Example: `pointer_offset_from_subtraction_1_auto.c`

#include <stdio.h>
#include <string.h> 
#include <stdint.h>
#include <inttypes.h>
int main() {
  int  x = 1, y = 2;
  intptr_t ux = (intptr_t)&x;
  intptr_t uy = (intptr_t)&y;
  intptr_t offset = uy - ux;
  printf("Addresses: &x=%"PRIiPTR" &y=%"PRIiPTR\
         " offset=%"PRIiPTR" \n",ux,uy,offset);
  int *p = (int *)(ux + offset);
  int *q = &y;
  if (memcmp(&p, &q, sizeof(p)) == 0) {
    *p = 11; // is this free of undefined behaviour?
    printf("x=%d  y=%d  *p=%d  *q=%d\n",x,y,*p,*q); 
  }
}

[link to test in Cerberus and Compiler Explorer]

Experimental data (what does this mean?)


gcc-8.1-O0   Addresses: &x=140736410188532 &y=140736410188528 offset=-4 
x=1  y=11  *p=11  *q=11

gcc-8.1-O2   Addresses: &x=140737230224424 &y=140737230224428 offset=4 
x=1  y=11  *p=11  *q=11

gcc-8.1-O3   Addresses: &x=140727411554616 &y=140727411554620 offset=4 
x=1  y=11  *p=11  *q=11

gcc-8.1-O2-no-strict-aliasing   Addresses: &x=140729308395912 &y=140729308395916 offset=4 
x=1  y=11  *p=11  *q=11

gcc-8.1-O3-no-strict-aliasing   Addresses: &x=140732313568104 &y=140732313568108 offset=4 
x=1  y=11  *p=11  *q=11

clang-6.0-O0   Addresses: &x=140735215937096 &y=140735215937092 offset=-4 
x=1  y=11  *p=11  *q=11

clang-6.0-O2   Addresses: &x=140725827561060 &y=140725827561056 offset=-4 
x=1  y=11  *p=11  *q=11

clang-6.0-O3   Addresses: &x=140723835511716 &y=140723835511712 offset=-4 
x=1  y=11  *p=11  *q=11

clang-6.0-O2-no-strict-aliasing   Addresses: &x=140729979615828 &y=140729979615824 offset=-4 
x=1  y=11  *p=11  *q=11

clang-6.0-O3-no-strict-aliasing   Addresses: &x=140735594090500 &y=140735594090496 offset=-4 
x=1  y=11  *p=11  *q=11

clang-6.0-UBSAN   Addresses: &x=140729508086364 &y=140729508086360 offset=-4 
x=1  y=11  *p=11  *q=11

clang-6.0-ASAN   Addresses: &x=140735177300128 &y=140735177300144 offset=16 
x=1  y=11  *p=11  *q=11

clang-6.0-MSAN   Addresses: &x=140726860634036 &y=140726860634032 offset=-4 
x=1  y=11  *p=11  *q=11

icc-19-O0   Addresses: &x=140735673267984 &y=140735673267988 offset=4 
x=1  y=11  *p=11  *q=11

icc-19-O2   Addresses: &x=6309568 &y=6309572 offset=4 
x=1  y=11  *p=11  *q=11

icc-19-O3   Addresses: &x=6309568 &y=6309572 offset=4 
x=1  y=11  *p=11  *q=11

icc-19-O2-no-strict-aliasing   Addresses: &x=6309568 &y=6309572 offset=4 
x=1  y=11  *p=11  *q=11

icc-19-O3-no-strict-aliasing   Addresses: &x=6309568 &y=6309572 offset=4 
x=1  y=11  *p=11  *q=11

cerberus-concrete   BEGIN EXEC[0]
Killed {msg: MerrAccess Store [pointer_offset_from_subtraction_1_auto.c:15:5-12] OutOfBoundPtr}
END EXEC[0]
Time spent: 0.043861 seconds

cerberus-symbolic   BEGIN EXEC[0]
Undefined [other_location(Core parser)]{id: [DUMMY(rev_listFromStr_aux)]}
END EXEC[0]
BEGIN EXEC[1]
Undefined [other_location(Core parser)]{id: [UB036_exceptional_condition]}
END EXEC[1]
BEGIN EXEC[2]
Undefined [other_location(Core parser)]{id: [UB036_exceptional_condition]}
END EXEC[2]
Time spent: 0.159506 seconds

gcc-4.9-shadowprov   exit codes: compile 0 / execute 134

CHERI:MIPS-O0   Addresses: &x=549755808208 &y=549755808204 offset=-4 
x=1  y=11  *p=11  *q=11

CHERI:MIPS-O2   Addresses: &x=549755808212 &y=549755808208 offset=-4 
x=1  y=11  *p=11  *q=11

CHERI:MIPS-O2-no-strict-aliasing   Addresses: &x=549755808180 &y=549755808176 offset=-4 
x=1  y=11  *p=11  *q=11

CHERI:CHERI-O0-uintcap-addr-exact-equals   Addresses: &x=0 &y=0 offset=-4 

CHERI:CHERI-O2-uintcap-addr-exact-equals   Addresses: &x=0 &y=0 offset=-4 

CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals   Addresses: &x=0 &y=0 offset=-4 

CHERI:CHERI-O0-uintcap-offset-exact-equals   Addresses: &x=0 &y=0 offset=0 

CHERI:CHERI-O2-uintcap-offset-exact-equals   Addresses: &x=0 &y=0 offset=0 

CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals   Addresses: &x=0 &y=0 offset=0 

CHERI:CHERI-O0-uintcap-addr   Addresses: &x=0 &y=0 offset=-4 

CHERI:CHERI-O2-uintcap-addr   Addresses: &x=0 &y=0 offset=-4 

CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr   Addresses: &x=0 &y=0 offset=-4 

CHERI:CHERI-O0-uintcap-offset   Addresses: &x=0 &y=0 offset=0 

CHERI:CHERI-O2-uintcap-offset   Addresses: &x=0 &y=0 offset=0 

CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset   Addresses: &x=0 &y=0 offset=0 

RV-Match   Addresses: &x=0 &y=0 offset=9223372036854775807 
Computing pointer difference between two different objects:
      > in main at pointer_offset_from_subtraction_1_auto.c:9:3

    Undefined behavior (UB-CEA5):
        see C11 section 6.5.6:9 http://rvdoc.org/C11/6.5.6
        see C11 section J.2:1 item 48 http://rvdoc.org/C11/J.2
        see CERT-C section ARR36-C http://rvdoc.org/CERT-C/ARR36-C
        see MISRA-C section 8.18:2 http://rvdoc.org/MISRA-C/8.18
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Printing an unspecified value:
      > in printf at pointer_offset_from_subtraction_1_auto.c:10:3
        in main at pointer_offset_from_subtraction_1_auto.c:10:3

    Unspecified value or behavior (USP-STDIO2):
        see C11 section 7.21.6.1:8 http://rvdoc.org/C11/7.21.6.1

A pointer (or array subscript) outside the bounds of an object:
      > in main at pointer_offset_from_subtraction_1_auto.c:12:3

    Undefined behavior (UB-CEA1):
        see C11 section 6.5.6:8 http://rvdoc.org/C11/6.5.6
        see C11 section J.2:1 item 46 http://rvdoc.org/C11/J.2
        see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
        see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
        see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
        see MISRA-C section 8.18:1 http://rvdoc.org/MISRA-C/8.18
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Conversion from an integer to non-null pointer:
      > in main at pointer_offset_from_subtraction_1_auto.c:12:3

    Implementation defined behavior (IMPL-CCV13):
        see C11 section 6.3.2.3:5 http://rvdoc.org/C11/6.3.2.3
        see CERT section INT36-C http://rvdoc.org/CERT/INT36-C

Found pointer that refers outside the bounds of an object + 1:
      > in main at pointer_offset_from_subtraction_1_auto.c:12:3

    Undefined behavior (UB-CEE3):
        see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1
        see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2
        see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
        see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
        see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Cannot compare pointers with different base objects using '<':
      > in memcmp at /opt/rv-match/c-semantics/x86_64-linux-gcc-glibc/src/string.c:181:19
        in main at pointer_offset_from_subtraction_1_auto.c:14:3

    Undefined behavior (UB-CERL1):
        see C11 section 6.5.8:5 http://rvdoc.org/C11/6.5.8
        see C11 section J.2:1 item 53 http://rvdoc.org/C11/J.2
        see CERT-C section ARR36-C http://rvdoc.org/CERT-C/ARR36-C
        see MISRA-C section 8.18:3 http://rvdoc.org/MISRA-C/8.18
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Comparison of unspecified value:
      > in memcmp at /opt/rv-match/c-semantics/x86_64-linux-gcc-glibc/src/string.c:181:19
        in main at pointer_offset_from_subtraction_1_auto.c:14:3

    Unspecified value or behavior (USP-CERL7):
        see C11 section 6.5.9 http://rvdoc.org/C11/6.5.9
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1


ch2o   In file included from /usr/local/Cellar/gcc/7.3.0_1/lib/gcc/7/gcc/x86_64-apple-darwin17.3.0/7.3.0/include/stdint.h:9:0,
                 from pointer_offset_from_subtraction_1_auto.c:3:
/usr/local/Cellar/gcc/7.3.0_1/lib/gcc/7/gcc/x86_64-apple-darwin17.3.0/7.3.0/include-fixed/stdint.h:27:10: fatal error: sys/_types/_int8_t.h: No such file or directory
 #include <sys/_types/_int8_t.h>
          ^~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

compcert-3.2   Addresses: &x=140736963908376 &y=140736963908380 offset=4 
x=1  y=11  *p=11  *q=11

compcert-3.2-O   Addresses: &x=140735236507160 &y=140735236507164 offset=4 
x=1  y=11  *p=11  *q=11

compcert-3.2-interp   Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
  x = 1;
  y = 2;
  ux = (int) &x;
  uy = (int) &y;
  offset = uy - ux;
  printf(__stringlit_1, ux, uy, offset);
  p = (int *) (ux + offset);
  q = &y;
  if (memcmp(&p, &q, sizeof(int *)) == 0) {
    *p = 11;
    printf(__stringlit_2, x, y, *., *.);
  }
  return 0;
--[step_seq]-->
Time 2: in function main, statement
  x = 1;
  y = 2;
  ux = (int) &x;
  uy = (int) &y;
  offset = uy - ux;
  printf(__stringlit_1, ux, uy, offset);
  p = (int *) (ux + offset);
  q = &y;
  if (memcmp(&p, &q, sizeof(int *)) == 0) {
    *p = 11;
    printf(__stringlit_2, x, y, *., *.);
  }
--[step_seq]-->
Time 3: in function main, statement x = 1;
--[step_do_1]-->
Time 4: in function main, expression x = 1
--[red_var_local]-->
Time 5: in function main, expression <loc x> = 1
--[red_assign]-->
Time 6: in function main, expression 1
--[step_do_2]-->
Time 7: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 8: in function main, statement
  y = 2;
  ux = (int) &x;
  uy = (int) &y;
  offset = uy - ux;
  printf(__stringlit_1, ux, uy, offset);
  p = (int *) (ux + offset);
  q = &y;
  if (memcmp(&p, &q, sizeof(int *)) == 0) {
    *p = 11;
    printf(__stringlit_2, x, y, *., *.);
  }
--[step_seq]-->
Time 9: in function main, statement y = 2;
--[step_do_1]-->
Time 10: in function main, expression y = 2
--[red_var_local]-->
Time 11: in function main, expression <loc y> = 2
--[red_assign]-->
Time 12: in function main, expression 2
--[step_do_2]-->
Time 13: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 14: in function main, statement
  ux = (int) &x;
  uy = (int) &y;
  offset = uy - ux;
  printf(__stringlit_1, ux, uy, offset);
  p = (int *) (ux + offset);
  q = &y;
  if (memcmp(&p, &q, sizeof(int *)) == 0) {
    *p = 11;
    printf(__stringlit_2, x, y, *., *.);
  }
--[step_seq]-->
Time 15: in function main, statement ux = (int) &x;
--[step_do_1]-->
Time 16: in function main, expression ux = (int) &x
--[red_var_local]-->
Time 17: in function main, expression <loc ux> = (int) &x
--[red_var_local]-->
Time 18: in function main, expression <loc ux> = (int) &<loc x>
--[red_addrof]-->
Time 19: in function main, expression <loc ux> = (int) <ptr x>
--[red_cast]-->
Time 20: in function main, expression <loc ux> = <ptr x>
--[red_assign]-->
Time 21: in function main, expression <ptr x>
--[step_do_2]-->
Time 22: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 23: in function main, statement
  uy = (int) &y;
  offset = uy - ux;
  printf(__stringlit_1, ux, uy, offset);
  p = (int *) (ux + offset);
  q = &y;
  if (memcmp(&p, &q, sizeof(int *)) == 0) {
    *p = 11;
    printf(__stringlit_2, x, y, *., *.);
  }
--[step_seq]-->
Time 24: in function main, statement uy = (int) &y;
--[step_do_1]-->
Time 25: in function main, expression uy = (int) &y
--[red_var_local]-->
Time 26: in function main, expression <loc uy> = (int) &y
--[red_var_local]-->
Time 27: in function main, expression <loc uy> = (int) &<loc y>
--[red_addrof]-->
Time 28: in function main, expression <loc uy> = (int) <ptr y>
--[red_cast]-->
Time 29: in function main, expression <loc uy> = <ptr y>
--[red_assign]-->
Time 30: in function main, expression <ptr y>
--[step_do_2]-->
Time 31: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 32: in function main, statement
  offset = uy - ux;
  printf(__stringlit_1, ux, uy, offset);
  p = (int *) (ux + offset);
  q = &y;
  if (memcmp(&p, &q, sizeof(int *)) == 0) {
    *p = 11;
    printf(__stringlit_2, x, y, *., *.);
  }
--[step_seq]-->
Time 33: in function main, statement offset = uy - ux;
--[step_do_1]-->
Time 34: in function main, expression offset = uy - ux
--[red_var_local]-->
Time 35: in function main, expression <loc offset> = uy - ux
--[red_var_local]-->
Time 36: in function main, expression <loc offset> = <loc uy> - ux
--[red_rvalof]-->
Time 37: in function main, expression <loc offset> = <ptr y> - ux
--[red_var_local]-->
Time 38: in function main, expression <loc offset> = <ptr y> - <loc ux>
--[red_rvalof]-->
Time 39: in function main, expression <loc offset> = <ptr y> - <ptr x>
Stuck state: in function main, expression <loc offset> = <ptr y> - <ptr x>
Stuck subexpression: <ptr y> - <ptr x>
ERROR: Undefined behavior
In file included from pointer_offset_from_subtraction_1_auto.c:1:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:68:
/usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings]
#warning "Unsupported compiler detected"
 ^
1 warning generated.

gcc-8.1-O0		Addresses: &x=140736410188532 &y=140736410188528 offset=-4 x=1 y=11 p=11 q=11
gcc-8.1-O2		Addresses: &x=140737230224424 &y=140737230224428 offset=4 x=1 y=11 p=11 q=11
gcc-8.1-O3		Addresses: &x=140727411554616 &y=140727411554620 offset=4 x=1 y=11 p=11 q=11
gcc-8.1-O2-no-strict-aliasing		Addresses: &x=140729308395912 &y=140729308395916 offset=4 x=1 y=11 p=11 q=11
gcc-8.1-O3-no-strict-aliasing		Addresses: &x=140732313568104 &y=140732313568108 offset=4 x=1 y=11 p=11 q=11
clang-6.0-O0		Addresses: &x=140735215937096 &y=140735215937092 offset=-4 x=1 y=11 p=11 q=11
clang-6.0-O2		Addresses: &x=140725827561060 &y=140725827561056 offset=-4 x=1 y=11 p=11 q=11
clang-6.0-O3		Addresses: &x=140723835511716 &y=140723835511712 offset=-4 x=1 y=11 p=11 q=11
clang-6.0-O2-no-strict-aliasing		Addresses: &x=140729979615828 &y=140729979615824 offset=-4 x=1 y=11 p=11 q=11
clang-6.0-O3-no-strict-aliasing		Addresses: &x=140735594090500 &y=140735594090496 offset=-4 x=1 y=11 p=11 q=11
clang-6.0-UBSAN		Addresses: &x=140729508086364 &y=140729508086360 offset=-4 x=1 y=11 p=11 q=11
clang-6.0-ASAN		Addresses: &x=140735177300128 &y=140735177300144 offset=16 x=1 y=11 p=11 q=11
clang-6.0-MSAN		Addresses: &x=140726860634036 &y=140726860634032 offset=-4 x=1 y=11 p=11 q=11
icc-19-O0		Addresses: &x=140735673267984 &y=140735673267988 offset=4 x=1 y=11 p=11 q=11
icc-19-O2		Addresses: &x=6309568 &y=6309572 offset=4 x=1 y=11 p=11 q=11
icc-19-O3		Addresses: &x=6309568 &y=6309572 offset=4 x=1 y=11 p=11 q=11
icc-19-O2-no-strict-aliasing		Addresses: &x=6309568 &y=6309572 offset=4 x=1 y=11 p=11 q=11
icc-19-O3-no-strict-aliasing		Addresses: &x=6309568 &y=6309572 offset=4 x=1 y=11 p=11 q=11
cerberus-concrete		BEGIN EXEC[0] Killed {msg: MerrAccess Store [pointer_offset_from_subtraction_1_auto.c:15:5-12] OutOfBoundPtr} END EXEC[0] Time spent: 0.043861 seconds
cerberus-symbolic		BEGIN EXEC[0] Undefined [other_location(Core parser)]{id: [DUMMY(rev_listFromStr_aux)]} END EXEC[0] BEGIN EXEC[1] Undefined [other_location(Core parser)]{id: [UB036_exceptional_condition]} END EXEC[1] BEGIN EXEC[2] Undefined [other_location(Core parser)]{id: [UB036_exceptional_condition]} END EXEC[2] Time spent: 0.159506 seconds
gcc-4.9-shadowprov		exit codes: compile 0 / execute 134
CHERI:MIPS-O0		Addresses: &x=549755808208 &y=549755808204 offset=-4 x=1 y=11 p=11 q=11
CHERI:MIPS-O2		Addresses: &x=549755808212 &y=549755808208 offset=-4 x=1 y=11 p=11 q=11
CHERI:MIPS-O2-no-strict-aliasing		Addresses: &x=549755808180 &y=549755808176 offset=-4 x=1 y=11 p=11 q=11
CHERI:CHERI-O0-uintcap-addr-exact-equals		Addresses: &x=0 &y=0 offset=-4
CHERI:CHERI-O2-uintcap-addr-exact-equals		Addresses: &x=0 &y=0 offset=-4
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals		Addresses: &x=0 &y=0 offset=-4
CHERI:CHERI-O0-uintcap-offset-exact-equals		Addresses: &x=0 &y=0 offset=0
CHERI:CHERI-O2-uintcap-offset-exact-equals		Addresses: &x=0 &y=0 offset=0
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals		Addresses: &x=0 &y=0 offset=0
CHERI:CHERI-O0-uintcap-addr		Addresses: &x=0 &y=0 offset=-4
CHERI:CHERI-O2-uintcap-addr		Addresses: &x=0 &y=0 offset=-4
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr		Addresses: &x=0 &y=0 offset=-4
CHERI:CHERI-O0-uintcap-offset		Addresses: &x=0 &y=0 offset=0
CHERI:CHERI-O2-uintcap-offset		Addresses: &x=0 &y=0 offset=0
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset		Addresses: &x=0 &y=0 offset=0
RV-Match		Addresses: &x=0 &y=0 offset=9223372036854775807 Computing pointer difference between two different objects: > in main at pointer_offset_from_subtraction_1_auto.c:9:3 Undefined behavior (UB-CEA5): see C11 section 6.5.6:9 http://rvdoc.org/C11/6.5.6 see C11 section J.2:1 item 48 http://rvdoc.org/C11/J.2 see CERT-C section ARR36-C http://rvdoc.org/CERT-C/ARR36-C see MISRA-C section 8.18:2 http://rvdoc.org/MISRA-C/8.18 see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1 Printing an unspecified value: > in printf at pointer_offset_from_subtraction_1_auto.c:10:3 in main at pointer_offset_from_subtraction_1_auto.c:10:3 Unspecified value or behavior (USP-STDIO2): see C11 section 7.21.6.1:8 http://rvdoc.org/C11/7.21.6.1 A pointer (or array subscript) outside the bounds of an object: > in main at pointer_offset_from_subtraction_1_auto.c:12:3 Undefined behavior (UB-CEA1): see C11 section 6.5.6:8 http://rvdoc.org/C11/6.5.6 see C11 section J.2:1 item 46 http://rvdoc.org/C11/J.2 see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C see MISRA-C section 8.18:1 http://rvdoc.org/MISRA-C/8.18 see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1 Conversion from an integer to non-null pointer: > in main at pointer_offset_from_subtraction_1_auto.c:12:3 Implementation defined behavior (IMPL-CCV13): see C11 section 6.3.2.3:5 http://rvdoc.org/C11/6.3.2.3 see CERT section INT36-C http://rvdoc.org/CERT/INT36-C Found pointer that refers outside the bounds of an object + 1: > in main at pointer_offset_from_subtraction_1_auto.c:12:3 Undefined behavior (UB-CEE3): see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1 see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2 see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1 Cannot compare pointers with different base objects using '<': > in memcmp at /opt/rv-match/c-semantics/x86_64-linux-gcc-glibc/src/string.c:181:19 in main at pointer_offset_from_subtraction_1_auto.c:14:3 Undefined behavior (UB-CERL1): see C11 section 6.5.8:5 http://rvdoc.org/C11/6.5.8 see C11 section J.2:1 item 53 http://rvdoc.org/C11/J.2 see CERT-C section ARR36-C http://rvdoc.org/CERT-C/ARR36-C see MISRA-C section 8.18:3 http://rvdoc.org/MISRA-C/8.18 see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1 Comparison of unspecified value: > in memcmp at /opt/rv-match/c-semantics/x86_64-linux-gcc-glibc/src/string.c:181:19 in main at pointer_offset_from_subtraction_1_auto.c:14:3 Unspecified value or behavior (USP-CERL7): see C11 section 6.5.9 http://rvdoc.org/C11/6.5.9 see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1
ch2o		In file included from /usr/local/Cellar/gcc/7.3.0_1/lib/gcc/7/gcc/x86_64-apple-darwin17.3.0/7.3.0/include/stdint.h:9:0, from pointer_offset_from_subtraction_1_auto.c:3: /usr/local/Cellar/gcc/7.3.0_1/lib/gcc/7/gcc/x86_64-apple-darwin17.3.0/7.3.0/include-fixed/stdint.h:27:10: fatal error: sys/_types/_int8_t.h: No such file or directory #include <sys/_types/_int8_t.h> ^~~~~~~~~~~~~~~~~~~~~~ compilation terminated.
compcert-3.2		Addresses: &x=140736963908376 &y=140736963908380 offset=4 x=1 y=11 p=11 q=11
compcert-3.2-O		Addresses: &x=140735236507160 &y=140735236507164 offset=4 x=1 y=11 p=11 q=11
compcert-3.2-interp		Time 0: calling main() --[step_internal_function]--> Time 1: in function main, statement x = 1; y = 2; ux = (int) &x; uy = (int) &y; offset = uy - ux; printf(__stringlit_1, ux, uy, offset); p = (int ) (ux + offset); q = &y; if (memcmp(&p, &q, sizeof(int )) == 0) { p = 11; printf(__stringlit_2, x, y, ., .); } return 0; --[step_seq]--> Time 2: in function main, statement x = 1; y = 2; ux = (int) &x; uy = (int) &y; offset = uy - ux; printf(__stringlit_1, ux, uy, offset); p = (int ) (ux + offset); q = &y; if (memcmp(&p, &q, sizeof(int )) == 0) { p = 11; printf(__stringlit_2, x, y, ., .); } --[step_seq]--> Time 3: in function main, statement x = 1; --[step_do_1]--> Time 4: in function main, expression x = 1 --[red_var_local]--> Time 5: in function main, expression <loc x> = 1 --[red_assign]--> Time 6: in function main, expression 1 --[step_do_2]--> Time 7: in function main, statement /skip/; --[step_skip_seq]--> Time 8: in function main, statement y = 2; ux = (int) &x; uy = (int) &y; offset = uy - ux; printf(__stringlit_1, ux, uy, offset); p = (int ) (ux + offset); q = &y; if (memcmp(&p, &q, sizeof(int )) == 0) { p = 11; printf(__stringlit_2, x, y, ., .); } --[step_seq]--> Time 9: in function main, statement y = 2; --[step_do_1]--> Time 10: in function main, expression y = 2 --[red_var_local]--> Time 11: in function main, expression <loc y> = 2 --[red_assign]--> Time 12: in function main, expression 2 --[step_do_2]--> Time 13: in function main, statement /skip/; --[step_skip_seq]--> Time 14: in function main, statement ux = (int) &x; uy = (int) &y; offset = uy - ux; printf(__stringlit_1, ux, uy, offset); p = (int ) (ux + offset); q = &y; if (memcmp(&p, &q, sizeof(int )) == 0) { p = 11; printf(__stringlit_2, x, y, ., .); } --[step_seq]--> Time 15: in function main, statement ux = (int) &x; --[step_do_1]--> Time 16: in function main, expression ux = (int) &x --[red_var_local]--> Time 17: in function main, expression <loc ux> = (int) &x --[red_var_local]--> Time 18: in function main, expression <loc ux> = (int) &<loc x> --[red_addrof]--> Time 19: in function main, expression <loc ux> = (int) <ptr x> --[red_cast]--> Time 20: in function main, expression <loc ux> = <ptr x> --[red_assign]--> Time 21: in function main, expression <ptr x> --[step_do_2]--> Time 22: in function main, statement /skip/; --[step_skip_seq]--> Time 23: in function main, statement uy = (int) &y; offset = uy - ux; printf(__stringlit_1, ux, uy, offset); p = (int ) (ux + offset); q = &y; if (memcmp(&p, &q, sizeof(int )) == 0) { p = 11; printf(__stringlit_2, x, y, ., .); } --[step_seq]--> Time 24: in function main, statement uy = (int) &y; --[step_do_1]--> Time 25: in function main, expression uy = (int) &y --[red_var_local]--> Time 26: in function main, expression <loc uy> = (int) &y --[red_var_local]--> Time 27: in function main, expression <loc uy> = (int) &<loc y> --[red_addrof]--> Time 28: in function main, expression <loc uy> = (int) <ptr y> --[red_cast]--> Time 29: in function main, expression <loc uy> = <ptr y> --[red_assign]--> Time 30: in function main, expression <ptr y> --[step_do_2]--> Time 31: in function main, statement /skip/; --[step_skip_seq]--> Time 32: in function main, statement offset = uy - ux; printf(__stringlit_1, ux, uy, offset); p = (int ) (ux + offset); q = &y; if (memcmp(&p, &q, sizeof(int )) == 0) { p = 11; printf(__stringlit_2, x, y, ., .); } --[step_seq]--> Time 33: in function main, statement offset = uy - ux; --[step_do_1]--> Time 34: in function main, expression offset = uy - ux --[red_var_local]--> Time 35: in function main, expression <loc offset> = uy - ux --[red_var_local]--> Time 36: in function main, expression <loc offset> = <loc uy> - ux --[red_rvalof]--> Time 37: in function main, expression <loc offset> = <ptr y> - ux --[red_var_local]--> Time 38: in function main, expression <loc offset> = <ptr y> - <loc ux> --[red_rvalof]--> Time 39: in function main, expression <loc offset> = <ptr y> - <ptr x> Stuck state: in function main, expression <loc offset> = <ptr y> - <ptr x> Stuck subexpression: <ptr y> - <ptr x> ERROR: Undefined behavior In file included from pointer_offset_from_subtraction_1_auto.c:1: In file included from /usr/include/stdio.h:64: In file included from /usr/include/_stdio.h:68: /usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings] #warning "Unsupported compiler detected" ^ 1 warning generated.

Example: pointer_offset_from_subtraction_1_auto.c

Example: `pointer_offset_from_subtraction_1_auto.c`