1 // FormatString.cpp - Common stuff for handling printf/scanf formats -*- C++ -*-
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Shared details for processing format strings of printf and scanf
13 //===----------------------------------------------------------------------===//
15 #include "FormatStringParsing.h"
16 #include "clang/Basic/LangOptions.h"
17 #include "clang/Basic/TargetInfo.h"
18 #include "llvm/Support/ConvertUTF.h"
20 using clang::analyze_format_string::ArgType;
21 using clang::analyze_format_string::FormatStringHandler;
22 using clang::analyze_format_string::FormatSpecifier;
23 using clang::analyze_format_string::LengthModifier;
24 using clang::analyze_format_string::OptionalAmount;
25 using clang::analyze_format_string::PositionContext;
26 using clang::analyze_format_string::ConversionSpecifier;
27 using namespace clang;
29 // Key function to FormatStringHandler.
30 FormatStringHandler::~FormatStringHandler() {}
32 //===----------------------------------------------------------------------===//
33 // Functions for parsing format strings components in both printf and
34 // scanf format strings.
35 //===----------------------------------------------------------------------===//
38 clang::analyze_format_string::ParseAmount(const char *&Beg, const char *E) {
40 UpdateOnReturn <const char*> UpdateBeg(Beg, I);
42 unsigned accumulator = 0;
43 bool hasDigits = false;
45 for ( ; I != E; ++I) {
47 if (c >= '0' && c <= '9') {
49 accumulator = (accumulator * 10) + (c - '0');
54 return OptionalAmount(OptionalAmount::Constant, accumulator, Beg, I - Beg,
60 return OptionalAmount();
64 clang::analyze_format_string::ParseNonPositionAmount(const char *&Beg,
69 return OptionalAmount(OptionalAmount::Arg, argIndex++, Beg, 0, false);
72 return ParseAmount(Beg, E);
76 clang::analyze_format_string::ParsePositionAmount(FormatStringHandler &H,
82 const char *I = Beg + 1;
83 const OptionalAmount &Amt = ParseAmount(I, E);
85 if (Amt.getHowSpecified() == OptionalAmount::NotSpecified) {
86 H.HandleInvalidPosition(Beg, I - Beg, p);
87 return OptionalAmount(false);
91 // No more characters left?
92 H.HandleIncompleteSpecifier(Start, E - Start);
93 return OptionalAmount(false);
96 assert(Amt.getHowSpecified() == OptionalAmount::Constant);
99 // Handle positional arguments
101 // Special case: '*0$', since this is an easy mistake.
102 if (Amt.getConstantAmount() == 0) {
103 H.HandleZeroPosition(Beg, I - Beg + 1);
104 return OptionalAmount(false);
107 const char *Tmp = Beg;
110 return OptionalAmount(OptionalAmount::Arg, Amt.getConstantAmount() - 1,
114 H.HandleInvalidPosition(Beg, I - Beg, p);
115 return OptionalAmount(false);
118 return ParseAmount(Beg, E);
123 clang::analyze_format_string::ParseFieldWidth(FormatStringHandler &H,
126 const char *&Beg, const char *E,
127 unsigned *argIndex) {
128 // FIXME: Support negative field widths.
130 CS.setFieldWidth(ParseNonPositionAmount(Beg, E, *argIndex));
133 const OptionalAmount Amt =
134 ParsePositionAmount(H, Start, Beg, E,
135 analyze_format_string::FieldWidthPos);
139 CS.setFieldWidth(Amt);
145 clang::analyze_format_string::ParseArgPosition(FormatStringHandler &H,
152 const OptionalAmount &Amt = ParseAmount(I, E);
155 // No more characters left?
156 H.HandleIncompleteSpecifier(Start, E - Start);
160 if (Amt.getHowSpecified() == OptionalAmount::Constant && *(I++) == '$') {
161 // Warn that positional arguments are non-standard.
162 H.HandlePosition(Start, I - Start);
164 // Special case: '%0$', since this is an easy mistake.
165 if (Amt.getConstantAmount() == 0) {
166 H.HandleZeroPosition(Start, I - Start);
170 FS.setArgIndex(Amt.getConstantAmount() - 1);
171 FS.setUsesPositionalArg();
172 // Update the caller's pointer if we decided to consume
182 clang::analyze_format_string::ParseLengthModifier(FormatSpecifier &FS,
185 const LangOptions &LO,
187 LengthModifier::Kind lmKind = LengthModifier::None;
188 const char *lmPosition = I;
194 if (I != E && *I == 'h') {
196 lmKind = LengthModifier::AsChar;
198 lmKind = LengthModifier::AsShort;
203 if (I != E && *I == 'l') {
205 lmKind = LengthModifier::AsLongLong;
207 lmKind = LengthModifier::AsLong;
210 case 'j': lmKind = LengthModifier::AsIntMax; ++I; break;
211 case 'z': lmKind = LengthModifier::AsSizeT; ++I; break;
212 case 't': lmKind = LengthModifier::AsPtrDiff; ++I; break;
213 case 'L': lmKind = LengthModifier::AsLongDouble; ++I; break;
214 case 'q': lmKind = LengthModifier::AsQuad; ++I; break;
216 if (IsScanf && !LO.C99 && !LO.CPlusPlus11) {
217 // For scanf in C90, look at the next character to see if this should
218 // be parsed as the GNU extension 'a' length modifier. If not, this
219 // will be parsed as a conversion specifier.
221 if (I != E && (*I == 's' || *I == 'S' || *I == '[')) {
222 lmKind = LengthModifier::AsAllocate;
230 lmKind = LengthModifier::AsMAllocate;
235 // printf: AsInt64, AsInt32, AsInt3264
238 if (I + 1 != E && I + 2 != E) {
239 if (I[1] == '6' && I[2] == '4') {
241 lmKind = LengthModifier::AsInt64;
247 if (I[1] == '3' && I[2] == '2') {
249 lmKind = LengthModifier::AsInt32;
254 lmKind = LengthModifier::AsInt3264;
257 lmKind = LengthModifier::AsWide; ++I; break;
259 LengthModifier lm(lmPosition, lmKind);
260 FS.setLengthModifier(lm);
264 bool clang::analyze_format_string::ParseUTF8InvalidSpecifier(
265 const char *SpecifierBegin, const char *FmtStrEnd, unsigned &Len) {
266 if (SpecifierBegin + 1 >= FmtStrEnd)
269 const UTF8 *SB = reinterpret_cast<const UTF8 *>(SpecifierBegin + 1);
270 const UTF8 *SE = reinterpret_cast<const UTF8 *>(FmtStrEnd);
271 const char FirstByte = *SB;
273 // If the invalid specifier is a multibyte UTF-8 string, return the
274 // total length accordingly so that the conversion specifier can be
275 // properly updated to reflect a complete UTF-8 specifier.
276 unsigned NumBytes = getNumBytesForUTF8(FirstByte);
279 if (SB + NumBytes > SE)
286 //===----------------------------------------------------------------------===//
287 // Methods on ArgType.
288 //===----------------------------------------------------------------------===//
290 clang::analyze_format_string::ArgType::MatchKind
291 ArgType::matchesType(ASTContext &C, QualType argTy) const {
293 // It has to be a pointer.
294 const PointerType *PT = argTy->getAs<PointerType>();
298 // We cannot write through a const qualified pointer.
299 if (PT->getPointeeType().isConstQualified())
302 argTy = PT->getPointeeType();
307 llvm_unreachable("ArgType must be valid");
313 if (const EnumType *ETy = argTy->getAs<EnumType>())
314 argTy = ETy->getDecl()->getIntegerType();
316 if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
317 switch (BT->getKind()) {
320 case BuiltinType::Char_S:
321 case BuiltinType::SChar:
322 case BuiltinType::UChar:
323 case BuiltinType::Char_U:
330 if (const EnumType *ETy = argTy->getAs<EnumType>())
331 argTy = ETy->getDecl()->getIntegerType();
332 argTy = C.getCanonicalType(argTy).getUnqualifiedType();
336 // Check for "compatible types".
337 if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
338 switch (BT->getKind()) {
341 case BuiltinType::Char_S:
342 case BuiltinType::SChar:
343 case BuiltinType::Char_U:
344 case BuiltinType::UChar:
345 return T == C.UnsignedCharTy || T == C.SignedCharTy ? Match
347 case BuiltinType::Short:
348 return T == C.UnsignedShortTy ? Match : NoMatch;
349 case BuiltinType::UShort:
350 return T == C.ShortTy ? Match : NoMatch;
351 case BuiltinType::Int:
352 return T == C.UnsignedIntTy ? Match : NoMatch;
353 case BuiltinType::UInt:
354 return T == C.IntTy ? Match : NoMatch;
355 case BuiltinType::Long:
356 return T == C.UnsignedLongTy ? Match : NoMatch;
357 case BuiltinType::ULong:
358 return T == C.LongTy ? Match : NoMatch;
359 case BuiltinType::LongLong:
360 return T == C.UnsignedLongLongTy ? Match : NoMatch;
361 case BuiltinType::ULongLong:
362 return T == C.LongLongTy ? Match : NoMatch;
368 const PointerType *PT = argTy->getAs<PointerType>();
371 QualType pointeeTy = PT->getPointeeType();
372 if (const BuiltinType *BT = pointeeTy->getAs<BuiltinType>())
373 switch (BT->getKind()) {
374 case BuiltinType::Void:
375 case BuiltinType::Char_U:
376 case BuiltinType::UChar:
377 case BuiltinType::Char_S:
378 case BuiltinType::SChar:
388 const PointerType *PT = argTy->getAs<PointerType>();
392 C.getCanonicalType(PT->getPointeeType()).getUnqualifiedType();
393 return pointeeTy == C.getWideCharType() ? Match : NoMatch;
399 argTy->isPromotableIntegerType()
400 ? C.getPromotedIntegerType(argTy) : argTy;
402 QualType WInt = C.getCanonicalType(C.getWIntType()).getUnqualifiedType();
403 PromoArg = C.getCanonicalType(PromoArg).getUnqualifiedType();
405 // If the promoted argument is the corresponding signed type of the
406 // wint_t type, then it should match.
407 if (PromoArg->hasSignedIntegerRepresentation() &&
408 C.getCorrespondingUnsignedType(PromoArg) == WInt)
411 return WInt == PromoArg ? Match : NoMatch;
415 if (argTy->isVoidPointerType()) {
417 } if (argTy->isPointerType() || argTy->isObjCObjectPointerType() ||
418 argTy->isBlockPointerType() || argTy->isNullPtrType()) {
419 return NoMatchPedantic;
424 case ObjCPointerTy: {
425 if (argTy->getAs<ObjCObjectPointerType>() ||
426 argTy->getAs<BlockPointerType>())
429 // Handle implicit toll-free bridging.
430 if (const PointerType *PT = argTy->getAs<PointerType>()) {
431 // Things such as CFTypeRef are really just opaque pointers
432 // to C structs representing CF types that can often be bridged
433 // to Objective-C objects. Since the compiler doesn't know which
434 // structs can be toll-free bridged, we just accept them all.
435 QualType pointee = PT->getPointeeType();
436 if (pointee->getAsStructureType() || pointee->isVoidType())
443 llvm_unreachable("Invalid ArgType Kind!");
446 QualType ArgType::getRepresentativeType(ASTContext &C) const {
450 llvm_unreachable("No representative type for Invalid ArgType");
452 llvm_unreachable("No representative type for Unknown ArgType");
460 Res = C.getPointerType(C.CharTy);
463 Res = C.getPointerType(C.getWideCharType());
466 Res = C.ObjCBuiltinIdTy;
472 Res = C.getWIntType();
478 Res = C.getPointerType(Res);
482 std::string ArgType::getRepresentativeTypeName(ASTContext &C) const {
483 std::string S = getRepresentativeType(C).getAsString();
487 // Use a specific name for this type, e.g. "size_t".
490 // If ArgType is actually a pointer to T, append an asterisk.
491 Alias += (Alias[Alias.size()-1] == '*') ? "*" : " *";
493 // If Alias is the same as the underlying type, e.g. wchar_t, then drop it.
499 return std::string("'") + Alias + "' (aka '" + S + "')";
500 return std::string("'") + S + "'";
504 //===----------------------------------------------------------------------===//
505 // Methods on OptionalAmount.
506 //===----------------------------------------------------------------------===//
509 analyze_format_string::OptionalAmount::getArgType(ASTContext &Ctx) const {
513 //===----------------------------------------------------------------------===//
514 // Methods on LengthModifier.
515 //===----------------------------------------------------------------------===//
518 analyze_format_string::LengthModifier::toString() const {
524 case AsLong: // or AsWideChar
556 //===----------------------------------------------------------------------===//
557 // Methods on ConversionSpecifier.
558 //===----------------------------------------------------------------------===//
560 const char *ConversionSpecifier::toString() const {
562 case dArg: return "d";
563 case DArg: return "D";
564 case iArg: return "i";
565 case oArg: return "o";
566 case OArg: return "O";
567 case uArg: return "u";
568 case UArg: return "U";
569 case xArg: return "x";
570 case XArg: return "X";
571 case fArg: return "f";
572 case FArg: return "F";
573 case eArg: return "e";
574 case EArg: return "E";
575 case gArg: return "g";
576 case GArg: return "G";
577 case aArg: return "a";
578 case AArg: return "A";
579 case cArg: return "c";
580 case sArg: return "s";
581 case pArg: return "p";
582 case nArg: return "n";
583 case PercentArg: return "%";
584 case ScanListArg: return "[";
585 case InvalidSpecifier: return nullptr;
587 // POSIX unicode extensions.
588 case CArg: return "C";
589 case SArg: return "S";
591 // Objective-C specific specifiers.
592 case ObjCObjArg: return "@";
594 // FreeBSD kernel specific specifiers.
595 case FreeBSDbArg: return "b";
596 case FreeBSDDArg: return "D";
597 case FreeBSDrArg: return "r";
598 case FreeBSDyArg: return "y";
600 // GlibC specific specifiers.
601 case PrintErrno: return "m";
603 // MS specific specifiers.
604 case ZArg: return "Z";
609 Optional<ConversionSpecifier>
610 ConversionSpecifier::getStandardSpecifier() const {
611 ConversionSpecifier::Kind NewKind;
627 ConversionSpecifier FixedCS(*this);
628 FixedCS.setKind(NewKind);
632 //===----------------------------------------------------------------------===//
633 // Methods on OptionalAmount.
634 //===----------------------------------------------------------------------===//
636 void OptionalAmount::toString(raw_ostream &os) const {
644 if (usesPositionalArg())
645 os << "*" << getPositionalArgIndex() << "$";
657 bool FormatSpecifier::hasValidLengthModifier(const TargetInfo &Target) const {
658 switch (LM.getKind()) {
659 case LengthModifier::None:
662 // Handle most integer flags
663 case LengthModifier::AsShort:
664 if (Target.getTriple().isOSMSVCRT()) {
665 switch (CS.getKind()) {
666 case ConversionSpecifier::cArg:
667 case ConversionSpecifier::CArg:
668 case ConversionSpecifier::sArg:
669 case ConversionSpecifier::SArg:
670 case ConversionSpecifier::ZArg:
677 case LengthModifier::AsChar:
678 case LengthModifier::AsLongLong:
679 case LengthModifier::AsQuad:
680 case LengthModifier::AsIntMax:
681 case LengthModifier::AsSizeT:
682 case LengthModifier::AsPtrDiff:
683 switch (CS.getKind()) {
684 case ConversionSpecifier::dArg:
685 case ConversionSpecifier::DArg:
686 case ConversionSpecifier::iArg:
687 case ConversionSpecifier::oArg:
688 case ConversionSpecifier::OArg:
689 case ConversionSpecifier::uArg:
690 case ConversionSpecifier::UArg:
691 case ConversionSpecifier::xArg:
692 case ConversionSpecifier::XArg:
693 case ConversionSpecifier::nArg:
695 case ConversionSpecifier::FreeBSDrArg:
696 case ConversionSpecifier::FreeBSDyArg:
697 return Target.getTriple().isOSFreeBSD() || Target.getTriple().isPS4();
703 case LengthModifier::AsLong: // or AsWideChar
704 switch (CS.getKind()) {
705 case ConversionSpecifier::dArg:
706 case ConversionSpecifier::DArg:
707 case ConversionSpecifier::iArg:
708 case ConversionSpecifier::oArg:
709 case ConversionSpecifier::OArg:
710 case ConversionSpecifier::uArg:
711 case ConversionSpecifier::UArg:
712 case ConversionSpecifier::xArg:
713 case ConversionSpecifier::XArg:
714 case ConversionSpecifier::aArg:
715 case ConversionSpecifier::AArg:
716 case ConversionSpecifier::fArg:
717 case ConversionSpecifier::FArg:
718 case ConversionSpecifier::eArg:
719 case ConversionSpecifier::EArg:
720 case ConversionSpecifier::gArg:
721 case ConversionSpecifier::GArg:
722 case ConversionSpecifier::nArg:
723 case ConversionSpecifier::cArg:
724 case ConversionSpecifier::sArg:
725 case ConversionSpecifier::ScanListArg:
726 case ConversionSpecifier::ZArg:
728 case ConversionSpecifier::FreeBSDrArg:
729 case ConversionSpecifier::FreeBSDyArg:
730 return Target.getTriple().isOSFreeBSD() || Target.getTriple().isPS4();
735 case LengthModifier::AsLongDouble:
736 switch (CS.getKind()) {
737 case ConversionSpecifier::aArg:
738 case ConversionSpecifier::AArg:
739 case ConversionSpecifier::fArg:
740 case ConversionSpecifier::FArg:
741 case ConversionSpecifier::eArg:
742 case ConversionSpecifier::EArg:
743 case ConversionSpecifier::gArg:
744 case ConversionSpecifier::GArg:
746 // GNU libc extension.
747 case ConversionSpecifier::dArg:
748 case ConversionSpecifier::iArg:
749 case ConversionSpecifier::oArg:
750 case ConversionSpecifier::uArg:
751 case ConversionSpecifier::xArg:
752 case ConversionSpecifier::XArg:
753 return !Target.getTriple().isOSDarwin() &&
754 !Target.getTriple().isOSWindows();
759 case LengthModifier::AsAllocate:
760 switch (CS.getKind()) {
761 case ConversionSpecifier::sArg:
762 case ConversionSpecifier::SArg:
763 case ConversionSpecifier::ScanListArg:
769 case LengthModifier::AsMAllocate:
770 switch (CS.getKind()) {
771 case ConversionSpecifier::cArg:
772 case ConversionSpecifier::CArg:
773 case ConversionSpecifier::sArg:
774 case ConversionSpecifier::SArg:
775 case ConversionSpecifier::ScanListArg:
780 case LengthModifier::AsInt32:
781 case LengthModifier::AsInt3264:
782 case LengthModifier::AsInt64:
783 switch (CS.getKind()) {
784 case ConversionSpecifier::dArg:
785 case ConversionSpecifier::iArg:
786 case ConversionSpecifier::oArg:
787 case ConversionSpecifier::uArg:
788 case ConversionSpecifier::xArg:
789 case ConversionSpecifier::XArg:
790 return Target.getTriple().isOSMSVCRT();
794 case LengthModifier::AsWide:
795 switch (CS.getKind()) {
796 case ConversionSpecifier::cArg:
797 case ConversionSpecifier::CArg:
798 case ConversionSpecifier::sArg:
799 case ConversionSpecifier::SArg:
800 case ConversionSpecifier::ZArg:
801 return Target.getTriple().isOSMSVCRT();
806 llvm_unreachable("Invalid LengthModifier Kind!");
809 bool FormatSpecifier::hasStandardLengthModifier() const {
810 switch (LM.getKind()) {
811 case LengthModifier::None:
812 case LengthModifier::AsChar:
813 case LengthModifier::AsShort:
814 case LengthModifier::AsLong:
815 case LengthModifier::AsLongLong:
816 case LengthModifier::AsIntMax:
817 case LengthModifier::AsSizeT:
818 case LengthModifier::AsPtrDiff:
819 case LengthModifier::AsLongDouble:
821 case LengthModifier::AsAllocate:
822 case LengthModifier::AsMAllocate:
823 case LengthModifier::AsQuad:
824 case LengthModifier::AsInt32:
825 case LengthModifier::AsInt3264:
826 case LengthModifier::AsInt64:
827 case LengthModifier::AsWide:
830 llvm_unreachable("Invalid LengthModifier Kind!");
833 bool FormatSpecifier::hasStandardConversionSpecifier(
834 const LangOptions &LangOpt) const {
835 switch (CS.getKind()) {
836 case ConversionSpecifier::cArg:
837 case ConversionSpecifier::dArg:
838 case ConversionSpecifier::iArg:
839 case ConversionSpecifier::oArg:
840 case ConversionSpecifier::uArg:
841 case ConversionSpecifier::xArg:
842 case ConversionSpecifier::XArg:
843 case ConversionSpecifier::fArg:
844 case ConversionSpecifier::FArg:
845 case ConversionSpecifier::eArg:
846 case ConversionSpecifier::EArg:
847 case ConversionSpecifier::gArg:
848 case ConversionSpecifier::GArg:
849 case ConversionSpecifier::aArg:
850 case ConversionSpecifier::AArg:
851 case ConversionSpecifier::sArg:
852 case ConversionSpecifier::pArg:
853 case ConversionSpecifier::nArg:
854 case ConversionSpecifier::ObjCObjArg:
855 case ConversionSpecifier::ScanListArg:
856 case ConversionSpecifier::PercentArg:
858 case ConversionSpecifier::CArg:
859 case ConversionSpecifier::SArg:
860 return LangOpt.ObjC1 || LangOpt.ObjC2;
861 case ConversionSpecifier::InvalidSpecifier:
862 case ConversionSpecifier::FreeBSDbArg:
863 case ConversionSpecifier::FreeBSDDArg:
864 case ConversionSpecifier::FreeBSDrArg:
865 case ConversionSpecifier::FreeBSDyArg:
866 case ConversionSpecifier::PrintErrno:
867 case ConversionSpecifier::DArg:
868 case ConversionSpecifier::OArg:
869 case ConversionSpecifier::UArg:
870 case ConversionSpecifier::ZArg:
873 llvm_unreachable("Invalid ConversionSpecifier Kind!");
876 bool FormatSpecifier::hasStandardLengthConversionCombination() const {
877 if (LM.getKind() == LengthModifier::AsLongDouble) {
878 switch(CS.getKind()) {
879 case ConversionSpecifier::dArg:
880 case ConversionSpecifier::iArg:
881 case ConversionSpecifier::oArg:
882 case ConversionSpecifier::uArg:
883 case ConversionSpecifier::xArg:
884 case ConversionSpecifier::XArg:
893 Optional<LengthModifier> FormatSpecifier::getCorrectedLengthModifier() const {
894 if (CS.isAnyIntArg() || CS.getKind() == ConversionSpecifier::nArg) {
895 if (LM.getKind() == LengthModifier::AsLongDouble ||
896 LM.getKind() == LengthModifier::AsQuad) {
897 LengthModifier FixedLM(LM);
898 FixedLM.setKind(LengthModifier::AsLongLong);
906 bool FormatSpecifier::namedTypeToLengthModifier(QualType QT,
907 LengthModifier &LM) {
908 assert(isa<TypedefType>(QT) && "Expected a TypedefType");
909 const TypedefNameDecl *Typedef = cast<TypedefType>(QT)->getDecl();
912 const IdentifierInfo *Identifier = Typedef->getIdentifier();
913 if (Identifier->getName() == "size_t") {
914 LM.setKind(LengthModifier::AsSizeT);
916 } else if (Identifier->getName() == "ssize_t") {
917 // Not C99, but common in Unix.
918 LM.setKind(LengthModifier::AsSizeT);
920 } else if (Identifier->getName() == "intmax_t") {
921 LM.setKind(LengthModifier::AsIntMax);
923 } else if (Identifier->getName() == "uintmax_t") {
924 LM.setKind(LengthModifier::AsIntMax);
926 } else if (Identifier->getName() == "ptrdiff_t") {
927 LM.setKind(LengthModifier::AsPtrDiff);
931 QualType T = Typedef->getUnderlyingType();
932 if (!isa<TypedefType>(T))
935 Typedef = cast<TypedefType>(T)->getDecl();