1 // FormatString.cpp - Common stuff for handling printf/scanf formats -*- C++ -*-
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Shared details for processing format strings of printf and scanf
13 //===----------------------------------------------------------------------===//
15 #include "FormatStringParsing.h"
16 #include "clang/Basic/LangOptions.h"
17 #include "clang/Basic/TargetInfo.h"
19 using clang::analyze_format_string::ArgType;
20 using clang::analyze_format_string::FormatStringHandler;
21 using clang::analyze_format_string::FormatSpecifier;
22 using clang::analyze_format_string::LengthModifier;
23 using clang::analyze_format_string::OptionalAmount;
24 using clang::analyze_format_string::PositionContext;
25 using clang::analyze_format_string::ConversionSpecifier;
26 using namespace clang;
28 // Key function to FormatStringHandler.
29 FormatStringHandler::~FormatStringHandler() {}
31 //===----------------------------------------------------------------------===//
32 // Functions for parsing format strings components in both printf and
33 // scanf format strings.
34 //===----------------------------------------------------------------------===//
37 clang::analyze_format_string::ParseAmount(const char *&Beg, const char *E) {
39 UpdateOnReturn <const char*> UpdateBeg(Beg, I);
41 unsigned accumulator = 0;
42 bool hasDigits = false;
44 for ( ; I != E; ++I) {
46 if (c >= '0' && c <= '9') {
48 accumulator = (accumulator * 10) + (c - '0');
53 return OptionalAmount(OptionalAmount::Constant, accumulator, Beg, I - Beg,
59 return OptionalAmount();
63 clang::analyze_format_string::ParseNonPositionAmount(const char *&Beg,
68 return OptionalAmount(OptionalAmount::Arg, argIndex++, Beg, 0, false);
71 return ParseAmount(Beg, E);
75 clang::analyze_format_string::ParsePositionAmount(FormatStringHandler &H,
81 const char *I = Beg + 1;
82 const OptionalAmount &Amt = ParseAmount(I, E);
84 if (Amt.getHowSpecified() == OptionalAmount::NotSpecified) {
85 H.HandleInvalidPosition(Beg, I - Beg, p);
86 return OptionalAmount(false);
90 // No more characters left?
91 H.HandleIncompleteSpecifier(Start, E - Start);
92 return OptionalAmount(false);
95 assert(Amt.getHowSpecified() == OptionalAmount::Constant);
98 // Handle positional arguments
100 // Special case: '*0$', since this is an easy mistake.
101 if (Amt.getConstantAmount() == 0) {
102 H.HandleZeroPosition(Beg, I - Beg + 1);
103 return OptionalAmount(false);
106 const char *Tmp = Beg;
109 return OptionalAmount(OptionalAmount::Arg, Amt.getConstantAmount() - 1,
113 H.HandleInvalidPosition(Beg, I - Beg, p);
114 return OptionalAmount(false);
117 return ParseAmount(Beg, E);
122 clang::analyze_format_string::ParseFieldWidth(FormatStringHandler &H,
125 const char *&Beg, const char *E,
126 unsigned *argIndex) {
127 // FIXME: Support negative field widths.
129 CS.setFieldWidth(ParseNonPositionAmount(Beg, E, *argIndex));
132 const OptionalAmount Amt =
133 ParsePositionAmount(H, Start, Beg, E,
134 analyze_format_string::FieldWidthPos);
138 CS.setFieldWidth(Amt);
144 clang::analyze_format_string::ParseArgPosition(FormatStringHandler &H,
151 const OptionalAmount &Amt = ParseAmount(I, E);
154 // No more characters left?
155 H.HandleIncompleteSpecifier(Start, E - Start);
159 if (Amt.getHowSpecified() == OptionalAmount::Constant && *(I++) == '$') {
160 // Warn that positional arguments are non-standard.
161 H.HandlePosition(Start, I - Start);
163 // Special case: '%0$', since this is an easy mistake.
164 if (Amt.getConstantAmount() == 0) {
165 H.HandleZeroPosition(Start, I - Start);
169 FS.setArgIndex(Amt.getConstantAmount() - 1);
170 FS.setUsesPositionalArg();
171 // Update the caller's pointer if we decided to consume
181 clang::analyze_format_string::ParseLengthModifier(FormatSpecifier &FS,
184 const LangOptions &LO,
186 LengthModifier::Kind lmKind = LengthModifier::None;
187 const char *lmPosition = I;
193 lmKind = (I != E && *I == 'h') ? (++I, LengthModifier::AsChar)
194 : LengthModifier::AsShort;
198 lmKind = (I != E && *I == 'l') ? (++I, LengthModifier::AsLongLong)
199 : LengthModifier::AsLong;
201 case 'j': lmKind = LengthModifier::AsIntMax; ++I; break;
202 case 'z': lmKind = LengthModifier::AsSizeT; ++I; break;
203 case 't': lmKind = LengthModifier::AsPtrDiff; ++I; break;
204 case 'L': lmKind = LengthModifier::AsLongDouble; ++I; break;
205 case 'q': lmKind = LengthModifier::AsQuad; ++I; break;
207 if (IsScanf && !LO.C99 && !LO.CPlusPlus11) {
208 // For scanf in C90, look at the next character to see if this should
209 // be parsed as the GNU extension 'a' length modifier. If not, this
210 // will be parsed as a conversion specifier.
212 if (I != E && (*I == 's' || *I == 'S' || *I == '[')) {
213 lmKind = LengthModifier::AsAllocate;
221 lmKind = LengthModifier::AsMAllocate;
227 LengthModifier lm(lmPosition, lmKind);
228 FS.setLengthModifier(lm);
232 //===----------------------------------------------------------------------===//
233 // Methods on ArgType.
234 //===----------------------------------------------------------------------===//
236 bool ArgType::matchesType(ASTContext &C, QualType argTy) const {
238 // It has to be a pointer.
239 const PointerType *PT = argTy->getAs<PointerType>();
243 // We cannot write through a const qualified pointer.
244 if (PT->getPointeeType().isConstQualified())
247 argTy = PT->getPointeeType();
252 llvm_unreachable("ArgType must be valid");
258 if (const EnumType *ETy = argTy->getAs<EnumType>())
259 argTy = ETy->getDecl()->getIntegerType();
261 if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
262 switch (BT->getKind()) {
265 case BuiltinType::Char_S:
266 case BuiltinType::SChar:
267 case BuiltinType::UChar:
268 case BuiltinType::Char_U:
275 if (const EnumType *ETy = argTy->getAs<EnumType>())
276 argTy = ETy->getDecl()->getIntegerType();
277 argTy = C.getCanonicalType(argTy).getUnqualifiedType();
281 // Check for "compatible types".
282 if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
283 switch (BT->getKind()) {
286 case BuiltinType::Char_S:
287 case BuiltinType::SChar:
288 case BuiltinType::Char_U:
289 case BuiltinType::UChar:
290 return T == C.UnsignedCharTy || T == C.SignedCharTy;
291 case BuiltinType::Short:
292 return T == C.UnsignedShortTy;
293 case BuiltinType::UShort:
294 return T == C.ShortTy;
295 case BuiltinType::Int:
296 return T == C.UnsignedIntTy;
297 case BuiltinType::UInt:
299 case BuiltinType::Long:
300 return T == C.UnsignedLongTy;
301 case BuiltinType::ULong:
302 return T == C.LongTy;
303 case BuiltinType::LongLong:
304 return T == C.UnsignedLongLongTy;
305 case BuiltinType::ULongLong:
306 return T == C.LongLongTy;
312 const PointerType *PT = argTy->getAs<PointerType>();
315 QualType pointeeTy = PT->getPointeeType();
316 if (const BuiltinType *BT = pointeeTy->getAs<BuiltinType>())
317 switch (BT->getKind()) {
318 case BuiltinType::Void:
319 case BuiltinType::Char_U:
320 case BuiltinType::UChar:
321 case BuiltinType::Char_S:
322 case BuiltinType::SChar:
332 const PointerType *PT = argTy->getAs<PointerType>();
336 C.getCanonicalType(PT->getPointeeType()).getUnqualifiedType();
337 return pointeeTy == C.getWCharType();
343 argTy->isPromotableIntegerType()
344 ? C.getPromotedIntegerType(argTy) : argTy;
346 QualType WInt = C.getCanonicalType(C.getWIntType()).getUnqualifiedType();
347 PromoArg = C.getCanonicalType(PromoArg).getUnqualifiedType();
349 // If the promoted argument is the corresponding signed type of the
350 // wint_t type, then it should match.
351 if (PromoArg->hasSignedIntegerRepresentation() &&
352 C.getCorrespondingUnsignedType(PromoArg) == WInt)
355 return WInt == PromoArg;
359 return argTy->isPointerType() || argTy->isObjCObjectPointerType() ||
360 argTy->isBlockPointerType() || argTy->isNullPtrType();
362 case ObjCPointerTy: {
363 if (argTy->getAs<ObjCObjectPointerType>() ||
364 argTy->getAs<BlockPointerType>())
367 // Handle implicit toll-free bridging.
368 if (const PointerType *PT = argTy->getAs<PointerType>()) {
369 // Things such as CFTypeRef are really just opaque pointers
370 // to C structs representing CF types that can often be bridged
371 // to Objective-C objects. Since the compiler doesn't know which
372 // structs can be toll-free bridged, we just accept them all.
373 QualType pointee = PT->getPointeeType();
374 if (pointee->getAsStructureType() || pointee->isVoidType())
381 llvm_unreachable("Invalid ArgType Kind!");
384 QualType ArgType::getRepresentativeType(ASTContext &C) const {
388 llvm_unreachable("No representative type for Invalid ArgType");
390 llvm_unreachable("No representative type for Unknown ArgType");
398 Res = C.getPointerType(C.CharTy);
401 Res = C.getPointerType(C.getWCharType());
404 Res = C.ObjCBuiltinIdTy;
410 Res = C.getWIntType();
416 Res = C.getPointerType(Res);
420 std::string ArgType::getRepresentativeTypeName(ASTContext &C) const {
421 std::string S = getRepresentativeType(C).getAsString();
425 // Use a specific name for this type, e.g. "size_t".
428 // If ArgType is actually a pointer to T, append an asterisk.
429 Alias += (Alias[Alias.size()-1] == '*') ? "*" : " *";
431 // If Alias is the same as the underlying type, e.g. wchar_t, then drop it.
437 return std::string("'") + Alias + "' (aka '" + S + "')";
438 return std::string("'") + S + "'";
442 //===----------------------------------------------------------------------===//
443 // Methods on OptionalAmount.
444 //===----------------------------------------------------------------------===//
447 analyze_format_string::OptionalAmount::getArgType(ASTContext &Ctx) const {
451 //===----------------------------------------------------------------------===//
452 // Methods on LengthModifier.
453 //===----------------------------------------------------------------------===//
456 analyze_format_string::LengthModifier::toString() const {
462 case AsLong: // or AsWideChar
486 //===----------------------------------------------------------------------===//
487 // Methods on ConversionSpecifier.
488 //===----------------------------------------------------------------------===//
490 const char *ConversionSpecifier::toString() const {
492 case dArg: return "d";
493 case DArg: return "D";
494 case iArg: return "i";
495 case oArg: return "o";
496 case OArg: return "O";
497 case uArg: return "u";
498 case UArg: return "U";
499 case xArg: return "x";
500 case XArg: return "X";
501 case fArg: return "f";
502 case FArg: return "F";
503 case eArg: return "e";
504 case EArg: return "E";
505 case gArg: return "g";
506 case GArg: return "G";
507 case aArg: return "a";
508 case AArg: return "A";
509 case cArg: return "c";
510 case sArg: return "s";
511 case pArg: return "p";
512 case nArg: return "n";
513 case PercentArg: return "%";
514 case ScanListArg: return "[";
515 case InvalidSpecifier: return NULL;
517 // MacOS X unicode extensions.
518 case CArg: return "C";
519 case SArg: return "S";
521 // Objective-C specific specifiers.
522 case ObjCObjArg: return "@";
524 // FreeBSD specific specifiers.
525 case FreeBSDbArg: return "b";
526 case FreeBSDDArg: return "D";
527 case FreeBSDrArg: return "r";
529 // GlibC specific specifiers.
530 case PrintErrno: return "m";
535 Optional<ConversionSpecifier>
536 ConversionSpecifier::getStandardSpecifier() const {
537 ConversionSpecifier::Kind NewKind;
553 ConversionSpecifier FixedCS(*this);
554 FixedCS.setKind(NewKind);
558 //===----------------------------------------------------------------------===//
559 // Methods on OptionalAmount.
560 //===----------------------------------------------------------------------===//
562 void OptionalAmount::toString(raw_ostream &os) const {
570 if (usesPositionalArg())
571 os << "*" << getPositionalArgIndex() << "$";
583 bool FormatSpecifier::hasValidLengthModifier(const TargetInfo &Target) const {
584 switch (LM.getKind()) {
585 case LengthModifier::None:
588 // Handle most integer flags
589 case LengthModifier::AsChar:
590 case LengthModifier::AsShort:
591 case LengthModifier::AsLongLong:
592 case LengthModifier::AsQuad:
593 case LengthModifier::AsIntMax:
594 case LengthModifier::AsSizeT:
595 case LengthModifier::AsPtrDiff:
596 switch (CS.getKind()) {
597 case ConversionSpecifier::dArg:
598 case ConversionSpecifier::DArg:
599 case ConversionSpecifier::iArg:
600 case ConversionSpecifier::oArg:
601 case ConversionSpecifier::OArg:
602 case ConversionSpecifier::uArg:
603 case ConversionSpecifier::UArg:
604 case ConversionSpecifier::xArg:
605 case ConversionSpecifier::XArg:
606 case ConversionSpecifier::nArg:
607 case ConversionSpecifier::FreeBSDrArg:
614 case LengthModifier::AsLong:
615 switch (CS.getKind()) {
616 case ConversionSpecifier::dArg:
617 case ConversionSpecifier::DArg:
618 case ConversionSpecifier::iArg:
619 case ConversionSpecifier::oArg:
620 case ConversionSpecifier::OArg:
621 case ConversionSpecifier::uArg:
622 case ConversionSpecifier::UArg:
623 case ConversionSpecifier::xArg:
624 case ConversionSpecifier::XArg:
625 case ConversionSpecifier::aArg:
626 case ConversionSpecifier::AArg:
627 case ConversionSpecifier::fArg:
628 case ConversionSpecifier::FArg:
629 case ConversionSpecifier::eArg:
630 case ConversionSpecifier::EArg:
631 case ConversionSpecifier::gArg:
632 case ConversionSpecifier::GArg:
633 case ConversionSpecifier::nArg:
634 case ConversionSpecifier::cArg:
635 case ConversionSpecifier::sArg:
636 case ConversionSpecifier::FreeBSDrArg:
637 case ConversionSpecifier::ScanListArg:
643 case LengthModifier::AsLongDouble:
644 switch (CS.getKind()) {
645 case ConversionSpecifier::aArg:
646 case ConversionSpecifier::AArg:
647 case ConversionSpecifier::fArg:
648 case ConversionSpecifier::FArg:
649 case ConversionSpecifier::eArg:
650 case ConversionSpecifier::EArg:
651 case ConversionSpecifier::gArg:
652 case ConversionSpecifier::GArg:
654 // GNU libc extension.
655 case ConversionSpecifier::dArg:
656 case ConversionSpecifier::iArg:
657 case ConversionSpecifier::oArg:
658 case ConversionSpecifier::uArg:
659 case ConversionSpecifier::xArg:
660 case ConversionSpecifier::XArg:
661 return !Target.getTriple().isOSDarwin() &&
662 !Target.getTriple().isOSWindows();
667 case LengthModifier::AsAllocate:
668 switch (CS.getKind()) {
669 case ConversionSpecifier::sArg:
670 case ConversionSpecifier::SArg:
671 case ConversionSpecifier::ScanListArg:
677 case LengthModifier::AsMAllocate:
678 switch (CS.getKind()) {
679 case ConversionSpecifier::cArg:
680 case ConversionSpecifier::CArg:
681 case ConversionSpecifier::sArg:
682 case ConversionSpecifier::SArg:
683 case ConversionSpecifier::ScanListArg:
689 llvm_unreachable("Invalid LengthModifier Kind!");
692 bool FormatSpecifier::hasStandardLengthModifier() const {
693 switch (LM.getKind()) {
694 case LengthModifier::None:
695 case LengthModifier::AsChar:
696 case LengthModifier::AsShort:
697 case LengthModifier::AsLong:
698 case LengthModifier::AsLongLong:
699 case LengthModifier::AsIntMax:
700 case LengthModifier::AsSizeT:
701 case LengthModifier::AsPtrDiff:
702 case LengthModifier::AsLongDouble:
704 case LengthModifier::AsAllocate:
705 case LengthModifier::AsMAllocate:
706 case LengthModifier::AsQuad:
709 llvm_unreachable("Invalid LengthModifier Kind!");
712 bool FormatSpecifier::hasStandardConversionSpecifier(const LangOptions &LangOpt) const {
713 switch (CS.getKind()) {
714 case ConversionSpecifier::cArg:
715 case ConversionSpecifier::dArg:
716 case ConversionSpecifier::iArg:
717 case ConversionSpecifier::oArg:
718 case ConversionSpecifier::uArg:
719 case ConversionSpecifier::xArg:
720 case ConversionSpecifier::XArg:
721 case ConversionSpecifier::fArg:
722 case ConversionSpecifier::FArg:
723 case ConversionSpecifier::eArg:
724 case ConversionSpecifier::EArg:
725 case ConversionSpecifier::gArg:
726 case ConversionSpecifier::GArg:
727 case ConversionSpecifier::aArg:
728 case ConversionSpecifier::AArg:
729 case ConversionSpecifier::sArg:
730 case ConversionSpecifier::pArg:
731 case ConversionSpecifier::nArg:
732 case ConversionSpecifier::ObjCObjArg:
733 case ConversionSpecifier::ScanListArg:
734 case ConversionSpecifier::PercentArg:
736 case ConversionSpecifier::CArg:
737 case ConversionSpecifier::SArg:
738 return LangOpt.ObjC1 || LangOpt.ObjC2;
739 case ConversionSpecifier::InvalidSpecifier:
740 case ConversionSpecifier::FreeBSDbArg:
741 case ConversionSpecifier::FreeBSDDArg:
742 case ConversionSpecifier::FreeBSDrArg:
743 case ConversionSpecifier::PrintErrno:
744 case ConversionSpecifier::DArg:
745 case ConversionSpecifier::OArg:
746 case ConversionSpecifier::UArg:
749 llvm_unreachable("Invalid ConversionSpecifier Kind!");
752 bool FormatSpecifier::hasStandardLengthConversionCombination() const {
753 if (LM.getKind() == LengthModifier::AsLongDouble) {
754 switch(CS.getKind()) {
755 case ConversionSpecifier::dArg:
756 case ConversionSpecifier::iArg:
757 case ConversionSpecifier::oArg:
758 case ConversionSpecifier::uArg:
759 case ConversionSpecifier::xArg:
760 case ConversionSpecifier::XArg:
769 Optional<LengthModifier> FormatSpecifier::getCorrectedLengthModifier() const {
770 if (CS.isAnyIntArg() || CS.getKind() == ConversionSpecifier::nArg) {
771 if (LM.getKind() == LengthModifier::AsLongDouble ||
772 LM.getKind() == LengthModifier::AsQuad) {
773 LengthModifier FixedLM(LM);
774 FixedLM.setKind(LengthModifier::AsLongLong);
782 bool FormatSpecifier::namedTypeToLengthModifier(QualType QT,
783 LengthModifier &LM) {
784 assert(isa<TypedefType>(QT) && "Expected a TypedefType");
785 const TypedefNameDecl *Typedef = cast<TypedefType>(QT)->getDecl();
788 const IdentifierInfo *Identifier = Typedef->getIdentifier();
789 if (Identifier->getName() == "size_t") {
790 LM.setKind(LengthModifier::AsSizeT);
792 } else if (Identifier->getName() == "ssize_t") {
793 // Not C99, but common in Unix.
794 LM.setKind(LengthModifier::AsSizeT);
796 } else if (Identifier->getName() == "intmax_t") {
797 LM.setKind(LengthModifier::AsIntMax);
799 } else if (Identifier->getName() == "uintmax_t") {
800 LM.setKind(LengthModifier::AsIntMax);
802 } else if (Identifier->getName() == "ptrdiff_t") {
803 LM.setKind(LengthModifier::AsPtrDiff);
807 QualType T = Typedef->getUnderlyingType();
808 if (!isa<TypedefType>(T))
811 Typedef = cast<TypedefType>(T)->getDecl();