void abort() { }; /*@ requires (1); ensures ((cond != 0)); @*/ void assume_abort_if_not(int cond) { if(!cond) {abort();} } /*@ requires ((1 <= cond)) && (cond != 0); ensures ((1 <= cond)) && (1); @*/ void __VERIFIER_assert(int cond) { if (!(cond)) { ERROR: {/*@ assert(0); */;abort();} } return; } unsigned int __VERIFIER_nondet_uint(); int main() { unsigned int array[100000]; unsigned int index1; unsigned int index2; unsigned int loop_entered = 0; /*@ loop invariant ((((loop_entered == 0) && (i == 0)) || ((loop_entered == 0) && (((i + 4294967295) % 4294967296) <= 99999)))); @*/ for (unsigned i = 0; i < 100000; ++i) { array[i] = __VERIFIER_nondet_uint(); } index1 = __VERIFIER_nondet_uint(); assume_abort_if_not(index1 < 100000); index2 = __VERIFIER_nondet_uint(); assume_abort_if_not(index2 < 100000); /*@ loop invariant ((((loop_entered == 0) && (index2 <= 99999)) || (((((4294967295 + index1) % 4294967296) + 1) <= (((long long) index2 + 1) % 4294967296)) && ((((long long) index2 + 1) % 4294967296) <= 99999)))); @*/ while (index1 < index2) { __VERIFIER_assert((index1 < 100000) && (index2 < 100000)); assume_abort_if_not(array[index1] == array[index2]); index1++; index2--; loop_entered = 1; } if (loop_entered) { /*@ loop invariant ((((((long long) index1 + 1) <= index2) && (index2 <= 99999)) || (((((4294967295 + index1) % 4294967296) + 1) <= (((long long) index2 + 1) % 4294967296)) && ((((long long) index2 + 1) % 4294967296) <= 99999)))); @*/ while (index2 < index1) { __VERIFIER_assert(array[index1] == array[index2]); index2++; index1--; } } }