void abort() { }; extern unsigned __VERIFIER_nondet_uint(); /*@ requires (1); ensures ((cond != 0)); @*/ void assume_abort_if_not(int cond) { if(!cond) {abort();} } /*@ requires ((1 <= cond)) && (cond != 0); ensures ((1 <= cond)) && (1); @*/ void __VERIFIER_assert(int cond) { if (!(cond)) { ERROR: {/*@ assert(0); */;} } return; } int main() { unsigned A, B; unsigned q, r, b; A = __VERIFIER_nondet_uint(); assume_abort_if_not(A>=0 && A<=1); B = __VERIFIER_nondet_uint(); assume_abort_if_not(B>=0 && B<=1); assume_abort_if_not(B < (0x7fffffff * 2U + 1U)/2); assume_abort_if_not(B >= 1); q = 0; r = A; b = B; /*@ loop invariant ((((((((B == 1) && (r == A)) && (0 <= (2 * ((((b / 2) + ((long long) -1 * B)) >= 0) ? (((b / 2) + ((long long) -1 * B)) / 4294967296) : ((((b / 2) + ((long long) -1 * B)) / 4294967296) - 1))))) && (A <= 1)) && (b <= ((long long) B * 2))) && (q == 0)) || ((((((b == 1) && (r == A)) && (0 <= 0)) && (A <= 1)) && (B == b)) && (q == 0)))); @*/ while (1) { if (!(r >= b)) break; b = 2 * b; } /*@ loop invariant (((((((((B == 1) && (b == 1)) && (r <= 0)) && (r == A)) && (q == 0)) || ((((0 <= 0) && (0 <= 0)) && (A == ((r + ((unsigned long long) b * q)) % 4294967296))) && (B == b))) || ((((((B == 1) && (r == A)) && (0 <= (2 * ((((b / 2) + ((long long) -1 * B)) >= 0) ? (((b / 2) + ((long long) -1 * B)) / 4294967296) : ((((b / 2) + ((long long) -1 * B)) / 4294967296) - 1))))) && (A <= 1)) && (b <= ((long long) B * 2))) && (q == 0))) || (((((B == 1) && (b == 1)) && (r <= 0)) && (A == (((long long) r + 1) % 4294967296))) && (q == 1)))); @*/ while (1) { __VERIFIER_assert(A == q * b + r); if (!(b != B)) break; q = 2 * q; b = b / 2; if (r >= b) { q = q + 1; r = r - b; } } __VERIFIER_assert(A == q * b + r); return 0; }