1 // FormatString.cpp - Common stuff for handling printf/scanf formats -*- C++ -*-
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Shared details for processing format strings of printf and scanf
13 //===----------------------------------------------------------------------===//
15 #include "FormatStringParsing.h"
16 #include "clang/Basic/LangOptions.h"
17 #include "clang/Basic/TargetInfo.h"
19 using clang::analyze_format_string::ArgType;
20 using clang::analyze_format_string::FormatStringHandler;
21 using clang::analyze_format_string::FormatSpecifier;
22 using clang::analyze_format_string::LengthModifier;
23 using clang::analyze_format_string::OptionalAmount;
24 using clang::analyze_format_string::PositionContext;
25 using clang::analyze_format_string::ConversionSpecifier;
26 using namespace clang;
28 // Key function to FormatStringHandler.
29 FormatStringHandler::~FormatStringHandler() {}
31 //===----------------------------------------------------------------------===//
32 // Functions for parsing format strings components in both printf and
33 // scanf format strings.
34 //===----------------------------------------------------------------------===//
37 clang::analyze_format_string::ParseAmount(const char *&Beg, const char *E) {
39 UpdateOnReturn <const char*> UpdateBeg(Beg, I);
41 unsigned accumulator = 0;
42 bool hasDigits = false;
44 for ( ; I != E; ++I) {
46 if (c >= '0' && c <= '9') {
48 accumulator = (accumulator * 10) + (c - '0');
53 return OptionalAmount(OptionalAmount::Constant, accumulator, Beg, I - Beg,
59 return OptionalAmount();
63 clang::analyze_format_string::ParseNonPositionAmount(const char *&Beg,
68 return OptionalAmount(OptionalAmount::Arg, argIndex++, Beg, 0, false);
71 return ParseAmount(Beg, E);
75 clang::analyze_format_string::ParsePositionAmount(FormatStringHandler &H,
81 const char *I = Beg + 1;
82 const OptionalAmount &Amt = ParseAmount(I, E);
84 if (Amt.getHowSpecified() == OptionalAmount::NotSpecified) {
85 H.HandleInvalidPosition(Beg, I - Beg, p);
86 return OptionalAmount(false);
90 // No more characters left?
91 H.HandleIncompleteSpecifier(Start, E - Start);
92 return OptionalAmount(false);
95 assert(Amt.getHowSpecified() == OptionalAmount::Constant);
98 // Handle positional arguments
100 // Special case: '*0$', since this is an easy mistake.
101 if (Amt.getConstantAmount() == 0) {
102 H.HandleZeroPosition(Beg, I - Beg + 1);
103 return OptionalAmount(false);
106 const char *Tmp = Beg;
109 return OptionalAmount(OptionalAmount::Arg, Amt.getConstantAmount() - 1,
113 H.HandleInvalidPosition(Beg, I - Beg, p);
114 return OptionalAmount(false);
117 return ParseAmount(Beg, E);
122 clang::analyze_format_string::ParseFieldWidth(FormatStringHandler &H,
125 const char *&Beg, const char *E,
126 unsigned *argIndex) {
127 // FIXME: Support negative field widths.
129 CS.setFieldWidth(ParseNonPositionAmount(Beg, E, *argIndex));
132 const OptionalAmount Amt =
133 ParsePositionAmount(H, Start, Beg, E,
134 analyze_format_string::FieldWidthPos);
138 CS.setFieldWidth(Amt);
144 clang::analyze_format_string::ParseArgPosition(FormatStringHandler &H,
151 const OptionalAmount &Amt = ParseAmount(I, E);
154 // No more characters left?
155 H.HandleIncompleteSpecifier(Start, E - Start);
159 if (Amt.getHowSpecified() == OptionalAmount::Constant && *(I++) == '$') {
160 // Warn that positional arguments are non-standard.
161 H.HandlePosition(Start, I - Start);
163 // Special case: '%0$', since this is an easy mistake.
164 if (Amt.getConstantAmount() == 0) {
165 H.HandleZeroPosition(Start, I - Start);
169 FS.setArgIndex(Amt.getConstantAmount() - 1);
170 FS.setUsesPositionalArg();
171 // Update the caller's pointer if we decided to consume
181 clang::analyze_format_string::ParseLengthModifier(FormatSpecifier &FS,
184 const LangOptions &LO,
186 LengthModifier::Kind lmKind = LengthModifier::None;
187 const char *lmPosition = I;
193 lmKind = (I != E && *I == 'h') ? (++I, LengthModifier::AsChar)
194 : LengthModifier::AsShort;
198 lmKind = (I != E && *I == 'l') ? (++I, LengthModifier::AsLongLong)
199 : LengthModifier::AsLong;
201 case 'j': lmKind = LengthModifier::AsIntMax; ++I; break;
202 case 'z': lmKind = LengthModifier::AsSizeT; ++I; break;
203 case 't': lmKind = LengthModifier::AsPtrDiff; ++I; break;
204 case 'L': lmKind = LengthModifier::AsLongDouble; ++I; break;
205 case 'q': lmKind = LengthModifier::AsQuad; ++I; break;
207 if (IsScanf && !LO.C99 && !LO.CPlusPlus11) {
208 // For scanf in C90, look at the next character to see if this should
209 // be parsed as the GNU extension 'a' length modifier. If not, this
210 // will be parsed as a conversion specifier.
212 if (I != E && (*I == 's' || *I == 'S' || *I == '[')) {
213 lmKind = LengthModifier::AsAllocate;
221 lmKind = LengthModifier::AsMAllocate;
226 // printf: AsInt64, AsInt32, AsInt3264
229 if (I + 1 != E && I + 2 != E) {
230 if (I[1] == '6' && I[2] == '4') {
232 lmKind = LengthModifier::AsInt64;
238 if (I[1] == '3' && I[2] == '2') {
240 lmKind = LengthModifier::AsInt32;
245 lmKind = LengthModifier::AsInt3264;
248 lmKind = LengthModifier::AsWide; ++I; break;
250 LengthModifier lm(lmPosition, lmKind);
251 FS.setLengthModifier(lm);
255 //===----------------------------------------------------------------------===//
256 // Methods on ArgType.
257 //===----------------------------------------------------------------------===//
259 clang::analyze_format_string::ArgType::MatchKind
260 ArgType::matchesType(ASTContext &C, QualType argTy) const {
262 // It has to be a pointer.
263 const PointerType *PT = argTy->getAs<PointerType>();
267 // We cannot write through a const qualified pointer.
268 if (PT->getPointeeType().isConstQualified())
271 argTy = PT->getPointeeType();
276 llvm_unreachable("ArgType must be valid");
282 if (const EnumType *ETy = argTy->getAs<EnumType>())
283 argTy = ETy->getDecl()->getIntegerType();
285 if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
286 switch (BT->getKind()) {
289 case BuiltinType::Char_S:
290 case BuiltinType::SChar:
291 case BuiltinType::UChar:
292 case BuiltinType::Char_U:
299 if (const EnumType *ETy = argTy->getAs<EnumType>())
300 argTy = ETy->getDecl()->getIntegerType();
301 argTy = C.getCanonicalType(argTy).getUnqualifiedType();
305 // Check for "compatible types".
306 if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
307 switch (BT->getKind()) {
310 case BuiltinType::Char_S:
311 case BuiltinType::SChar:
312 case BuiltinType::Char_U:
313 case BuiltinType::UChar:
314 return T == C.UnsignedCharTy || T == C.SignedCharTy ? Match
316 case BuiltinType::Short:
317 return T == C.UnsignedShortTy ? Match : NoMatch;
318 case BuiltinType::UShort:
319 return T == C.ShortTy ? Match : NoMatch;
320 case BuiltinType::Int:
321 return T == C.UnsignedIntTy ? Match : NoMatch;
322 case BuiltinType::UInt:
323 return T == C.IntTy ? Match : NoMatch;
324 case BuiltinType::Long:
325 return T == C.UnsignedLongTy ? Match : NoMatch;
326 case BuiltinType::ULong:
327 return T == C.LongTy ? Match : NoMatch;
328 case BuiltinType::LongLong:
329 return T == C.UnsignedLongLongTy ? Match : NoMatch;
330 case BuiltinType::ULongLong:
331 return T == C.LongLongTy ? Match : NoMatch;
337 const PointerType *PT = argTy->getAs<PointerType>();
340 QualType pointeeTy = PT->getPointeeType();
341 if (const BuiltinType *BT = pointeeTy->getAs<BuiltinType>())
342 switch (BT->getKind()) {
343 case BuiltinType::Void:
344 case BuiltinType::Char_U:
345 case BuiltinType::UChar:
346 case BuiltinType::Char_S:
347 case BuiltinType::SChar:
357 const PointerType *PT = argTy->getAs<PointerType>();
361 C.getCanonicalType(PT->getPointeeType()).getUnqualifiedType();
362 return pointeeTy == C.getWideCharType() ? Match : NoMatch;
368 argTy->isPromotableIntegerType()
369 ? C.getPromotedIntegerType(argTy) : argTy;
371 QualType WInt = C.getCanonicalType(C.getWIntType()).getUnqualifiedType();
372 PromoArg = C.getCanonicalType(PromoArg).getUnqualifiedType();
374 // If the promoted argument is the corresponding signed type of the
375 // wint_t type, then it should match.
376 if (PromoArg->hasSignedIntegerRepresentation() &&
377 C.getCorrespondingUnsignedType(PromoArg) == WInt)
380 return WInt == PromoArg ? Match : NoMatch;
384 if (argTy->isVoidPointerType()) {
386 } if (argTy->isPointerType() || argTy->isObjCObjectPointerType() ||
387 argTy->isBlockPointerType() || argTy->isNullPtrType()) {
388 return NoMatchPedantic;
393 case ObjCPointerTy: {
394 if (argTy->getAs<ObjCObjectPointerType>() ||
395 argTy->getAs<BlockPointerType>())
398 // Handle implicit toll-free bridging.
399 if (const PointerType *PT = argTy->getAs<PointerType>()) {
400 // Things such as CFTypeRef are really just opaque pointers
401 // to C structs representing CF types that can often be bridged
402 // to Objective-C objects. Since the compiler doesn't know which
403 // structs can be toll-free bridged, we just accept them all.
404 QualType pointee = PT->getPointeeType();
405 if (pointee->getAsStructureType() || pointee->isVoidType())
412 llvm_unreachable("Invalid ArgType Kind!");
415 QualType ArgType::getRepresentativeType(ASTContext &C) const {
419 llvm_unreachable("No representative type for Invalid ArgType");
421 llvm_unreachable("No representative type for Unknown ArgType");
429 Res = C.getPointerType(C.CharTy);
432 Res = C.getPointerType(C.getWideCharType());
435 Res = C.ObjCBuiltinIdTy;
441 Res = C.getWIntType();
447 Res = C.getPointerType(Res);
451 std::string ArgType::getRepresentativeTypeName(ASTContext &C) const {
452 std::string S = getRepresentativeType(C).getAsString();
456 // Use a specific name for this type, e.g. "size_t".
459 // If ArgType is actually a pointer to T, append an asterisk.
460 Alias += (Alias[Alias.size()-1] == '*') ? "*" : " *";
462 // If Alias is the same as the underlying type, e.g. wchar_t, then drop it.
468 return std::string("'") + Alias + "' (aka '" + S + "')";
469 return std::string("'") + S + "'";
473 //===----------------------------------------------------------------------===//
474 // Methods on OptionalAmount.
475 //===----------------------------------------------------------------------===//
478 analyze_format_string::OptionalAmount::getArgType(ASTContext &Ctx) const {
482 //===----------------------------------------------------------------------===//
483 // Methods on LengthModifier.
484 //===----------------------------------------------------------------------===//
487 analyze_format_string::LengthModifier::toString() const {
493 case AsLong: // or AsWideChar
525 //===----------------------------------------------------------------------===//
526 // Methods on ConversionSpecifier.
527 //===----------------------------------------------------------------------===//
529 const char *ConversionSpecifier::toString() const {
531 case dArg: return "d";
532 case DArg: return "D";
533 case iArg: return "i";
534 case oArg: return "o";
535 case OArg: return "O";
536 case uArg: return "u";
537 case UArg: return "U";
538 case xArg: return "x";
539 case XArg: return "X";
540 case fArg: return "f";
541 case FArg: return "F";
542 case eArg: return "e";
543 case EArg: return "E";
544 case gArg: return "g";
545 case GArg: return "G";
546 case aArg: return "a";
547 case AArg: return "A";
548 case cArg: return "c";
549 case sArg: return "s";
550 case pArg: return "p";
551 case nArg: return "n";
552 case PercentArg: return "%";
553 case ScanListArg: return "[";
554 case InvalidSpecifier: return nullptr;
556 // POSIX unicode extensions.
557 case CArg: return "C";
558 case SArg: return "S";
560 // Objective-C specific specifiers.
561 case ObjCObjArg: return "@";
563 // FreeBSD kernel specific specifiers.
564 case FreeBSDbArg: return "b";
565 case FreeBSDDArg: return "D";
566 case FreeBSDrArg: return "r";
567 case FreeBSDyArg: return "y";
569 // GlibC specific specifiers.
570 case PrintErrno: return "m";
572 // MS specific specifiers.
573 case ZArg: return "Z";
578 Optional<ConversionSpecifier>
579 ConversionSpecifier::getStandardSpecifier() const {
580 ConversionSpecifier::Kind NewKind;
596 ConversionSpecifier FixedCS(*this);
597 FixedCS.setKind(NewKind);
601 //===----------------------------------------------------------------------===//
602 // Methods on OptionalAmount.
603 //===----------------------------------------------------------------------===//
605 void OptionalAmount::toString(raw_ostream &os) const {
613 if (usesPositionalArg())
614 os << "*" << getPositionalArgIndex() << "$";
626 bool FormatSpecifier::hasValidLengthModifier(const TargetInfo &Target) const {
627 switch (LM.getKind()) {
628 case LengthModifier::None:
631 // Handle most integer flags
632 case LengthModifier::AsShort:
633 if (Target.getTriple().isOSMSVCRT()) {
634 switch (CS.getKind()) {
635 case ConversionSpecifier::cArg:
636 case ConversionSpecifier::CArg:
637 case ConversionSpecifier::sArg:
638 case ConversionSpecifier::SArg:
639 case ConversionSpecifier::ZArg:
646 case LengthModifier::AsChar:
647 case LengthModifier::AsLongLong:
648 case LengthModifier::AsQuad:
649 case LengthModifier::AsIntMax:
650 case LengthModifier::AsSizeT:
651 case LengthModifier::AsPtrDiff:
652 switch (CS.getKind()) {
653 case ConversionSpecifier::dArg:
654 case ConversionSpecifier::DArg:
655 case ConversionSpecifier::iArg:
656 case ConversionSpecifier::oArg:
657 case ConversionSpecifier::OArg:
658 case ConversionSpecifier::uArg:
659 case ConversionSpecifier::UArg:
660 case ConversionSpecifier::xArg:
661 case ConversionSpecifier::XArg:
662 case ConversionSpecifier::nArg:
664 case ConversionSpecifier::FreeBSDrArg:
665 case ConversionSpecifier::FreeBSDyArg:
666 return Target.getTriple().isOSFreeBSD();
672 case LengthModifier::AsLong: // or AsWideChar
673 switch (CS.getKind()) {
674 case ConversionSpecifier::dArg:
675 case ConversionSpecifier::DArg:
676 case ConversionSpecifier::iArg:
677 case ConversionSpecifier::oArg:
678 case ConversionSpecifier::OArg:
679 case ConversionSpecifier::uArg:
680 case ConversionSpecifier::UArg:
681 case ConversionSpecifier::xArg:
682 case ConversionSpecifier::XArg:
683 case ConversionSpecifier::aArg:
684 case ConversionSpecifier::AArg:
685 case ConversionSpecifier::fArg:
686 case ConversionSpecifier::FArg:
687 case ConversionSpecifier::eArg:
688 case ConversionSpecifier::EArg:
689 case ConversionSpecifier::gArg:
690 case ConversionSpecifier::GArg:
691 case ConversionSpecifier::nArg:
692 case ConversionSpecifier::cArg:
693 case ConversionSpecifier::sArg:
694 case ConversionSpecifier::ScanListArg:
695 case ConversionSpecifier::ZArg:
697 case ConversionSpecifier::FreeBSDrArg:
698 case ConversionSpecifier::FreeBSDyArg:
699 return Target.getTriple().isOSFreeBSD();
704 case LengthModifier::AsLongDouble:
705 switch (CS.getKind()) {
706 case ConversionSpecifier::aArg:
707 case ConversionSpecifier::AArg:
708 case ConversionSpecifier::fArg:
709 case ConversionSpecifier::FArg:
710 case ConversionSpecifier::eArg:
711 case ConversionSpecifier::EArg:
712 case ConversionSpecifier::gArg:
713 case ConversionSpecifier::GArg:
715 // GNU libc extension.
716 case ConversionSpecifier::dArg:
717 case ConversionSpecifier::iArg:
718 case ConversionSpecifier::oArg:
719 case ConversionSpecifier::uArg:
720 case ConversionSpecifier::xArg:
721 case ConversionSpecifier::XArg:
722 return !Target.getTriple().isOSDarwin() &&
723 !Target.getTriple().isOSWindows();
728 case LengthModifier::AsAllocate:
729 switch (CS.getKind()) {
730 case ConversionSpecifier::sArg:
731 case ConversionSpecifier::SArg:
732 case ConversionSpecifier::ScanListArg:
738 case LengthModifier::AsMAllocate:
739 switch (CS.getKind()) {
740 case ConversionSpecifier::cArg:
741 case ConversionSpecifier::CArg:
742 case ConversionSpecifier::sArg:
743 case ConversionSpecifier::SArg:
744 case ConversionSpecifier::ScanListArg:
749 case LengthModifier::AsInt32:
750 case LengthModifier::AsInt3264:
751 case LengthModifier::AsInt64:
752 switch (CS.getKind()) {
753 case ConversionSpecifier::dArg:
754 case ConversionSpecifier::iArg:
755 case ConversionSpecifier::oArg:
756 case ConversionSpecifier::uArg:
757 case ConversionSpecifier::xArg:
758 case ConversionSpecifier::XArg:
759 return Target.getTriple().isOSMSVCRT();
763 case LengthModifier::AsWide:
764 switch (CS.getKind()) {
765 case ConversionSpecifier::cArg:
766 case ConversionSpecifier::CArg:
767 case ConversionSpecifier::sArg:
768 case ConversionSpecifier::SArg:
769 case ConversionSpecifier::ZArg:
770 return Target.getTriple().isOSMSVCRT();
775 llvm_unreachable("Invalid LengthModifier Kind!");
778 bool FormatSpecifier::hasStandardLengthModifier() const {
779 switch (LM.getKind()) {
780 case LengthModifier::None:
781 case LengthModifier::AsChar:
782 case LengthModifier::AsShort:
783 case LengthModifier::AsLong:
784 case LengthModifier::AsLongLong:
785 case LengthModifier::AsIntMax:
786 case LengthModifier::AsSizeT:
787 case LengthModifier::AsPtrDiff:
788 case LengthModifier::AsLongDouble:
790 case LengthModifier::AsAllocate:
791 case LengthModifier::AsMAllocate:
792 case LengthModifier::AsQuad:
793 case LengthModifier::AsInt32:
794 case LengthModifier::AsInt3264:
795 case LengthModifier::AsInt64:
796 case LengthModifier::AsWide:
799 llvm_unreachable("Invalid LengthModifier Kind!");
802 bool FormatSpecifier::hasStandardConversionSpecifier(
803 const LangOptions &LangOpt) const {
804 switch (CS.getKind()) {
805 case ConversionSpecifier::cArg:
806 case ConversionSpecifier::dArg:
807 case ConversionSpecifier::iArg:
808 case ConversionSpecifier::oArg:
809 case ConversionSpecifier::uArg:
810 case ConversionSpecifier::xArg:
811 case ConversionSpecifier::XArg:
812 case ConversionSpecifier::fArg:
813 case ConversionSpecifier::FArg:
814 case ConversionSpecifier::eArg:
815 case ConversionSpecifier::EArg:
816 case ConversionSpecifier::gArg:
817 case ConversionSpecifier::GArg:
818 case ConversionSpecifier::aArg:
819 case ConversionSpecifier::AArg:
820 case ConversionSpecifier::sArg:
821 case ConversionSpecifier::pArg:
822 case ConversionSpecifier::nArg:
823 case ConversionSpecifier::ObjCObjArg:
824 case ConversionSpecifier::ScanListArg:
825 case ConversionSpecifier::PercentArg:
827 case ConversionSpecifier::CArg:
828 case ConversionSpecifier::SArg:
829 return LangOpt.ObjC1 || LangOpt.ObjC2;
830 case ConversionSpecifier::InvalidSpecifier:
831 case ConversionSpecifier::FreeBSDbArg:
832 case ConversionSpecifier::FreeBSDDArg:
833 case ConversionSpecifier::FreeBSDrArg:
834 case ConversionSpecifier::FreeBSDyArg:
835 case ConversionSpecifier::PrintErrno:
836 case ConversionSpecifier::DArg:
837 case ConversionSpecifier::OArg:
838 case ConversionSpecifier::UArg:
839 case ConversionSpecifier::ZArg:
842 llvm_unreachable("Invalid ConversionSpecifier Kind!");
845 bool FormatSpecifier::hasStandardLengthConversionCombination() const {
846 if (LM.getKind() == LengthModifier::AsLongDouble) {
847 switch(CS.getKind()) {
848 case ConversionSpecifier::dArg:
849 case ConversionSpecifier::iArg:
850 case ConversionSpecifier::oArg:
851 case ConversionSpecifier::uArg:
852 case ConversionSpecifier::xArg:
853 case ConversionSpecifier::XArg:
862 Optional<LengthModifier> FormatSpecifier::getCorrectedLengthModifier() const {
863 if (CS.isAnyIntArg() || CS.getKind() == ConversionSpecifier::nArg) {
864 if (LM.getKind() == LengthModifier::AsLongDouble ||
865 LM.getKind() == LengthModifier::AsQuad) {
866 LengthModifier FixedLM(LM);
867 FixedLM.setKind(LengthModifier::AsLongLong);
875 bool FormatSpecifier::namedTypeToLengthModifier(QualType QT,
876 LengthModifier &LM) {
877 assert(isa<TypedefType>(QT) && "Expected a TypedefType");
878 const TypedefNameDecl *Typedef = cast<TypedefType>(QT)->getDecl();
881 const IdentifierInfo *Identifier = Typedef->getIdentifier();
882 if (Identifier->getName() == "size_t") {
883 LM.setKind(LengthModifier::AsSizeT);
885 } else if (Identifier->getName() == "ssize_t") {
886 // Not C99, but common in Unix.
887 LM.setKind(LengthModifier::AsSizeT);
889 } else if (Identifier->getName() == "intmax_t") {
890 LM.setKind(LengthModifier::AsIntMax);
892 } else if (Identifier->getName() == "uintmax_t") {
893 LM.setKind(LengthModifier::AsIntMax);
895 } else if (Identifier->getName() == "ptrdiff_t") {
896 LM.setKind(LengthModifier::AsPtrDiff);
900 QualType T = Typedef->getUnderlyingType();
901 if (!isa<TypedefType>(T))
904 Typedef = cast<TypedefType>(T)->getDecl();