 17 states have call predecessors, (46), 17 states have return successors, (46), 46 states have call predecessors, (46), 46 states have call successors, (46) [2024-11-22 01:51:55,875 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2024-11-22 01:51:55,876 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:51:55,885 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:51:55,886 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:51:55,894 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:51:55,895 INFO L85 PathProgramCache]: Analyzing trace with hash -1690099201, now seen corresponding path program 1 times [2024-11-22 01:51:55,910 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:51:55,910 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [687582161] [2024-11-22 01:51:55,910 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:55,911 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:51:56,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:56,697 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2024-11-22 01:51:56,698 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:51:56,698 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [687582161] [2024-11-22 01:51:56,699 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [687582161] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:51:56,699 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [786473385] [2024-11-22 01:51:56,700 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:56,700 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:56,700 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:51:56,703 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:51:56,704 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-11-22 01:51:57,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:57,008 INFO L255 TraceCheckSpWp]: Trace formula consists of 1012 conjuncts, 1 conjuncts are in the unsatisfiable core [2024-11-22 01:51:57,015 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:51:57,031 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2024-11-22 01:51:57,031 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:51:57,031 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [786473385] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:51:57,031 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:51:57,032 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [5] total 5 [2024-11-22 01:51:57,033 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [646988871] [2024-11-22 01:51:57,034 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:51:57,037 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-11-22 01:51:57,037 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:51:57,053 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-11-22 01:51:57,053 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:51:57,056 INFO L87 Difference]: Start difference. First operand has 320 states, 255 states have (on average 1.5333333333333334) internal successors, (391), 257 states have internal predecessors, (391), 46 states have call successors, (46), 17 states have call predecessors, (46), 17 states have return successors, (46), 46 states have call predecessors, (46), 46 states have call successors, (46) Second operand has 2 states, 2 states have (on average 27.5) internal successors, (55), 2 states have internal predecessors, (55), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-22 01:51:57,114 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:51:57,115 INFO L93 Difference]: Finished difference Result 481 states and 712 transitions. [2024-11-22 01:51:57,116 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-11-22 01:51:57,117 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 27.5) internal successors, (55), 2 states have internal predecessors, (55), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2024-11-22 01:51:57,118 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:51:57,127 INFO L225 Difference]: With dead ends: 481 [2024-11-22 01:51:57,128 INFO L226 Difference]: Without dead ends: 313 [2024-11-22 01:51:57,133 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 102 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:51:57,138 INFO L432 NwaCegarLoop]: 479 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 479 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:51:57,139 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 479 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:51:57,156 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 313 states. [2024-11-22 01:51:57,200 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 313 to 313. [2024-11-22 01:51:57,202 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 313 states, 249 states have (on average 1.5261044176706828) internal successors, (380), 250 states have internal predecessors, (380), 46 states have call successors, (46), 17 states have call predecessors, (46), 17 states have return successors, (45), 45 states have call predecessors, (45), 45 states have call successors, (45) [2024-11-22 01:51:57,207 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 313 states to 313 states and 471 transitions. [2024-11-22 01:51:57,213 INFO L78 Accepts]: Start accepts. Automaton has 313 states and 471 transitions. Word has length 98 [2024-11-22 01:51:57,214 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:51:57,215 INFO L471 AbstractCegarLoop]: Abstraction has 313 states and 471 transitions. [2024-11-22 01:51:57,215 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 27.5) internal successors, (55), 2 states have internal predecessors, (55), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-22 01:51:57,216 INFO L276 IsEmpty]: Start isEmpty. Operand 313 states and 471 transitions. [2024-11-22 01:51:57,223 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2024-11-22 01:51:57,224 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:51:57,224 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:51:57,236 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2024-11-22 01:51:57,425 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2024-11-22 01:51:57,426 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:51:57,427 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:51:57,427 INFO L85 PathProgramCache]: Analyzing trace with hash 2990504, now seen corresponding path program 1 times [2024-11-22 01:51:57,427 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:51:57,427 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [831125943] [2024-11-22 01:51:57,427 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:57,429 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:51:57,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:57,693 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2024-11-22 01:51:57,697 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:51:57,701 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [831125943] [2024-11-22 01:51:57,701 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [831125943] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:51:57,702 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1365472075] [2024-11-22 01:51:57,702 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:57,703 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:57,703 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:51:57,708 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:51:57,713 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2024-11-22 01:51:57,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:58,004 INFO L255 TraceCheckSpWp]: Trace formula consists of 1013 conjuncts, 2 conjuncts are in the unsatisfiable core [2024-11-22 01:51:58,009 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:51:58,046 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2024-11-22 01:51:58,046 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:51:58,047 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1365472075] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:51:58,047 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:51:58,047 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2024-11-22 01:51:58,047 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [980412802] [2024-11-22 01:51:58,047 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:51:58,048 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-22 01:51:58,048 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:51:58,048 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-22 01:51:58,049 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-22 01:51:58,049 INFO L87 Difference]: Start difference. First operand 313 states and 471 transitions. Second operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-22 01:51:58,098 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:51:58,099 INFO L93 Difference]: Finished difference Result 471 states and 693 transitions. [2024-11-22 01:51:58,099 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-22 01:51:58,100 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2024-11-22 01:51:58,100 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:51:58,104 INFO L225 Difference]: With dead ends: 471 [2024-11-22 01:51:58,105 INFO L226 Difference]: Without dead ends: 316 [2024-11-22 01:51:58,105 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 103 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-22 01:51:58,106 INFO L432 NwaCegarLoop]: 469 mSDtfsCounter, 1 mSDsluCounter, 467 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 936 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:51:58,107 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [1 Valid, 936 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:51:58,108 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 316 states. [2024-11-22 01:51:58,143 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 316 to 315. [2024-11-22 01:51:58,152 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 315 states, 251 states have (on average 1.5219123505976095) internal successors, (382), 252 states have internal predecessors, (382), 46 states have call successors, (46), 17 states have call predecessors, (46), 17 states have return successors, (45), 45 states have call predecessors, (45), 45 states have call successors, (45) [2024-11-22 01:51:58,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 315 states to 315 states and 473 transitions. [2024-11-22 01:51:58,155 INFO L78 Accepts]: Start accepts. Automaton has 315 states and 473 transitions. Word has length 99 [2024-11-22 01:51:58,155 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:51:58,155 INFO L471 AbstractCegarLoop]: Abstraction has 315 states and 473 transitions. [2024-11-22 01:51:58,155 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-22 01:51:58,155 INFO L276 IsEmpty]: Start isEmpty. Operand 315 states and 473 transitions. [2024-11-22 01:51:58,157 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2024-11-22 01:51:58,157 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:51:58,157 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:51:58,167 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2024-11-22 01:51:58,361 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2024-11-22 01:51:58,362 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:51:58,362 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:51:58,362 INFO L85 PathProgramCache]: Analyzing trace with hash -223135106, now seen corresponding path program 1 times [2024-11-22 01:51:58,362 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:51:58,362 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1631416514] [2024-11-22 01:51:58,363 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:58,363 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:51:58,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:58,583 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2024-11-22 01:51:58,584 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:51:58,584 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1631416514] [2024-11-22 01:51:58,584 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1631416514] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:51:58,585 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1078392294] [2024-11-22 01:51:58,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:58,585 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:58,586 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:51:58,588 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:51:58,589 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2024-11-22 01:51:58,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:58,825 INFO L255 TraceCheckSpWp]: Trace formula consists of 1038 conjuncts, 3 conjuncts are in the unsatisfiable core [2024-11-22 01:51:58,833 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:51:58,851 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2024-11-22 01:51:58,854 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:51:58,854 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1078392294] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:51:58,854 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:51:58,855 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2024-11-22 01:51:58,855 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [645391629] [2024-11-22 01:51:58,855 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:51:58,855 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-11-22 01:51:58,856 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:51:58,856 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-11-22 01:51:58,856 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-22 01:51:58,856 INFO L87 Difference]: Start difference. First operand 315 states and 473 transitions. Second operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-22 01:51:58,883 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:51:58,885 INFO L93 Difference]: Finished difference Result 665 states and 1013 transitions. [2024-11-22 01:51:58,885 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-11-22 01:51:58,886 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 108 [2024-11-22 01:51:58,886 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:51:58,888 INFO L225 Difference]: With dead ends: 665 [2024-11-22 01:51:58,888 INFO L226 Difference]: Without dead ends: 377 [2024-11-22 01:51:58,889 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 112 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-11-22 01:51:58,890 INFO L432 NwaCegarLoop]: 483 mSDtfsCounter, 115 mSDsluCounter, 424 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 130 SdHoareTripleChecker+Valid, 907 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:51:58,890 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [130 Valid, 907 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:51:58,891 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 377 states. [2024-11-22 01:51:58,902 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 377 to 369. [2024-11-22 01:51:58,903 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 369 states, 294 states have (on average 1.5374149659863945) internal successors, (452), 295 states have internal predecessors, (452), 57 states have call successors, (57), 17 states have call predecessors, (57), 17 states have return successors, (56), 56 states have call predecessors, (56), 56 states have call successors, (56) [2024-11-22 01:51:58,905 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 369 states to 369 states and 565 transitions. [2024-11-22 01:51:58,906 INFO L78 Accepts]: Start accepts. Automaton has 369 states and 565 transitions. Word has length 108 [2024-11-22 01:51:58,906 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:51:58,906 INFO L471 AbstractCegarLoop]: Abstraction has 369 states and 565 transitions. [2024-11-22 01:51:58,906 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2024-11-22 01:51:58,906 INFO L276 IsEmpty]: Start isEmpty. Operand 369 states and 565 transitions. [2024-11-22 01:51:58,908 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2024-11-22 01:51:58,908 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:51:58,908 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:51:58,917 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2024-11-22 01:51:59,108 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:59,110 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:51:59,110 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:51:59,111 INFO L85 PathProgramCache]: Analyzing trace with hash -2129020549, now seen corresponding path program 1 times [2024-11-22 01:51:59,111 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:51:59,111 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2042948188] [2024-11-22 01:51:59,111 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:59,111 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:51:59,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:59,235 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2024-11-22 01:51:59,235 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:51:59,235 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2042948188] [2024-11-22 01:51:59,235 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2042948188] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:51:59,236 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1158840185] [2024-11-22 01:51:59,236 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:59,236 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:59,236 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:51:59,238 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:51:59,239 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2024-11-22 01:51:59,453 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:59,457 INFO L255 TraceCheckSpWp]: Trace formula consists of 1043 conjuncts, 8 conjuncts are in the unsatisfiable core [2024-11-22 01:51:59,461 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:51:59,499 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-22 01:51:59,499 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:51:59,499 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1158840185] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:51:59,499 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:51:59,499 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [5] total 8 [2024-11-22 01:51:59,500 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2041593141] [2024-11-22 01:51:59,500 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:51:59,500 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-22 01:51:59,500 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:51:59,501 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-22 01:51:59,501 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-22 01:51:59,501 INFO L87 Difference]: Start difference. First operand 369 states and 565 transitions. Second operand has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-22 01:51:59,542 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:51:59,543 INFO L93 Difference]: Finished difference Result 729 states and 1120 transitions. [2024-11-22 01:51:59,543 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-22 01:51:59,543 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2024-11-22 01:51:59,543 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:51:59,549 INFO L225 Difference]: With dead ends: 729 [2024-11-22 01:51:59,549 INFO L226 Difference]: Without dead ends: 371 [2024-11-22 01:51:59,550 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 113 GetRequests, 107 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2024-11-22 01:51:59,551 INFO L432 NwaCegarLoop]: 463 mSDtfsCounter, 2 mSDsluCounter, 1378 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1841 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:51:59,551 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1841 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:51:59,552 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 371 states. [2024-11-22 01:51:59,560 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 371 to 371. [2024-11-22 01:51:59,560 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 371 states, 295 states have (on average 1.535593220338983) internal successors, (453), 297 states have internal predecessors, (453), 57 states have call successors, (57), 17 states have call predecessors, (57), 18 states have return successors, (58), 56 states have call predecessors, (58), 56 states have call successors, (58) [2024-11-22 01:51:59,562 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 371 states to 371 states and 568 transitions. [2024-11-22 01:51:59,562 INFO L78 Accepts]: Start accepts. Automaton has 371 states and 568 transitions. Word has length 109 [2024-11-22 01:51:59,562 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:51:59,563 INFO L471 AbstractCegarLoop]: Abstraction has 371 states and 568 transitions. [2024-11-22 01:51:59,563 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.5) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-22 01:51:59,563 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 568 transitions. [2024-11-22 01:51:59,564 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2024-11-22 01:51:59,564 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:51:59,564 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:51:59,573 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2024-11-22 01:51:59,765 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:59,766 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:51:59,766 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:51:59,766 INFO L85 PathProgramCache]: Analyzing trace with hash -1018902216, now seen corresponding path program 1 times [2024-11-22 01:51:59,766 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:51:59,766 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [568465908] [2024-11-22 01:51:59,767 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:59,767 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:51:59,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:51:59,906 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2024-11-22 01:51:59,907 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:51:59,907 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [568465908] [2024-11-22 01:51:59,907 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [568465908] provided 0 perfect and 1 imperfect interpolant sequences [2024-11-22 01:51:59,907 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1037084155] [2024-11-22 01:51:59,907 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:51:59,907 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:51:59,907 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-11-22 01:51:59,909 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-11-22 01:51:59,911 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2024-11-22 01:52:00,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:52:00,147 INFO L255 TraceCheckSpWp]: Trace formula consists of 1044 conjuncts, 6 conjuncts are in the unsatisfiable core [2024-11-22 01:52:00,152 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-11-22 01:52:00,196 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2024-11-22 01:52:00,196 INFO L307 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2024-11-22 01:52:00,196 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1037084155] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:52:00,196 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2024-11-22 01:52:00,197 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2024-11-22 01:52:00,197 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1872111522] [2024-11-22 01:52:00,197 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:52:00,197 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-22 01:52:00,197 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:52:00,198 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-22 01:52:00,198 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2024-11-22 01:52:00,198 INFO L87 Difference]: Start difference. First operand 371 states and 568 transitions. Second operand has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-22 01:52:00,262 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:52:00,262 INFO L93 Difference]: Finished difference Result 731 states and 1125 transitions. [2024-11-22 01:52:00,270 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-22 01:52:00,270 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110 [2024-11-22 01:52:00,271 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:52:00,273 INFO L225 Difference]: With dead ends: 731 [2024-11-22 01:52:00,273 INFO L226 Difference]: Without dead ends: 373 [2024-11-22 01:52:00,274 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 117 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2024-11-22 01:52:00,274 INFO L432 NwaCegarLoop]: 461 mSDtfsCounter, 2 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 49 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1827 SdHoareTripleChecker+Invalid, 49 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 49 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:52:00,275 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1827 Invalid, 49 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 49 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:52:00,275 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 373 states. [2024-11-22 01:52:00,284 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 373 to 373. [2024-11-22 01:52:00,284 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 373 states, 296 states have (on average 1.5337837837837838) internal successors, (454), 299 states have internal predecessors, (454), 57 states have call successors, (57), 17 states have call predecessors, (57), 19 states have return successors, (63), 56 states have call predecessors, (63), 56 states have call successors, (63) [2024-11-22 01:52:00,286 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 373 states to 373 states and 574 transitions. [2024-11-22 01:52:00,286 INFO L78 Accepts]: Start accepts. Automaton has 373 states and 574 transitions. Word has length 110 [2024-11-22 01:52:00,286 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:52:00,286 INFO L471 AbstractCegarLoop]: Abstraction has 373 states and 574 transitions. [2024-11-22 01:52:00,287 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.2) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-22 01:52:00,287 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 574 transitions. [2024-11-22 01:52:00,288 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2024-11-22 01:52:00,288 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:52:00,288 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:52:00,306 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2024-11-22 01:52:00,489 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-11-22 01:52:00,489 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:52:00,490 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:52:00,490 INFO L85 PathProgramCache]: Analyzing trace with hash -884998255, now seen corresponding path program 1 times [2024-11-22 01:52:00,490 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:52:00,490 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1972357416] [2024-11-22 01:52:00,490 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-11-22 01:52:00,490 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:52:00,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-11-22 01:52:00,595 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2024-11-22 01:52:00,595 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:52:00,595 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1972357416] [2024-11-22 01:52:00,595 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1972357416] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:52:00,595 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-22 01:52:00,596 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-11-22 01:52:00,596 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1078051008] [2024-11-22 01:52:00,596 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:52:00,596 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-11-22 01:52:00,597 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:52:00,597 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-11-22 01:52:00,597 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:52:00,597 INFO L87 Difference]: Start difference. First operand 373 states and 574 transitions. Second operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-22 01:52:00,629 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:52:00,629 INFO L93 Difference]: Finished difference Result 723 states and 1116 transitions. [2024-11-22 01:52:00,629 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-11-22 01:52:00,629 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 111 [2024-11-22 01:52:00,630 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:52:00,631 INFO L225 Difference]: With dead ends: 723 [2024-11-22 01:52:00,631 INFO L226 Difference]: Without dead ends: 373 [2024-11-22 01:52:00,632 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-11-22 01:52:00,633 INFO L432 NwaCegarLoop]: 464 mSDtfsCounter, 2 mSDsluCounter, 1381 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 1845 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:52:00,633 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 1845 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:52:00,634 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 373 states. [2024-11-22 01:52:00,641 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 373 to 373. [2024-11-22 01:52:00,642 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 373 states, 296 states have (on average 1.5337837837837838) internal successors, (454), 299 states have internal predecessors, (454), 57 states have call successors, (57), 17 states have call predecessors, (57), 19 states have return successors, (62), 56 states have call predecessors, (62), 56 states have call successors, (62) [2024-11-22 01:52:00,644 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 373 states to 373 states and 573 transitions. [2024-11-22 01:52:00,644 INFO L78 Accepts]: Start accepts. Automaton has 373 states and 573 transitions. Word has length 111 [2024-11-22 01:52:00,644 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:52:00,644 INFO L471 AbstractCegarLoop]: Abstraction has 373 states and 573 transitions. [2024-11-22 01:52:00,645 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2024-11-22 01:52:00,645 INFO L276 IsEmpty]: Start isEmpty. Operand 373 states and 573 transitions. [2024-11-22 01:52:00,646 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2024-11-22 01:52:00,646 INFO L207 NwaCegarLoop]: Found error trace [2024-11-22 01:52:00,646 INFO L215 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-11-22 01:52:00,646 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2024-11-22 01:52:00,646 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-11-22 01:52:00,647 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-11-22 01:52:00,647 INFO L85 PathProgramCache]: Analyzing trace with hash -348871252, now seen corresponding path program 2 times [2024-11-22 01:52:00,647 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-11-22 01:52:00,647 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1295532961] [2024-11-22 01:52:00,647 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2024-11-22 01:52:00,647 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-11-22 01:52:00,667 INFO L227 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2024-11-22 01:52:00,667 INFO L228 tOrderPrioritization]: Conjunction of SSA is unsat [2024-11-22 01:52:00,756 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2024-11-22 01:52:00,757 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-11-22 01:52:00,757 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1295532961] [2024-11-22 01:52:00,757 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1295532961] provided 1 perfect and 0 imperfect interpolant sequences [2024-11-22 01:52:00,757 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-11-22 01:52:00,757 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2024-11-22 01:52:00,757 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1953183130] [2024-11-22 01:52:00,758 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-11-22 01:52:00,758 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2024-11-22 01:52:00,758 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-11-22 01:52:00,759 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2024-11-22 01:52:00,759 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-22 01:52:00,759 INFO L87 Difference]: Start difference. First operand 373 states and 573 transitions. Second operand has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 6 states have internal predecessors, (71), 1 states have call successors, (14), 1 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) [2024-11-22 01:52:00,790 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-11-22 01:52:00,791 INFO L93 Difference]: Finished difference Result 373 states and 573 transitions. [2024-11-22 01:52:00,791 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-11-22 01:52:00,791 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 6 states have internal predecessors, (71), 1 states have call successors, (14), 1 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) Word has length 112 [2024-11-22 01:52:00,792 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-11-22 01:52:00,792 INFO L225 Difference]: With dead ends: 373 [2024-11-22 01:52:00,792 INFO L226 Difference]: Without dead ends: 0 [2024-11-22 01:52:00,794 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2024-11-22 01:52:00,794 INFO L432 NwaCegarLoop]: 465 mSDtfsCounter, 0 mSDsluCounter, 2316 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 2781 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-11-22 01:52:00,794 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 2781 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-11-22 01:52:00,795 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-11-22 01:52:00,795 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-11-22 01:52:00,795 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-11-22 01:52:00,795 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-11-22 01:52:00,796 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 112 [2024-11-22 01:52:00,796 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-11-22 01:52:00,796 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-11-22 01:52:00,796 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 6 states have internal predecessors, (71), 1 states have call successors, (14), 1 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) [2024-11-22 01:52:00,796 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-11-22 01:52:00,796 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-11-22 01:52:00,799 INFO L782 garLoopResultBuilder]: Registering result SAFE for location outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-11-22 01:52:00,799 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2024-11-22 01:52:00,801 INFO L407 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1] [2024-11-22 01:52:00,803 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-11-22 01:52:00,871 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2024-11-22 01:52:00,914 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 22.11 01:52:00 BoogieIcfgContainer [2024-11-22 01:52:00,915 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-11-22 01:52:00,915 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-11-22 01:52:00,916 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-11-22 01:52:00,916 INFO L274 PluginConnector]: Witness Printer initialized [2024-11-22 01:52:00,916 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 22.11 01:51:55" (3/4) ... [2024-11-22 01:52:00,918 INFO L142 WitnessPrinter]: Generating witness for correct program [2024-11-22 01:52:00,921 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailSignKey [2024-11-22 01:52:00,921 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing [2024-11-22 01:52:00,921 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isSigned [2024-11-22 01:52:00,921 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientPrivateKey [2024-11-22 01:52:00,921 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure chuckKeyAdd [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure createClientKeyringEntry [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure generateKeyPair [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringUser [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure sendEmail [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailFrom [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure queue [2024-11-22 01:52:00,922 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringPublicKey [2024-11-22 01:52:00,923 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientId [2024-11-22 01:52:00,940 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 88 nodes and edges [2024-11-22 01:52:00,942 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 47 nodes and edges [2024-11-22 01:52:00,943 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 8 nodes and edges [2024-11-22 01:52:00,944 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 3 nodes and edges [2024-11-22 01:52:00,945 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-22 01:52:00,946 INFO L925 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-11-22 01:52:01,120 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-11-22 01:52:01,121 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2024-11-22 01:52:01,121 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-11-22 01:52:01,121 INFO L158 Benchmark]: Toolchain (without parser) took 7597.48ms. Allocated memory was 203.4MB in the beginning and 325.1MB in the end (delta: 121.6MB). Free memory was 172.3MB in the beginning and 162.1MB in the end (delta: 10.2MB). Peak memory consumption was 131.5MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,122 INFO L158 Benchmark]: CDTParser took 0.18ms. Allocated memory is still 134.2MB. Free memory is still 104.2MB. There was no memory consumed. Max. memory is 16.1GB. [2024-11-22 01:52:01,122 INFO L158 Benchmark]: CACSL2BoogieTranslator took 762.89ms. Allocated memory is still 203.4MB. Free memory was 172.1MB in the beginning and 129.7MB in the end (delta: 42.4MB). Peak memory consumption was 46.5MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,122 INFO L158 Benchmark]: Boogie Procedure Inliner took 131.53ms. Allocated memory is still 203.4MB. Free memory was 129.7MB in the beginning and 123.4MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,122 INFO L158 Benchmark]: Boogie Preprocessor took 171.54ms. Allocated memory is still 203.4MB. Free memory was 123.4MB in the beginning and 116.1MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,123 INFO L158 Benchmark]: RCFGBuilder took 1123.93ms. Allocated memory is still 203.4MB. Free memory was 116.1MB in the beginning and 110.2MB in the end (delta: 5.9MB). Peak memory consumption was 33.6MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,123 INFO L158 Benchmark]: TraceAbstraction took 5193.92ms. Allocated memory was 203.4MB in the beginning and 325.1MB in the end (delta: 121.6MB). Free memory was 110.2MB in the beginning and 209.3MB in the end (delta: -99.0MB). Peak memory consumption was 23.7MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,123 INFO L158 Benchmark]: Witness Printer took 205.59ms. Allocated memory is still 325.1MB. Free memory was 209.3MB in the beginning and 162.1MB in the end (delta: 47.2MB). Peak memory consumption was 48.2MB. Max. memory is 16.1GB. [2024-11-22 01:52:01,124 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.18ms. Allocated memory is still 134.2MB. Free memory is still 104.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 762.89ms. Allocated memory is still 203.4MB. Free memory was 172.1MB in the beginning and 129.7MB in the end (delta: 42.4MB). Peak memory consumption was 46.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 131.53ms. Allocated memory is still 203.4MB. Free memory was 129.7MB in the beginning and 123.4MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Preprocessor took 171.54ms. Allocated memory is still 203.4MB. Free memory was 123.4MB in the beginning and 116.1MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * RCFGBuilder took 1123.93ms. Allocated memory is still 203.4MB. Free memory was 116.1MB in the beginning and 110.2MB in the end (delta: 5.9MB). Peak memory consumption was 33.6MB. Max. memory is 16.1GB. * TraceAbstraction took 5193.92ms. Allocated memory was 203.4MB in the beginning and 325.1MB in the end (delta: 121.6MB). Free memory was 110.2MB in the beginning and 209.3MB in the end (delta: -99.0MB). Peak memory consumption was 23.7MB. Max. memory is 16.1GB. * Witness Printer took 205.59ms. Allocated memory is still 325.1MB. Free memory was 209.3MB in the beginning and 162.1MB in the end (delta: 47.2MB). Peak memory consumption was 48.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 48]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [48] - GenericResultAtLocation [Line: 375]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [375] - GenericResultAtLocation [Line: 741]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [741] - GenericResultAtLocation [Line: 750]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [750] - GenericResultAtLocation [Line: 1821]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [1821] - GenericResultAtLocation [Line: 1856]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [1856] - GenericResultAtLocation [Line: 1963]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [1963] - GenericResultAtLocation [Line: 2367]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [2367] - GenericResultAtLocation [Line: 2384]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"DecryptAutoResponder_spec.i","") [2384] - GenericResultAtLocation [Line: 2403]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [2403] - GenericResultAtLocation [Line: 2622]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [2622] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 746]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 18 procedures, 320 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 5.0s, OverallIterations: 7, TraceHistogramMax: 3, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.0s, AutomataDifference: 0.4s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 140 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 122 mSDsluCounter, 10616 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 7332 mSDsCounter, 1 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 154 IncrementalHoareTripleChecker+Invalid, 155 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1 mSolverCounterUnsat, 3284 mSDtfsCounter, 154 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 560 GetRequests, 526 SyntacticMatches, 0 SemanticMatches, 34 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.2s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=373occurred in iteration=5, InterpolantAutomatonStates: 30, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 7 MinimizatonAttempts, 9 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.3s SsaConstructionTime, 0.6s SatisfiabilityAnalysisTime, 1.5s InterpolantComputationTime, 1271 NumberOfCodeBlocks, 1203 NumberOfCodeBlocksAsserted, 12 NumberOfCheckSat, 1259 ConstructedInterpolants, 0 QuantifiedInterpolants, 1370 SizeOfPredicates, 3 NumberOfNonLiveVariables, 5150 ConjunctsInSsa, 20 ConjunctsInUnsatCore, 12 InterpolantComputations, 7 PerfectInterpolantSequences, 371/389 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 2443]: Loop Invariant Derived loop invariant: 1 - ProcedureContractResult [Line: 2295]: Procedure Contract for getEmailSignKey Derived contract for procedure getEmailSignKey. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2660]: Procedure Contract for outgoing Derived contract for procedure outgoing. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) - ProcedureContractResult [Line: 2258]: Procedure Contract for isSigned Derived contract for procedure isSigned. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1366]: Procedure Contract for setClientPrivateKey Derived contract for procedure setClientPrivateKey. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 301]: Procedure Contract for chuckKeyAdd Derived contract for procedure chuckKeyAdd. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2088]: Procedure Contract for setEmailTo Derived contract for procedure setEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2069]: Procedure Contract for getEmailTo Derived contract for procedure getEmailTo. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1433]: Procedure Contract for createClientKeyringEntry Derived contract for procedure createClientKeyringEntry. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2831]: Procedure Contract for generateKeyPair Derived contract for procedure generateKeyPair. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1521]: Procedure Contract for setClientKeyringUser Derived contract for procedure setClientKeyringUser. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2756]: Procedure Contract for sendEmail Derived contract for procedure sendEmail. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) - ProcedureContractResult [Line: 2051]: Procedure Contract for setEmailFrom Derived contract for procedure setEmailFrom. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 2032]: Procedure Contract for getEmailFrom Derived contract for procedure getEmailFrom. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1930]: Procedure Contract for isReadable Derived contract for procedure isReadable. Ensures: ((\result == 1) && ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client)))) - ProcedureContractResult [Line: 2769]: Procedure Contract for queue Derived contract for procedure queue. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) - ProcedureContractResult [Line: 1682]: Procedure Contract for setClientKeyringPublicKey Derived contract for procedure setClientKeyringPublicKey. Ensures: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_client_idCounter0 == \old(__ste_client_idCounter0))) && (__ste_client_idCounter1 == \old(__ste_client_idCounter1))) && (__ste_client_idCounter2 == \old(__ste_client_idCounter2))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) - ProcedureContractResult [Line: 1801]: Procedure Contract for setClientId Derived contract for procedure setClientId. Ensures: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((__SELECTED_FEATURE_Base == \old(__SELECTED_FEATURE_Base)) && (__SELECTED_FEATURE_Keys == \old(__SELECTED_FEATURE_Keys))) && (__SELECTED_FEATURE_Encrypt == \old(__SELECTED_FEATURE_Encrypt))) && (__SELECTED_FEATURE_AutoResponder == \old(__SELECTED_FEATURE_AutoResponder))) && (__SELECTED_FEATURE_AddressBook == \old(__SELECTED_FEATURE_AddressBook))) && (__SELECTED_FEATURE_Sign == \old(__SELECTED_FEATURE_Sign))) && (__SELECTED_FEATURE_Forward == \old(__SELECTED_FEATURE_Forward))) && (__SELECTED_FEATURE_Verify == \old(__SELECTED_FEATURE_Verify))) && (__SELECTED_FEATURE_Decrypt == \old(__SELECTED_FEATURE_Decrypt))) && (__GUIDSL_ROOT_PRODUCTION == \old(__GUIDSL_ROOT_PRODUCTION))) && (__GUIDSL_NON_TERMINAL_main == \old(__GUIDSL_NON_TERMINAL_main))) && (bob == \old(bob))) && (rjh == \old(rjh))) && (chuck == \old(chuck))) && (head == \old(head))) && (__ste_Client_counter == \old(__ste_Client_counter))) && (__ste_client_name0 == \old(__ste_client_name0))) && (__ste_client_name1 == \old(__ste_client_name1))) && (__ste_client_name2 == \old(__ste_client_name2))) && (__ste_client_outbuffer0 == \old(__ste_client_outbuffer0))) && (__ste_client_outbuffer1 == \old(__ste_client_outbuffer1))) && (__ste_client_outbuffer2 == \old(__ste_client_outbuffer2))) && (__ste_client_outbuffer3 == \old(__ste_client_outbuffer3))) && (__ste_ClientAddressBook_size0 == \old(__ste_ClientAddressBook_size0))) && (__ste_ClientAddressBook_size1 == \old(__ste_ClientAddressBook_size1))) && (__ste_ClientAddressBook_size2 == \old(__ste_ClientAddressBook_size2))) && (__ste_Client_AddressBook0_Alias0 == \old(__ste_Client_AddressBook0_Alias0))) && (__ste_Client_AddressBook0_Alias1 == \old(__ste_Client_AddressBook0_Alias1))) && (__ste_Client_AddressBook0_Alias2 == \old(__ste_Client_AddressBook0_Alias2))) && (__ste_Client_AddressBook1_Alias0 == \old(__ste_Client_AddressBook1_Alias0))) && (__ste_Client_AddressBook1_Alias1 == \old(__ste_Client_AddressBook1_Alias1))) && (__ste_Client_AddressBook1_Alias2 == \old(__ste_Client_AddressBook1_Alias2))) && (__ste_Client_AddressBook2_Alias0 == \old(__ste_Client_AddressBook2_Alias0))) && (__ste_Client_AddressBook2_Alias1 == \old(__ste_Client_AddressBook2_Alias1))) && (__ste_Client_AddressBook2_Alias2 == \old(__ste_Client_AddressBook2_Alias2))) && (__ste_Client_AddressBook0_Address0 == \old(__ste_Client_AddressBook0_Address0))) && (__ste_Client_AddressBook0_Address1 == \old(__ste_Client_AddressBook0_Address1))) && (__ste_Client_AddressBook0_Address2 == \old(__ste_Client_AddressBook0_Address2))) && (__ste_Client_AddressBook1_Address0 == \old(__ste_Client_AddressBook1_Address0))) && (__ste_Client_AddressBook1_Address1 == \old(__ste_Client_AddressBook1_Address1))) && (__ste_Client_AddressBook1_Address2 == \old(__ste_Client_AddressBook1_Address2))) && (__ste_Client_AddressBook2_Address0 == \old(__ste_Client_AddressBook2_Address0))) && (__ste_Client_AddressBook2_Address1 == \old(__ste_Client_AddressBook2_Address1))) && (__ste_Client_AddressBook2_Address2 == \old(__ste_Client_AddressBook2_Address2))) && (__ste_client_autoResponse0 == \old(__ste_client_autoResponse0))) && (__ste_client_autoResponse1 == \old(__ste_client_autoResponse1))) && (__ste_client_autoResponse2 == \old(__ste_client_autoResponse2))) && (__ste_client_privateKey0 == \old(__ste_client_privateKey0))) && (__ste_client_privateKey1 == \old(__ste_client_privateKey1))) && (__ste_client_privateKey2 == \old(__ste_client_privateKey2))) && (__ste_ClientKeyring_size0 == \old(__ste_ClientKeyring_size0))) && (__ste_ClientKeyring_size1 == \old(__ste_ClientKeyring_size1))) && (__ste_ClientKeyring_size2 == \old(__ste_ClientKeyring_size2))) && (__ste_Client_Keyring0_User0 == \old(__ste_Client_Keyring0_User0))) && (__ste_Client_Keyring0_User1 == \old(__ste_Client_Keyring0_User1))) && (__ste_Client_Keyring0_User2 == \old(__ste_Client_Keyring0_User2))) && (__ste_Client_Keyring1_User0 == \old(__ste_Client_Keyring1_User0))) && (__ste_Client_Keyring1_User1 == \old(__ste_Client_Keyring1_User1))) && (__ste_Client_Keyring1_User2 == \old(__ste_Client_Keyring1_User2))) && (__ste_Client_Keyring2_User0 == \old(__ste_Client_Keyring2_User0))) && (__ste_Client_Keyring2_User1 == \old(__ste_Client_Keyring2_User1))) && (__ste_Client_Keyring2_User2 == \old(__ste_Client_Keyring2_User2))) && (__ste_Client_Keyring0_PublicKey0 == \old(__ste_Client_Keyring0_PublicKey0))) && (__ste_Client_Keyring0_PublicKey1 == \old(__ste_Client_Keyring0_PublicKey1))) && (__ste_Client_Keyring0_PublicKey2 == \old(__ste_Client_Keyring0_PublicKey2))) && (__ste_Client_Keyring1_PublicKey0 == \old(__ste_Client_Keyring1_PublicKey0))) && (__ste_Client_Keyring1_PublicKey1 == \old(__ste_Client_Keyring1_PublicKey1))) && (__ste_Client_Keyring1_PublicKey2 == \old(__ste_Client_Keyring1_PublicKey2))) && (__ste_Client_Keyring2_PublicKey0 == \old(__ste_Client_Keyring2_PublicKey0))) && (__ste_Client_Keyring2_PublicKey1 == \old(__ste_Client_Keyring2_PublicKey1))) && (__ste_Client_Keyring2_PublicKey2 == \old(__ste_Client_Keyring2_PublicKey2))) && (__ste_client_forwardReceiver0 == \old(__ste_client_forwardReceiver0))) && (__ste_client_forwardReceiver1 == \old(__ste_client_forwardReceiver1))) && (__ste_client_forwardReceiver2 == \old(__ste_client_forwardReceiver2))) && (__ste_client_forwardReceiver3 == \old(__ste_client_forwardReceiver3))) && (__ste_Email_counter == \old(__ste_Email_counter))) && (__ste_email_id0 == \old(__ste_email_id0))) && (__ste_email_id1 == \old(__ste_email_id1))) && (__ste_email_from0 == \old(__ste_email_from0))) && (__ste_email_from1 == \old(__ste_email_from1))) && (__ste_email_to0 == \old(__ste_email_to0))) && (__ste_email_to1 == \old(__ste_email_to1))) && (__ste_email_subject0 == \old(__ste_email_subject0))) && (__ste_email_subject1 == \old(__ste_email_subject1))) && (__ste_email_body0 == \old(__ste_email_body0))) && (__ste_email_body1 == \old(__ste_email_body1))) && (__ste_email_isEncrypted0 == \old(__ste_email_isEncrypted0))) && (__ste_email_isEncrypted1 == \old(__ste_email_isEncrypted1))) && (__ste_email_encryptionKey0 == \old(__ste_email_encryptionKey0))) && (__ste_email_encryptionKey1 == \old(__ste_email_encryptionKey1))) && (__ste_email_isSigned0 == \old(__ste_email_isSigned0))) && (__ste_email_isSigned1 == \old(__ste_email_isSigned1))) && (__ste_email_signKey0 == \old(__ste_email_signKey0))) && (__ste_email_signKey1 == \old(__ste_email_signKey1))) && (__ste_email_isSignatureVerified0 == \old(__ste_email_isSignatureVerified0))) && (__ste_email_isSignatureVerified1 == \old(__ste_email_isSignatureVerified1))) && (queue_empty == \old(queue_empty))) && (queued_message == \old(queued_message))) && (queued_client == \old(queued_client))) RESULT: Ultimate proved your program to be correct! [2024-11-22 01:52:01,205 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE