Example: `provenance_equality_uintptr_t_global_yx.c`

#include <stdio.h>
#include <inttypes.h> 
int y=2, x=1;
int main() {
  uintptr_t p = (uintptr_t)(&x + 1);
  uintptr_t q = (uintptr_t)&y;
  printf("Addresses: p=%" PRIxPTR " q=%" PRIxPTR "\n",
         p,q);
  _Bool b = (p==q);
  // can this be false even with identical addresses?
  printf("(p==q) = %s\n", b?"true":"false");
  return 0;
}

[link to test in Cerberus and Compiler Explorer]

Experimental data (what does this mean?)


gcc-8.1-O0   Addresses: p=6009b8 q=6009b0
(p==q) = false

gcc-8.1-O2   Addresses: p=60099c q=60099c
(p==q) = true

gcc-8.1-O3   Addresses: p=60099c q=60099c
(p==q) = true

gcc-8.1-O2-no-strict-aliasing   Addresses: p=60099c q=60099c
(p==q) = true

gcc-8.1-O3-no-strict-aliasing   Addresses: p=60099c q=60099c
(p==q) = true

clang-6.0-O0   Addresses: p=601040 q=601038
(p==q) = false

clang-6.0-O2   Addresses: p=601040 q=601038
(p==q) = false

clang-6.0-O3   Addresses: p=601040 q=601038
(p==q) = false

clang-6.0-O2-no-strict-aliasing   Addresses: p=601040 q=601038
(p==q) = false

clang-6.0-O3-no-strict-aliasing   Addresses: p=601040 q=601038
(p==q) = false

clang-6.0-UBSAN   Addresses: p=631b58 q=631b50
(p==q) = false

clang-6.0-ASAN   Addresses: p=716ba4 q=716b60
(p==q) = false

clang-6.0-MSAN   Addresses: p=6b7af8 q=6b7af0
(p==q) = false

icc-19-O0   Addresses: p=600ae8 q=600ae0
(p==q) = false

icc-19-O2   Addresses: p=6046c8 q=6046c0
(p==q) = false

icc-19-O3   Addresses: p=6046c8 q=6046c0
(p==q) = false

icc-19-O2-no-strict-aliasing   Addresses: p=6046c8 q=6046c0
(p==q) = false

icc-19-O3-no-strict-aliasing   Addresses: p=6046c8 q=6046c0
(p==q) = false

cerberus-concrete   BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "Addresses: p=40 q=38\n(p==q) = false\n", blocked: "false"}
END EXEC[0]
Time spent: 0.026076 seconds

cerberus-symbolic   BEGIN EXEC[0]
Undefined [other_location(Core parser)]{id: [DUMMY(rev_listFromStr_aux)]}
END EXEC[0]
Time spent: 0.079072 seconds

gcc-4.9-shadowprov   Addresses: p=41413c q=41413c
(p==q) = true

CHERI:MIPS-O0   Addresses: p=30028 q=30020
(p==q) = false

CHERI:MIPS-O2   Addresses: p=30028 q=30020
(p==q) = false

CHERI:MIPS-O2-no-strict-aliasing   Addresses: p=30028 q=30020
(p==q) = false

CHERI:CHERI-O0-uintcap-addr-exact-equals   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-uintcap-addr-exact-equals   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O0-uintcap-offset-exact-equals   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-uintcap-offset-exact-equals   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O0-uintcap-addr   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-uintcap-addr   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O0-uintcap-offset   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-uintcap-offset   Addresses: p=4 q=0
(p==q) = false

CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset   Addresses: p=4 q=0
(p==q) = false

RV-Match   Addresses: p=0 q=0
(p==q) = true
Printing an unspecified value:
      > in printf at provenance_equality_uintptr_t_global_yx.c:7:3
        in main at provenance_equality_uintptr_t_global_yx.c:7:3

    Unspecified value or behavior (USP-STDIO2):
        see C11 section 7.21.6.1:8 http://rvdoc.org/C11/7.21.6.1

Comparison of unspecified value:
      > in main at provenance_equality_uintptr_t_global_yx.c:11:3

    Unspecified value or behavior (USP-CERL7):
        see C11 section 6.5.9 http://rvdoc.org/C11/6.5.9
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1


ch2o   provenance_equality_uintptr_t_global_yx.c:2:10: fatal error: inttypes.h: No such file or directory
 #include <inttypes.h>
          ^~~~~~~~~~~~
compilation terminated.

compcert-3.2   Addresses: p=601040 q=601038
(p==q) = false

compcert-3.2-O   Addresses: p=601040 q=601038
(p==q) = false

compcert-3.2-interp   Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
  p = (unsigned int) (&x + 1);
  q = (unsigned int) &y;
  printf(__stringlit_1, p, q);
  b = p == q;
  printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2);
  return 0;
  return 0;
--[step_seq]-->
Time 2: in function main, statement
  p = (unsigned int) (&x + 1);
  q = (unsigned int) &y;
  printf(__stringlit_1, p, q);
  b = p == q;
  printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2);
  return 0;
--[step_seq]-->
Time 3: in function main, statement p = (unsigned int) (&x + 1);
--[step_do_1]-->
Time 4: in function main, expression p = (unsigned int) (&x + 1)
--[red_var_local]-->
Time 5: in function main, expression <loc p> = (unsigned int) (&x + 1)
--[red_var_global]-->
Time 6: in function main, expression <loc p> = (unsigned int) (&<loc x> + 1)
--[red_addrof]-->
Time 7: in function main, expression <loc p> = (unsigned int) (<ptr x> + 1)
--[red_binop]-->
Time 8: in function main, expression <loc p> = (unsigned int) <ptr x+4>
--[red_cast]-->
Time 9: in function main, expression <loc p> = <ptr x+4>
--[red_assign]-->
Time 10: in function main, expression <ptr x+4>
--[step_do_2]-->
Time 11: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 12: in function main, statement
  q = (unsigned int) &y;
  printf(__stringlit_1, p, q);
  b = p == q;
  printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2);
  return 0;
--[step_seq]-->
Time 13: in function main, statement q = (unsigned int) &y;
--[step_do_1]-->
Time 14: in function main, expression q = (unsigned int) &y
--[red_var_local]-->
Time 15: in function main, expression <loc q> = (unsigned int) &y
--[red_var_global]-->
Time 16: in function main, expression <loc q> = (unsigned int) &<loc y>
--[red_addrof]-->
Time 17: in function main, expression <loc q> = (unsigned int) <ptr y>
--[red_cast]-->
Time 18: in function main, expression <loc q> = <ptr y>
--[red_assign]-->
Time 19: in function main, expression <ptr y>
--[step_do_2]-->
Time 20: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 21: in function main, statement
  printf(__stringlit_1, p, q);
  b = p == q;
  printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2);
  return 0;
--[step_seq]-->
Time 22: in function main, statement printf(__stringlit_1, p, q);
--[step_do_1]-->
Time 23: in function main, expression printf(__stringlit_1, p, q)
--[red_var_global]-->
Time 24: in function main, expression printf(<loc __stringlit_1>, p, q)
--[red_rvalof]-->
Time 25: in function main, expression printf(<ptr __stringlit_1>, p, q)
--[red_var_local]-->
Time 26: in function main, expression printf(<ptr __stringlit_1>, <loc p>, q)
--[red_rvalof]-->
Time 27: in function main, expression
  printf(<ptr __stringlit_1>, <ptr x+4>, q)
--[red_var_local]-->
Time 28: in function main, expression
  printf(<ptr __stringlit_1>, <ptr x+4>, <loc q>)
--[red_rvalof]-->
Time 29: in function main, expression
  printf(<ptr __stringlit_1>, <ptr x+4>, <ptr y>)
Addresses: p=<int argument expected> q=<int argument expected>

Time 29: observable event: extcall printf(& __stringlit_1, & x+4, & y) -> 63
--[red_builtin]-->
Time 30: in function main, expression 63
--[step_do_2]-->
Time 31: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 32: in function main, statement
  b = p == q;
  printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2);
  return 0;
--[step_seq]-->
Time 33: in function main, statement b = p == q;
--[step_do_1]-->
Time 34: in function main, expression b = p == q
--[red_var_local]-->
Time 35: in function main, expression <loc b> = p == q
--[red_var_local]-->
Time 36: in function main, expression <loc b> = <loc p> == q
--[red_rvalof]-->
Time 37: in function main, expression <loc b> = <ptr x+4> == q
--[red_var_local]-->
Time 38: in function main, expression <loc b> = <ptr x+4> == <loc q>
--[red_rvalof]-->
Time 39: in function main, expression <loc b> = <ptr x+4> == <ptr y>
Stuck state: in function main, expression <loc b> = <ptr x+4> == <ptr y>
Stuck subexpression: <ptr x+4> == <ptr y>
ERROR: Undefined behavior
In file included from provenance_equality_uintptr_t_global_yx.c:1:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:68:
/usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings]
#warning "Unsupported compiler detected"
 ^
1 warning generated.

gcc-8.1-O0		Addresses: p=6009b8 q=6009b0 (p==q) = false
gcc-8.1-O2		Addresses: p=60099c q=60099c (p==q) = true
gcc-8.1-O3		Addresses: p=60099c q=60099c (p==q) = true
gcc-8.1-O2-no-strict-aliasing		Addresses: p=60099c q=60099c (p==q) = true
gcc-8.1-O3-no-strict-aliasing		Addresses: p=60099c q=60099c (p==q) = true
clang-6.0-O0		Addresses: p=601040 q=601038 (p==q) = false
clang-6.0-O2		Addresses: p=601040 q=601038 (p==q) = false
clang-6.0-O3		Addresses: p=601040 q=601038 (p==q) = false
clang-6.0-O2-no-strict-aliasing		Addresses: p=601040 q=601038 (p==q) = false
clang-6.0-O3-no-strict-aliasing		Addresses: p=601040 q=601038 (p==q) = false
clang-6.0-UBSAN		Addresses: p=631b58 q=631b50 (p==q) = false
clang-6.0-ASAN		Addresses: p=716ba4 q=716b60 (p==q) = false
clang-6.0-MSAN		Addresses: p=6b7af8 q=6b7af0 (p==q) = false
icc-19-O0		Addresses: p=600ae8 q=600ae0 (p==q) = false
icc-19-O2		Addresses: p=6046c8 q=6046c0 (p==q) = false
icc-19-O3		Addresses: p=6046c8 q=6046c0 (p==q) = false
icc-19-O2-no-strict-aliasing		Addresses: p=6046c8 q=6046c0 (p==q) = false
icc-19-O3-no-strict-aliasing		Addresses: p=6046c8 q=6046c0 (p==q) = false
cerberus-concrete		BEGIN EXEC[0] Defined {value: "Specified(0)", stdout: "Addresses: p=40 q=38\n(p==q) = false\n", blocked: "false"} END EXEC[0] Time spent: 0.026076 seconds
cerberus-symbolic		BEGIN EXEC[0] Undefined [other_location(Core parser)]{id: [DUMMY(rev_listFromStr_aux)]} END EXEC[0] Time spent: 0.079072 seconds
gcc-4.9-shadowprov		Addresses: p=41413c q=41413c (p==q) = true
CHERI:MIPS-O0		Addresses: p=30028 q=30020 (p==q) = false
CHERI:MIPS-O2		Addresses: p=30028 q=30020 (p==q) = false
CHERI:MIPS-O2-no-strict-aliasing		Addresses: p=30028 q=30020 (p==q) = false
CHERI:CHERI-O0-uintcap-addr-exact-equals		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-uintcap-addr-exact-equals		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O0-uintcap-offset-exact-equals		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-uintcap-offset-exact-equals		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O0-uintcap-addr		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-uintcap-addr		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O0-uintcap-offset		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-uintcap-offset		Addresses: p=4 q=0 (p==q) = false
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset		Addresses: p=4 q=0 (p==q) = false
RV-Match		Addresses: p=0 q=0 (p==q) = true Printing an unspecified value: > in printf at provenance_equality_uintptr_t_global_yx.c:7:3 in main at provenance_equality_uintptr_t_global_yx.c:7:3 Unspecified value or behavior (USP-STDIO2): see C11 section 7.21.6.1:8 http://rvdoc.org/C11/7.21.6.1 Comparison of unspecified value: > in main at provenance_equality_uintptr_t_global_yx.c:11:3 Unspecified value or behavior (USP-CERL7): see C11 section 6.5.9 http://rvdoc.org/C11/6.5.9 see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
ch2o		provenance_equality_uintptr_t_global_yx.c:2:10: fatal error: inttypes.h: No such file or directory #include <inttypes.h> ^~~~~~~~~~~~ compilation terminated.
compcert-3.2		Addresses: p=601040 q=601038 (p==q) = false
compcert-3.2-O		Addresses: p=601040 q=601038 (p==q) = false
compcert-3.2-interp		Time 0: calling main() --[step_internal_function]--> Time 1: in function main, statement p = (unsigned int) (&x + 1); q = (unsigned int) &y; printf(__stringlit_1, p, q); b = p == q; printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2); return 0; return 0; --[step_seq]--> Time 2: in function main, statement p = (unsigned int) (&x + 1); q = (unsigned int) &y; printf(__stringlit_1, p, q); b = p == q; printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2); return 0; --[step_seq]--> Time 3: in function main, statement p = (unsigned int) (&x + 1); --[step_do_1]--> Time 4: in function main, expression p = (unsigned int) (&x + 1) --[red_var_local]--> Time 5: in function main, expression <loc p> = (unsigned int) (&x + 1) --[red_var_global]--> Time 6: in function main, expression <loc p> = (unsigned int) (&<loc x> + 1) --[red_addrof]--> Time 7: in function main, expression <loc p> = (unsigned int) (<ptr x> + 1) --[red_binop]--> Time 8: in function main, expression <loc p> = (unsigned int) <ptr x+4> --[red_cast]--> Time 9: in function main, expression <loc p> = <ptr x+4> --[red_assign]--> Time 10: in function main, expression <ptr x+4> --[step_do_2]--> Time 11: in function main, statement /skip/; --[step_skip_seq]--> Time 12: in function main, statement q = (unsigned int) &y; printf(__stringlit_1, p, q); b = p == q; printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2); return 0; --[step_seq]--> Time 13: in function main, statement q = (unsigned int) &y; --[step_do_1]--> Time 14: in function main, expression q = (unsigned int) &y --[red_var_local]--> Time 15: in function main, expression <loc q> = (unsigned int) &y --[red_var_global]--> Time 16: in function main, expression <loc q> = (unsigned int) &<loc y> --[red_addrof]--> Time 17: in function main, expression <loc q> = (unsigned int) <ptr y> --[red_cast]--> Time 18: in function main, expression <loc q> = <ptr y> --[red_assign]--> Time 19: in function main, expression <ptr y> --[step_do_2]--> Time 20: in function main, statement /skip/; --[step_skip_seq]--> Time 21: in function main, statement printf(__stringlit_1, p, q); b = p == q; printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2); return 0; --[step_seq]--> Time 22: in function main, statement printf(__stringlit_1, p, q); --[step_do_1]--> Time 23: in function main, expression printf(__stringlit_1, p, q) --[red_var_global]--> Time 24: in function main, expression printf(<loc __stringlit_1>, p, q) --[red_rvalof]--> Time 25: in function main, expression printf(<ptr __stringlit_1>, p, q) --[red_var_local]--> Time 26: in function main, expression printf(<ptr __stringlit_1>, <loc p>, q) --[red_rvalof]--> Time 27: in function main, expression printf(<ptr __stringlit_1>, <ptr x+4>, q) --[red_var_local]--> Time 28: in function main, expression printf(<ptr __stringlit_1>, <ptr x+4>, <loc q>) --[red_rvalof]--> Time 29: in function main, expression printf(<ptr __stringlit_1>, <ptr x+4>, <ptr y>) Addresses: p=<int argument expected> q=<int argument expected> Time 29: observable event: extcall printf(& __stringlit_1, & x+4, & y) -> 63 --[red_builtin]--> Time 30: in function main, expression 63 --[step_do_2]--> Time 31: in function main, statement /skip/; --[step_skip_seq]--> Time 32: in function main, statement b = p == q; printf(__stringlit_4, b ? __stringlit_3 : __stringlit_2); return 0; --[step_seq]--> Time 33: in function main, statement b = p == q; --[step_do_1]--> Time 34: in function main, expression b = p == q --[red_var_local]--> Time 35: in function main, expression <loc b> = p == q --[red_var_local]--> Time 36: in function main, expression <loc b> = <loc p> == q --[red_rvalof]--> Time 37: in function main, expression <loc b> = <ptr x+4> == q --[red_var_local]--> Time 38: in function main, expression <loc b> = <ptr x+4> == <loc q> --[red_rvalof]--> Time 39: in function main, expression <loc b> = <ptr x+4> == <ptr y> Stuck state: in function main, expression <loc b> = <ptr x+4> == <ptr y> Stuck subexpression: <ptr x+4> == <ptr y> ERROR: Undefined behavior In file included from provenance_equality_uintptr_t_global_yx.c:1: In file included from /usr/include/stdio.h:64: In file included from /usr/include/_stdio.h:68: /usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings] #warning "Unsupported compiler detected" ^ 1 warning generated.

Example: provenance_equality_uintptr_t_global_yx.c

Example: `provenance_equality_uintptr_t_global_yx.c`