Example: pointer_offset_from_subtraction_within_malloc_struct_1.c#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
typedef struct { char c; int i; } st;
int main() {
void *a = malloc(4*sizeof(st)); // allocation P
// initialise one member of two elements of a notional array of structs
char *p1 = (char*)((unsigned char*)a+1*sizeof(int)+offsetof(st,c));
int *p3 = (int *)((unsigned char*)a+3*sizeof(int)+offsetof(st,i));
*p1 = 'a';
*p3 = 3;
// calculate an unsigned char* offset between pointers to those elements
ptrdiff_t offset=((unsigned char*)p3-offsetof(st,i)) -
((unsigned char*)p1-offsetof(st,c)); // provenance ?
// add the offset to a pointer to the first struct
unsigned char *q1 = (unsigned char*)p1 - offsetof(st,c);// provenance P
unsigned char *q3 = ((unsigned char*)p1 - offsetof(st,c)) + offset; // provenance P
// and adapt to point to the i element of the third
unsigned char *q3i = q3 + offsetof(st,i); // provenance P
char *r1 = (char*)q1;
int *r3 = (int*)q3i;
printf("Addresses: a=%p p3=%p r3=%p\n",a,(void*)p3,(void*)r3);
// if that has the same representation as the pointer to the i member of the third...
if (memcmp(&p3, &r3, sizeof(p3)) == 0) {
// try to use it to access that
*r3 = 33; // is this free of undefined behaviour?
printf("*p3=%d *r3=%d \n", *p3, *r3);
}
return 0;
}
[link to test in Cerberus and Compiler Explorer]
Experimental data (what does this mean?)
SOURCES MISMATCH
| gcc-8.1-O0 | | Addresses: a=0x23a1010 p3=0x23a1020 r3=0x23a1020
*p3=33 *r3=33
|
| gcc-8.1-O2 | | Addresses: a=0xd3a010 p3=0xd3a020 r3=0xd3a020
*p3=33 *r3=33
|
| gcc-8.1-O3 | | Addresses: a=0x1ce5010 p3=0x1ce5020 r3=0x1ce5020
*p3=33 *r3=33
|
| gcc-8.1-O2-no-strict-aliasing | | Addresses: a=0x12a0010 p3=0x12a0020 r3=0x12a0020
*p3=33 *r3=33
|
| gcc-8.1-O3-no-strict-aliasing | | Addresses: a=0x1f93010 p3=0x1f93020 r3=0x1f93020
*p3=33 *r3=33
|
| clang-6.0-O0 | | Addresses: a=0xe91010 p3=0xe91020 r3=0xe91020
*p3=33 *r3=33
|
| clang-6.0-O2 | | Addresses: a=0xdb4010 p3=0xdb4020 r3=0xdb4020
*p3=33 *r3=33
|
| clang-6.0-O3 | | Addresses: a=0x1d8a010 p3=0x1d8a020 r3=0x1d8a020
*p3=33 *r3=33
|
| clang-6.0-O2-no-strict-aliasing | | Addresses: a=0x1d58010 p3=0x1d58020 r3=0x1d58020
*p3=33 *r3=33
|
| clang-6.0-O3-no-strict-aliasing | | Addresses: a=0x12b7010 p3=0x12b7020 r3=0x12b7020
*p3=33 *r3=33
|
| clang-6.0-UBSAN | | Addresses: a=0x2cf0040 p3=0x2cf0050 r3=0x2cf0050
*p3=33 *r3=33
|
| clang-6.0-ASAN | | exit codes: compile 0 / execute 1
=================================================================
==3658==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4ba4a3 in __interceptor_malloc /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x4e71cd in main (/auto/homes/vb358/charon2/pointer_offset_from_subtraction_within_malloc_struct_1.c.clang-6.0-ASAN.out+0x4e71cd)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
|
| clang-6.0-MSAN | | Addresses: a=0x702000000000 p3=0x702000000010 r3=0x702000000010
*p3=33 *r3=33
|
| icc-19-O0 | | Addresses: a=0x17c5010 p3=0x17c5020 r3=0x17c5020
*p3=33 *r3=33
|
| icc-19-O2 | | Addresses: a=0x738010 p3=0x738020 r3=0x738020
*p3=33 *r3=33
|
| icc-19-O3 | | Addresses: a=0xcd7010 p3=0xcd7020 r3=0xcd7020
*p3=33 *r3=33
|
| icc-19-O2-no-strict-aliasing | | Addresses: a=0x8e7010 p3=0x8e7020 r3=0x8e7020
*p3=33 *r3=33
|
| icc-19-O3-no-strict-aliasing | | Addresses: a=0x1959010 p3=0x1959020 r3=0x1959020
*p3=33 *r3=33
|
| cerberus-concrete | | BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "Addresses: a=<16>:168 p3=<16>:184 r3=<16>:184\n*p3=33 *r3=33 \n", blocked: "false"}
END EXEC[0]
Time spent: 0.052334 seconds
|
| cerberus-symbolic | | exit codes: compile 0 / execute 1
cerberus: internal error, uncaught exception:
Failure("TODO: Symbolic defacto, isWellAligned_ptrval")
|
| gcc-4.9-shadowprov | | Addresses: a=0x1097260 p3=0x1097270 r3=0x1097270
*p3=33 *r3=33
|
| CHERI:MIPS-O0 | | Addresses: a=0x4003f000 p3=0x4003f010 r3=0x4003f010
*p3=33 *r3=33
|
| CHERI:MIPS-O2 | | Addresses: a=0x4003f000 p3=0x4003f010 r3=0x4003f010
*p3=33 *r3=33
|
| CHERI:MIPS-O2-no-strict-aliasing | | Addresses: a=0x4003f000 p3=0x4003f010 r3=0x4003f010
*p3=33 *r3=33
|
| CHERI:CHERI-O0-uintcap-addr-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-uintcap-addr-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O0-uintcap-offset-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-uintcap-offset-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O0-uintcap-addr | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-uintcap-addr | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O0-uintcap-offset | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-uintcap-offset | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset | | Addresses: a=0x7c00008000 p3=0x7c00008010 r3=0x7c00008010
*p3=33 *r3=33
|
| RV-Match | | Addresses: a=(nil) p3=(nil) r3=(nil)
*p1=0x61 *q3=11 *r1=0x61 *r3=11
|
| ch2o | | Fatal error: exception Failure("parse_printf")
Raised at file "pervasives.ml", line 30, characters 22-33
Called from file "list.ml", line 55, characters 20-23
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
Called from file "list.ml", line 55, characters 32-39
|
| compcert-3.2 | | Addresses: a=0x1d1f010 p3=0x1d1f020 r3=0x1d1f020
*p3=33 *r3=33
|
| compcert-3.2-O | | Addresses: a=0x11f5010 p3=0x11f5020 r3=0x11f5020
*p3=33 *r3=33
|
| compcert-3.2-interp | | Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
a = malloc(4 * sizeof(struct _1193));
p1 = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U);
p3 = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U);
*p1 = 97;
*p3 = 33;
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
return 0;
--[step_seq]-->
Time 2: in function main, statement
a = malloc(4 * sizeof(struct _1193));
p1 = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U);
p3 = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U);
*p1 = 97;
*p3 = 33;
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 3: in function main, statement a = malloc(4 * sizeof(struct _1193));
--[step_do_1]-->
Time 4: in function main, expression a = malloc(4 * sizeof(struct _1193))
--[red_var_local]-->
Time 5: in function main, expression
<loc a> = malloc(4 * sizeof(struct _1193))
--[red_var_global]-->
Time 6: in function main, expression
<loc a> = <loc malloc>(4 * sizeof(struct _1193))
--[red_rvalof]-->
Time 7: in function main, expression
<loc a> = <ptr malloc>(4 * sizeof(struct _1193))
--[red_sizeof]-->
Time 8: in function main, expression <loc a> = <ptr malloc>(4 * 8U)
--[red_binop]-->
Time 9: in function main, expression <loc a> = <ptr malloc>(32U)
--[red_call]-->
Time 10: calling malloc(32)
--[step_external_function]-->
Time 11: returning <ptr>
--[step_returnstate]-->
Time 12: in function main, expression <loc a> = <ptr>
--[red_assign]-->
Time 13: in function main, expression <ptr>
--[step_do_2]-->
Time 14: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 15: in function main, statement
p1 = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U);
p3 = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U);
*p1 = 97;
*p3 = 33;
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 16: in function main, statement
p1 = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U);
--[step_do_1]-->
Time 17: in function main, expression
p1 = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U)
--[red_var_local]-->
Time 18: in function main, expression
<loc p1> = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U)
--[red_var_local]-->
Time 19: in function main, expression
<loc p1> = (signed char *) ((unsigned char *) . + 1 * sizeof(int) + 0U)
--[red_rvalof]-->
Time 20: in function main, expression
<loc p1> = (signed char *) ((unsigned char *) <ptr> + 1 * sizeof(int) + 0U)
--[red_cast]-->
Time 21: in function main, expression
<loc p1> = (signed char *) (<ptr> + 1 * sizeof(int) + 0U)
--[red_sizeof]-->
Time 22: in function main, expression
<loc p1> = (signed char *) (<ptr> + 1 * 4U + 0U)
--[red_binop]-->
Time 23: in function main, expression
<loc p1> = (signed char *) (<ptr> + 4U + 0U)
--[red_binop]-->
Time 24: in function main, expression <loc p1> = (signed char *) (<ptr> + 0U)
--[red_binop]-->
Time 25: in function main, expression <loc p1> = (signed char *) <ptr>
--[red_cast]-->
Time 26: in function main, expression <loc p1> = <ptr>
--[red_assign]-->
Time 27: in function main, expression <ptr>
--[step_do_2]-->
Time 28: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 29: in function main, statement
p3 = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U);
*p1 = 97;
*p3 = 33;
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 30: in function main, statement
p3 = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U);
--[step_do_1]-->
Time 31: in function main, expression
p3 = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U)
--[red_var_local]-->
Time 32: in function main, expression
<loc p3> = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U)
--[red_var_local]-->
Time 33: in function main, expression
<loc p3> = (int *) ((unsigned char *) . + 3 * sizeof(int) + 4U)
--[red_rvalof]-->
Time 34: in function main, expression
<loc p3> = (int *) ((unsigned char *) <ptr> + 3 * sizeof(int) + 4U)
--[red_cast]-->
Time 35: in function main, expression
<loc p3> = (int *) (<ptr> + 3 * sizeof(int) + 4U)
--[red_sizeof]-->
Time 36: in function main, expression
<loc p3> = (int *) (<ptr> + 3 * 4U + 4U)
--[red_binop]-->
Time 37: in function main, expression <loc p3> = (int *) (<ptr> + 12U + 4U)
--[red_binop]-->
Time 38: in function main, expression <loc p3> = (int *) (<ptr> + 4U)
--[red_binop]-->
Time 39: in function main, expression <loc p3> = (int *) <ptr>
--[red_cast]-->
Time 40: in function main, expression <loc p3> = <ptr>
--[red_assign]-->
Time 41: in function main, expression <ptr>
--[step_do_2]-->
Time 42: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 43: in function main, statement
*p1 = 97;
*p3 = 33;
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 44: in function main, statement *p1 = 97;
--[step_do_1]-->
Time 45: in function main, expression *p1 = 97
--[red_var_local]-->
Time 46: in function main, expression *<loc p1> = 97
--[red_rvalof]-->
Time 47: in function main, expression *<ptr> = 97
--[red_deref]-->
Time 48: in function main, expression <loc> = 97
--[red_assign]-->
Time 49: in function main, expression 97
--[step_do_2]-->
Time 50: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 51: in function main, statement
*p3 = 33;
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 52: in function main, statement *p3 = 33;
--[step_do_1]-->
Time 53: in function main, expression *p3 = 33
--[red_var_local]-->
Time 54: in function main, expression *<loc p3> = 33
--[red_rvalof]-->
Time 55: in function main, expression *<ptr> = 33
--[red_deref]-->
Time 56: in function main, expression <loc> = 33
--[red_assign]-->
Time 57: in function main, expression 33
--[step_do_2]-->
Time 58: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 59: in function main, statement
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 60: in function main, statement
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U);
--[step_do_1]-->
Time 61: in function main, expression
offset = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U)
--[red_var_local]-->
Time 62: in function main, expression
<loc offset> = (unsigned char *) p3 - 4U - ((unsigned char *) p1 - 0U)
--[red_var_local]-->
Time 63: in function main, expression
<loc offset> =
(unsigned char *) <loc p3> - 4U - ((unsigned char *) p1 - 0U)
--[red_rvalof]-->
Time 64: in function main, expression
<loc offset> = (unsigned char *) <ptr> - 4U - ((unsigned char *) p1 - 0U)
--[red_cast]-->
Time 65: in function main, expression
<loc offset> = <ptr> - 4U - ((unsigned char *) p1 - 0U)
--[red_binop]-->
Time 66: in function main, expression
<loc offset> = <ptr> - ((unsigned char *) p1 - 0U)
--[red_var_local]-->
Time 67: in function main, expression
<loc offset> = <ptr> - ((unsigned char *) <loc p1> - 0U)
--[red_rvalof]-->
Time 68: in function main, expression
<loc offset> = <ptr> - ((unsigned char *) <ptr> - 0U)
--[red_cast]-->
Time 69: in function main, expression <loc offset> = <ptr> - (<ptr> - 0U)
--[red_binop]-->
Time 70: in function main, expression <loc offset> = <ptr> - <ptr>
--[red_binop]-->
Time 71: in function main, expression <loc offset> = 8
--[red_assign]-->
Time 72: in function main, expression 8
--[step_do_2]-->
Time 73: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 74: in function main, statement
q1 = (unsigned char *) p1 - 0U;
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 75: in function main, statement q1 = (unsigned char *) p1 - 0U;
--[step_do_1]-->
Time 76: in function main, expression q1 = (unsigned char *) p1 - 0U
--[red_var_local]-->
Time 77: in function main, expression <loc q1> = (unsigned char *) p1 - 0U
--[red_var_local]-->
Time 78: in function main, expression
<loc q1> = (unsigned char *) <loc p1> - 0U
--[red_rvalof]-->
Time 79: in function main, expression <loc q1> = (unsigned char *) <ptr> - 0U
--[red_cast]-->
Time 80: in function main, expression <loc q1> = <ptr> - 0U
--[red_binop]-->
Time 81: in function main, expression <loc q1> = <ptr>
--[red_assign]-->
Time 82: in function main, expression <ptr>
--[step_do_2]-->
Time 83: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 84: in function main, statement
q3 = (unsigned char *) p1 - 0U + offset;
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 85: in function main, statement q3 = (unsigned char *) p1 - 0U + offset;
--[step_do_1]-->
Time 86: in function main, expression q3 = (unsigned char *) p1 - 0U + offset
--[red_var_local]-->
Time 87: in function main, expression
<loc q3> = (unsigned char *) p1 - 0U + offset
--[red_var_local]-->
Time 88: in function main, expression
<loc q3> = (unsigned char *) <loc p1> - 0U + offset
--[red_rvalof]-->
Time 89: in function main, expression
<loc q3> = (unsigned char *) <ptr> - 0U + offset
--[red_cast]-->
Time 90: in function main, expression <loc q3> = <ptr> - 0U + offset
--[red_binop]-->
Time 91: in function main, expression <loc q3> = <ptr> + offset
--[red_var_local]-->
Time 92: in function main, expression <loc q3> = <ptr> + <loc offset>
--[red_rvalof]-->
Time 93: in function main, expression <loc q3> = <ptr> + 8
--[red_binop]-->
Time 94: in function main, expression <loc q3> = <ptr>
--[red_assign]-->
Time 95: in function main, expression <ptr>
--[step_do_2]-->
Time 96: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 97: in function main, statement
q3i = q3 + 4U;
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 98: in function main, statement q3i = q3 + 4U;
--[step_do_1]-->
Time 99: in function main, expression q3i = q3 + 4U
--[red_var_local]-->
Time 100: in function main, expression <loc q3i> = q3 + 4U
--[red_var_local]-->
Time 101: in function main, expression <loc q3i> = <loc q3> + 4U
--[red_rvalof]-->
Time 102: in function main, expression <loc q3i> = <ptr> + 4U
--[red_binop]-->
Time 103: in function main, expression <loc q3i> = <ptr>
--[red_assign]-->
Time 104: in function main, expression <ptr>
--[step_do_2]-->
Time 105: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 106: in function main, statement
r1 = (signed char *) q1;
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 107: in function main, statement r1 = (signed char *) q1;
--[step_do_1]-->
Time 108: in function main, expression r1 = (signed char *) q1
--[red_var_local]-->
Time 109: in function main, expression <loc r1> = (signed char *) q1
--[red_var_local]-->
Time 110: in function main, expression <loc r1> = (signed char *) <loc q1>
--[red_rvalof]-->
Time 111: in function main, expression <loc r1> = (signed char *) <ptr>
--[red_cast]-->
Time 112: in function main, expression <loc r1> = <ptr>
--[red_assign]-->
Time 113: in function main, expression <ptr>
--[step_do_2]-->
Time 114: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 115: in function main, statement
r3 = (int *) q3i;
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 116: in function main, statement r3 = (int *) q3i;
--[step_do_1]-->
Time 117: in function main, expression r3 = (int *) q3i
--[red_var_local]-->
Time 118: in function main, expression <loc r3> = (int *) q3i
--[red_var_local]-->
Time 119: in function main, expression <loc r3> = (int *) <loc q3i>
--[red_rvalof]-->
Time 120: in function main, expression <loc r3> = (int *) <ptr>
--[red_cast]-->
Time 121: in function main, expression <loc r3> = <ptr>
--[red_assign]-->
Time 122: in function main, expression <ptr>
--[step_do_2]-->
Time 123: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 124: in function main, statement
printf(__stringlit_1, a, (void *) p3, (void *) r3);
if (memcmp(&p3, &r3, sizeof(int *)) == 0) {
*r3 = 11;
printf(__stringlit_2, (unsigned int) *., *., (unsigned int) *., *.);
}
return 0;
--[step_seq]-->
Time 125: in function main, statement
printf(__stringlit_1, a, (void *) p3, (void *) r3);
--[step_do_1]-->
Time 126: in function main, expression
printf(__stringlit_1, a, (void *) p3, (void *) r3)
--[red_var_global]-->
Time 127: in function main, expression
printf(<loc __stringlit_1>, a, (void *) p3, (void *) r3)
--[red_rvalof]-->
Time 128: in function main, expression
printf(<ptr __stringlit_1>, a, (void *) p3, (void *) r3)
--[red_var_local]-->
Time 129: in function main, expression
printf(<ptr __stringlit_1>, <loc a>, (void *) p3, (void *) r3)
--[red_rvalof]-->
Time 130: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, (void *) p3, (void *) r3)
--[red_var_local]-->
Time 131: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, (void *) <loc p3>, (void *) r3)
--[red_rvalof]-->
Time 132: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, (void *) <ptr>, (void *) r3)
--[red_cast]-->
Time 133: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) r3)
--[red_var_local]-->
Time 134: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) <loc r3>)
--[red_rvalof]-->
Time 135: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, (void *) <ptr>)
--[red_cast]-->
Time 136: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>)
Addresses: a=<67+0> p3=<67+16> r3=<67+16>
Stuck state: in function main, expression
printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>)
Addresses: a=<67+0> p3=<67+16> r3=<67+16>
Stuck subexpression: printf(<ptr __stringlit_1>, <ptr>, <ptr>, <ptr>)
ERROR: Undefined behavior
In file included from pointer_offset_from_subtraction_within_malloc_struct_1.c:1:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:68:
/usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings]
#warning "Unsupported compiler detected"
^
1 warning generated.
|