Example: provenance_multiple_4_global_yx.c
#include <stdio.h>
#include <string.h>
int y[2], x[2];
int main() {
int *p = &x[1] + (&y[1]-&y[0]) + 0;
int *q = &y[0];
printf("Addresses: p=%p q=%p\n",(void*)p,(void*)q);
if (memcmp(&p, &q, sizeof(p)) == 0) {
*p = 11; // does this have undefined behaviour?
printf("y[0]=%d *p=%d *q=%d\n",y[0],*p,*q);
}
return 0;
}
[link to test in Cerberus and Compiler Explorer]
Experimental data (what does this mean?)
gcc-8.1-O0 |   | Addresses: p=0x600a38 q=0x600a38 y[0]=11 *p=11 *q=11
|
gcc-8.1-O2 |   | Addresses: p=0x6009d0 q=0x6009d0 y[0]=0 *p=11 *q=0
|
gcc-8.1-O3 |   | Addresses: p=0x6009d0 q=0x6009d0 y[0]=0 *p=11 *q=0
|
gcc-8.1-O2-no-strict-aliasing |   | Addresses: p=0x6009d0 q=0x6009d0 y[0]=0 *p=11 *q=0
|
gcc-8.1-O3-no-strict-aliasing |   | Addresses: p=0x6009d0 q=0x6009d0 y[0]=0 *p=11 *q=0
|
clang-6.0-O0 |   | Addresses: p=0x601044 q=0x601044 y[0]=11 *p=11 *q=11
|
clang-6.0-O2 |   | Addresses: p=0x601044 q=0x601044 y[0]=11 *p=11 *q=11
|
clang-6.0-O3 |   | Addresses: p=0x601044 q=0x601044 y[0]=11 *p=11 *q=11
|
clang-6.0-O2-no-strict-aliasing |   | Addresses: p=0x601044 q=0x601044 y[0]=11 *p=11 *q=11
|
clang-6.0-O3-no-strict-aliasing |   | Addresses: p=0x601044 q=0x601044 y[0]=11 *p=11 *q=11
|
clang-6.0-UBSAN |   | Addresses: p=0x1082dcc q=0x1082dcc y[0]=11 *p=11 *q=11
|
clang-6.0-ASAN |   | Addresses: p=0x137c5f8 q=0x137c5f8 y[0]=11 *p=11 *q=11
|
clang-6.0-MSAN |   | Addresses: p=0x2b1deb8 q=0x2b1deb8 y[0]=11 *p=11 *q=11
|
icc-19-O0 |   | Addresses: p=0x600b54 q=0x600b54 y[0]=11 *p=11 *q=11
|
icc-19-O2 |   | Addresses: p=0x604d18 q=0x604d18 y[0]=0 *p=11 *q=11
|
icc-19-O3 |   | Addresses: p=0x604d18 q=0x604d18 y[0]=0 *p=11 *q=11
|
icc-19-O2-no-strict-aliasing |   | Addresses: p=0x604d18 q=0x604d18 y[0]=0 *p=11 *q=11
|
icc-19-O3-no-strict-aliasing |   | Addresses: p=0x604d18 q=0x604d18 y[0]=0 *p=11 *q=11
|
cerberus-concrete |   | BEGIN EXEC[0] Defined {value: "Specified(0)", stdout: "Addresses: p=<6>:84 q=<5>:68\n", blocked: "false"} END EXEC[0] Time spent: 0.035922 seconds
|
cerberus-symbolic |   | BEGIN EXEC[0] Undefined [other_location(Core parser)]{id: [DUMMY(rev_listFromStr_aux)]} END EXEC[0] BEGIN EXEC[1] Undefined [provenance_multiple_4_global_yx.c:5:20-33]{id: [UB050_pointers_substraction_not_representable]} END EXEC[1] Time spent: 0.109066 seconds
|
gcc-4.9-shadowprov |   | exit codes: compile 0 / execute 134
|
CHERI:MIPS-O0 |   | Addresses: p=0x50008 q=0x50008 y[0]=11 *p=11 *q=11
|
CHERI:MIPS-O2 |   | Addresses: p=0x50008 q=0x50008 y[0]=11 *p=11 *q=11
|
CHERI:MIPS-O2-no-strict-aliasing |   | Addresses: p=0x50008 q=0x50008 y[0]=11 *p=11 *q=11
|
CHERI:CHERI-O0-uintcap-addr-exact-equals |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-uintcap-addr-exact-equals |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O0-uintcap-offset-exact-equals |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-uintcap-offset-exact-equals |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O0-uintcap-addr |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-uintcap-addr |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O0-uintcap-offset |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-uintcap-offset |   | Addresses: p=0x120040028 q=0x120040028
|
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset |   | Addresses: p=0x120040028 q=0x120040028
|
RV-Match |   | exit codes: compile 0 / execute 1
|
ch2o |   | Fatal error: exception Failure("parse_printf") Raised at file "pervasives.ml", line 30, characters 22-33 Called from file "list.ml", line 55, characters 20-23 Called from file "list.ml", line 55, characters 32-39 Called from file "list.ml", line 55, characters 32-39 Called from file "list.ml", line 55, characters 32-39 Called from file "list.ml", line 55, characters 32-39 Called from file "list.ml", line 55, characters 32-39 Called from file "list.ml", line 55, characters 32-39 Called from file "list.ml", line 55, characters 32-39
|
compcert-3.2 |   | Addresses: p=0x60104c q=0x60104c y[0]=11 *p=11 *q=11
|
compcert-3.2-O |   | Addresses: p=0x60104c q=0x60104c y[0]=11 *p=11 *q=11
|
compcert-3.2-interp |   | Time 0: calling main() --[step_internal_function]--> Time 1: in function main, statement p = &*(. + .) + (&*. - &*.) + 0; q = &*(y + 0); printf(__stringlit_1, (void *) p, (void *) q); if (memcmp(&p, &q, sizeof(int *)) == 0) { *p = 11; printf(__stringlit_2, *(. + .), *., *.); } return 0; return 0; --[step_seq]--> Time 2: in function main, statement p = &*(. + .) + (&*. - &*.) + 0; q = &*(y + 0); printf(__stringlit_1, (void *) p, (void *) q); if (memcmp(&p, &q, sizeof(int *)) == 0) { *p = 11; printf(__stringlit_2, *(. + .), *., *.); } return 0; --[step_seq]--> Time 3: in function main, statement p = &*(. + .) + (&*. - &*.) + 0; --[step_do_1]--> Time 4: in function main, expression p = &*(. + .) + (&*. - &*.) + 0 --[red_var_local]--> Time 5: in function main, expression <loc p> = &*(. + .) + (&*. - &*.) + 0 --[red_var_global]--> Time 6: in function main, expression <loc p> = &*(. + .) + (&*. - &*.) + 0 --[red_rvalof]--> Time 7: in function main, expression <loc p> = &*(. + .) + (&*. - &*.) + 0 --[red_binop]--> Time 8: in function main, expression <loc p> = &*<ptr x+4> + (&*. - &*.) + 0 --[red_deref]--> Time 9: in function main, expression <loc p> = &<loc x+4> + (&*. - &*.) + 0 --[red_addrof]--> Time 10: in function main, expression <loc p> = <ptr x+4> + (&*. - &*.) + 0 --[red_var_global]--> Time 11: in function main, expression <loc p> = <ptr x+4> + (&*. - &*.) + 0 --[red_rvalof]--> Time 12: in function main, expression <loc p> = <ptr x+4> + (&*. - &*.) + 0 --[red_binop]--> Time 13: in function main, expression <loc p> = <ptr x+4> + (&*. - &*.) + 0 --[red_deref]--> Time 14: in function main, expression <loc p> = <ptr x+4> + (&<loc y+4> - &*.) + 0 --[red_addrof]--> Time 15: in function main, expression <loc p> = <ptr x+4> + (<ptr y+4> - &*.) + 0 --[red_var_global]--> Time 16: in function main, expression <loc p> = <ptr x+4> + (<ptr y+4> - &*.) + 0 --[red_rvalof]--> Time 17: in function main, expression <loc p> = <ptr x+4> + (<ptr y+4> - &*.) + 0 --[red_binop]--> Time 18: in function main, expression <loc p> = <ptr x+4> + (<ptr y+4> - &*.) + 0 --[red_deref]--> Time 19: in function main, expression <loc p> = <ptr x+4> + (<ptr y+4> - &<loc y>) + 0 --[red_addrof]--> Time 20: in function main, expression <loc p> = <ptr x+4> + (<ptr y+4> - <ptr y>) + 0 --[red_binop]--> Time 21: in function main, expression <loc p> = <ptr x+4> + 1 + 0 --[red_binop]--> Time 22: in function main, expression <loc p> = <ptr x+8> + 0 --[red_binop]--> Time 23: in function main, expression <loc p> = <ptr x+8> --[red_assign]--> Time 24: in function main, expression <ptr x+8> --[step_do_2]--> Time 25: in function main, statement /*skip*/; --[step_skip_seq]--> Time 26: in function main, statement q = &*(y + 0); printf(__stringlit_1, (void *) p, (void *) q); if (memcmp(&p, &q, sizeof(int *)) == 0) { *p = 11; printf(__stringlit_2, *(. + .), *., *.); } return 0; --[step_seq]--> Time 27: in function main, statement q = &*(y + 0); --[step_do_1]--> Time 28: in function main, expression q = &*(y + 0) --[red_var_local]--> Time 29: in function main, expression <loc q> = &*(y + 0) --[red_var_global]--> Time 30: in function main, expression <loc q> = &*(<loc y> + 0) --[red_rvalof]--> Time 31: in function main, expression <loc q> = &*(<ptr y> + 0) --[red_binop]--> Time 32: in function main, expression <loc q> = &*<ptr y> --[red_deref]--> Time 33: in function main, expression <loc q> = &<loc y> --[red_addrof]--> Time 34: in function main, expression <loc q> = <ptr y> --[red_assign]--> Time 35: in function main, expression <ptr y> --[step_do_2]--> Time 36: in function main, statement /*skip*/; --[step_skip_seq]--> Time 37: in function main, statement printf(__stringlit_1, (void *) p, (void *) q); if (memcmp(&p, &q, sizeof(int *)) == 0) { *p = 11; printf(__stringlit_2, *(. + .), *., *.); } return 0; --[step_seq]--> Time 38: in function main, statement printf(__stringlit_1, (void *) p, (void *) q); --[step_do_1]--> Time 39: in function main, expression printf(__stringlit_1, (void *) p, (void *) q) --[red_var_global]--> Time 40: in function main, expression printf(<loc __stringlit_1>, (void *) p, (void *) q) --[red_rvalof]--> Time 41: in function main, expression printf(<ptr __stringlit_1>, (void *) p, (void *) q) --[red_var_local]--> Time 42: in function main, expression printf(<ptr __stringlit_1>, (void *) <loc p>, (void *) q) --[red_rvalof]--> Time 43: in function main, expression printf(<ptr __stringlit_1>, (void *) <ptr x+8>, (void *) q) --[red_cast]--> Time 44: in function main, expression printf(<ptr __stringlit_1>, <ptr x+8>, (void *) q) --[red_var_local]--> Time 45: in function main, expression printf(<ptr __stringlit_1>, <ptr x+8>, (void *) <loc q>) --[red_rvalof]--> Time 46: in function main, expression printf(<ptr __stringlit_1>, <ptr x+8>, (void *) <ptr y>) --[red_cast]--> Time 47: in function main, expression printf(<ptr __stringlit_1>, <ptr x+8>, <ptr y>) Addresses: p=<57+8> q=<56+0> Time 47: observable event: extcall printf(& __stringlit_1, & x+8, & y) -> 29 --[red_builtin]--> Time 48: in function main, expression 29 --[step_do_2]--> Time 49: in function main, statement /*skip*/; --[step_skip_seq]--> Time 50: in function main, statement if (memcmp(&p, &q, sizeof(int *)) == 0) { *p = 11; printf(__stringlit_2, *(. + .), *., *.); } return 0; --[step_seq]--> Time 51: in function main, statement if (memcmp(&p, &q, sizeof(int *)) == 0) { *p = 11; printf(__stringlit_2, *(. + .), *., *.); } --[step_ifthenelse_1]--> Time 52: in function main, expression memcmp(&p, &q, sizeof(int *)) == 0 --[red_var_global]--> Time 53: in function main, expression <loc memcmp>(&p, &q, sizeof(int *)) == 0 --[red_rvalof]--> Time 54: in function main, expression <ptr memcmp>(&p, &q, sizeof(int *)) == 0 --[red_var_local]--> Time 55: in function main, expression <ptr memcmp>(&<loc p>, &q, sizeof(int *)) == 0 --[red_addrof]--> Time 56: in function main, expression <ptr memcmp>(<ptr p>, &q, sizeof(int *)) == 0 --[red_var_local]--> Time 57: in function main, expression <ptr memcmp>(<ptr p>, &<loc q>, sizeof(int *)) == 0 --[red_addrof]--> Time 58: in function main, expression <ptr memcmp>(<ptr p>, <ptr q>, sizeof(int *)) == 0 --[red_sizeof]--> Time 59: in function main, expression <ptr memcmp>(<ptr p>, <ptr q>, 4U) == 0 --[red_call]--> Time 60: calling memcmp(<ptr>, <ptr>, 4) Stuck state: calling memcmp(<ptr>, <ptr>, 4) ERROR: Undefined behavior In file included from provenance_multiple_4_global_yx.c:1: In file included from /usr/include/stdio.h:64: In file included from /usr/include/_stdio.h:68: /usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings] #warning "Unsupported compiler detected" ^ 1 warning generated.
|