2 * This file is part of cparser.
3 * Copyright (C) 2007-2008 Matthias Braun <matze@braunis.de>
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
23 #include "format_check.h"
27 #include "diagnostic.h"
31 #include "lang_features.h"
33 typedef enum format_flag_t {
35 FMT_FLAG_HASH = 1U << 0,
36 FMT_FLAG_ZERO = 1U << 1,
37 FMT_FLAG_MINUS = 1U << 2,
38 FMT_FLAG_SPACE = 1U << 3,
39 FMT_FLAG_PLUS = 1U << 4,
40 FMT_FLAG_TICK = 1U << 5
43 typedef unsigned format_flags_t;
45 typedef enum format_length_modifier_t {
56 /* only in microsoft mode */
61 } format_length_modifier_t;
63 static const char* get_length_modifier_name(const format_length_modifier_t mod)
65 static const char* const names[] = {
76 /* only in microsoft mode */
79 [FMT_MOD_I32] = "I32",
82 assert(mod < sizeof(names) / sizeof(*names));
86 static void warn_invalid_length_modifier(const source_position_t *pos,
87 const format_length_modifier_t mod,
88 const wchar_rep_t conversion)
91 "invalid length modifier '%s' for conversion specifier '%%%c'",
92 get_length_modifier_name(mod), conversion
96 typedef struct vchar_t vchar_t;
98 const void *string; /**< the string */
99 size_t position; /**< current position */
100 size_t size; /**< size of the string */
102 /** return the first character of the string and setthe position to 0. */
103 unsigned (*first)(vchar_t *self);
104 /** return the next character of the string */
105 unsigned (*next)(vchar_t *self);
106 /** return non_zero if the given character is a digit */
107 int (*is_digit)(unsigned vchar);
110 static unsigned string_first(vchar_t *self) {
112 const string_t *string = self->string;
113 return string->begin[0];
116 static unsigned string_next(vchar_t *self) {
118 const string_t *string = self->string;
119 return string->begin[self->position];
122 static int string_isdigit(unsigned vchar) {
123 return isdigit(vchar);
126 static unsigned wstring_first(vchar_t *self) {
128 const wide_string_t *wstring = self->string;
129 return wstring->begin[0];
132 static unsigned wstring_next(vchar_t *self) {
134 const wide_string_t *wstring = self->string;
135 return wstring->begin[self->position];
138 static int wstring_isdigit(unsigned vchar) {
139 return iswdigit(vchar);
142 static bool atend(vchar_t *self) {
143 return self->position + 1 == self->size;
147 * Check printf-style format.
149 static void check_format_arguments(const call_argument_t *arg, unsigned idx_fmt,
152 /* find format arg */
154 for (; idx < idx_fmt; ++idx)
157 const expression_t *fmt_expr = arg->expression;
158 if (fmt_expr->kind == EXPR_UNARY_CAST_IMPLICIT) {
159 fmt_expr = fmt_expr->unary.value;
163 if (fmt_expr->kind == EXPR_WIDE_STRING_LITERAL) {
164 vchar.string = &fmt_expr->wide_string.value;
165 vchar.size = fmt_expr->wide_string.value.size;
166 vchar.first = wstring_first;
167 vchar.next = wstring_next;
168 vchar.is_digit = wstring_isdigit;
169 } else if (fmt_expr->kind == EXPR_STRING_LITERAL) {
170 vchar.string = &fmt_expr->string.value;
171 vchar.size = fmt_expr->string.value.size;
172 vchar.first = string_first;
173 vchar.next = string_next;
174 vchar.is_digit = string_isdigit;
178 /* find the real args */
179 for(; idx < idx_param; ++idx)
182 const source_position_t *pos = &fmt_expr->base.source_position;
183 unsigned fmt = vchar.first(&vchar);
184 unsigned num_fmt = 0;
185 for (; fmt != '\0'; fmt = vchar.next(&vchar)) {
188 fmt = vchar.next(&vchar);
195 format_flags_t fmt_flags = FMT_FLAG_NONE;
197 fmt = vchar.next(&vchar);
198 fmt_flags |= FMT_FLAG_ZERO;
201 /* argument selector or minimum field width */
202 if (vchar.is_digit(fmt)) {
204 fmt = vchar.next(&vchar);
205 } while (vchar.is_digit(fmt));
207 /* digit string was ... */
209 /* ... argument selector */
210 fmt_flags = FMT_FLAG_NONE; /* reset possibly set 0-flag */
214 /* ... minimum field width */
220 case '#': flag = FMT_FLAG_HASH; break;
221 case '0': flag = FMT_FLAG_ZERO; break;
222 case '-': flag = FMT_FLAG_MINUS; break;
223 case '\'': flag = FMT_FLAG_TICK; break;
226 if (fmt_flags & FMT_FLAG_PLUS) {
227 warningf(pos, "' ' is overridden by prior '+' in conversion specification %u", num_fmt);
229 flag = FMT_FLAG_SPACE;
233 if (fmt_flags & FMT_FLAG_SPACE) {
234 warningf(pos, "'+' overrides prior ' ' in conversion specification %u", num_fmt);
236 flag = FMT_FLAG_PLUS;
239 default: goto break_fmt_flags;
241 if (fmt_flags & flag) {
242 warningf(pos, "repeated flag '%c' in conversion specification %u", (char)fmt, num_fmt);
245 fmt = vchar.next(&vchar);
249 /* minimum field width */
251 fmt = vchar.next(&vchar);
253 warningf(pos, "missing argument for '*' field width in conversion specification %u", num_fmt);
256 const type_t *const arg_type = arg->expression->base.type;
257 if (arg_type != type_int) {
258 warningf(pos, "argument for '*' field width in conversion specification %u is not an 'int', but an '%T'", num_fmt, arg_type);
262 while (vchar.is_digit(fmt)) {
263 fmt = vchar.next(&vchar);
270 fmt = vchar.next(&vchar);
272 fmt = vchar.next(&vchar);
274 warningf(pos, "missing argument for '*' precision in conversion specification %u", num_fmt);
277 const type_t *const arg_type = arg->expression->base.type;
278 if (arg_type != type_int) {
279 warningf(pos, "argument for '*' precision in conversion specification %u is not an 'int', but an '%T'", num_fmt, arg_type);
283 /* digit string may be omitted */
284 while (vchar.is_digit(fmt)) {
285 fmt = vchar.next(&vchar);
290 /* length modifier */
291 format_length_modifier_t fmt_mod;
294 fmt = vchar.next(&vchar);
296 fmt = vchar.next(&vchar);
297 fmt_mod = FMT_MOD_hh;
304 fmt = vchar.next(&vchar);
306 fmt = vchar.next(&vchar);
307 fmt_mod = FMT_MOD_ll;
313 case 'L': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_L; break;
314 case 'j': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_j; break;
315 case 't': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_t; break;
316 case 'z': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_z; break;
317 case 'q': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_q; break;
321 fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_w;
323 fmt_mod = FMT_MOD_NONE;
328 fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_I;
330 fmt = vchar.next(&vchar);
332 fmt = vchar.next(&vchar);
333 fmt_mod = FMT_MOD_I32;
338 } else if (fmt == '6') {
339 fmt = vchar.next(&vchar);
341 fmt = vchar.next(&vchar);
342 fmt_mod = FMT_MOD_I64;
349 fmt_mod = FMT_MOD_NONE;
353 fmt_mod = FMT_MOD_NONE;
358 warningf(pos, "dangling %% in format string");
362 type_t *expected_type;
363 type_qualifiers_t expected_qual = TYPE_QUALIFIER_NONE;
364 format_flags_t allowed_flags;
369 case FMT_MOD_NONE: expected_type = type_int; break;
370 case FMT_MOD_hh: expected_type = type_int; break; /* TODO promoted signed char */
371 case FMT_MOD_h: expected_type = type_int; break; /* TODO promoted short */
372 case FMT_MOD_l: expected_type = type_long; break;
373 case FMT_MOD_ll: expected_type = type_long_long; break;
374 case FMT_MOD_j: expected_type = type_intmax_t; break;
375 case FMT_MOD_z: expected_type = type_ssize_t; break;
376 case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
377 case FMT_MOD_I: expected_type = type_ptrdiff_t; break;
378 case FMT_MOD_I32: expected_type = type_int32; break;
379 case FMT_MOD_I64: expected_type = type_int64; break;
382 warn_invalid_length_modifier(pos, fmt_mod, fmt);
385 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_SPACE | FMT_FLAG_PLUS | FMT_FLAG_ZERO;
391 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_HASH | FMT_FLAG_ZERO;
392 goto eval_fmt_mod_unsigned;
395 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_ZERO;
396 eval_fmt_mod_unsigned:
398 case FMT_MOD_NONE: expected_type = type_unsigned_int; break;
399 case FMT_MOD_hh: expected_type = type_int; break; /* TODO promoted unsigned char */
400 case FMT_MOD_h: expected_type = type_int; break; /* TODO promoted unsigned short */
401 case FMT_MOD_l: expected_type = type_unsigned_long; break;
402 case FMT_MOD_ll: expected_type = type_unsigned_long_long; break;
403 case FMT_MOD_j: expected_type = type_uintmax_t; break;
404 case FMT_MOD_z: expected_type = type_size_t; break;
405 case FMT_MOD_t: expected_type = type_uptrdiff_t; break;
406 case FMT_MOD_I: expected_type = type_size_t; break;
407 case FMT_MOD_I32: expected_type = type_unsigned_int32; break;
408 case FMT_MOD_I64: expected_type = type_unsigned_int64; break;
411 warn_invalid_length_modifier(pos, fmt_mod, fmt);
425 case FMT_MOD_l: /* l modifier is ignored */
426 case FMT_MOD_NONE: expected_type = type_double; break;
427 case FMT_MOD_L: expected_type = type_long_double; break;
430 warn_invalid_length_modifier(pos, fmt_mod, fmt);
433 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_SPACE | FMT_FLAG_PLUS | FMT_FLAG_HASH | FMT_FLAG_ZERO;
437 if (fmt_mod != FMT_MOD_NONE) {
438 warn_invalid_length_modifier(pos, fmt_mod, fmt);
441 expected_type = type_wchar_t;
442 allowed_flags = FMT_FLAG_NONE;
446 expected_type = type_int;
448 case FMT_MOD_NONE: expected_type = type_int; break; /* TODO promoted char */
449 case FMT_MOD_l: expected_type = type_wint_t; break;
450 case FMT_MOD_w: expected_type = type_wchar_t; break;
453 warn_invalid_length_modifier(pos, fmt_mod, fmt);
456 allowed_flags = FMT_FLAG_NONE;
460 if (fmt_mod != FMT_MOD_NONE) {
461 warn_invalid_length_modifier(pos, fmt_mod, fmt);
464 expected_type = type_wchar_t_ptr;
465 expected_qual = TYPE_QUALIFIER_CONST;
466 allowed_flags = FMT_FLAG_MINUS;
471 case FMT_MOD_NONE: expected_type = type_char_ptr; break;
472 case FMT_MOD_l: expected_type = type_wchar_t_ptr; break;
473 case FMT_MOD_w: expected_type = type_wchar_t_ptr; break;
476 warn_invalid_length_modifier(pos, fmt_mod, fmt);
479 expected_qual = TYPE_QUALIFIER_CONST;
480 allowed_flags = FMT_FLAG_MINUS;
484 if (fmt_mod != FMT_MOD_NONE) {
485 warn_invalid_length_modifier(pos, fmt_mod, fmt);
488 expected_type = type_void_ptr;
489 allowed_flags = FMT_FLAG_NONE;
494 case FMT_MOD_NONE: expected_type = type_int_ptr; break;
495 case FMT_MOD_hh: expected_type = type_signed_char_ptr; break;
496 case FMT_MOD_h: expected_type = type_short_ptr; break;
497 case FMT_MOD_l: expected_type = type_long_ptr; break;
498 case FMT_MOD_ll: expected_type = type_long_long_ptr; break;
499 case FMT_MOD_j: expected_type = type_intmax_t_ptr; break;
500 case FMT_MOD_z: expected_type = type_ssize_t_ptr; break;
501 case FMT_MOD_t: expected_type = type_ptrdiff_t_ptr; break;
504 warn_invalid_length_modifier(pos, fmt_mod, fmt);
507 allowed_flags = FMT_FLAG_NONE;
511 warningf(pos, "encountered unknown conversion specifier '%%%C' at position %u", (wint_t)fmt, num_fmt);
515 format_flags_t wrong_flags = fmt_flags & ~allowed_flags;
516 if (wrong_flags != 0) {
519 if (wrong_flags & FMT_FLAG_HASH) wrong[idx++] = '#';
520 if (wrong_flags & FMT_FLAG_ZERO) wrong[idx++] = '0';
521 if (wrong_flags & FMT_FLAG_MINUS) wrong[idx++] = '-';
522 if (wrong_flags & FMT_FLAG_SPACE) wrong[idx++] = ' ';
523 if (wrong_flags & FMT_FLAG_PLUS) wrong[idx++] = '+';
524 if (wrong_flags & FMT_FLAG_TICK) wrong[idx++] = '\'';
527 warningf(pos, "invalid format flags \"%s\" in conversion specification %%%c at position %u", wrong, fmt, num_fmt);
531 warningf(pos, "too few arguments for format string");
535 { /* create a scope here to prevent warning about the jump to next_arg */
536 type_t *const arg_type = arg->expression->base.type;
537 type_t *const arg_skip = skip_typeref(arg_type);
538 type_t *const expected_type_skip = skip_typeref(expected_type);
539 if (is_type_pointer(expected_type_skip)) {
540 if (is_type_pointer(arg_skip)) {
541 type_t *const exp_to = skip_typeref(expected_type_skip->pointer.points_to);
542 type_t *const arg_to = skip_typeref(arg_skip->pointer.points_to);
543 if ((arg_to->base.qualifiers & ~expected_qual) == 0 &&
544 get_unqualified_type(arg_to) == exp_to) {
549 if (get_unqualified_type(arg_skip) == expected_type_skip) {
553 if (is_type_valid(arg_skip)) {
555 "argument type '%T' does not match conversion specifier '%%%s%c' at position %u",
556 arg_type, get_length_modifier_name(fmt_mod), (char)fmt, num_fmt);
562 if (!atend(&vchar)) {
563 warningf(pos, "format string contains NUL");
566 unsigned num_args = num_fmt;
567 while (arg != NULL) {
571 warningf(pos, "%u argument%s but only %u format string%s",
572 num_args, num_args != 1 ? "s" : "",
573 num_fmt, num_fmt != 1 ? "s" : "");
577 static const struct {
579 format_kind_t fmt_kind;
582 } builtin_table[] = {
583 { "printf", FORMAT_PRINTF, 0, 1 },
584 { "wprintf", FORMAT_PRINTF, 0, 1 },
585 { "sprintf", FORMAT_PRINTF, 1, 2 },
586 { "swprintf", FORMAT_PRINTF, 1, 2 },
587 { "snprintf", FORMAT_PRINTF, 2, 3 },
588 { "snwprintf", FORMAT_PRINTF, 2, 3 },
589 { "fprintf", FORMAT_PRINTF, 1, 2 },
590 { "fwprintf", FORMAT_PRINTF, 1, 2 },
591 { "snwprintf", FORMAT_PRINTF, 2, 3 },
592 { "snwprintf", FORMAT_PRINTF, 2, 3 },
594 { "scanf", FORMAT_SCANF, 0, 1 },
595 { "wscanf", FORMAT_SCANF, 0, 1 },
596 { "sscanf", FORMAT_SCANF, 1, 2 },
597 { "swscanf", FORMAT_SCANF, 1, 2 },
598 { "fscanf", FORMAT_SCANF, 1, 2 },
599 { "fwscanf", FORMAT_SCANF, 1, 2 },
601 { "strftime", FORMAT_STRFTIME, 3, 4 },
602 { "wcstrftime", FORMAT_STRFTIME, 3, 4 },
604 { "strfmon", FORMAT_STRFMON, 3, 4 },
607 { "_snprintf", FORMAT_PRINTF, 2, 3 },
608 { "_snwprintf", FORMAT_PRINTF, 2, 3 },
609 { "_scrintf", FORMAT_PRINTF, 0, 1 },
610 { "_scwprintf", FORMAT_PRINTF, 0, 1 },
611 { "printf_s", FORMAT_PRINTF, 0, 1 },
612 { "wprintf_s", FORMAT_PRINTF, 0, 1 },
613 { "sprintf_s", FORMAT_PRINTF, 3, 4 },
614 { "swprintf_s", FORMAT_PRINTF, 3, 4 },
615 { "fprintf_s", FORMAT_PRINTF, 1, 2 },
616 { "fwprintf_s", FORMAT_PRINTF, 1, 2 },
617 { "_sprintf_l", FORMAT_PRINTF, 1, 3 },
618 { "_swprintf_l", FORMAT_PRINTF, 1, 3 },
619 { "_printf_l", FORMAT_PRINTF, 0, 2 },
620 { "_wprintf_l", FORMAT_PRINTF, 0, 2 },
621 { "_fprintf_l", FORMAT_PRINTF, 1, 3 },
622 { "_fwprintf_l", FORMAT_PRINTF, 1, 3 },
623 { "_printf_s_l", FORMAT_PRINTF, 0, 2 },
624 { "_wprintf_s_l", FORMAT_PRINTF, 0, 2 },
625 { "_sprintf_s_l", FORMAT_PRINTF, 3, 5 },
626 { "_swprintf_s_l", FORMAT_PRINTF, 3, 5 },
627 { "_fprintf_s_l", FORMAT_PRINTF, 1, 3 },
628 { "_fwprintf_s_l", FORMAT_PRINTF, 1, 3 },
631 void check_format(const call_expression_t *const call)
636 const expression_t *const func_expr = call->function;
637 if (func_expr->kind != EXPR_REFERENCE)
640 const entity_t *const entity = func_expr->reference.entity;
641 const call_argument_t * arg = call->arguments;
644 /* the declaration has a GNU format attribute, check it */
647 * For some functions we always check the format, even if it was not specified.
648 * This allows to check format even in MS mode or without header included.
650 const char *const name = entity->base.symbol->string;
651 for(size_t i = 0; i < sizeof(builtin_table) / sizeof(builtin_table[0]); ++i) {
652 if(strcmp(name, builtin_table[i].name) == 0) {
653 if(builtin_table[i].fmt_kind == FORMAT_PRINTF) {
654 check_format_arguments(arg,
655 builtin_table[i].fmt_idx,
656 builtin_table[i].arg_idx);