void abort() { };
                                                                                                                                                          
                                                                                       

/*@ 
    requires (((x == 0) && (cond != 0))) && (cond != 0);
    ensures ((((x == 0) && (cond != 0)) && (x == \old(x)))) && (1);
@*/
void __VERIFIER_assert(int cond) {
  if (!(cond)) {
    ERROR: {/*@ assert(0); */;abort();}
  }
  return;
}

int x=0;

/*@ 
    requires ((x == 0));
    ensures (((x == 0) && (\old(x) == 0)));
@*/
void eval() 
{
/*@
loop invariant (((x == 0) && (\old(x) == 0)));
@*/
  while (1) {
      x=0;
      break;
  }
  return;
}


/*@ 
    requires ((x == 0));
    ensures (0);
@*/
int main() {

/*@
loop invariant (((x == 0) && (\old(x) == 0)));
@*/
  while(1)
  {
    eval();
    __VERIFIER_assert(x==0);    
  }

  __VERIFIER_assert(x!=0);

  return 0;
}