void abort() { }; extern unsigned __VERIFIER_nondet_uint(); /*@ requires ((counter == 0)); ensures (((counter == \old(counter)) && (counter == 0))); @*/ void assume_abort_if_not(int cond) { if(!cond) {abort();} } /*@ requires ((1 <= cond)) && (cond != 0); ensures (((counter == \old(counter)) && (1 <= cond))) && (1); @*/ void __VERIFIER_assert(int cond) { if (!(cond)) { ERROR: {/*@ assert(0); */;} } return; } int counter = 0; /*@ requires ((counter == 0)); ensures ((\old(counter) == 0)); @*/ int main() { unsigned A, B; unsigned q, r, b; A = __VERIFIER_nondet_uint(); B = __VERIFIER_nondet_uint(); assume_abort_if_not(B < (0x7fffffff * 2U + 1U)/2); assume_abort_if_not(B >= 1); q = 0; r = A; b = B; /*@ loop invariant (((\old(counter) == 0) && (((((2 <= counter) && (A == r)) && (q == 0)) || ((((A == r) && (counter == 0)) && (B == b)) && (q == 0))) || (((A == r) && (q == 0)) && (counter == 1))))); @*/ while (counter++<2) { if (!(r >= b)) break; b = 2 * b; } /*@ loop invariant ((((((2 <= counter) && (A == r)) && (q == 0)) || (((A == r) && (B == b)) && (q == 0))) && (\old(counter) == 0))); @*/ while (counter++<2) { __VERIFIER_assert(A == q * b + r); if (!(b != B)) break; q = 2 * q; b = b / 2; if (r >= b) { q = q + 1; r = r - b; } } __VERIFIER_assert(A == q * b + r); return 0; }