Example: provenance_roundtrip_via_unsigned_long.c

#include <stdio.h>
int x=1;
int main() {
int *p = &x;
unsigned long i = (unsigned long)p;
int *q = (int *)i;
*q = 11; // is this free of undefined behaviour?
printf("*p=%d *q=%d\n",*p,*q);
}
[link to test in Cerberus and Compiler Explorer]

Experimental data (what does this mean?)

gcc-8.1-O0 *p=11 *q=11
gcc-8.1-O2 *p=11 *q=11
gcc-8.1-O3 *p=11 *q=11
gcc-8.1-O2-no-strict-aliasing *p=11 *q=11
gcc-8.1-O3-no-strict-aliasing *p=11 *q=11
clang-6.0-O0 *p=11 *q=11
clang-6.0-O2 *p=11 *q=11
clang-6.0-O3 *p=11 *q=11
clang-6.0-O2-no-strict-aliasing *p=11 *q=11
clang-6.0-O3-no-strict-aliasing *p=11 *q=11
clang-6.0-UBSAN *p=11 *q=11
clang-6.0-ASAN *p=11 *q=11
clang-6.0-MSAN *p=11 *q=11
icc-19-O0 *p=11 *q=11
icc-19-O2 *p=11 *q=11
icc-19-O3 *p=11 *q=11
icc-19-O2-no-strict-aliasing *p=11 *q=11
icc-19-O3-no-strict-aliasing *p=11 *q=11
cerberus-concrete BEGIN EXEC[0]
Defined {value: "Specified(0)", stdout: "*p=11 *q=11\n", blocked: "false"}
END EXEC[0]
Time spent: 0.023920 seconds
cerberus-symbolic BEGIN EXEC[0]
Undefined [other_location(Core parser)]{id: [DUMMY(rev_listFromStr_aux)]}
END EXEC[0]
BEGIN EXEC[1]
Killed {msg: Memory WIP: casting a pointer to unsigned long, but the type is too small}
END EXEC[1]
Time spent: 0.070679 seconds
gcc-4.9-shadowprov *p=11 *q=11
CHERI:MIPS-O0 *p=11 *q=11
CHERI:MIPS-O2 *p=11 *q=11
CHERI:MIPS-O2-no-strict-aliasing *p=11 *q=11
CHERI:CHERI-O0-uintcap-addr-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-uintcap-addr-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O0-uintcap-offset-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-uintcap-offset-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset-exact-equals exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O0-uintcap-addr exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-uintcap-addr exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-no-strict-aliasing-uintcap-addr exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O0-uintcap-offset exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-uintcap-offset exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
CHERI:CHERI-O2-no-strict-aliasing-uintcap-offset exit codes: compile 0 / execute -1 Terminated with signal 34: In-address space security exceptionprovenance_roundtrip_via_unsigned_long.c:6:12: warning: cast from provenance-free integer type to pointer type will give pointer that can not be dereferenced. [-Wcheri-capability-misuse]
int *q = (int *)i;
^
provenance_roundtrip_via_unsigned_long.c:6:12: note: insert cast to intptr_t to silence this warning
1 warning generated.
RV-Match *p=11 *q=11
Conversion from an integer to non-null pointer:
> in main at provenance_roundtrip_via_unsigned_long.c:6:3

Implementation defined behavior (IMPL-CCV13):
see C11 section 6.3.2.3:5 http://rvdoc.org/C11/6.3.2.3
see CERT section INT36-C http://rvdoc.org/CERT/INT36-C

ch2o Fatal error: exception Main.CH2O_error("cast or initializer cannot be typed")
Raised at file "bytes.ml", line 220, characters 25-34
Called from file "bytes.ml", line 248, characters 15-34
compcert-3.2 *p=11 *q=11
compcert-3.2-O *p=11 *q=11
compcert-3.2-interp Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
p = &x;
i = (unsigned int) p;
q = (int *) i;
*q = 11;
printf(__stringlit_1, *p, *q);
return 0;
--[step_seq]-->
Time 2: in function main, statement
p = &x;
i = (unsigned int) p;
q = (int *) i;
*q = 11;
printf(__stringlit_1, *p, *q);
--[step_seq]-->
Time 3: in function main, statement p = &x;
--[step_do_1]-->
Time 4: in function main, expression p = &x
--[red_var_local]-->
Time 5: in function main, expression <loc p> = &x
--[red_var_global]-->
Time 6: in function main, expression <loc p> = &<loc x>
--[red_addrof]-->
Time 7: in function main, expression <loc p> = <ptr x>
--[red_assign]-->
Time 8: in function main, expression <ptr x>
--[step_do_2]-->
Time 9: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 10: in function main, statement
i = (unsigned int) p;
q = (int *) i;
*q = 11;
printf(__stringlit_1, *p, *q);
--[step_seq]-->
Time 11: in function main, statement i = (unsigned int) p;
--[step_do_1]-->
Time 12: in function main, expression i = (unsigned int) p
--[red_var_local]-->
Time 13: in function main, expression <loc i> = (unsigned int) p
--[red_var_local]-->
Time 14: in function main, expression <loc i> = (unsigned int) <loc p>
--[red_rvalof]-->
Time 15: in function main, expression <loc i> = (unsigned int) <ptr x>
--[red_cast]-->
Time 16: in function main, expression <loc i> = <ptr x>
--[red_assign]-->
Time 17: in function main, expression <ptr x>
--[step_do_2]-->
Time 18: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 19: in function main, statement
q = (int *) i; *q = 11; printf(__stringlit_1, *p, *q);
--[step_seq]-->
Time 20: in function main, statement q = (int *) i;
--[step_do_1]-->
Time 21: in function main, expression q = (int *) i
--[red_var_local]-->
Time 22: in function main, expression <loc q> = (int *) i
--[red_var_local]-->
Time 23: in function main, expression <loc q> = (int *) <loc i>
--[red_rvalof]-->
Time 24: in function main, expression <loc q> = (int *) <ptr x>
--[red_cast]-->
Time 25: in function main, expression <loc q> = <ptr x>
--[red_assign]-->
Time 26: in function main, expression <ptr x>
--[step_do_2]-->
Time 27: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 28: in function main, statement *q = 11; printf(__stringlit_1, *p, *q);
--[step_seq]-->
Time 29: in function main, statement *q = 11;
--[step_do_1]-->
Time 30: in function main, expression *q = 11
--[red_var_local]-->
Time 31: in function main, expression *<loc q> = 11
--[red_rvalof]-->
Time 32: in function main, expression *<ptr x> = 11
--[red_deref]-->
Time 33: in function main, expression <loc x> = 11
--[red_assign]-->
Time 34: in function main, expression 11
--[step_do_2]-->
Time 35: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 36: in function main, statement printf(__stringlit_1, *p, *q);
--[step_do_1]-->
Time 37: in function main, expression printf(__stringlit_1, *p, *q)
--[red_var_global]-->
Time 38: in function main, expression printf(<loc __stringlit_1>, *p, *q)
--[red_rvalof]-->
Time 39: in function main, expression printf(<ptr __stringlit_1>, *p, *q)
--[red_var_local]-->
Time 40: in function main, expression
printf(<ptr __stringlit_1>, *<loc p>, *q)
--[red_rvalof]-->
Time 41: in function main, expression
printf(<ptr __stringlit_1>, *<ptr x>, *q)
--[red_deref]-->
Time 42: in function main, expression
printf(<ptr __stringlit_1>, <loc x>, *q)
--[red_rvalof]-->
Time 43: in function main, expression printf(<ptr __stringlit_1>, 11, *q)
--[red_var_local]-->
Time 44: in function main, expression
printf(<ptr __stringlit_1>, 11, *<loc q>)
--[red_rvalof]-->
Time 45: in function main, expression
printf(<ptr __stringlit_1>, 11, *<ptr x>)
--[red_deref]-->
Time 46: in function main, expression
printf(<ptr __stringlit_1>, 11, <loc x>)
--[red_rvalof]-->
Time 47: in function main, expression printf(<ptr __stringlit_1>, 11, 11)
*p=11 *q=11
Time 47: observable event: extcall printf(& __stringlit_1, 11,
11) -> 13
--[red_builtin]-->
Time 48: in function main, expression 13
--[step_do_2]-->
Time 49: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 50: in function main, statement return 0;
--[step_return_1]-->
Time 51: in function main, expression 0
--[step_return_2]-->
Time 52: returning 0
Time 52: program terminated (exit code = 0)
In file included from provenance_roundtrip_via_unsigned_long.c:1:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:68:
/usr/include/sys/cdefs.h:81:2: warning: "Unsupported compiler detected" [-W#warnings]
#warning "Unsupported compiler detected"
^
1 warning generated.