void abort() { }; extern int __VERIFIER_nondet_int(); /*@ requires (1); ensures ((cond != 0)); @*/ void assume_abort_if_not(int cond) { if(!cond) {abort();} } /*@ requires ((1 <= cond)) && (cond != 0); ensures ((1 <= cond)) && (1); @*/ void __VERIFIER_assert(int cond) { if (!(cond)) { ERROR: {/*@ assert(0); */;} } return; } int main() { int a, b; long long x, y, z; a = __VERIFIER_nondet_int(); assume_abort_if_not(a>=0 && a<=10); b = __VERIFIER_nondet_int(); assume_abort_if_not(b>=0 && b<=10); assume_abort_if_not(b >= 1); x = a; y = b; z = 0; /*@ loop invariant (((((((((((((((z == 0) && (y == (b / 2))) && (((long long) a * 2) == x)) && (0 <= a)) && ((b % 2) != 1)) && (1 <= y)) && (a <= 10)) && (y <= 5)) || ((((((((1 <= (b % 2)) && ((z + ((__int128) y * x)) == ((long long) b * a))) && (((long long) a * 2) == x)) && (0 <= a)) && (1 <= b)) && (b <= 10)) && (a <= 10)) && ((((long long) -1 + b) / 2) == y))) || ((((((((z == 0) && (((__int128) y * x) == ((long long) b * a))) && (y <= 2)) && (0 <= a)) && (1 <= b)) && (1 <= y)) && (b <= 10)) && (a <= 10))) || (((((((z == 0) && (b == y)) && (0 <= a)) && (1 <= y)) && (b <= 10)) && (a == x)) && (a <= 10))) || (((((((0 <= y) && ((z + ((__int128) y * x)) == ((long long) b * a))) && (0 <= a)) && (1 <= b)) && (b <= 10)) && (a <= 10)) && (y <= 1))) || ((((((((0 <= y) && ((z + ((__int128) y * x)) == ((long long) b * a))) && (y <= 2)) && (0 <= a)) && (x == ((__int128) z * 2))) && (1 <= b)) && (b <= 10)) && (a <= 10))) || (((((((((a == z) && (1 <= (b % 2))) && (((long long) a * 4) == x)) && (0 <= a)) && (0 <= b)) && (((((long long) -1 + b) / 2) % 2) != 1)) && ((((long long) -1 + b) / 4) == y)) && (b <= 10)) && (a <= 10)))); @*/ while (1) { __VERIFIER_assert(z + x * y == (long long) a * b); if (!(y != 0)) break; if (y % 2 == 1) { z = z + x; y = y - 1; } x = 2 * x; y = y / 2; } __VERIFIER_assert(z == (long long) a * b); return 0; }