// verifast_options{disable_overflow_check target:ILP32}
extern void abort(void);
//@ requires true;
//@ ensures true;
void reach_error()
//@ requires false;
//@ ensures true;
{}
/*
 * Implementation the Ackermann function.
 * http://en.wikipedia.org/wiki/Ackermann_function
 * 
 * Author: Matthias Heizmann
 * Date: 2013-07-13
 * 
 */

extern int __VERIFIER_nondet_int(void);
//@ requires true;
//@ ensures true;

int ackermann(int m, int n) 
//@ requires true;
//@ ensures (((n < result) || (m != 0)) && ((0 < m) || (m == 0)));
{    if (m==0) {
        return n+1;
    }
    if (n==0) {
        return ackermann(m-1,1);
    }
    return ackermann(m-1,ackermann(m,n-1));
}


int main() 
//@ requires module(Ackermann04__verifast_instrumented, true);
//@ ensures junk();
{
    //@ open_module(); 
    int m = __VERIFIER_nondet_int();
    if (m < 0 || m > 3) {
        // additional branch to avoid undefined behavior 
        // (because of signed integer overflow)
        return 0;
    }
    int n = __VERIFIER_nondet_int();
    if (n < 0 || n > 23) {
        // additional branch to avoid undefined behavior 
        // (because of signed integer overflow)
        // 
        return 0;
    }
    int result = ackermann(m,n);
    if (m < 2 || n < 2 || result >= 7) {
        return 0;
    } else {
        ERROR: {reach_error();abort();}
    }
 return 0; }