// verifast_options{disable_overflow_check target:ILP32} /* shift_add algorithm for computing the product of two natural numbers */ extern void abort(void);//@ requires true; //@ ensures true; extern void __assert_fail(const char *, const char *, unsigned int, const char *) __attribute__ ((__nothrow__ , __leaf__)) __attribute__ ((__noreturn__)); void reach_error() //@ requires false; //@ ensures true; { __assert_fail("0", "prodbin-ll.c", 6, "reach_error"); } extern int __VERIFIER_nondet_int(void);//@ requires true; //@ ensures true; extern void abort(void); void assume_abort_if_not(int cond) //@ requires true; //@ ensures (cond != 0); { if(!cond) {abort();} } void __VERIFIER_assert(int cond) //@ requires (1 <= cond); //@ ensures (1 <= cond); { if (!(cond)) { ERROR: {reach_error();} } return; } int main() //@ requires module(prodbin_ll_valuebound20__verifast_instrumented_modified, true); //@ ensures junk(); { int a, b; long long x, y, z; a = __VERIFIER_nondet_int(); assume_abort_if_not(a>=0 && a<=20); b = __VERIFIER_nondet_int(); assume_abort_if_not(b>=0 && b<=20); assume_abort_if_not(b >= 1); x = a; y = b; z = 0; while (1)//@ invariant (((((((((((0 <= y) && ((z + (y * x)) == (b * a))) && (a <= 20)) && (y <= 4)) && (b <= 20)) && (0 <= a)) && (1 <= b)) || (((((((z == 0) && (a <= 20)) && (b == y)) && (0 <= a)) && (y <= 20)) && (1 <= y)) && (a == x))) || ((((((((z == 0) && (y == (b / 2))) && (a <= 20)) && (b <= 20)) && ((a * 2) == x)) && (0 <= a)) && ((b % 2) != 1)) && (1 <= y))) || ((((((((z == 0) && ((y * x) == (b * a))) && (a <= 20)) && (b <= 20)) && (0 <= a)) && (1 <= b)) && (1 <= y)) && (y <= 5))) || ((((((((1 <= (b % 2)) && (a <= 20)) && (b <= 20)) && ((a * 2) == x)) && (0 <= a)) && (x == (z * 2))) && (1 <= b)) && ((( - 1 + b) / 2) == y))); { __VERIFIER_assert(z + x * y == (long long) a * b); if (!(y != 0)) break; if (y % 2 == 1) { z = z + x; y = y - 1; } x = 2 * x; y = y / 2; } __VERIFIER_assert(z == (long long) a * b); return 0; }