Example: pointer_from_concrete_address_2.c

#define PORTBASE 0x40000000
unsigned int volatile * const port =
(unsigned int *) PORTBASE;
int main() {
unsigned int value = 0;
// on systems where PORTBASE is a legal non-stack/heap
// address, does this have defined behaviour?
*port = value; /* write to port */
value = *port; /* read from port */
}
[link to test in Cerberus and Compiler Explorer]

Experimental data (what does this mean?)

gcc-8.1-O0 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
gcc-8.1-O2 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
gcc-8.1-O3 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
gcc-8.1-O2-no-strict-aliasing exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
gcc-8.1-O3-no-strict-aliasing exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
clang-6.0-O0 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
clang-6.0-O2 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
clang-6.0-O3 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
clang-6.0-O2-no-strict-aliasing exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
clang-6.0-O3-no-strict-aliasing exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
clang-6.0-UBSAN exit codes: compile 0 / execute 1 UndefinedBehaviorSanitizer:DEADLYSIGNAL
==23642==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000040000000 (pc 0x000000420c30 bp 0x000000420c50 sp 0x7ffd08cc0bb8 T23642)
==23642==The signal is caused by a WRITE memory access.
#0 0x420c2f (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-UBSAN.out+0x420c2f)
#1 0x7fda574f682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#2 0x402988 in _start (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-UBSAN.out+0x402988)

UndefinedBehaviorSanitizer can not provide additional info.
==23642==ABORTING
clang-6.0-ASAN exit codes: compile 0 / execute 1 AddressSanitizer:DEADLYSIGNAL
=================================================================
==23656==ERROR: AddressSanitizer: SEGV on unknown address 0x000040000000 (pc 0x0000004e71cc bp 0x0000004e7230 sp 0x7ffd9707d010 T0)
==23656==The signal is caused by a WRITE memory access.
#0 0x4e71cb in main (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-ASAN.out+0x4e71cb)
#1 0x7fe17791b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#2 0x419d78 in _start (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-ASAN.out+0x419d78)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-ASAN.out+0x4e71cb) in main
==23656==ABORTING
clang-6.0-MSAN exit codes: compile 0 / execute 77 MemorySanitizer:DEADLYSIGNAL
==23671==ERROR: MemorySanitizer: SEGV on unknown address 0x000040000000 (pc 0x00000048db10 bp 0x00000048db50 sp 0x7ffc2c057308 T23671)
==23671==The signal is caused by a WRITE memory access.
#0 0x48db0f in main (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-MSAN.out+0x48db0f)
#1 0x7fcfcc27a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#2 0x41a6d8 in _start (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-MSAN.out+0x41a6d8)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV (/auto/homes/vb358/charon2/pointer_from_concrete_address_2.c.clang-6.0-MSAN.out+0x48db0f) in main
==23671==ABORTING
icc-19-O0 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
icc-19-O2 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
icc-19-O3 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
icc-19-O2-no-strict-aliasing exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
icc-19-O3-no-strict-aliasing exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
cerberus-concrete BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "", blocked: "false"}
END EXEC[0]
Time spent: 0.013855 seconds
cerberus-symbolic BEGIN EXEC[0]
Killed {msg: Memory WIP: TODO: load from device memory ==> PV(Prov_device, PVfromint(IVconcrete(1073741824)), [])}
END EXEC[0]
BEGIN EXEC[1]
Killed {msg: Memory WIP: tried to cast to a pointer type an (non device) integer value non-equal to zero}
END EXEC[1]
Time spent: 0.031904 seconds
gcc-4.9-shadowprov exit codes: compile 0 / execute 134
CHERI:MIPS-O0 exit codes: compile 0 / execute -1 Terminated with signal 11: Segmentation fault
CHERI:MIPS-O2 exit codes: compile 0 / execute -1 Terminated with signal 11: Segmentation fault
CHERI:MIPS-O2-no-strict-aliasing exit codes: compile 0 / execute -1 Terminated with signal 11: Segmentation fault
CHERI:CHERI-O0-uintcap-addr-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-uintcap-addr-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O0-uintcap-offset-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-uintcap-offset-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O0-uintcap-addr exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-uintcap-addr exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O0-uintcap-offset exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-uintcap-offset exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exception
RV-Match exit codes: compile 0 / execute 1 pointer_from_concrete_address_2.c:2:1: warning: Conversion from an integer to non-null pointer.

Implementation defined behavior (IMPL-CCV13):
see C11 section 6.3.2.3:5 http://rvdoc.org/C11/6.3.2.3
see CERT section INT36-C http://rvdoc.org/CERT/INT36-C

ch2o Fatal error: exception Failure("cint_of_specifier")
Raised at file "pervasives.ml", line 30, characters 22-33
Called from file "list.ml", line 55, characters 20-23
Called from file "list.ml", line 55, characters 20-23
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
compcert-3.2 exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
compcert-3.2-O exit codes: compile 0 / execute 139 Segmentation fault (core dumped)
compcert-3.2-interp Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
value = 0; *port = value; value = *port; return 0;
--[step_seq]-->
Time 2: in function main, statement value = 0; *port = value; value = *port;
--[step_seq]-->
Time 3: in function main, statement value = 0;
--[step_do_1]-->
Time 4: in function main, expression value = 0
--[red_var_local]-->
Time 5: in function main, expression <loc value> = 0
--[red_assign]-->
Time 6: in function main, expression 0U
--[step_do_2]-->
Time 7: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 8: in function main, statement *port = value; value = *port;
--[step_seq]-->
Time 9: in function main, statement *port = value;
--[step_do_1]-->
Time 10: in function main, expression *port = value
--[red_var_global]-->
Time 11: in function main, expression *<loc port> = value
--[red_rvalof]-->
Time 12: in function main, expression *1073741824 = value
Stuck state: in function main, expression *1073741824 = value
Stuck subexpression: *1073741824
ERROR: Undefined behavior