// verifast_options{disable_overflow_check target:ILP32}
/* Compute the floor of the square root of a natural number */

extern void abort(void);
//@ requires integer(&counter, ?veri_req_counter) &*& true;
//@ ensures integer(&counter, ?veri_ens_counter) &*& true;
void reach_error()
//@ requires false;
//@ ensures true;
{}extern int __VERIFIER_nondet_int(void);
//@ requires integer(&counter, ?veri_req_counter) &*& true;
//@ ensures integer(&counter, ?veri_ens_counter) &*& true;
void assume_abort_if_not(int cond) 
//@ requires integer(&counter, ?veri_req_counter) &*& true;
//@ ensures integer(&counter, ?veri_ens_counter) &*& true;
{  if(!cond) {abort();}
}
void __VERIFIER_assert(int cond) 
//@ requires integer(&counter, ?veri_req_counter) &*& (cond != 0);
//@ ensures integer(&counter, ?veri_ens_counter) &*& ((cond != 0) && (veri_ens_counter == veri_req_counter));
{    if (!(cond)) {
    ERROR:
        {reach_error();}
    }
    return;
}


int counter = 0;
int main() 
//@ requires module(sqrt1_ll_unwindbound50__verifast_instrumented, true) &*& (counter == 0);
//@ ensures (counter == 0) &*& junk();
{
    //@ open_module(); 
    int n;
    long long a, s, t;
    n = __VERIFIER_nondet_int();

    a = 0;
    s = 1;
    t = 1;

while (counter++<50)
//@ invariant integer(&counter, ?veri_inv_counter) &*& ((((((a * 2) + (a * a)) + 1) == s) && (veri_req_counter == 0)) && (t == ((a * 2) + 1)));
    {
        __VERIFIER_assert(t == 2*a + 1);
        __VERIFIER_assert(s == (a + 1) * (a + 1));
	__VERIFIER_assert(t*t - 4*s + 2*t + 1 == 0);
        // the above 2 should be equiv to 

        if (!(s <= n))
            break;

        a = a + 1;
        t = t + 2;
        s = s + t;
    }
    
    __VERIFIER_assert(t == 2 * a + 1);
    __VERIFIER_assert(s == (a + 1) * (a + 1));
    __VERIFIER_assert(t*t - 4*s + 2*t + 1 == 0);

    return 0;
}