// verifast_options{disable_overflow_check target:ILP32}

/* extended Euclid's algorithm */
extern void abort(void);//@ requires true; 
//@ ensures true;

extern void __assert_fail(const char *, const char *, unsigned int, const char *) __attribute__ ((__nothrow__ , __leaf__)) __attribute__ ((__noreturn__));
void reach_error() //@ requires false; 
//@ ensures true;
{ __assert_fail("0", "egcd2-ll.c", 4, "reach_error"); }
extern int __VERIFIER_nondet_int(void);//@ requires true; 
//@ ensures true;

extern void abort(void);
void assume_abort_if_not(int cond) //@ requires true; 
//@ ensures (cond != 0);
{
  if(!cond) {abort();}
}
void __VERIFIER_assert(int cond) //@ requires (1 <= cond); 
//@ ensures (1 <= cond);
{
    if (!(cond)) {
    ERROR:
        {reach_error();}
    }
    return;
}

int main() //@ requires module(egcd2_ll_valuebound2__verifast_instrumented_modified, true); 
//@ ensures junk();
{
    int x, y;
    long long a, b, p, q, r, s, c, k, xy, yy;
    x = __VERIFIER_nondet_int();
    assume_abort_if_not(x>=0 && x<=2);
    y = __VERIFIER_nondet_int();
    assume_abort_if_not(y>=0 && y<=2);
    assume_abort_if_not(x >= 1);
    assume_abort_if_not(y >= 1);

    a = x;
    b = y;
    p = 1;
    q = 0;
    r = 0;
    s = 1;
    c = 0;
    k = 0;
    xy = (long long) x * y;
    yy = (long long) y * y;
    assume_abort_if_not(xy < 2147483647);
    assume_abort_if_not(yy < 2147483647);

    while (1)//@ invariant (((((((((((((b == 1) && (s == 0)) && (p == 0)) && (y == xy)) && (r == 1)) && (a == y)) && (x == 1)) && (yy == (y * y))) && (a == 2)) && (q == 1)) || (((((((((1 <= x) && (y <= 2)) && (b == 0)) && (p == 0)) && (r == 1)) && (a == y)) && (1 <= y)) && (((q * x) + (y * s)) == 0)) && (x <= 2))) || ((((((((((((r == 0) && (y <= 2)) && (s == 1)) && (1 <= a)) && (b == y)) && (yy == (y * y))) && (q == 0)) && (1 <= y)) && (xy == (y * x))) && (a == x)) && (x <= 2)) && (p == 1))) || ((((((((((x + 1) <= y) && (r == 0)) && (((x * 2) + b) == y)) && (y <= 2)) && (s == 1)) && ((q + 2) == 0)) && ((b + 1) <= x)) && (a == x)) && (p == 1)));
 {
        if (!(b != 0))
            break;
        c = a;
        k = 0;

        while (1)//@ invariant ((((((((((((((((((r == 0) && (s == 1)) && (a == (c + b))) && (0 <= c)) && (b == y)) && (k == 1)) && (yy == (y * y))) && (q == 0)) && (1 <= y)) && (xy == (y * x))) && (a == x)) && (x <= 2)) && (p == 1)) || ((((((((((((((r == 0) && (a == (c + (b * k)))) && (s == 1)) && (1 <= a)) && (0 <= c)) && (yy == (y * y))) && ((c + (b * 2)) <= 2)) && (q == 0)) && (1 <= b)) && (xy == (y * x))) && (a == x)) && (x == (c + (k * y)))) && (x <= 2)) && (p == 1))) || ((((((((((((((r == 0) && (y <= 2)) && (k == 0)) && (s == 1)) && (1 <= a)) && (b == y)) && (yy == (y * y))) && (q == 0)) && (1 <= y)) && (xy == (y * x))) && (a == x)) && (c == x)) && (x <= 2)) && (p == 1))) || ((((((((((((y == 2) && (b == 1)) && (s == 0)) && (p == 0)) && (k == 0)) && (2 == xy)) && (r == 1)) && (c == 2)) && (x == 1)) && (yy == 4)) && (a == 2)) && (q == 1))) || ((((((((((((y == 2) && (b == 1)) && (s == 0)) && (p == 0)) && (2 == xy)) && (r == 1)) && (x == 1)) && (yy == 4)) && (k == 1)) && (a == 2)) && (q == 1)) && (c == 1))) || ((((((((((((y == 2) && (b == 1)) && (s == 0)) && (p == 0)) && (2 == xy)) && (r == 1)) && (x == 1)) && (yy == 4)) && (k == 2)) && (a == 2)) && (c == 0)) && (q == 1)));
 {
            __VERIFIER_assert(a == k * b + c);
            __VERIFIER_assert(a == y*r + x*p);
            __VERIFIER_assert(b == x * q + y * s);
	    __VERIFIER_assert(q*xy + s*yy - q*x - b*y - s*y + b == 0);
            if (!(c >= b))
                break;
            c = c - b;
            k = k + 1;
        }

        a = b;
        b = c;

        long long temp;
        temp = p;
        p = q;
        q = temp - q * k;
        temp = r;
        r = s;
        s = temp - s * k;
    }
    

    __VERIFIER_assert(q*x + s*y == 0);
    __VERIFIER_assert(p*x + r*y == a);
    return a;
}