Example: provenance_basic_using_uintptr_t_auto_xy.c

up: index
prev: provenance_basic_using_uintptr_t_global_yx.c
next: provenance_basic_using_uintptr_t_auto_yx.c

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

    #include <stdio.h>
    #include <string.h> 
    #include <stdint.h>
    #include <inttypes.h>
    int main() {
      int x=1, y=2;
      uintptr_t ux = (uintptr_t)&x;
      uintptr_t uy = (uintptr_t)&y;
      uintptr_t offset = 4;
      ux = ux + offset;
      int *p = (int *)ux; // does this have undefined behaviour?
      int *q = &y;
      printf("Addresses: &x=%p p=%p &y=%"PRIxPTR\
             "\n",(void*)&x,(void*)p,uy);
      if (memcmp(&p, &q, sizeof(p)) == 0) {
        *p = 11; // does this have undefined behaviour?
        printf("x=%d  y=%d  *p=%d  *q=%d\n",x,y,*p,*q); 
      }
    }
[link to run test in Cerberus]

Experimental data (what does this mean?) 



cerberus-concrete-PVI Undefined behaviour: out of bounds pointer at memory store at 16:5-12


cerberus-concrete-PNVI Addresses: &x=(@5, 0x50) p=(@6, 0x54) &y=54
x=1  y=11  *p=11  *q=11


gcc-8.1-O0 Addresses: &x=0x7fffffffe704 p=0x7fffffffe708 &y=7fffffffe700


gcc-8.1-O2 Addresses: &x=0x7fffffffe708 p=0x7fffffffe70c &y=7fffffffe70c
x=1  y=11  *p=11  *q=11


gcc-8.1-O3 Addresses: &x=0x7fffffffe708 p=0x7fffffffe70c &y=7fffffffe70c
x=1  y=11  *p=11  *q=11


gcc-8.1-O2-no-strict-aliasing Addresses: &x=0x7fffffffe6d8 p=0x7fffffffe6dc &y=7fffffffe6dc
x=1  y=11  *p=11  *q=11


gcc-8.1-O3-no-strict-aliasing Addresses: &x=0x7fffffffe6d8 p=0x7fffffffe6dc &y=7fffffffe6dc
x=1  y=11  *p=11  *q=11


clang-6.0-O0 Addresses: &x=0x7fffffffe708 p=0x7fffffffe70c &y=7fffffffe704


clang-6.0-O2 Addresses: &x=0x7fffffffe700 p=0x7fffffffe704 &y=7fffffffe704
x=1  y=11  *p=11  *q=11


clang-6.0-O3 Addresses: &x=0x7fffffffe700 p=0x7fffffffe704 &y=7fffffffe704
x=1  y=11  *p=11  *q=11


clang-6.0-O2-no-strict-aliasing Addresses: &x=0x7fffffffe6e0 p=0x7fffffffe6e4 &y=7fffffffe6e4
x=1  y=11  *p=11  *q=11


clang-6.0-O3-no-strict-aliasing Addresses: &x=0x7fffffffe6e0 p=0x7fffffffe6e4 &y=7fffffffe6e4
x=1  y=11  *p=11  *q=11


clang-6.0-UBSAN Addresses: &x=0x7fffffffe700 p=0x7fffffffe704 &y=7fffffffe704
x=1  y=11  *p=11  *q=11


clang-6.0-ASAN Addresses: &x=0x7fffffffe660 p=0x7fffffffe664 &y=7fffffffe670


clang-6.0-MSAN Addresses: &x=0x7fffffffe6e0 p=0x7fffffffe6e4 &y=7fffffffe6e4
x=1  y=11  *p=11  *q=11


icc-19-O0 Addresses: &x=0x7fffffffe6d0 p=0x7fffffffe6d4 &y=7fffffffe6d4
x=1  y=11  *p=11  *q=11


icc-19-O2 Addresses: &x=0x6046c0 p=0x6046c4 &y=6046c4
x=1  y=2  *p=11  *q=11


icc-19-O3 Addresses: &x=0x6046c0 p=0x6046c4 &y=6046c4
x=1  y=2  *p=11  *q=11


icc-19-O2-no-strict-aliasing Addresses: &x=0x6046c0 p=0x6046c4 &y=6046c4
x=1  y=2  *p=11  *q=11


icc-19-O3-no-strict-aliasing Addresses: &x=0x6046c0 p=0x6046c4 &y=6046c4
x=1  y=2  *p=11  *q=11


compcert-3.4 Addresses: &x=0x7fffffffe6b8 p=0x7fffffffe6bc &y=7fffffffe6bc
x=1  y=11  *p=11  *q=11


compcert-3.4-O Addresses: &x=0x7fffffffe6b8 p=0x7fffffffe6bc &y=7fffffffe6bc
x=1  y=11  *p=11  *q=11


kcc-1.0 Addresses: &x=(nil) p=(nil) &y=0
x=1  y=2  *p=0  *q=2
Conversion from an integer to non-null pointer:
      > in main at provenance_basic_using_uintptr_t_auto_xy.c:11:3

    Implementation defined behavior (IMPL-CCV13):
        see C11 section 6.3.2.3:5 http://rvdoc.org/C11/6.3.2.3
        see CERT section INT36-C http://rvdoc.org/CERT/INT36-C

Printing an unspecified value:
      > in printf at provenance_basic_using_uintptr_t_auto_xy.c:13:3
        in main at provenance_basic_using_uintptr_t_auto_xy.c:13:3

    Unspecified value or behavior (USP-STDIO2):
        see C11 section 7.21.6.1:8 http://rvdoc.org/C11/7.21.6.1

Comparison of unspecified value:
      > in memcmp at /opt/rv-match/c-semantics/profiles/x86_64-linux-gcc-glibc/src/string.c:180:13
        in main at provenance_basic_using_uintptr_t_auto_xy.c:15:3

    Unspecified value or behavior (USP-CERL7):
        see C11 section 6.5.9 http://rvdoc.org/C11/6.5.9
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Dereferencing a pointer past the end of an array:
      > in main at provenance_basic_using_uintptr_t_auto_xy.c:16:5

    Undefined behavior (UB-CER4):
        see C11 section 6.5.6:8 http://rvdoc.org/C11/6.5.6
        see C11 section J.2:1 items 47 and 49 http://rvdoc.org/C11/J.2
        see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
        see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
        see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
        see MISRA-C section 8.18:1 http://rvdoc.org/MISRA-C/8.18
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Trying to write outside the bounds of an object:
      > in main at provenance_basic_using_uintptr_t_auto_xy.c:16:5

    Undefined behavior (UB-EIO2):
        see C11 section 6.5.6:8 http://rvdoc.org/C11/6.5.6
        see C11 section J.2:1 items 47 and 49 http://rvdoc.org/C11/J.2
        see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
        see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
        see CERT-C section MEM35-C http://rvdoc.org/CERT-C/MEM35-C
        see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Dereferencing a pointer past the end of an array:
      > in main at provenance_basic_using_uintptr_t_auto_xy.c:17:5

    Undefined behavior (UB-CER4):
        see C11 section 6.5.6:8 http://rvdoc.org/C11/6.5.6
        see C11 section J.2:1 items 47 and 49 http://rvdoc.org/C11/J.2
        see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
        see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
        see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
        see MISRA-C section 8.18:1 http://rvdoc.org/MISRA-C/8.18
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Reading outside the bounds of an object:
      > in main at provenance_basic_using_uintptr_t_auto_xy.c:17:5

    Undefined behavior (UB-EIO7):
        see C11 section 6.3.2.1:1 http://rvdoc.org/C11/6.3.2.1
        see C11 section J.2:1 item 19 http://rvdoc.org/C11/J.2
        see CERT-C section ARR30-C http://rvdoc.org/CERT-C/ARR30-C
        see CERT-C section ARR37-C http://rvdoc.org/CERT-C/ARR37-C
        see CERT-C section STR31-C http://rvdoc.org/CERT-C/STR31-C
        see CERT-C section STR32-C http://rvdoc.org/CERT-C/STR32-C
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1

Indeterminate value used in an expression:
      > in main at provenance_basic_using_uintptr_t_auto_xy.c:17:5

    Undefined behavior (UB-CEE2):
        see C11 section 6.2.4 http://rvdoc.org/C11/6.2.4
        see C11 section 6.7.9 http://rvdoc.org/C11/6.7.9
        see C11 section 6.8 http://rvdoc.org/C11/6.8
        see C11 section J.2:1 item 11 http://rvdoc.org/C11/J.2
        see CERT-C section EXP33-C http://rvdoc.org/CERT-C/EXP33-C
        see MISRA-C section 8.9:1 http://rvdoc.org/MISRA-C/8.9
        see MISRA-C section 8.1:3 http://rvdoc.org/MISRA-C/8.1