// verifast_options{disable_overflow_check target:ILP32}
/* shift_add algorithm for computing the
product of two natural numbers
*/
extern void abort(void);//@ requires true;
//@ ensures true;
extern void __assert_fail(const char *, const char *, unsigned int, const char *) __attribute__ ((__nothrow__ , __leaf__)) __attribute__ ((__noreturn__));
void reach_error() //@ requires false;
//@ ensures true;
{ __assert_fail("0", "prodbin-ll.c", 6, "reach_error"); }
extern int __VERIFIER_nondet_int(void);//@ requires true;
//@ ensures true;
extern void abort(void);
void assume_abort_if_not(int cond) //@ requires true;
//@ ensures (cond != 0);
{
if(!cond) {abort();}
}
void __VERIFIER_assert(int cond) //@ requires (1 <= cond);
//@ ensures (1 <= cond);
{
if (!(cond)) {
ERROR:
{reach_error();}
}
return;
}
int main() //@ requires module(prodbin_ll_valuebound20__verifast_instrumented_modified, true);
//@ ensures junk();
{
int a, b;
long long x, y, z;
a = __VERIFIER_nondet_int();
assume_abort_if_not(a>=0 && a<=20);
b = __VERIFIER_nondet_int();
assume_abort_if_not(b>=0 && b<=20);
assume_abort_if_not(b >= 1);
x = a;
y = b;
z = 0;
while (1)//@ invariant (((((((((((0 <= y) && ((z + (y * x)) == (b * a))) && (a <= 20)) && (y <= 4)) && (b <= 20)) && (0 <= a)) && (1 <= b)) || (((((((z == 0) && (a <= 20)) && (b == y)) && (0 <= a)) && (y <= 20)) && (1 <= y)) && (a == x))) || ((((((((z == 0) && (y == (b / 2))) && (a <= 20)) && (b <= 20)) && ((a * 2) == x)) && (0 <= a)) && ((b % 2) != 1)) && (1 <= y))) || ((((((((z == 0) && ((y * x) == (b * a))) && (a <= 20)) && (b <= 20)) && (0 <= a)) && (1 <= b)) && (1 <= y)) && (y <= 5))) || ((((((((1 <= (b % 2)) && (a <= 20)) && (b <= 20)) && ((a * 2) == x)) && (0 <= a)) && (x == (z * 2))) && (1 <= b)) && ((( - 1 + b) / 2) == y)));
{
__VERIFIER_assert(z + x * y == (long long) a * b);
if (!(y != 0))
break;
if (y % 2 == 1) {
z = z + x;
y = y - 1;
}
x = 2 * x;
y = y / 2;
}
__VERIFIER_assert(z == (long long) a * b);
return 0;
}