// verifast_options{disable_overflow_check target:ILP32}
extern void abort(void);
//@ requires true;
//@ ensures true;


void reach_error()
//@ requires false;
//@ ensures true;
{}void assume_abort_if_not(int cond) 
//@ requires true;
//@ ensures true;
{  if(!cond) {abort();}
}
void __VERIFIER_assert(int cond) 
//@ requires (cond != 0);
//@ ensures (cond != 0);
{  if (!(cond)) {
    ERROR: {reach_error();abort();}
  }
  return;
}
int __VERIFIER_nondet_int();
//@ requires true;
//@ ensures true;
int main()

//@ requires module(SpamAssassin_loop__verifast_instrumented, true);
//@ ensures junk();
{
    //@ open_module(); 

  int len;
  int i;
  int j;
  int bufsize;
  bufsize = __VERIFIER_nondet_int();
  if (bufsize < 0) return 0;
  len = __VERIFIER_nondet_int();
  int limit = bufsize - 4;
for (i = 0; i < len; )
//@ invariant ((0 <= i) && ((limit + 4) <= bufsize));
    {
for (j = 0; i < len && j < limit; )
//@ invariant (((0 <= j) && (0 <= i)) && ((limit + 4) <= bufsize));
    {
      if (i + 1 < len){
 __VERIFIER_assert(i+1<len);
 __VERIFIER_assert(0<=i);
 if( __VERIFIER_nondet_int() ) goto ELSE;
        __VERIFIER_assert(i<len);
 __VERIFIER_assert(0<=i);
        __VERIFIER_assert(j<bufsize);
 __VERIFIER_assert(0<=j);
        j++;
        i++;
        __VERIFIER_assert(i<len);
 __VERIFIER_assert(0<=i);
        __VERIFIER_assert(j<bufsize);
 __VERIFIER_assert(0<=j);
        j++;
        i++;
        __VERIFIER_assert(j<bufsize);
 __VERIFIER_assert(0<=j);
        j++;
      } else {
//@ invariant ((((((i + 1) <= len) && (0 <= j)) && ((5 + j) <= bufsize)) && (0 <= i)) && ((limit + 4) <= bufsize));
ELSE:
        __VERIFIER_assert(i<len);
 __VERIFIER_assert(0<=i);
        __VERIFIER_assert(j<bufsize);
 __VERIFIER_assert(0<=j);
        j++;
        i++;
      }
    }
  }
  return 0;
}