// verifast_options{disable_overflow_check target:ILP32}
extern void abort(void);
//@ requires integer(&x, ?veri_req_x) &*& true;
//@ ensures integer(&x, ?veri_ens_x) &*& true;
void reach_error()
//@ requires false;
//@ ensures true;
{}
void __VERIFIER_assert(int cond) 
//@ requires integer(&x, ?veri_req_x) &*& ((cond != 0) && (veri_req_x <= 0));
//@ ensures integer(&x, ?veri_ens_x) &*& (((cond != 0) && (veri_ens_x <= 0)) && (veri_ens_x == veri_req_x));
{  if (!(cond)) {
    ERROR: {reach_error();abort();}
  }
  return;
}
_Bool __VERIFIER_nondet_bool();
//@ requires integer(&x, ?veri_req_x) &*& true;
//@ ensures integer(&x, ?veri_ens_x) &*& true;
int __VERIFIER_nondet_int();
//@ requires integer(&x, ?veri_req_x) &*& true;
//@ ensures integer(&x, ?veri_ens_x) &*& true;

//x is an input variable
int x;

void foo() 
//@ requires integer(&x, ?veri_req_x) &*& true;
//@ ensures integer(&x, ?veri_ens_x) &*& true;
{  x--;
}

int main() 
//@ requires module(trex02_1__verifast_instrumented, true) &*& (x <= 0);
//@ ensures (x <= 0) &*& junk();
{
    //@ open_module(); 
  x=__VERIFIER_nondet_int();
while (x > 0)
//@ invariant integer(&x, ?veri_inv_x) &*& (veri_req_x <= 0);
    {
    bool c = __VERIFIER_nondet_bool();
    if(c) foo();
    else foo();
  }
  __VERIFIER_assert(x<=0);
 return 0; }