// verifast_options{disable_overflow_check target:ILP32}

/* 
Geometric Series
computes x = sum(z^k)[k=0..k-1], y = z^(k-1)
*/

extern void abort(void);//@ requires true; 
//@ ensures true;

extern void __assert_fail(const char *, const char *, unsigned int, const char *) __attribute__ ((__nothrow__ , __leaf__)) __attribute__ ((__noreturn__));
void reach_error() //@ requires false; 
//@ ensures true;
{ __assert_fail("0", "geo3-ll.c", 8, "reach_error"); }
extern int __VERIFIER_nondet_int(void);//@ requires true; 
//@ ensures true;

extern void abort(void);
void assume_abort_if_not(int cond) //@ requires true; 
//@ ensures true;
{
  if(!cond) {abort();}
}
void __VERIFIER_assert(int cond) //@ requires integer(&counter, ?veri_req_counter) &*& (1 <= cond); 
//@ ensures integer(&counter, ?veri_ens_counter) &*& ((veri_ens_counter == veri_req_counter) && (1 <= cond));
{
    if (!(cond)) {
    ERROR:
        {reach_error();}
    }
    return;
}
int counter = 0;
int main() //@ requires module(geo3_ll_unwindbound1__verifast_instrumented_modified, true); 
//@ ensures junk();
{
    int z, a, k;
//@ invariant integer(&counter, ?veri_req_counter) &*& (veri_req_counter == 0);
    unsigned long long x, y, c;
    long long az;
    z = __VERIFIER_nondet_int();
    a = __VERIFIER_nondet_int();
    k = __VERIFIER_nondet_int();

    x = a;
    y = 1;
    c = 1;
    az = (long long) a * z;

    while (counter++<1)//@ invariant integer(&counter, ?veri_inv_counter) &*& ((((((z == y) && (1 <= veri_inv_counter)) && (x == ((a * z) + a))) && ((a * z) == az)) || ((((y == 1) && (veri_inv_counter == 0)) && (a == x)) && ((a * z) == az))) && (veri_req_counter == 0));
 {
        __VERIFIER_assert(z*x - x + a - az*y == 0);

        if (!(c < k))
            break;

        c = c + 1;
        x = x * z + a;
        y = y * z;
    }
    __VERIFIER_assert(z*x - x + a - az*y == 0);
    return x;
}