void abort() { };

                                                                       
                                                  
                                                                             
                                                                   
                                                  
                                                                             
                                                                              
                                                                             

                                                                                                                                                                                 

/*@ 
    requires ((1 <= \old(cond))) && (cond != 0);
    ensures ((1 <= \old(cond))) && (1);
@*/
void __VERIFIER_assert(int cond) {
  if (!(cond)) {
    ERROR: {/*@ assert(0); */;abort();}
  }
  return;
}
typedef int Char;


Char *tmp;

int glob2 (Char *pathbuf, Char *pathlim)
{
  Char *p;

  for (p = pathbuf; p <= pathlim; p++) {

    __VERIFIER_assert(p<=tmp);
    *p = 1;
  }

  return 0;
}

int main ()
{
  Char pathbuf[1 +1];

  Char *bound = pathbuf + sizeof(pathbuf)/sizeof(*pathbuf) - 1;

  tmp = pathbuf + sizeof(pathbuf)/sizeof(*pathbuf) - 1;

  glob2 (pathbuf, bound);

  return 0;
}