ghost2.c

Example: ghost2.c

    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include "capprint.h"
    
    int main()
    {
        int x=42;
        int y;
        int *p0 = &x;
        int **p1 = malloc(sizeof(int*));
        *p1 = &y;
        
        fprintf(stderr,"Destination before %" PTR_FMT "\n", sptr((void*)*p1));
        memcpy(p1,&p0,sizeof(int*)-1);
    
        fprintf(stderr,"Source %" PTR_FMT "\n", sptr((void*)p0));
        fprintf(stderr,"Destination after %" PTR_FMT "\n", sptr((void*)*p1));
    
        fprintf(stderr,"Value: %d\n",**p1);
    }

cerberus-cheri-no-pnvi cerberus-cheri-revocation-no-pnvi cerberus-cheri-cornucopia-no-pnvi exit codes: compile 0 / execute 1 Undefined {ub: "UB_CHERI_UndefinedTag", loc: "<20:36--20:40>"} Destination before (@disabled, 0xffffe6ec [rwRW,0xffffe6ec-0xffffe6f0]) Source (@disabled, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4]) Destination after (@disabled, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4] (notag)) cerberus-cheri cerberus-cheri-revocation cerberus-cheri-cornucopia exit codes: compile 0 / execute 1 Undefined {ub: "UB_CHERI_UndefinedTag", loc: "<20:36--20:40>"} Destination before (@84, 0xffffe6ec [rwRW,0xffffe6ec-0xffffe6f0]) Source (@83, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4]) Destination after (@83, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4] (notag)) clang-riscv-O3-bounds-subobject-safe exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register cs2. 0x0000000000102184 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000102184 in main () at tests/cheri/ghost2.c:20 x = <optimized out> p0 = <optimized out> p1 = <optimized out> y = <optimized out> Destination before 0x3fffdffef8 [rwRW,0x3fffdffef8-0x3fffdffefc] Source 0x3fffdffefc [rwRW,0x3fffdffefc-0x3fffdfff00] Destination after 0x3fffdffefc [rwRW,0x3fffdffefc-0x3fffdfff00] (invalid) clang-riscv-O0-bounds-subobject-safe clang-riscv-O0-bounds-aggressive clang-riscv-O0-bounds-very-aggressive clang-riscv-O0-bounds-everywhere-unsafe exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register ca2. 0x0000000000102176 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000102176 in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] p1 = 0x40a1d000 [rwRW,0x40a1d000-0x40a1d010] Destination before 0x3fffdfff68 [rwRW,0x3fffdfff68-0x3fffdfff6c] Source 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] Destination after 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] (invalid) clang-riscv-O3-bounds-conservative exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register cs2. 0x00000000001021aa in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x00000000001021aa in main () at tests/cheri/ghost2.c:20 x = <optimized out> p0 = <optimized out> p1 = <optimized out> y = <optimized out> Destination before 0x3fffdfff08 [rwRW,0x3fffdfff08-0x3fffdfff0c] Source 0x3fffdfff0c [rwRW,0x3fffdfff0c-0x3fffdfff10] Destination after 0x3fffdfff0c [rwRW,0x3fffdfff0c-0x3fffdfff10] (invalid) clang-riscv-O0-bounds-conservative clang-riscv-O0-bounds-references-only exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register ca1. 0x000000000010211e in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x000000000010211e in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] p1 = 0x40a1d000 [rwRW,0x40a1d000-0x40a1d010] Destination before 0x3fffdfff68 [rwRW,0x3fffdfff68-0x3fffdfff6c] Source 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] Destination after 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] (invalid) clang-morello-O3-bounds-subobject-safe exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. 0x00000000001111c4 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x00000000001111c4 in main () at tests/cheri/ghost2.c:20 x = 42 p0 = <optimized out> p1 = <optimized out> y = 0 Destination before 0xfffffff7fec8 [rwRW,0xfffffff7fec8-0xfffffff7fecc] Source 0xfffffff7fecc [rwRW,0xfffffff7fecc-0xfffffff7fed0] Destination after 0xfffffff7fecc [rwRW,0xfffffff7fecc-0xfffffff7fed0] (invalid) clang-morello-O0-bounds-subobject-safe clang-morello-O0-bounds-aggressive clang-morello-O0-bounds-very-aggressive clang-morello-O0-bounds-everywhere-unsafe exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. 0x0000000000110fc0 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000110fc0 in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] p1 = 0x40c1d000 [rwRW,0x40c1d000-0x40c1d010] Destination before 0xfffffff7ff58 [rwRW,0xfffffff7ff58-0xfffffff7ff5c] Source 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] Destination after 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] (invalid) clang-morello-O3-bounds-conservative exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 main () at tests/cheri/ghost2.c:20 x = 42 p0 = <optimized out> p1 = <optimized out> y = 2000746272 Destination before 0xfffffff7fef8 [rwRW,0xfffffff7fef8-0xfffffff7fefc] Source 0xfffffff7fefc [rwRW,0xfffffff7fefc-0xfffffff7ff00] Destination after 0xfffffff7fefc [rwRW,0xfffffff7fefc-0xfffffff7ff00] (invalid) clang-morello-O0-bounds-conservative clang-morello-O0-bounds-references-only exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. 0x0000000000110f68 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000110f68 in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] p1 = 0x40c1d000 [rwRW,0x40c1d000-0x40c1d010] Destination before 0xfffffff7ff58 [rwRW,0xfffffff7ff58-0xfffffff7ff5c] Source 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] Destination after 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] (invalid) gcc-morello-O3 exit codes: compile 0 / execute 137 Destination before 0x7fffffcc [rwRW,0x7fffffcc-0x7fffffd0] Source 0x7fffffc8 [rwRW,0x7fffffc8-0x7fffffcc] Destination after 0x7fffffc8 [rwRW,0x7fffffc8-0x7fffffcc] (invalid) gcc-morello-O0 exit codes: compile 0 / execute 137 Destination before 0x7fffffc8 [rwRW,0x7fffffc8-0x7fffffcc] Source 0x7fffffcc [rwRW,0x7fffffcc-0x7fffffd0] Destination after 0x7fffffcc [rwRW,0x7fffffcc-0x7fffffd0] (invalid)

cerberus-cheri-no-pnvi cerberus-cheri-revocation-no-pnvi cerberus-cheri-cornucopia-no-pnvi		exit codes: compile 0 / execute 1 Undefined {ub: "UB_CHERI_UndefinedTag", loc: "<20:36--20:40>"} Destination before (@disabled, 0xffffe6ec [rwRW,0xffffe6ec-0xffffe6f0]) Source (@disabled, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4]) Destination after (@disabled, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4] (notag))

cerberus-cheri cerberus-cheri-revocation cerberus-cheri-cornucopia		exit codes: compile 0 / execute 1 Undefined {ub: "UB_CHERI_UndefinedTag", loc: "<20:36--20:40>"} Destination before (@84, 0xffffe6ec [rwRW,0xffffe6ec-0xffffe6f0]) Source (@83, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4]) Destination after (@83, 0xffffe6f0 [rwRW,0xffffe6f0-0xffffe6f4] (notag))

clang-riscv-O3-bounds-subobject-safe		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register cs2. 0x0000000000102184 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000102184 in main () at tests/cheri/ghost2.c:20 x = <optimized out> p0 = <optimized out> p1 = <optimized out> y = <optimized out> Destination before 0x3fffdffef8 [rwRW,0x3fffdffef8-0x3fffdffefc] Source 0x3fffdffefc [rwRW,0x3fffdffefc-0x3fffdfff00] Destination after 0x3fffdffefc [rwRW,0x3fffdffefc-0x3fffdfff00] (invalid)

clang-riscv-O0-bounds-subobject-safe clang-riscv-O0-bounds-aggressive clang-riscv-O0-bounds-very-aggressive clang-riscv-O0-bounds-everywhere-unsafe		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register ca2. 0x0000000000102176 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000102176 in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] p1 = 0x40a1d000 [rwRW,0x40a1d000-0x40a1d010] Destination before 0x3fffdfff68 [rwRW,0x3fffdfff68-0x3fffdfff6c] Source 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] Destination after 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] (invalid)

clang-riscv-O3-bounds-conservative		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register cs2. 0x00000000001021aa in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x00000000001021aa in main () at tests/cheri/ghost2.c:20 x = <optimized out> p0 = <optimized out> p1 = <optimized out> y = <optimized out> Destination before 0x3fffdfff08 [rwRW,0x3fffdfff08-0x3fffdfff0c] Source 0x3fffdfff0c [rwRW,0x3fffdfff0c-0x3fffdfff10] Destination after 0x3fffdfff0c [rwRW,0x3fffdfff0c-0x3fffdfff10] (invalid)

clang-riscv-O0-bounds-conservative clang-riscv-O0-bounds-references-only		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault caused by register ca1. 0x000000000010211e in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x000000000010211e in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] p1 = 0x40a1d000 [rwRW,0x40a1d000-0x40a1d010] Destination before 0x3fffdfff68 [rwRW,0x3fffdfff68-0x3fffdfff6c] Source 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] Destination after 0x3fffdfff6c [rwRW,0x3fffdfff6c-0x3fffdfff70] (invalid)

clang-morello-O3-bounds-subobject-safe		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. 0x00000000001111c4 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x00000000001111c4 in main () at tests/cheri/ghost2.c:20 x = 42 p0 = <optimized out> p1 = <optimized out> y = 0 Destination before 0xfffffff7fec8 [rwRW,0xfffffff7fec8-0xfffffff7fecc] Source 0xfffffff7fecc [rwRW,0xfffffff7fecc-0xfffffff7fed0] Destination after 0xfffffff7fecc [rwRW,0xfffffff7fecc-0xfffffff7fed0] (invalid)

clang-morello-O0-bounds-subobject-safe clang-morello-O0-bounds-aggressive clang-morello-O0-bounds-very-aggressive clang-morello-O0-bounds-everywhere-unsafe		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. 0x0000000000110fc0 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000110fc0 in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] p1 = 0x40c1d000 [rwRW,0x40c1d000-0x40c1d010] Destination before 0xfffffff7ff58 [rwRW,0xfffffff7ff58-0xfffffff7ff5c] Source 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] Destination after 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] (invalid)

clang-morello-O3-bounds-conservative		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 main () at tests/cheri/ghost2.c:20 x = 42 p0 = <optimized out> p1 = <optimized out> y = 2000746272 Destination before 0xfffffff7fef8 [rwRW,0xfffffff7fef8-0xfffffff7fefc] Source 0xfffffff7fefc [rwRW,0xfffffff7fefc-0xfffffff7ff00] Destination after 0xfffffff7fefc [rwRW,0xfffffff7fefc-0xfffffff7ff00] (invalid)

clang-morello-O0-bounds-conservative clang-morello-O0-bounds-references-only		exit codes: compile 0 / execute 1 Program received signal SIGPROT, CHERI protection violation. Capability tag fault. 0x0000000000110f68 in main () at tests/cheri/ghost2.c:20 20 fprintf(stderr,"Value: %d\n",**p1); #0 0x0000000000110f68 in main () at tests/cheri/ghost2.c:20 x = 42 y = 0 p0 = 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] p1 = 0x40c1d000 [rwRW,0x40c1d000-0x40c1d010] Destination before 0xfffffff7ff58 [rwRW,0xfffffff7ff58-0xfffffff7ff5c] Source 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] Destination after 0xfffffff7ff5c [rwRW,0xfffffff7ff5c-0xfffffff7ff60] (invalid)

gcc-morello-O3		exit codes: compile 0 / execute 137 Destination before 0x7fffffcc [rwRW,0x7fffffcc-0x7fffffd0] Source 0x7fffffc8 [rwRW,0x7fffffc8-0x7fffffcc] Destination after 0x7fffffc8 [rwRW,0x7fffffc8-0x7fffffcc] (invalid)

gcc-morello-O0		exit codes: compile 0 / execute 137 Destination before 0x7fffffc8 [rwRW,0x7fffffc8-0x7fffffcc] Source 0x7fffffcc [rwRW,0x7fffffcc-0x7fffffd0] Destination after 0x7fffffcc [rwRW,0x7fffffcc-0x7fffffd0] (invalid)

Example: ghost2.c

Example: `ghost2.c`