ISO/IEC TS 6010:2025

Technical
Specification
ISO/IEC TS 6010
First edition
Programming languages — C — A
2025-05
provenance-aware memory object
model for C
Langages de programmation — C — Modèle d’objet mémoire
sensible à la provenance pour C
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
ISO/IECDTS6010:2025(en)
Contents
1 Scope 1
2 Normativereferences 1
3 Termsanddefinitions 1
4 Environment 2
4.1 Executionenvironments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4.2 Sizesofintegertypes . . . . . . . . . . . . . . . . . . . . . . . 2
5 Language 3
5.1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5.1.1 Storagedurationsandobjectlifetimes . . . . . . . . . . . . . . . . . 3
5.1.2 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5.1.3 Representationoftypes . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.2 Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.2.1 Lvalues,arraysandfunctiondesignators . . . . . . . . . . . . . . . 6
5.2.2 Pointers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.2.3 Stringliterals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.3 Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.3.1 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.3.2 Postfixoperators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.3.3 Addressandindirectionoperators . . . . . . . . . . . . . . . . . . . 9
5.3.4 Additiveoperators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.3.5 Relationaloperators . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.3.6 Equalityoperators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.3.7 Assignmentoperators . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.3.8 Declarations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.3.9 Structureandunionspecifiers . . . . . . . . . . . . . . . . . . . . . . 11
5.3.10 Arraydeclarations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.3.11 Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.4 Statementsandblocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.4.1 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.4.2 Theswitchstatement . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.5 Externaldefinitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.5.1 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.5.2 Functiondefinitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6 Library 12
©ISO/IEC2025–Allrightsreserved
iii
ISO/IECDTS6010:2025(en)
6.1 Useoflibraryfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6.2 Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

6.3 Thelongjmpfunction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.4 Thesignalfunction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.5 Variablearguments . . . . . . . . . . . . . . . . . . . . . . . . 14
6.6 Atomics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.6.1 TheATOMIC_VAR_INITmacro . . . . . . . . . . . . . . . . . . . . 14
6.6.2 Atomicflagtypeandoperations . . . . . . . . . . . . . . . . . . . . . 14
6.7 Integertypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.7.1 Integertypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.7.2 Macrosforintegerconstants . . . . . . . . . . . . . . . . . . . . . . . 15
6.8 Input/output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.8.1 Streams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.8.2 Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.8.3 Fileaccessfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6.8.4 Directioninput/outputfunctions . . . . . . . . . . . . . . . . . . . . 16
6.9 Generalutilities . . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.9.1 Storagemanagementfunctions . . . . . . . . . . . . . . . . . . . . . 17
6.9.2 Multibyte/widecharacterconversionfunctions. . . . . . . . . . . 18
6.10 Stringhandling . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.10.1 Copyingfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.10.2 Thestrxfrmfunction . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.11 Threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.11.1 Thetss_createfunction . . . . . . . . . . . . . . . . . . . . . . . . 18
6.11.2 Thetss_setfunction . . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.12 Thestrftimefunction,Dateandtime . . . . . . . . . . . . . 19
6.13 Extendedmultibyteandwidecharacterutilities. . . . . . . 19
6.13.1 Thefwprintffunction. . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.13.2 Thefwscanffunction . . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.13.3 Thefgetwsfunction . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.13.4 Thewcsxfrmfunction . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.13.5 Thewcsftimefunction. . . . . . . . . . . . . . . . . . . . . . . . . . 20
AnnexA(informative)Portabilityissues 21
AnnexB(informative)Boundscheckinginterfaces 22
AnnexC(informative)Analyzability 23
Index 24
©ISO/IEC2025–Allrightsreserved
iv
ISO/IECDTS6010:2025(en)
Foreword
ISO(theInternationalOrganizationforStandardization)andIEC(theInternational
Electrotechnical Commission) form the specialized system for worldwide
standardization. National bodies that are members of ISO or IEC participate in
thedevelopmentofInternationalStandardsthroughtechnicalcommitteesestablished
bytherespectiveorganizationtodealwithparticularfieldsoftechnicalactivity.ISOand
IECtechnicalcommitteescollaborateinfieldsofmutualinterest. Otherinternational
organizations,governmentalandnon-governmental,inliaisonwithISOandIEC,also
takepartinthework.
The procedures used to develop this document and those intended for its further
maintenancearedescribedintheISO/IECDirectives,Part1. Inparticular,thedifferent
approval criteria needed for the different types of document should be noted. This
documentwasdraftedinaccordancewiththeeditorialrulesoftheISO/IECDirectives,
Part2(seewww.iso.org/directivesorwww.iec.ch/members_experts/refdocs).
ISOandIECdrawattentiontothepossibilitythattheimplementationofthisdocument
may involve the use of (a) patent(s). ISO and IEC take no position concerning the
evidence,validityorapplicabilityofanyclaimedpatentrightsinrespectthereof. As
ofthedateofpublicationofthisdocument,ISOandIEChadnotreceivednoticeof(a)
patent(s)whichmayberequiredtoimplementthisdocument. However,implementers
arecautionedthatthismaynotrepresentthelatestinformation,whichmaybeobtained
fromthepatentdatabaseavailableatwww.iso.org/patentsandhttps://patents.iec.ch.
ISOandIECshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.
Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusers
anddoesnotconstituteanendorsement.
Foranexplanationofthevoluntarynatureofstandards,themeaningofISOspecific
terms and expressions related to conformity assessment, as well as information
about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html. In the IEC,
seewww.iec.ch/understanding-standards.
ThisdocumentwaspreparedbyJointTechnicalCommitteeISO/IECJTC1,Information
technology, Subcommittee SC 22, Programming languages, their environments and
systemsoftwareinterfaces.
Any feedback or questions on this document should be directed to the user’s
national standards body. A complete listing of these bodies can be found at
www.iso.org/members.htmlandwww.iec.ch/national-committees.
©ISO/IEC2025–Allrightsreserved
v
ISO/IECDTS6010:2025(en)
Introduction
TheresolutionofDR260confirmedtheconceptofprovenanceofpointers,introducedas
meanstotrackanddistinguishpointervaluesthatrepresentstorageinstanceswiththe
sameaddress. Implementationsstartedtousethatconceptinoptimisationsrelyingon
provenance-basedaliasanalysis,withoutiteverbeingclearlyorformallydefined,and
withoutitbeingintegratedconsistentlywiththerestoftheCstandard. Thisdocument
providesasolutionforthis:aprovenance-awarememoryobjectmodelforCtoputC
programmersandimplementersonasolidfootinginthisregard.
In addition to this document, https://cerberus.cl.cam.ac.uk/cerberus provides an
executableversionofthesemantics,withawebinterfacethatallowsonetoexplore
andvisualisethebehaviourofsmalltestprograms.
Thisdocumentdoesnotaddresssubobjectprovenance.
©ISO/IEC2025–Allrightsreserved
vi
ISO/IECDTS6010:2025(en)
1 Scope
Thisdocumentspecifiestheformandestablishestheinterpretationofprogramswritten
intheCprogramminglanguage. Itisnotacompletespecificationofthatlanguagebut
builds upon ISO/IEC 9899:2018 by constraining and clarifying the Memory Object
Model.
2 Normativereferences
Thefollowingdocumentsarereferredtointhetextinsuchawaythatsomeorallof
theircontentconstitutesrequirementsofthisdocument. Fordatedreferences,only
theeditioncitedapplies.Forundatedreferences,thelatesteditionofthereferenced
document(includinganyamendments)applies.
ISO/IEC9899:2018,Programminglanguages–C
ISO80000–2,Quantitiesandunits—Part2: Mathematicalsignsandsymbolsto
beusedinthenaturalsciencesandtechnology.
3 Termsanddefinitions
For the purposes of this document, the terms and definitions given in ISO/IEC
9899:2018andthefollowingapply.
ISOandIECmaintainterminologydatabasesforuseinstandardizationatthefollowing
addresses:
– ISOOnlinebrowsingplatform: availableathttps://www.iso.org/obp/ui
– IECElectropedia: availableathttps://www.electropedia.org/
3.1
pointerprovenance
provenance
entity that is associated to a pointer value in the abstract machine, which is either
empty,ortheidentityofastorageinstance
3.2
storageinstance
storageinstance
inclusion-maximalregionofdatastorageintheexecutionenvironmentthatiscreated
wheneitheranobjectdefinitionoranallocationisencountered
Note1toentry: Storageinstancesarecreatedanddestroyedwhenspecificlanguageconstructs(ISO/IEC
9899:2018,6.2.4)aremetduringprogramexecution,includingprogramstartup,orwhenspecificlibrary
functions(ISO/IEC9899:2018,7.22.3)arecalled.
©ISO/IEC2025–Allrightsreserved
ISO/IECDTS6010:2025(en)
Note 2 to entry: It is possible that a storage instance does not have a memory address and is not
accessiblefromallthreadsofexecution.

Note3toentry: Storageinstanceshaveidentitieswhichareuniqueacrosstheprogramexecution.
Note4toentry: Astorageinstancewithamemoryaddressoccupiesaregionofzeroormorebytesof
contiguousdatastorageintheexecutionenvironment.
Note5toentry: Oneormoreobjectscanberepresentedwithinthesamestorageinstance,suchas
twosubobjectswithinanobjectofstructuretype,twoconst-qualifiedcompoundliteralswithidentical
objectrepresentation,ortwostringliteralswhereoneistheterminalcharactersequenceoftheother.
3.3
indeterminaterepresentation
object representation that either represents an unspecified value or is a non-value
representation
Note1toentry: Thisitemisadaptedfromtheterm"indeterminatevalue"(ISO/IEC9899:2018,3.19.2)
3.4
unspecifiedvalue
valid value of the relevant type where this document imposes no requirements on
whichvalueischoseninanyinstance
[SOURCE:ISO/IEC9899:2018,3.19.3,modified-Note1toentryhasbeenremoved.]
3.5
non-valuerepresentation
objectrepresentationthatdoesnotrepresentavalueoftheobjecttype
Note 1 to entry: This term was adapted from the term "trap representation" (ISO/IEC 9899:2018,
3.19.4)
4 Environment
4.1 Executionenvironments
The requirements in ISO/IEC 9899:2818, 5.1.2.3 shall apply in addition to the
following. For the purposes of this document, when processing of the abstract
machine is interrupted by the receipt of a signal, the representation of any object
modified by the handler that is neither a lock-free atomic object nor of type
volatile sig_atomic_tbecomesindeterminatewhenthehandlerexits.
4.2 Sizesofintegertypes
TherequirementsinISO/IEC9899:2018,5.2.4.2.1shallapply. Inadditionifthevalue
and promoted type is in the range of the type intmax_t (for a signed type) or
uintmax_t(foranunsignedtype),seeISO/IEC9899:2018,7.20.1.5,theexpression
©ISO/IEC2025–Allrightsreserved
ISO/IECDTS6010:2025(en)
shallbesuitableforusein#ifpreprocessingdirectives.

5 Language
5.1 Concepts
5.1.1 Storagedurationsandobjectlifetimes
ForthepurposesofthisdocumenttherequirementsfromISO/IEC9899:2018,6.2.4
shall applyin additionto thefollowing. Thelifetime ofan objecthas astart andan
end, which both constitute side effects in the abstract machine, and is the set of all
evaluationsthatoccurduringexecution.Anobjectexists,hasastorageinstancethat
1) 2)
isguaranteedtobereservedforit, hasaconstantaddress, ifany,andretainsits
3)
last-storedvaluethroughoutitslifetime.
Thelifetimeofanobjectisdeterminedbyitsstorageduration. Therearefourstorage
durations: static,thread,automatic,andallocated. Allocatedstorageanditsduration
aredescribedinISO/IEC9899:2018,7.22.3.
For the purposes of this document storage duration applies to an object’s storage
instance. Storageinstancesforstringliteralsandsomecompoundliteralshavestatic
4)
storageduration. Thereisadistinctinstanceoftheobjectanddistinctassociated
storageinstanceper
...