Example: provenance_lost_escape_2.c

#include <stdio.h>
#include <string.h>
#include <stdint.h>
int x=1;
int main() {
int *p = &x; // assume allocated at 0x601038
uintptr_t i1 = (intptr_t)p; // value 0x601038 provenance x
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
uintptr_t i4 = i3 + 0x601038; // value 0x601038 provenance x
int *q = (int *)i4;
printf("Addresses: p=%p\n",(void*)p);
if (memcmp(&i1, &i4, sizeof(i1)) == 0) {
*q = 11; // does this have defined behaviour?
printf("x=%d *p=%d *q=%d\n",x,*p,*q);
}
return 0;
}
[link to test in Cerberus and Compiler Explorer]

Experimental data (what does this mean?) SOURCES MISMATCH

gcc-8.1-O0 Addresses: p=0x600a50
gcc-8.1-O2 Addresses: p=0x6009a8
gcc-8.1-O3 Addresses: p=0x6009a8
gcc-8.1-O2-no-strict-aliasing Addresses: p=0x6009a8
gcc-8.1-O3-no-strict-aliasing Addresses: p=0x6009a8
clang-6.0-O0 Addresses: p=0x601038
x=11 *p=11 *q=11
clang-6.0-O2 Addresses: p=0x601038
x=11 *p=11 *q=11
clang-6.0-O3 Addresses: p=0x601038
x=11 *p=11 *q=11
clang-6.0-O2-no-strict-aliasing Addresses: p=0x601038
x=11 *p=11 *q=11
clang-6.0-O3-no-strict-aliasing Addresses: p=0x601038
x=11 *p=11 *q=11
clang-6.0-UBSAN Addresses: p=0x631b50
clang-6.0-ASAN Addresses: p=0x716b60
clang-6.0-MSAN Addresses: p=0x6b7af0
icc-19-O0 Addresses: p=0x600b70
icc-19-O2 Addresses: p=0x6046c0
icc-19-O3 Addresses: p=0x6046c0
icc-19-O2-no-strict-aliasing Addresses: p=0x6046c0
icc-19-O3-no-strict-aliasing Addresses: p=0x6046c0
cerberus-concrete BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "Addresses: p=<5>:60\n", blocked: "false"}
END EXEC[0]
Time spent: 0.040279 seconds
cerberus-symbolic 
gcc-4.9-shadowprov Addresses: p=0x414148
CHERI:MIPS-O0 Addresses: p=0x30020
CHERI:MIPS-O2 Addresses: p=0x30020
CHERI:MIPS-O2-no-strict-aliasing Addresses: p=0x30020
CHERI:CHERI-O0-uintcap-addr-exact-equals provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-uintcap-addr-exact-equals provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O0-uintcap-offset-exact-equals provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-uintcap-offset-exact-equals provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O0-uintcap-addr provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-uintcap-addr provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O0-uintcap-offset provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-uintcap-offset provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset provenance_lost_escape_2.c:8:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i2 = i1 & 0x00000000FFFFFFFF; //
~~ ^ ~~~~~~~~~~~~~~~~~~
provenance_lost_escape_2.c:9:21: warning: using bitwise and on capability types may give surprising results; if this is an alignment check use __builtin_{is_aligned,align_up,align_down}(); if you are operating on integer values only consider using size_t/vaddr_t; if you are attempting to store data in the low pointer bits use the cheri_{get,set,clear}_low_ptr_bits() macros. [-Wcheri-bitwise-operations]
uintptr_t i3 = i2 & 0xFFFFFFFF00000000; // value 0x0, provenance x
~~ ^ ~~~~~~~~~~~~~~~~~~
2 warnings generated.
Addresses: p=0x120020010
compcert-3.2 Addresses: p=0x601040
compcert-3.2-O Addresses: p=0x601040