// verifast_options{disable_overflow_check target:ILP32}
extern void abort(void);
//@ requires true;
//@ ensures true;
void reach_error()
//@ requires false;
//@ ensures true;
{}
/*
 * Implementation the Ackermann function.
 * http://en.wikipedia.org/wiki/Ackermann_function
 * 
 * Author: Matthias Heizmann
 * Date: 2013-07-13
 * 
 * Copied from termination-numeric/Ackermann01_true-termination.c
 */

extern int __VERIFIER_nondet_int(void);
//@ requires true;
//@ ensures true;

int ackermann(int m, int n) 
//@ requires true;
//@ ensures (((0 < m) || ((m == 0) && ((n + 1) <= result))) && (((((((2 <= m) && (0 <= result)) && (n <= 0)) || ((m == 1) && (3 <= result))) || (m < 1)) || (((2 <= result) && (n <= 0)) && (m == 1))) || ((2 <= m) && (0 <= result))));
{    if (m==0) {
        return n+1;
    }
    if (n==0) {
        return ackermann(m-1,1);
    }
    return ackermann(m-1,ackermann(m,n-1));
}


int main() 
//@ requires module(Ackermann01_2__verifast_instrumented, true);
//@ ensures junk();
{
    //@ open_module(); 
    int m = __VERIFIER_nondet_int();
    if (m < 0 || m > 3) {
        // additional branch to avoid undefined behavior 
        // (because of signed integer overflow)
        return 0;
    }
    int n = __VERIFIER_nondet_int();
    if (n < 0 || n > 23) {
        // additional branch to avoid undefined behavior 
        // (because of signed integer overflow)
        // 
        return 0;
    }
    int result = ackermann(m,n);
    if (m < 0 || n < 0 || result >= 0) {
        return 0;
    } else {
        ERROR: {reach_error();abort();}
    }
 return 0; }