void abort() { };
                                     
                                                                                            
  
                        
                                                                                                                                                          
                                                                              
extern int __VERIFIER_nondet_int();
                        
/*@ 
    requires (1);
    ensures ((cond != 0));
@*/
void assume_abort_if_not(int cond) {
  if(!cond) {abort();}
}
/*@ 
    requires ((1 <= cond)) && (cond != 0);
    ensures ((1 <= cond)) && (1);
@*/
void __VERIFIER_assert(int cond) {
    if (!(cond)) {
    ERROR:
        {/*@ assert(0); */;}
    }
    return;
}

int main() {
    int X, Y;
    long long x, y, v, xy, yx;
    X = __VERIFIER_nondet_int();
    assume_abort_if_not(X>=0 && X<=1);
    Y = __VERIFIER_nondet_int();
    assume_abort_if_not(Y>=0 && Y<=1);
    v = ((long long) 2 * Y) - X;         // cast required to avoid int overflow
    y = 0;
    x = 0;

/*@
loop invariant ((((((((x < ((long long) X + 1)) || ((((2 * ((__int128) y * x)) + X) + v) == ((((__int128) y * 2) + ((long long) Y * 2)) + (2 * ((__int128) Y * x))))) && ((((long long) Y * 2) + (2 * ((__int128) Y * x))) == (((((__int128) X * y) * 2) + X) + v))) && (Y <= 1)) && (0 <= Y)) && (0 <= X)) && (X <= 1)));
@*/
    while (1) {
        yx = (long long) Y*x;
        xy = (long long) X*y;
	__VERIFIER_assert( 2*yx - 2*xy - X + (long long) 2*Y - v == 0);
        if (!(x <= X))
            break;
        // out[x] = y

        if (v < 0) {
            v = v + (long long) 2 * Y;
        } else {
            v = v + 2 * ((long long) Y - X);
            y++;
        }
        x++;
    }
    xy = (long long) x*y;
    yx = (long long) Y*x;
    __VERIFIER_assert(2*yx - 2*xy - X + (long long) 2*Y - v + 2*y == 0);

    return 0;
}