ABCDEFGHIJKLMNOPQ
1
testallowed behaviourobserved behavioursound w.r.t P*VI? (relying on UB or ND?)
2
cerb (simple alloc)gcc-8.1clang-6icc-19compcert-3.4RV-matchRV-match (wrt ISO C11)
3
test family
PVIPNVI
PVI = PNVI ?
PVIPNVIPVIPNVIPVIPNVIPVIPNVIPVIPNVI
4
1provenance_basic_global_xy.cUBUByesUBUBy (n)y (n)y (n)y (n)y (y for O2+)y (y for O2+)y (n)y (n)UByes
5
provenance_basic_global_yx.cUBUByesnot triggerednot triggeredy (y for O2+)y (y for O2+)y (n)y (n)y (n)y (n)y (n)y (n)UByes
6
provenance_basic_auto_xy.cUBUByesUBUBy (n)y (n)y (n)y (n)y (y for O2+)y (y for O2+)y (n)y (n)UByes
7
provenance_basic_auto_yx.cUBUByesnot triggerednot triggeredy (n)y (n)y (n)y (n)y (y for O2+)y (y for O2+)y (n)y (n)UByes
8
2cheri_03_ii.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes
9
3
pointer_offset_from_ptr_subtraction_global_xy.c
UB (ptrdiff)UB (ptrdiff)yesUB (ptrdiff)UB (ptrdiff)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes
10
pointer_offset_from_ptr_subtraction_global_yx.c
UB (ptrdiff)UB (ptrdiff)yesUB (ptrdiff)UB (ptrdiff)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes
11
pointer_offset_from_ptr_subtraction_auto_xy.c
UB (ptrdiff)UB (ptrdiff)yesUB (ptrdiff)UB (ptrdiff)y (n)y (n)y (n)y (n)y (y for O2+)y (y for O2+)y (n)y (n)UByes
12
pointer_offset_from_ptr_subtraction_auto_yx.c
UB (ptrdiff)UB (ptrdiff)yesUB (ptrdiff)UB (ptrdiff)y (n)y (n)y (n)y (n)y (y for O2+)y (y for O2+)y (n)y (n)UByes
13
4provenance_equality_global_xy.cdefined NDdefined NDyesdefined ND (triggered)defined ND (triggered)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedyes
14
provenance_equality_global_yx.cdefined NDdefined NDyesnot triggerednot triggeredy (y for O2+)y (y for O2+)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedyes
15
provenance_equality_auto_xy.cdefined NDdefined NDyesdefined ND (triggered)defined ND (triggered)y (y for O2+)y (y for O2+)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedyes
16
provenance_equality_auto_yx.cdefined NDdefined NDyesnot triggerednot triggeredy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedyes
17
provenance_equality_global_fn_xy.cdefined NDdefined NDyesdefined ND (triggered)defined ND (triggered)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedyes
18
provenance_equality_global_fn_yx.cdefined NDdefined NDyesnot triggerednot triggeredy (y for O2+)y (y for O2+)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedyes
19
5provenance_roundtrip_via_intptr_t.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)warn impl-defyes
20
6
provenance_basic_using_uintptr_t_global_xy.c
UBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (y for O2+)n (y)y (n)y (n)UByes
21
provenance_basic_using_uintptr_t_global_yx.c
UBdefinednonot triggerednot triggeredy (y for O2+)n (y)y (n)y (n)y (n)y (n)y (n)y (n)UByes
22
provenance_basic_using_uintptr_t_auto_xy.c
UBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (y for O2+)n (y)y (n)y (n)UByes
23
provenance_basic_using_uintptr_t_auto_yx.c
UBdefinednonot triggerednot triggeredy (n)y (n)y (n)y (n)y (y for O2+)n (y)y (n)y (n)UByes
24
7
pointer_offset_from_int_subtraction_global_xy.c
UBdefinednoUBdefined (triggered)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UB
yes, but claims "pointer diff" in integer world is UB + gives some UB in stdlib header (memcmp)
25
pointer_offset_from_int_subtraction_global_yx.c
UBdefinednoUBdefined (triggered)y (n)y (n)y(n)y(n)y(n)y(n)y (n)y (n)UB
yes, but claims "pointer diff" in integer world is UB + gives some UB in stdlib header (memcmp)
26
pointer_offset_from_int_subtraction_auto_xy.c
UBdefinednoUBdefined (triggered)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UB
yes, but claims "pointer diff" in integer world is UB + gives some UB in stdlib header (memcmp)
27
pointer_offset_from_int_subtraction_auto_yx.c
UBdefinednoUBdefined (triggered)y (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UB
yes, but claims "pointer diff" in integer world is UB + gives some UB in stdlib header (memcmp)
28
8pointer_offset_xor_global.cUBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes, but claims "r" is a null pointer
29
pointer_offset_xor_auto.cUBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes, but claims "r" is a null pointer
30
9provenance_tag_bits_via_uintptr_t_1.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)warn impl-defyes
31
10
pointer_arith_algebraic_properties_2_global.c
defineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)warn impl-defyes
32
11
pointer_arith_algebraic_properties_3_global.c
UBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes
33
12pointer_copy_memcpy.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)definedyes
34
13
pointer_copy_user_dataflow_direct_bytewise.c
defineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)definedyes
35
14pointer_copy_user_ctrlflow_bytewise.cUBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)UByes
36
15pointer_copy_user_ctrlflow_bitwise.cUBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)
impl-def, followed by segfault of kcc
NO: segfault before giving an UB
37
16provenance_equality_uintptr_t_global_xy.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedshould be implementation-defined not unspecified value or behaviour
38
provenance_equality_uintptr_t_global_yx.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedshould be implementation-defined not unspecified value or behaviour
39
provenance_equality_uintptr_t_auto_xy.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedshould be implementation-defined not unspecified value or behaviour
40
provenance_equality_uintptr_t_auto_yx.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)y (n)y (n)y (n)unspecifiedshould be implementation-defined not unspecified value or behaviour
41
17provenance_union_punning_2_global_xy.cUBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (y for O2+)n (y)y (n)y (n)UByes
42
provenance_union_punning_2_global_yx.cUBdefinednonot triggerednot triggeredy (y for O2+)n (y)y (n)y (n)y (n)y (n)y (n)y (n)UByes
43
provenance_union_punning_2_auto_xy.cUBdefinednoUBdefinedy (n)y (n)y (n)y (n)y (y for O2+)n (y)y (n)y (n)UByes
44
provenance_union_punning_2_auto_yx.cUBdefinednonot triggerednot triggeredy (n)y (n)y (n)y (n)y (y for O2+)n (y)y (n)y (n)UByes
45
18provenance_via_io_percentp_global.cfilesystem and scanf() are not currently supported by CerberusNO OPTNO OPTNO OPTNO OPTNO OPTNO OPTNO OPTNO OPT
UB ("execution failed" but not segfault)
yes
46
19provenance_via_io_bytewise_global.cNO OPTNO OPTNO OPTNO OPTNO OPTNO OPTNO OPTNO OPTUByes
47
20provenance_via_io_uintptr_t_global.cUB
48
21pointer_from_integer_1pg.cUBUByesUBUBy (y for O0+)y (y for O0+)y (y for O2+)y (y for O2+)y (y for O2+)y (y for O2+)y (y for O)y (y for O)
can't get the right address, so no data
49
22pointer_from_integer_1ig.cUBdefinednoUBdefinedy (y for O2+)n (y)y (y for O2+)n (y)y (y for O2+)n (y)y (y for O)n (y)
can't get the right address, so no data
50
23pointer_from_integer_1p.cUBUByesUBUBcan't test with charon
impl-def, followed by segfault of kcc
NO: segfault before giving an UB
51
24pointer_from_integer_1i.cUBUByesUB
defined (only one allocator)
can't test with charon
impl-def, followed by segfault of kcc
NO: segfault before giving an UB
52
25pointer_from_integer_2.cUBUByesUB
defined (only one allocator)
can't test with charon
impl-def, followed by segfault of kcc
NO: segfault before giving an UB
53
26pointer_from_integer_2g.cUBdefinednoUBdefinedy (n)y (n)y (y for O2+)n (y)y (n)y (n)y (y for O)n (y)
can't get the right address, so no data
54
27provenance_lost_escape_1.cdefineddefinedyesdefineddefinedy (n)y (n)y (n)y (n)y (n)n (y)y (n)y (n)UB + unknown errormaybe a bug, but warn about that possiblity