Example: pointer_offset_constant_8_malloc.c#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
int main() {
void *xp=malloc(sizeof(int)); // allocation P
void *yp=malloc(sizeof(int)); // allocation Q
*((int*)xp)=1;
*((int*)yp)=2;
ptrdiff_t offset = 32;
// (unsigned char*)yp - (unsigned char*)xp;
unsigned char *p1 = (unsigned char*)xp;// provenance P
unsigned char *p2 = p1 + offset;
int *p = (int*)p2;
int *q = (int*)yp;
printf("Addresses: xp=%p yp=%p p=%p q=%p\n",xp,yp,(void*)p,(void*)q);
if (memcmp(&p, &q, sizeof(p)) == 0) {
*p = 11; // is this free of undefined behaviour?
printf("*xp=%d *yp=%d *p=%d *q=%d\n",
*(int*)xp,*(int*)yp,*(int*)p,*(int*)q);
}
return 0;
}
[link to test in Cerberus and Compiler Explorer]
Experimental data (what does this mean?)
| gcc-8.1-O0 | | Addresses: xp=0x134c010 yp=0x134c030 p=0x134c030 q=0x134c030
*xp=1 *yp=11 *p=11 *q=11
|
| gcc-8.1-O2 | | Addresses: xp=0xe7a010 yp=0xe7a030 p=0xe7a030 q=0xe7a030
*xp=1 *yp=2 *p=11 *q=2
|
| gcc-8.1-O3 | | Addresses: xp=0x13fa010 yp=0x13fa030 p=0x13fa030 q=0x13fa030
*xp=1 *yp=2 *p=11 *q=2
|
| gcc-8.1-O2-no-strict-aliasing | | Addresses: xp=0x2473010 yp=0x2473030 p=0x2473030 q=0x2473030
*xp=1 *yp=2 *p=11 *q=2
|
| gcc-8.1-O3-no-strict-aliasing | | Addresses: xp=0x2239010 yp=0x2239030 p=0x2239030 q=0x2239030
*xp=1 *yp=2 *p=11 *q=2
|
| clang-6.0-O0 | | Addresses: xp=0x1f4a010 yp=0x1f4a030 p=0x1f4a030 q=0x1f4a030
*xp=1 *yp=11 *p=11 *q=11
|
| clang-6.0-O2 | | Addresses: xp=0x1439010 yp=0x1439030 p=0x1439030 q=0x1439030
*xp=1 *yp=11 *p=11 *q=11
|
| clang-6.0-O3 | | Addresses: xp=0x1d49010 yp=0x1d49030 p=0x1d49030 q=0x1d49030
*xp=1 *yp=11 *p=11 *q=11
|
| clang-6.0-O2-no-strict-aliasing | | Addresses: xp=0x195c010 yp=0x195c030 p=0x195c030 q=0x195c030
*xp=1 *yp=11 *p=11 *q=11
|
| clang-6.0-O3-no-strict-aliasing | | Addresses: xp=0x12e6010 yp=0x12e6030 p=0x12e6030 q=0x12e6030
*xp=1 *yp=11 *p=11 *q=11
|
| clang-6.0-UBSAN | | Addresses: xp=0x121b040 yp=0x121b060 p=0x121b060 q=0x121b060
*xp=1 *yp=11 *p=11 *q=11
pointer_offset_constant_8_malloc.c:18:5: runtime error: store to address 0x00000121b060 with insufficient space for an object of type 'int'
0x00000121b060: note: pointer points here
00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00 01 00
^
pointer_offset_constant_8_malloc.c:20:32: runtime error: load of address 0x00000121b060 with insufficient space for an object of type 'int'
0x00000121b060: note: pointer points here
00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00 01 00
^
|
| clang-6.0-ASAN | | exit codes: compile 0 / execute 1
=================================================================
==20439==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4ba4a3 in __interceptor_malloc /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x4e71d2 in main (/auto/homes/vb358/charon2/pointer_offset_constant_8_malloc.c.clang-6.0-ASAN.out+0x4e71d2)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
|
| clang-6.0-MSAN | | Addresses: xp=0x701000000000 yp=0x701000000010 p=0x701000000020 q=0x701000000010
|
| icc-19-O0 | | Addresses: xp=0x227b010 yp=0x227b030 p=0x227b030 q=0x227b030
*xp=1 *yp=11 *p=11 *q=11
|
| icc-19-O2 | | Addresses: xp=0x216d010 yp=0x216d030 p=0x216d030 q=0x216d030
*xp=1 *yp=2 *p=11 *q=11
|
| icc-19-O3 | | Addresses: xp=0x1826010 yp=0x1826030 p=0x1826030 q=0x1826030
*xp=1 *yp=2 *p=11 *q=11
|
| icc-19-O2-no-strict-aliasing | | Addresses: xp=0x212c010 yp=0x212c030 p=0x212c030 q=0x212c030
*xp=1 *yp=2 *p=11 *q=11
|
| icc-19-O3-no-strict-aliasing | | Addresses: xp=0x170e010 yp=0x170e030 p=0x170e030 q=0x170e030
*xp=1 *yp=2 *p=11 *q=11
|
| cerberus-concrete | | BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "Addresses: xp=<14>:168 yp=<16>:192 p=<14>:200 q=<16>:192\n", blocked: "false"}
END EXEC[0]
Time spent: 0.047730 seconds
|
| cerberus-symbolic | | exit codes: compile 0 / execute 1
cerberus: internal error, uncaught exception:
Failure("TODO: Symbolic defacto, isWellAligned_ptrval")
|
| gcc-4.9-shadowprov | | exit codes: compile 0 / execute 134
|
| CHERI:MIPS-O0 | | Addresses: xp=0x4003e008 yp=0x4003e010 p=0x4003e028 q=0x4003e010
|
| CHERI:MIPS-O2 | | Addresses: xp=0x4003e008 yp=0x4003e010 p=0x4003e028 q=0x4003e010
|
| CHERI:MIPS-O2-no-strict-aliasing | | Addresses: xp=0x4003e008 yp=0x4003e010 p=0x4003e028 q=0x4003e010
|
| CHERI:CHERI-O0-uintcap-addr-exact-equals | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-uintcap-addr-exact-equals | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O0-uintcap-offset-exact-equals | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-uintcap-offset-exact-equals | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O0-uintcap-addr | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-uintcap-addr | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O0-uintcap-offset | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-uintcap-offset | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset | | Addresses: xp=0x7c00006008 yp=0x7c00006010 p=0x7c00006028 q=0x7c00006010
|
| RV-Match | | Addresses: xp=(nil) yp=(nil) p=(nil) q=(nil)
A pointer (or array subscript) outside the bounds of an object:
> in main at pointer_offset_constant_8_malloc.c:13:3
Undefined behavior (UB-CEA1):
see C11 section 6.5.6:8 http://rvdoc.org/C11/6.5.6
see C11 section J.2:1 item 46 http://rvdoc.org/C11/J.2
see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
see MISRA-C section 8.18:1 http://rvdoc.org/MISRA-C/8.18
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
Found pointer that refers outside the bounds of an object + 1:
> in main at pointer_offset_constant_8_malloc.c:13:3
Undefined behavior (UB-CEE3):
see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1
see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2
see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
Found pointer that refers outside the bounds of an object + 1:
> in main at pointer_offset_constant_8_malloc.c:14:3
Undefined behavior (UB-CEE3):
see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1
see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2
see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
Found pointer that refers outside the bounds of an object + 1:
> in main at pointer_offset_constant_8_malloc.c:16:3
Undefined behavior (UB-CEE3):
see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1
see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2
see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
Found pointer that refers outside the bounds of an object + 1:
> in printf at pointer_offset_constant_8_malloc.c:16:3
in main at pointer_offset_constant_8_malloc.c:16:3
Undefined behavior (UB-CEE3):
see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1
see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2
see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
Cannot compare pointers with different base objects using '<':
> in memcmp at /opt/rv-match/c-semantics/x86_64-linux-gcc-glibc/src/string.c:181:19
in main at pointer_offset_constant_8_malloc.c:17:3
Undefined behavior (UB-CERL1):
see C11 section 6.5.8:5 http://rvdoc.org/C11/6.5.8
see C11 section J.2:1 item 53 http://rvdoc.org/C11/J.2
see CERT-C section ARR36-C http://rvdoc.org/CERT-C/ARR36-C
see MISRA-C section 8.18:3 http://rvdoc.org/MISRA-C/8.18
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
Comparison of unspecified value:
> in memcmp at /opt/rv-match/c-semantics/x86_64-linux-gcc-glibc/src/string.c:181:19
in main at pointer_offset_constant_8_malloc.c:17:3
Unspecified value or behavior (USP-CERL7):
see C11 section 6.5.9 http://rvdoc.org/C11/6.5.9
see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
|
| ch2o | | Fatal error: exception Failure("parse_printf")
Raised at file "pervasives.ml", line 30, characters 22-33
Called from file "list.ml", line 55, characters 20-23
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
|
| compcert-3.2 | | Addresses: xp=0x1d02010 yp=0x1d02030 p=0x1d02030 q=0x1d02030
*xp=1 *yp=11 *p=11 *q=11
|
| compcert-3.2-O | | Addresses: xp=0x1692010 yp=0x1692030 p=0x1692030 q=0x1692030
*xp=1 *yp=11 *p=11 *q=11
|
| compcert-3.2-interp | | Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
xp = malloc(sizeof(int));
yp = malloc(sizeof(int));
*((int *) xp) = 1;
*((int *) yp) = 2;
offset = 32;
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
return 0;
--[step_seq]-->
Time 2: in function main, statement
xp = malloc(sizeof(int));
yp = malloc(sizeof(int));
*((int *) xp) = 1;
*((int *) yp) = 2;
offset = 32;
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 3: in function main, statement xp = malloc(sizeof(int));
--[step_do_1]-->
Time 4: in function main, expression xp = malloc(sizeof(int))
--[red_var_local]-->
Time 5: in function main, expression <loc xp> = malloc(sizeof(int))
--[red_var_global]-->
Time 6: in function main, expression <loc xp> = <loc malloc>(sizeof(int))
--[red_rvalof]-->
Time 7: in function main, expression <loc xp> = <ptr malloc>(sizeof(int))
--[red_sizeof]-->
Time 8: in function main, expression <loc xp> = <ptr malloc>(4U)
--[red_call]-->
Time 9: calling malloc(4)
--[step_external_function]-->
Time 10: returning <ptr>
--[step_returnstate]-->
Time 11: in function main, expression <loc xp> = <ptr>
--[red_assign]-->
Time 12: in function main, expression <ptr>
--[step_do_2]-->
Time 13: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 14: in function main, statement
yp = malloc(sizeof(int));
*((int *) xp) = 1;
*((int *) yp) = 2;
offset = 32;
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 15: in function main, statement yp = malloc(sizeof(int));
--[step_do_1]-->
Time 16: in function main, expression yp = malloc(sizeof(int))
--[red_var_local]-->
Time 17: in function main, expression <loc yp> = malloc(sizeof(int))
--[red_var_global]-->
Time 18: in function main, expression <loc yp> = <loc malloc>(sizeof(int))
--[red_rvalof]-->
Time 19: in function main, expression <loc yp> = <ptr malloc>(sizeof(int))
--[red_sizeof]-->
Time 20: in function main, expression <loc yp> = <ptr malloc>(4U)
--[red_call]-->
Time 21: calling malloc(4)
--[step_external_function]-->
Time 22: returning <ptr>
--[step_returnstate]-->
Time 23: in function main, expression <loc yp> = <ptr>
--[red_assign]-->
Time 24: in function main, expression <ptr>
--[step_do_2]-->
Time 25: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 26: in function main, statement
*((int *) xp) = 1;
*((int *) yp) = 2;
offset = 32;
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 27: in function main, statement *((int *) xp) = 1;
--[step_do_1]-->
Time 28: in function main, expression *((int *) xp) = 1
--[red_var_local]-->
Time 29: in function main, expression *((int *) <loc xp>) = 1
--[red_rvalof]-->
Time 30: in function main, expression *((int *) <ptr>) = 1
--[red_cast]-->
Time 31: in function main, expression *<ptr> = 1
--[red_deref]-->
Time 32: in function main, expression <loc> = 1
--[red_assign]-->
Time 33: in function main, expression 1
--[step_do_2]-->
Time 34: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 35: in function main, statement
*((int *) yp) = 2;
offset = 32;
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 36: in function main, statement *((int *) yp) = 2;
--[step_do_1]-->
Time 37: in function main, expression *((int *) yp) = 2
--[red_var_local]-->
Time 38: in function main, expression *((int *) <loc yp>) = 2
--[red_rvalof]-->
Time 39: in function main, expression *((int *) <ptr>) = 2
--[red_cast]-->
Time 40: in function main, expression *<ptr> = 2
--[red_deref]-->
Time 41: in function main, expression <loc> = 2
--[red_assign]-->
Time 42: in function main, expression 2
--[step_do_2]-->
Time 43: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 44: in function main, statement
offset = 32;
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 45: in function main, statement offset = 32;
--[step_do_1]-->
Time 46: in function main, expression offset = 32
--[red_var_local]-->
Time 47: in function main, expression <loc offset> = 32
--[red_assign]-->
Time 48: in function main, expression 32
--[step_do_2]-->
Time 49: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 50: in function main, statement
p1 = (unsigned char *) xp;
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 51: in function main, statement p1 = (unsigned char *) xp;
--[step_do_1]-->
Time 52: in function main, expression p1 = (unsigned char *) xp
--[red_var_local]-->
Time 53: in function main, expression <loc p1> = (unsigned char *) xp
--[red_var_local]-->
Time 54: in function main, expression <loc p1> = (unsigned char *) <loc xp>
--[red_rvalof]-->
Time 55: in function main, expression <loc p1> = (unsigned char *) <ptr>
--[red_cast]-->
Time 56: in function main, expression <loc p1> = <ptr>
--[red_assign]-->
Time 57: in function main, expression <ptr>
--[step_do_2]-->
Time 58: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 59: in function main, statement
p2 = p1 + offset;
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 60: in function main, statement p2 = p1 + offset;
--[step_do_1]-->
Time 61: in function main, expression p2 = p1 + offset
--[red_var_local]-->
Time 62: in function main, expression <loc p2> = p1 + offset
--[red_var_local]-->
Time 63: in function main, expression <loc p2> = <loc p1> + offset
--[red_rvalof]-->
Time 64: in function main, expression <loc p2> = <ptr> + offset
--[red_var_local]-->
Time 65: in function main, expression <loc p2> = <ptr> + <loc offset>
--[red_rvalof]-->
Time 66: in function main, expression <loc p2> = <ptr> + 32
--[red_binop]-->
Time 67: in function main, expression <loc p2> = <ptr>
--[red_assign]-->
Time 68: in function main, expression <ptr>
--[step_do_2]-->
Time 69: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 70: in function main, statement
p = (int *) p2;
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 71: in function main, statement p = (int *) p2;
--[step_do_1]-->
Time 72: in function main, expression p = (int *) p2
--[red_var_local]-->
Time 73: in function main, expression <loc p> = (int *) p2
--[red_var_local]-->
Time 74: in function main, expression <loc p> = (int *) <loc p2>
--[red_rvalof]-->
Time 75: in function main, expression <loc p> = (int *) <ptr>
--[red_cast]-->
Time 76: in function main, expression <loc p> = <ptr>
--[red_assign]-->
Time 77: in function main, expression <ptr>
--[step_do_2]-->
Time 78: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 79: in function main, statement
q = (int *) yp;
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 80: in function main, statement q = (int *) yp;
--[step_do_1]-->
Time 81: in function main, expression q = (int *) yp
--[red_var_local]-->
Time 82: in function main, expression <loc q> = (int *) yp
--[red_var_local]-->
Time 83: in function main, expression <loc q> = (int *) <loc yp>
--[red_rvalof]-->
Time 84: in function main, expression <loc q> = (int *) <ptr>
--[red_cast]-->
Time 85: in function main, expression <loc q> = <ptr>
--[red_assign]-->
Time 86: in function main, expression <ptr>
--[step_do_2]-->
Time 87: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 88: in function main, statement
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
if (memcmp(&p, &q, sizeof(int *)) == 0) {
*p = 11;
printf(__stringlit_2, *((int *) .),
*((int *) .), *((int *) .),
*((int *) .));
}
return 0;
--[step_seq]-->
Time 89: in function main, statement
printf(__stringlit_1, xp, yp, (void *) p, (void *) q);
--[step_do_1]-->
Time 90: in function main, expression
printf(__stringlit_1, xp, yp, (void *) p, (void *) q)
--[red_var_global]-->
Time 91: in function main, expression
printf(<loc __stringlit_1>, xp, yp, (void *) p, (void *) q)
--[red_rvalof]-->
Time 92: in function main, expression
printf(<ptr __stringlit_1>, xp, yp, (void *) p, (void *) q)
--[red_var_local]-->
Time 93: in function main, expression
printf(<ptr __stringlit_1>, <loc xp>, yp, (void *) p, (void *) q)
--[red_rvalof]-->
Time 94: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, yp, (void *) p, (void *) q)
--[red_var_local]-->
Time 95: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <loc yp>, (void *) p, (void *) q)
--[red_rvalof]-->
Time 96: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) p, (void *) q)
--[red_var_local]-->
Time 97: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) <loc p>, (void *) q)
--[red_rvalof]-->
Time 98: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) <ptr>, (void *) q)
--[red_cast]-->
Time 99: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>, (void *) q)
--[red_var_local]-->
Time 100: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>, (void *) <loc q>)
--[red_rvalof]-->
Time 101: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>, (void *) <ptr>)
--[red_cast]-->
Time 102: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>, <ptr>)
Addresses: xp=<65+0> yp=<66+0> p=<65+32> q=<66+0>
Stuck state: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>, <ptr>)
Addresses: xp=<65+0> yp=<66+0> p=<65+32> q=<66+0>
Stuck subexpression: printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>, <ptr>)
ERROR: Undefined behavior
In file included from pointer_offset_constant_8_malloc.c:1:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:68:
/usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings]
#warning "Unsupported compiler detected"
^
1 warning generated.
|