Example: pointer_from_integer_2.c

up: index
prev: pointer_from_integer_1i.c
next: pointer_from_integer_2g.c

1
2
3
4
5
6
7
8
9
10
11
12
13

    #include <stdio.h>
    #include <stdint.h>
    #include "charon_address_guesses.h"
    void f() {
      uintptr_t i=ADDRESS_PFI_2;
      int *p = (int*)i;
      *p=7;
    }
    int main() {
      int j=5;
      f();
      printf("j=%d\n",j); 
    }
[link to run test in Cerberus]

Experimental data (what does this mean?) 



cerberus-concrete-PVI Undefined behaviour: the operand of the unary '*' operator has an invalid value at 7:3-5


cerberus-concrete-PNVI j=7


gcc-8.1-O0 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


gcc-8.1-O2 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


gcc-8.1-O3 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


gcc-8.1-O2-no-strict-aliasing exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


gcc-8.1-O3-no-strict-aliasing exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


clang-6.0-O0 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


clang-6.0-O2 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


clang-6.0-O3 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


clang-6.0-O2-no-strict-aliasing exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


clang-6.0-O3-no-strict-aliasing exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


clang-6.0-UBSAN exit codes: compile 0 / execute 1
pointer_from_integer_2.c:7:3: runtime error: store to misaligned address 0x00000000002a for type 'int', which requires 4 byte alignment
0x00000000002a: note: pointer points here
<memory cannot be printed>
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==14846==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x00000000002a (pc 0x000000420ca0 bp 0x000000420cc0 sp 0x7fffffffdbf0 T14846)
==14846==The signal is caused by a WRITE memory access.
==14846==Hint: address points to the zero page.
    #0 0x420c9f in main (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-UBSAN.out+0x420c9f)
    #1 0x7ffff6ee582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #2 0x4029c8 in _start (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-UBSAN.out+0x4029c8)

UndefinedBehaviorSanitizer can not provide additional info.
==14846==ABORTING


clang-6.0-ASAN exit codes: compile 0 / execute 1
AddressSanitizer:DEADLYSIGNAL
=================================================================
==14860==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002a (pc 0x0000004e71fc bp 0x0000004e7270 sp 0x7fffffffdbf0 T0)
==14860==The signal is caused by a WRITE memory access.
==14860==Hint: address points to the zero page.
    #0 0x4e71fb in main (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-ASAN.out+0x4e71fb)
    #1 0x7ffff6ee582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #2 0x419d78 in _start (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-ASAN.out+0x419d78)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-ASAN.out+0x4e71fb) in main
==14860==ABORTING


clang-6.0-MSAN exit codes: compile 0 / execute 77
MemorySanitizer:DEADLYSIGNAL
==14874==ERROR: MemorySanitizer: SEGV on unknown address 0x00000000002a (pc 0x00000048db81 bp 0x00000048dc00 sp 0x7fffffffdbf0 T14874)
==14874==The signal is caused by a WRITE memory access.
==14874==Hint: address points to the zero page.
    #0 0x48db80 in main (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-MSAN.out+0x48db80)
    #1 0x7ffff6ee582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #2 0x41a728 in _start (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-MSAN.out+0x41a728)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV (/local/scratch/pes20/repos/rsem/csem/charon2/pointer_from_integer_2.c.clang-6.0-MSAN.out+0x48db80) in main
==14874==ABORTING


icc-19-O0 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


icc-19-O2 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


icc-19-O3 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


icc-19-O2-no-strict-aliasing exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


icc-19-O3-no-strict-aliasing exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


compcert-3.4 exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


compcert-3.4-O exit codes: compile 0 / execute 139
Segmentation fault (core dumped)


kcc-1.0 exit codes: compile 0 / execute 139
Conversion from an integer to non-null pointer:
      > in f at pointer_from_integer_2.c:6:3
        in main at pointer_from_integer_2.c:11:3

    Implementation defined behavior (IMPL-CCV13):
        see C11 section 6.3.2.3:5 http://rvdoc.org/C11/6.3.2.3
        see CERT section INT36-C http://rvdoc.org/CERT/INT36-C