Example: pointer_offset_from_subtraction_within_malloc_int_1.c#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
int main() {
void *a = malloc(4*sizeof(int)); // allocation P
// initialise two elements of a notional array within the allocation
int *p1 = (int*)((unsigned char*)a+1*sizeof(int));
int *p3 = (int*)((unsigned char*)a+3*sizeof(int));
*p1 = 1;
*p3 = 3;
// calculate an unsigned char* offset between pointers to those elements
ptrdiff_t offset=(unsigned char*)p3-(unsigned char*)p1; // provenance ?
// add the offset to a pointer to the first
unsigned char *q1 = (unsigned char*)p1; // provenance P
unsigned char *q3 = (unsigned char*)p1 + offset; // provenance ?
int *r1 = (int*)q1;
int *r3 = (int*)q3;
printf("Addresses: a=%p p3=%p r3=%p\n",a,(void*)p3,(void*)r3);
// if that has the same representation as the pointer to the third...
if (memcmp(&p3, &r3, sizeof(p3)) == 0) {
// try to use it to access that
*r3 = 11; // is this free of undefined behaviour?
printf("*p1=%d *r1=%d *r3=%d \n",
*p1, *r1, *r3);
}
return 0;
}
[link to test in Cerberus and Compiler Explorer]
Experimental data (what does this mean?)
SOURCES MISMATCH
| gcc-8.1-O0 | | Addresses: a=0x7c7010 p3=0x7c701c r3=0x7c701c
*p1=1 *r1=1 *r3=11
|
| gcc-8.1-O2 | | Addresses: a=0x14fa010 p3=0x14fa01c r3=0x14fa01c
*p1=1 *r1=1 *r3=11
|
| gcc-8.1-O3 | | Addresses: a=0x148b010 p3=0x148b01c r3=0x148b01c
*p1=1 *r1=1 *r3=11
|
| gcc-8.1-O2-no-strict-aliasing | | Addresses: a=0x11f1010 p3=0x11f101c r3=0x11f101c
*p1=1 *r1=1 *r3=11
|
| gcc-8.1-O3-no-strict-aliasing | | Addresses: a=0xc4e010 p3=0xc4e01c r3=0xc4e01c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-O0 | | Addresses: a=0x1534010 p3=0x153401c r3=0x153401c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-O2 | | Addresses: a=0x21fc010 p3=0x21fc01c r3=0x21fc01c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-O3 | | Addresses: a=0xa50010 p3=0xa5001c r3=0xa5001c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-O2-no-strict-aliasing | | Addresses: a=0x879010 p3=0x87901c r3=0x87901c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-O3-no-strict-aliasing | | Addresses: a=0x1e8a010 p3=0x1e8a01c r3=0x1e8a01c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-UBSAN | | Addresses: a=0x2f21040 p3=0x2f2104c r3=0x2f2104c
*p1=1 *r1=1 *r3=11
|
| clang-6.0-ASAN | | exit codes: compile 0 / execute 1
=================================================================
==3875==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x4ba4a3 in __interceptor_malloc /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x4e71d1 in main (/auto/homes/vb358/charon2/pointer_offset_from_subtraction_within_malloc_int_1.c.clang-6.0-ASAN.out+0x4e71d1)
SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
|
| clang-6.0-MSAN | | Addresses: a=0x701000000000 p3=0x70100000000c r3=0x70100000000c
*p1=1 *r1=1 *r3=11
|
| icc-19-O0 | | Addresses: a=0xef6010 p3=0xef601c r3=0xef601c
*p1=1 *r1=1 *r3=11
|
| icc-19-O2 | | Addresses: a=0x9e9010 p3=0x9e901c r3=0x9e901c
*p1=1 *r1=1 *r3=11
|
| icc-19-O3 | | Addresses: a=0x22af010 p3=0x22af01c r3=0x22af01c
*p1=1 *r1=1 *r3=11
|
| icc-19-O2-no-strict-aliasing | | Addresses: a=0x16a5010 p3=0x16a501c r3=0x16a501c
*p1=1 *r1=1 *r3=11
|
| icc-19-O3-no-strict-aliasing | | Addresses: a=0xcff010 p3=0xcff01c r3=0xcff01c
*p1=1 *r1=1 *r3=11
|
| cerberus-concrete | | BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "Addresses: a=<15>:168 p3=<15>:180 r3=<15>:180\n*p1=1 *r1=1 *r3=11 \n", blocked: "false"}
END EXEC[0]
Time spent: 0.052822 seconds
|
| cerberus-symbolic | | exit codes: compile 0 / execute 1
cerberus: internal error, uncaught exception:
Failure("TODO: Symbolic defacto, isWellAligned_ptrval")
|
| gcc-4.9-shadowprov | | Addresses: a=0x11a3290 p3=0x11a329c r3=0x11a329c
*p1=1 *r1=1 *r3=11
|
| CHERI:MIPS-O0 | | Addresses: a=0x4003f000 p3=0x4003f00c r3=0x4003f00c
*p1=1 *r1=1 *r3=11
|
| CHERI:MIPS-O2 | | Addresses: a=0x4003f000 p3=0x4003f00c r3=0x4003f00c
*p1=1 *r1=1 *r3=11
|
| CHERI:MIPS-O2-no-strict-aliasing | | Addresses: a=0x4003f000 p3=0x4003f00c r3=0x4003f00c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O0-uintcap-addr-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-uintcap-addr-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O0-uintcap-offset-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-uintcap-offset-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O0-uintcap-addr | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-uintcap-addr | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O0-uintcap-offset | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-uintcap-offset | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset | | Addresses: a=0x7c00008000 p3=0x7c0000800c r3=0x7c0000800c
*p1=1 *r1=1 *r3=11
|
| RV-Match | | Addresses: a=(nil) p3=(nil) r3=(nil)
*p1=11 *q3=11 *r1=11 *r3=11
|
| ch2o | | Fatal error: exception Failure("parse_printf")
Raised at file "pervasives.ml", line 30, characters 22-33
Called from file "list.ml", line 55, characters 20-23
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
|
| compcert-3.2 | | Addresses: a=0x1cb9010 p3=0x1cb901c r3=0x1cb901c
*p1=1 *r1=1 *r3=11
|
| compcert-3.2-O | | Addresses: a=0x2090010 p3=0x209001c r3=0x209001c
*p1=1 *r1=1 *r3=11
|
| compcert-3.2-interp | | Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
a = malloc(4 * sizeof(int));
p1 = (int *) ((unsigned char *) a + 1 * sizeof(int));
p3 = (int *) ((unsigned char *) a + 3 * sizeof(int));
*p1 = 11;
*p3 = 33;
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
return 0;
--[step_seq]-->
Time 2: in function main, statement
a = malloc(4 * sizeof(int));
p1 = (int *) ((unsigned char *) a + 1 * sizeof(int));
p3 = (int *) ((unsigned char *) a + 3 * sizeof(int));
*p1 = 11;
*p3 = 33;
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 3: in function main, statement a = malloc(4 * sizeof(int));
--[step_do_1]-->
Time 4: in function main, expression a = malloc(4 * sizeof(int))
--[red_var_local]-->
Time 5: in function main, expression <loc a> = malloc(4 * sizeof(int))
--[red_var_global]-->
Time 6: in function main, expression <loc a> = <loc malloc>(4 * sizeof(int))
--[red_rvalof]-->
Time 7: in function main, expression <loc a> = <ptr malloc>(4 * sizeof(int))
--[red_sizeof]-->
Time 8: in function main, expression <loc a> = <ptr malloc>(4 * 4U)
--[red_binop]-->
Time 9: in function main, expression <loc a> = <ptr malloc>(16U)
--[red_call]-->
Time 10: calling malloc(16)
--[step_external_function]-->
Time 11: returning <ptr>
--[step_returnstate]-->
Time 12: in function main, expression <loc a> = <ptr>
--[red_assign]-->
Time 13: in function main, expression <ptr>
--[step_do_2]-->
Time 14: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 15: in function main, statement
p1 = (int *) ((unsigned char *) a + 1 * sizeof(int));
p3 = (int *) ((unsigned char *) a + 3 * sizeof(int));
*p1 = 11;
*p3 = 33;
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 16: in function main, statement
p1 = (int *) ((unsigned char *) a + 1 * sizeof(int));
--[step_do_1]-->
Time 17: in function main, expression
p1 = (int *) ((unsigned char *) a + 1 * sizeof(int))
--[red_var_local]-->
Time 18: in function main, expression
<loc p1> = (int *) ((unsigned char *) a + 1 * sizeof(int))
--[red_var_local]-->
Time 19: in function main, expression
<loc p1> = (int *) ((unsigned char *) <loc a> + 1 * sizeof(int))
--[red_rvalof]-->
Time 20: in function main, expression
<loc p1> = (int *) ((unsigned char *) <ptr> + 1 * sizeof(int))
--[red_cast]-->
Time 21: in function main, expression
<loc p1> = (int *) (<ptr> + 1 * sizeof(int))
--[red_sizeof]-->
Time 22: in function main, expression <loc p1> = (int *) (<ptr> + 1 * 4U)
--[red_binop]-->
Time 23: in function main, expression <loc p1> = (int *) (<ptr> + 4U)
--[red_binop]-->
Time 24: in function main, expression <loc p1> = (int *) <ptr>
--[red_cast]-->
Time 25: in function main, expression <loc p1> = <ptr>
--[red_assign]-->
Time 26: in function main, expression <ptr>
--[step_do_2]-->
Time 27: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 28: in function main, statement
p3 = (int *) ((unsigned char *) a + 3 * sizeof(int));
*p1 = 11;
*p3 = 33;
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 29: in function main, statement
p3 = (int *) ((unsigned char *) a + 3 * sizeof(int));
--[step_do_1]-->
Time 30: in function main, expression
p3 = (int *) ((unsigned char *) a + 3 * sizeof(int))
--[red_var_local]-->
Time 31: in function main, expression
<loc p3> = (int *) ((unsigned char *) a + 3 * sizeof(int))
--[red_var_local]-->
Time 32: in function main, expression
<loc p3> = (int *) ((unsigned char *) <loc a> + 3 * sizeof(int))
--[red_rvalof]-->
Time 33: in function main, expression
<loc p3> = (int *) ((unsigned char *) <ptr> + 3 * sizeof(int))
--[red_cast]-->
Time 34: in function main, expression
<loc p3> = (int *) (<ptr> + 3 * sizeof(int))
--[red_sizeof]-->
Time 35: in function main, expression <loc p3> = (int *) (<ptr> + 3 * 4U)
--[red_binop]-->
Time 36: in function main, expression <loc p3> = (int *) (<ptr> + 12U)
--[red_binop]-->
Time 37: in function main, expression <loc p3> = (int *) <ptr>
--[red_cast]-->
Time 38: in function main, expression <loc p3> = <ptr>
--[red_assign]-->
Time 39: in function main, expression <ptr>
--[step_do_2]-->
Time 40: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 41: in function main, statement
*p1 = 11;
*p3 = 33;
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 42: in function main, statement *p1 = 11;
--[step_do_1]-->
Time 43: in function main, expression *p1 = 11
--[red_var_local]-->
Time 44: in function main, expression *<loc p1> = 11
--[red_rvalof]-->
Time 45: in function main, expression *<ptr> = 11
--[red_deref]-->
Time 46: in function main, expression <loc> = 11
--[red_assign]-->
Time 47: in function main, expression 11
--[step_do_2]-->
Time 48: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 49: in function main, statement
*p3 = 33;
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 50: in function main, statement *p3 = 33;
--[step_do_1]-->
Time 51: in function main, expression *p3 = 33
--[red_var_local]-->
Time 52: in function main, expression *<loc p3> = 33
--[red_rvalof]-->
Time 53: in function main, expression *<ptr> = 33
--[red_deref]-->
Time 54: in function main, expression <loc> = 33
--[red_assign]-->
Time 55: in function main, expression 33
--[step_do_2]-->
Time 56: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 57: in function main, statement
offset = (unsigned char *) p3 - (unsigned char *) p1;
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 58: in function main, statement
offset = (unsigned char *) p3 - (unsigned char *) p1;
--[step_do_1]-->
Time 59: in function main, expression
offset = (unsigned char *) p3 - (unsigned char *) p1
--[red_var_local]-->
Time 60: in function main, expression
<loc offset> = (unsigned char *) p3 - (unsigned char *) p1
--[red_var_local]-->
Time 61: in function main, expression
<loc offset> = (unsigned char *) <loc p3> - (unsigned char *) p1
--[red_rvalof]-->
Time 62: in function main, expression
<loc offset> = (unsigned char *) <ptr> - (unsigned char *) p1
--[red_cast]-->
Time 63: in function main, expression
<loc offset> = <ptr> - (unsigned char *) p1
--[red_var_local]-->
Time 64: in function main, expression
<loc offset> = <ptr> - (unsigned char *) <loc p1>
--[red_rvalof]-->
Time 65: in function main, expression
<loc offset> = <ptr> - (unsigned char *) <ptr>
--[red_cast]-->
Time 66: in function main, expression <loc offset> = <ptr> - <ptr>
--[red_binop]-->
Time 67: in function main, expression <loc offset> = 8
--[red_assign]-->
Time 68: in function main, expression 8
--[step_do_2]-->
Time 69: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 70: in function main, statement
q1 = (unsigned char *) p1;
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 71: in function main, statement q1 = (unsigned char *) p1;
--[step_do_1]-->
Time 72: in function main, expression q1 = (unsigned char *) p1
--[red_var_local]-->
Time 73: in function main, expression <loc q1> = (unsigned char *) p1
--[red_var_local]-->
Time 74: in function main, expression <loc q1> = (unsigned char *) <loc p1>
--[red_rvalof]-->
Time 75: in function main, expression <loc q1> = (unsigned char *) <ptr>
--[red_cast]-->
Time 76: in function main, expression <loc q1> = <ptr>
--[red_assign]-->
Time 77: in function main, expression <ptr>
--[step_do_2]-->
Time 78: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 79: in function main, statement
q3 = (unsigned char *) p1 + offset;
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 80: in function main, statement q3 = (unsigned char *) p1 + offset;
--[step_do_1]-->
Time 81: in function main, expression q3 = (unsigned char *) p1 + offset
--[red_var_local]-->
Time 82: in function main, expression
<loc q3> = (unsigned char *) p1 + offset
--[red_var_local]-->
Time 83: in function main, expression
<loc q3> = (unsigned char *) <loc p1> + offset
--[red_rvalof]-->
Time 84: in function main, expression
<loc q3> = (unsigned char *) <ptr> + offset
--[red_cast]-->
Time 85: in function main, expression <loc q3> = <ptr> + offset
--[red_var_local]-->
Time 86: in function main, expression <loc q3> = <ptr> + <loc offset>
--[red_rvalof]-->
Time 87: in function main, expression <loc q3> = <ptr> + 8
--[red_binop]-->
Time 88: in function main, expression <loc q3> = <ptr>
--[red_assign]-->
Time 89: in function main, expression <ptr>
--[step_do_2]-->
Time 90: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 91: in function main, statement
r1 = (int *) q1;
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 92: in function main, statement r1 = (int *) q1;
--[step_do_1]-->
Time 93: in function main, expression r1 = (int *) q1
--[red_var_local]-->
Time 94: in function main, expression <loc r1> = (int *) q1
--[red_var_local]-->
Time 95: in function main, expression <loc r1> = (int *) <loc q1>
--[red_rvalof]-->
Time 96: in function main, expression <loc r1> = (int *) <ptr>
--[red_cast]-->
Time 97: in function main, expression <loc r1> = <ptr>
--[red_assign]-->
Time 98: in function main, expression <ptr>
--[step_do_2]-->
Time 99: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 100: in function main, statement
r3 = (int *) q3;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 101: in function main, statement r3 = (int *) q3;
--[step_do_1]-->
Time 102: in function main, expression r3 = (int *) q3
--[red_var_local]-->
Time 103: in function main, expression <loc r3> = (int *) q3
--[red_var_local]-->
Time 104: in function main, expression <loc r3> = (int *) <loc q3>
--[red_rvalof]-->
Time 105: in function main, expression <loc r3> = (int *) <ptr>
--[red_cast]-->
Time 106: in function main, expression <loc r3> = <ptr>
--[red_assign]-->
Time 107: in function main, expression <ptr>
--[step_do_2]-->
Time 108: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 109: in function main, statement
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, *., *., *., *.);
}
return 0;
--[step_seq]-->
Time 110: in function main, statement
printf(__stringlit_1, a, (void *) p3, (void *) r3);
--[step_do_1]-->
Time 111: in function main, expression
printf(__stringlit_1, a, (void *) p3, (void *) r3)
--[red_var_global]-->
Time 112: in function main, expression
printf(<loc __stringlit_1>, a, (void *) p3, (void *) r3)
--[red_rvalof]-->
Time 113: in function main, expression
printf(<ptr __stringlit_1>, a, (void *) p3, (void *) r3)
--[red_var_local]-->
Time 114: in function main, expression
printf(<ptr __stringlit_1>, <loc a>, (void *) p3, (void *) r3)
--[red_rvalof]-->
Time 115: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, (void *) p3, (void *) r3)
--[red_var_local]-->
Time 116: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, (void *) <loc p3>, (void *) r3)
--[red_rvalof]-->
Time 117: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, (void *) <ptr>, (void *) r3)
--[red_cast]-->
Time 118: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) r3)
--[red_var_local]-->
Time 119: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) <loc r3>)
--[red_rvalof]-->
Time 120: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) <ptr>)
--[red_cast]-->
Time 121: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>)
Addresses: a=<66+0> p3=<66+12> r3=<66+12>
Stuck state: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>)
Addresses: a=<66+0> p3=<66+12> r3=<66+12>
Stuck subexpression: printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>)
ERROR: Undefined behavior
In file included from pointer_offset_from_subtraction_within_malloc_int_1.c:1:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:68:
/usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings]
#warning "Unsupported compiler detected"
^
1 warning generated.
|