maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
llvm-project/clang/test/Sema/format-strings.c

204 lines
9.2 KiB
C
Raw Normal View History

Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'. - This is designed to make it obvious that %clang_cc1 is a "test variable" which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it can be useful to redefine what gets run as 'clang -cc1' (for example, to set a default target). llvm-svn: 91446
2009-12-16 04:14:24 +08:00
// RUN: %clang_cc1 -fsyntax-only -verify -Wformat-nonliteral %s
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
#include <stdarg.h>
Don't #include <stdio.h> when tests don't need it, or use clang instead of clang-cc when they do. llvm-svn: 89070
2009-11-17 16:57:36 +08:00
typedef __typeof(sizeof(int)) size_t;
typedef struct _FILE FILE;
int fprintf(FILE *, const char *restrict, ...);
int printf(const char *restrict, ...);
int snprintf(char *restrict, size_t, const char *restrict, ...);
int sprintf(char *restrict, const char *restrict, ...);
int vasprintf(char **, const char *, va_list);
add a bunch of missing prototypes to tests llvm-svn: 93072
2010-01-10 04:43:19 +08:00
int asprintf(char **, const char *, ...);
Don't #include <stdio.h> when tests don't need it, or use clang instead of clang-cc when they do. llvm-svn: 89070
2009-11-17 16:57:36 +08:00
int vfprintf(FILE *, const char *restrict, va_list);
int vprintf(const char *restrict, va_list);
int vsnprintf(char *, size_t, const char *, va_list);
int vsprintf(char *restrict, const char *restrict, va_list);
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
Modified format-string checking to not emit a warning when all of the following hold: (1) A vprintf-like function is called that takes the argument list via a via_list argument. (2) The format string is a non-literal that is the parameter value of the enclosing function, e.g: void logmessage(const char *fmt,...) { va_list ap; va_start(ap,fmt); fprintf(fmt,ap); // Do not emit a warning. } In the future this special case will be enhanced to consult the "format" attribute attached to a function declaration instead of just allowing a blank check for all function parameters to be used as format strings to vprintf-like functions. This will happen when more support for attributes becomes available. llvm-svn: 45114
2007-12-18 03:03:13 +08:00
char * global_fmt;
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
void check_string_literal( FILE* fp, const char* s, char *buf, ... ) {
char * b;
va_list ap;
va_start(ap,buf);
printf(s); // expected-warning {{format string is not a string literal}}
Modified format-string checking to not emit a warning when all of the following hold: (1) A vprintf-like function is called that takes the argument list via a via_list argument. (2) The format string is a non-literal that is the parameter value of the enclosing function, e.g: void logmessage(const char *fmt,...) { va_list ap; va_start(ap,fmt); fprintf(fmt,ap); // Do not emit a warning. } In the future this special case will be enhanced to consult the "format" attribute attached to a function declaration instead of just allowing a blank check for all function parameters to be used as format strings to vprintf-like functions. This will happen when more support for attributes becomes available. llvm-svn: 45114
2007-12-18 03:03:13 +08:00
vprintf(s,ap); // // no-warning
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
fprintf(fp,s); // expected-warning {{format string is not a string literal}}
Modified format-string checking to not emit a warning when all of the following hold: (1) A vprintf-like function is called that takes the argument list via a via_list argument. (2) The format string is a non-literal that is the parameter value of the enclosing function, e.g: void logmessage(const char *fmt,...) { va_list ap; va_start(ap,fmt); fprintf(fmt,ap); // Do not emit a warning. } In the future this special case will be enhanced to consult the "format" attribute attached to a function declaration instead of just allowing a blank check for all function parameters to be used as format strings to vprintf-like functions. This will happen when more support for attributes becomes available. llvm-svn: 45114
2007-12-18 03:03:13 +08:00
vfprintf(fp,s,ap); // no-warning
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
asprintf(&b,s); // expected-warning {{format string is not a string lit}}
Modified format-string checking to not emit a warning when all of the following hold: (1) A vprintf-like function is called that takes the argument list via a via_list argument. (2) The format string is a non-literal that is the parameter value of the enclosing function, e.g: void logmessage(const char *fmt,...) { va_list ap; va_start(ap,fmt); fprintf(fmt,ap); // Do not emit a warning. } In the future this special case will be enhanced to consult the "format" attribute attached to a function declaration instead of just allowing a blank check for all function parameters to be used as format strings to vprintf-like functions. This will happen when more support for attributes becomes available. llvm-svn: 45114
2007-12-18 03:03:13 +08:00
vasprintf(&b,s,ap); // no-warning
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
sprintf(buf,s); // expected-warning {{format string is not a string literal}}
snprintf(buf,2,s); // expected-warning {{format string is not a string lit}}
Add support for format string checking of object-size checking versions of sprintf and friends. - Added FIXME that this mechanism should be generalized. llvm-svn: 56962
2008-10-03 02:44:07 +08:00
__builtin___sprintf_chk(buf,0,-1,s); // expected-warning {{format string is not a string literal}}
__builtin___snprintf_chk(buf,2,0,-1,s); // expected-warning {{format string is not a string lit}}
Modified format-string checking to not emit a warning when all of the following hold: (1) A vprintf-like function is called that takes the argument list via a via_list argument. (2) The format string is a non-literal that is the parameter value of the enclosing function, e.g: void logmessage(const char *fmt,...) { va_list ap; va_start(ap,fmt); fprintf(fmt,ap); // Do not emit a warning. } In the future this special case will be enhanced to consult the "format" attribute attached to a function declaration instead of just allowing a blank check for all function parameters to be used as format strings to vprintf-like functions. This will happen when more support for attributes becomes available. llvm-svn: 45114
2007-12-18 03:03:13 +08:00
vsprintf(buf,s,ap); // no-warning
vsnprintf(buf,2,s,ap); // no-warning
vsnprintf(buf,2,global_fmt,ap); // expected-warning {{format string is not a string literal}}
Add support for format string checking of object-size checking versions of sprintf and friends. - Added FIXME that this mechanism should be generalized. llvm-svn: 56962
2008-10-03 02:44:07 +08:00
__builtin___vsnprintf_chk(buf,2,0,-1,s,ap); // no-warning
__builtin___vsnprintf_chk(buf,2,0,-1,global_fmt,ap); // expected-warning {{format string is not a string literal}}
add c testcase for string literal diagnostic improvement. llvm-svn: 64929
2009-02-19 02:25:31 +08:00
use the full spelling of a string literal token so that trigraphs and escaped newlines don't throw off the offset computation. On this testcase: printf("abc\ def" "%*d", (unsigned) 1, 1); Before: t.m:5:5: warning: field width should have type 'int', but argument has type 'unsigned int' def" ^ after: t.m:6:12: warning: field width should have type 'int', but argument has type 'unsigned int' "%*d", (unsigned) 1, 1); ^ ~~~~~~~~~~~~ llvm-svn: 64930
2009-02-19 02:34:12 +08:00
// rdar://6079877
printf("abc"
Be a little more permissive than C99: allow 'unsigned' to be used for the field width and precision of a format specifier instead of just 'int'. This matches GCC, and fixes <rdar://problem/6079850>. llvm-svn: 94856
2010-01-30 07:32:22 +08:00
"%*d", 1, 1); // no-warning
use the full spelling of a string literal token so that trigraphs and escaped newlines don't throw off the offset computation. On this testcase: printf("abc\ def" "%*d", (unsigned) 1, 1); Before: t.m:5:5: warning: field width should have type 'int', but argument has type 'unsigned int' def" ^ after: t.m:6:12: warning: field width should have type 'int', but argument has type 'unsigned int' "%*d", (unsigned) 1, 1); ^ ~~~~~~~~~~~~ llvm-svn: 64930
2009-02-19 02:34:12 +08:00
printf("abc\
def"
Be a little more permissive than C99: allow 'unsigned' to be used for the field width and precision of a format specifier instead of just 'int'. This matches GCC, and fixes <rdar://problem/6079850>. llvm-svn: 94856
2010-01-30 07:32:22 +08:00
"%*d", 1, 1); // no-warning
// <rdar://problem/6079850>, allow 'unsigned' (instead of 'int') to be used for both
// the field width and precision. This deviates from C99, but is reasonably safe
// and is also accepted by GCC.
printf("%*d", (unsigned) 1, 1); // no-warning
initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003
2007-08-11 04:18:51 +08:00
}
Patch by Roman Divacky: Extend string-literal checking for printf() format string to handle conditional ternary operators where both sides are literals. This fixes PR 3319: http://llvm.org/bugs/show_bug.cgi?id=3319 llvm-svn: 62117
2009-01-13 07:09:09 +08:00
void check_conditional_literal(const char* s, int i) {
printf(i == 1 ? "yes" : "no"); // no-warning
printf(i == 0 ? (i == 1 ? "yes" : "no") : "dont know"); // no-warning
Fix test case (incomplete "expected-warning" line) llvm-svn: 62119
2009-01-13 07:09:55 +08:00
printf(i == 0 ? (i == 1 ? s : "no") : "dont know"); // expected-warning{{format string is not a string literal}}
Switch Sema over to using the new implementation of format string checking. It passes all existing tests, and the diagnostics have been refined to provide better range information (we now highlight individual format specifiers) and more precise wording in the diagnostics. llvm-svn: 94837
2010-01-30 04:55:36 +08:00
printf("yes" ?: "no %d", 1); // expected-warning{{more data arguments than format specifiers}}
Patch by Roman Divacky: Extend string-literal checking for printf() format string to handle conditional ternary operators where both sides are literals. This fixes PR 3319: http://llvm.org/bugs/show_bug.cgi?id=3319 llvm-svn: 62117
2009-01-13 07:09:09 +08:00
}
Added support for additional format string checking for the printf family of functions. Previous functionality only included checking to see if the format string was a string literal. Now we check parse the format string (if it is a literal) and perform the following checks: (1) Warn if: number conversions (e.g. "%d") != number data arguments. (2) Warn about missing format strings (e.g., "printf()"). (3) Warn if the format string is not a string literal. (4) Warn about the use se of '%n' conversion. This conversion is discouraged for security reasons. (5) Warn about malformed conversions. For example '%;', '%v'; these are not valid. (6) Warn about empty format strings; e.g. printf(""). Although these can be optimized away by the compiler, they can be indicative of broken programmer logic. We may need to add additional support to see when such cases occur within macro expansion to avoid false positives. (7) Warn if the string literal is wide; e.g. L"%d". (8) Warn if we detect a '\0' character WITHIN the format string. Test cases are included. llvm-svn: 41076
2007-08-15 01:39:48 +08:00
void check_writeback_specifier()
{
int x;
char *b;
printf("%n",&x); // expected-warning {{'%n' in format string discouraged}}
sprintf(b,"%d%%%n",1, &x); // expected-warning {{'%n' in format string dis}}
}
void check_invalid_specifier(FILE* fp, char *buf)
{
Switch Sema over to using the new implementation of format string checking. It passes all existing tests, and the diagnostics have been refined to provide better range information (we now highlight individual format specifiers) and more precise wording in the diagnostics. llvm-svn: 94837
2010-01-30 04:55:36 +08:00
printf("%s%lb%d","unix",10,20); // expected-warning {{invalid conversion specifier 'b'}}
fprintf(fp,"%%%l"); // expected-warning {{incomplete format specifier}}
Add basic type checking of format string conversion specifiers and their arguments. Thanks to Cristian Draghici for his help with this patch! llvm-svn: 94864
2010-01-30 08:49:51 +08:00
sprintf(buf,"%%%%%ld%d%d", 1, 2, 3); // expected-warning{{conversion specifies type 'long' but the argument has type 'int'}}
snprintf(buf, 2, "%%%%%ld%;%d", 1, 2, 3); // expected-warning{{conversion specifies type 'long' but the argument has type 'int'}} expected-warning {{invalid conversion specifier ';'}}
Added support for additional format string checking for the printf family of functions. Previous functionality only included checking to see if the format string was a string literal. Now we check parse the format string (if it is a literal) and perform the following checks: (1) Warn if: number conversions (e.g. "%d") != number data arguments. (2) Warn about missing format strings (e.g., "printf()"). (3) Warn if the format string is not a string literal. (4) Warn about the use se of '%n' conversion. This conversion is discouraged for security reasons. (5) Warn about malformed conversions. For example '%;', '%v'; these are not valid. (6) Warn about empty format strings; e.g. printf(""). Although these can be optimized away by the compiler, they can be indicative of broken programmer logic. We may need to add additional support to see when such cases occur within macro expansion to avoid false positives. (7) Warn if the string literal is wide; e.g. L"%d". (8) Warn if we detect a '\0' character WITHIN the format string. Test cases are included. llvm-svn: 41076
2007-08-15 01:39:48 +08:00
}
void check_null_char_string(char* b)
{
printf("\0this is bogus%d",1); // expected-warning {{string contains '\0'}}
snprintf(b,10,"%%%%%d\0%d",1,2); // expected-warning {{string contains '\0'}}
printf("%\0d",1); // expected-warning {{string contains '\0'}}
}
Add some more diagnostics for va_start, fix tests so they pass with these new diags. llvm-svn: 42917
2007-10-13 01:48:41 +08:00
void check_empty_format_string(char* buf, ...)
Added support for additional format string checking for the printf family of functions. Previous functionality only included checking to see if the format string was a string literal. Now we check parse the format string (if it is a literal) and perform the following checks: (1) Warn if: number conversions (e.g. "%d") != number data arguments. (2) Warn about missing format strings (e.g., "printf()"). (3) Warn if the format string is not a string literal. (4) Warn about the use se of '%n' conversion. This conversion is discouraged for security reasons. (5) Warn about malformed conversions. For example '%;', '%v'; these are not valid. (6) Warn about empty format strings; e.g. printf(""). Although these can be optimized away by the compiler, they can be indicative of broken programmer logic. We may need to add additional support to see when such cases occur within macro expansion to avoid false positives. (7) Warn if the string literal is wide; e.g. L"%d". (8) Warn if we detect a '\0' character WITHIN the format string. Test cases are included. llvm-svn: 41076
2007-08-15 01:39:48 +08:00
{
va_list ap;
va_start(ap,buf);
vprintf("",ap); // expected-warning {{format string is empty}}
sprintf(buf,""); // expected-warning {{format string is empty}}
}
Add some more diagnostics for va_start, fix tests so they pass with these new diags. llvm-svn: 42917
2007-10-13 01:48:41 +08:00
void check_wide_string(char* b, ...)
Added support for additional format string checking for the printf family of functions. Previous functionality only included checking to see if the format string was a string literal. Now we check parse the format string (if it is a literal) and perform the following checks: (1) Warn if: number conversions (e.g. "%d") != number data arguments. (2) Warn about missing format strings (e.g., "printf()"). (3) Warn if the format string is not a string literal. (4) Warn about the use se of '%n' conversion. This conversion is discouraged for security reasons. (5) Warn about malformed conversions. For example '%;', '%v'; these are not valid. (6) Warn about empty format strings; e.g. printf(""). Although these can be optimized away by the compiler, they can be indicative of broken programmer logic. We may need to add additional support to see when such cases occur within macro expansion to avoid false positives. (7) Warn if the string literal is wide; e.g. L"%d". (8) Warn if we detect a '\0' character WITHIN the format string. Test cases are included. llvm-svn: 41076
2007-08-15 01:39:48 +08:00
{
va_list ap;
va_start(ap,b);
Add EXTWARN Diagnostic class. - Like EXTENSION but always generates a warning (even without -pedantic). - Updated ptr -> int, int -> ptr, and incompatible cast warnings to be EXTWARN. - Other EXTENSION level diagnostics should be audited for upgrade. - Updated several test cases to fix code which produced unanticipated warnings. llvm-svn: 54335
2008-08-05 08:07:51 +08:00
printf(L"foo %d",2); // expected-warning {{incompatible pointer types}}, expected-warning {{should not be a wide string}}
Fix some Window-isms to get these tests to pass on Windows. llvm-svn: 85450
2009-10-29 08:10:42 +08:00
vsprintf(b,L"bar %d",ap); // expected-warning {{incompatible pointer types}}, expected-warning {{should not be a wide string}}
Added support for additional format string checking for the printf family of functions. Previous functionality only included checking to see if the format string was a string literal. Now we check parse the format string (if it is a literal) and perform the following checks: (1) Warn if: number conversions (e.g. "%d") != number data arguments. (2) Warn about missing format strings (e.g., "printf()"). (3) Warn if the format string is not a string literal. (4) Warn about the use se of '%n' conversion. This conversion is discouraged for security reasons. (5) Warn about malformed conversions. For example '%;', '%v'; these are not valid. (6) Warn about empty format strings; e.g. printf(""). Although these can be optimized away by the compiler, they can be indicative of broken programmer logic. We may need to add additional support to see when such cases occur within macro expansion to avoid false positives. (7) Warn if the string literal is wide; e.g. L"%d". (8) Warn if we detect a '\0' character WITHIN the format string. Test cases are included. llvm-svn: 41076
2007-08-15 01:39:48 +08:00
}
Added notion of '*' specified format width/specifiers when checking printf format strings. Added type checking to see if the matching width/precision argument was of type 'int'. Thanks to Anders Carlsson for reporting this missing feature. llvm-svn: 42933
2007-10-13 04:51:52 +08:00
void check_asterisk_precision_width(int x) {
printf("%*d"); // expected-warning {{'*' specified field width is missing a matching 'int' argument}}
printf("%.*d"); // expected-warning {{'.*' specified field precision is missing a matching 'int' argument}}
printf("%*d",12,x); // no-warning
printf("%*d","foo",x); // expected-warning {{field width should have type 'int', but argument has type 'char *'}}
printf("%.*d","foo",x); // expected-warning {{field precision should have type 'int', but argument has type 'char *'}}
Add EXTWARN Diagnostic class. - Like EXTENSION but always generates a warning (even without -pedantic). - Updated ptr -> int, int -> ptr, and incompatible cast warnings to be EXTWARN. - Other EXTENSION level diagnostics should be audited for upgrade. - Updated several test cases to fix code which produced unanticipated warnings. llvm-svn: 54335
2008-08-05 08:07:51 +08:00
}
Add hook to add attributes to function declarations that we know about, whether they are builtins or not. Use this to add the appropriate "format" attribute to NSLog, NSLogv, asprintf, and vasprintf, and to translate builtin attributes (from Builtins.def) into actual attributes on the function declaration. Use the "printf" format attribute on function declarations to determine whether we should do format string checking, rather than looking at an ad hoc list of builtins and "known" function names. Be a bit more careful about when we consider a function a "builtin" in C++. llvm-svn: 64561
2009-02-15 02:57:46 +08:00
void __attribute__((format(printf,1,3))) myprintf(const char*, int blah, ...);
void test_myprintf() {
myprintf("%d", 17, 18); // okay
}
Fix <rdar://problem/6704086> by allowing the format string checking in Sema to allow non-literal format strings that are variables that (a) permanently bind to a string constant and (b) whose string constants are resolvable within the same translation unit. llvm-svn: 67404
2009-03-21 05:35:28 +08:00
void test_constant_bindings(void) {
const char * const s1 = "hello";
const char s2[] = "hello";
const char *s3 = "hello";
char * const s4 = "hello";
extern const char s5[];
printf(s1); // no-warning
printf(s2); // no-warning
printf(s3); // expected-warning{{not a string literal}}
printf(s4); // expected-warning{{not a string literal}}
printf(s5); // expected-warning{{not a string literal}}
}
implement -Wformat-security properly, which is enabled by default. This enables one specific class of non-literal format warnings. llvm-svn: 70368
2009-04-29 12:59:47 +08:00
// Test what happens when -Wformat-security only.
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
#pragma GCC diagnostic warning "-Wformat-security"
void test9(char *P) {
int x;
printf(P); // expected-warning {{format string is not a string literal (potentially insecure)}}
printf(P, 42);
printf("%n", &x); // expected-warning {{use of '%n' in format string discouraged }}
}
Fix <rdar://problem/6880975> [format string] Assertion failed: (Arg < NumArgs && "Arg access out of range!"). For format string checking, only check the type of the format specifier for non-vararg functions. llvm-svn: 71672
2009-05-14 00:06:05 +08:00
void torture(va_list v8) {
vprintf ("%*.*d", v8); // no-warning
Be a little more permissive than C99: allow 'unsigned' to be used for the field width and precision of a format specifier instead of just 'int'. This matches GCC, and fixes <rdar://problem/6079850>. llvm-svn: 94856
2010-01-30 07:32:22 +08:00
Fix <rdar://problem/6880975> [format string] Assertion failed: (Arg < NumArgs && "Arg access out of range!"). For format string checking, only check the type of the format specifier for non-vararg functions. llvm-svn: 71672
2009-05-14 00:06:05 +08:00
}
Recognize 'q' as a format length modifier (from BSD). llvm-svn: 94894
2010-01-30 23:49:20 +08:00
void test10(int x, float f, int i, long long lli) {
Switch Sema over to using the new implementation of format string checking. It passes all existing tests, and the diagnostics have been refined to provide better range information (we now highlight individual format specifiers) and more precise wording in the diagnostics. llvm-svn: 94837
2010-01-30 04:55:36 +08:00
printf("%@", 12); // expected-warning{{invalid conversion specifier '@'}}
printf("\0"); // expected-warning{{format string contains '\0' within the string body}}
printf("xs\0"); // expected-warning{{format string contains '\0' within the string body}}
printf("%*d\n"); // expected-warning{{'*' specified field width is missing a matching 'int' argument}}
printf("%*.*d\n", x); // expected-warning{{'.*' specified field precision is missing a matching 'int' argument}}
printf("%*d\n", f, x); // expected-warning{{field width should have type 'int', but argument has type 'double'}}
printf("%*.*d\n", x, f, x); // expected-warning{{field precision should have type 'int', but argument has type 'double'}}
printf("%**\n"); // expected-warning{{invalid conversion specifier '*'}}
printf("%n", &i); // expected-warning{{use of '%n' in format string discouraged (potentially insecure)}}
printf("%d%d\n", x); // expected-warning{{more '%' conversions than data arguments}}
printf("%d\n", x, x); // expected-warning{{more data arguments than format specifiers}}
printf("%W%d%Z\n", x, x, x); // expected-warning{{invalid conversion specifier 'W'}} expected-warning{{invalid conversion specifier 'Z'}}
printf("%"); // expected-warning{{incomplete format specifier}}
printf("%.d", x); // no-warning
printf("%.", x); // expected-warning{{incomplete format specifier}}
Add format string checking of 'double' arguments. Fixes <rdar://problem/6931734>. llvm-svn: 94867
2010-01-30 09:02:18 +08:00
printf("%f", 4); // expected-warning{{conversion specifies type 'double' but the argument has type 'int'}}
Recognize 'q' as a format length modifier (from BSD). llvm-svn: 94894
2010-01-30 23:49:20 +08:00
printf("%qd", lli);
Format string checking: selectively ignore implicit casts to 'int' when checking if the format specifier matches the type of the data argument and the length modifier indicates the data type is 'char' or 'short'. llvm-svn: 94992
2010-02-02 03:28:15 +08:00
printf("hhX %hhX", (unsigned char)10); // no-warning
printf("llX %llX", (long long) 10); // no-warning
// This is fine, because there is an implicit conversion to an int.
printf("%d", (unsigned char) 10); // no-warning
printf("%d", (long long) 10); // expected-warning{{conversion specifies type 'int' but the argument has type 'long long'}}
Add format string type checking support for 'long double'. llvm-svn: 95026
2010-02-02 07:23:50 +08:00
printf("%Lf\n", (long double) 1.0); // no-warning
printf("%f\n", (long double) 1.0); // expected-warning{{conversion specifies type 'double' but the argument has type 'long double'}}
Switch Sema over to using the new implementation of format string checking. It passes all existing tests, and the diagnostics have been refined to provide better range information (we now highlight individual format specifiers) and more precise wording in the diagnostics. llvm-svn: 94837
2010-01-30 04:55:36 +08:00
}
Patch by Cristian Draghici: Enhance the printf format string checking when using the format specifier flags ' ', '0', '+' with the 'p' or 's' conversions (since they are nonsensical and undefined). This is similar to GCC's checking. Also warning when a precision is used with the 'p' conversin specifier, since it has no meaning. llvm-svn: 95869
2010-02-11 17:27:41 +08:00
void test11(void *p, char *s) {
printf("%p", p); // no-warning
printf("%.4p", p); // expected-warning{{precision used in 'p' conversion specifier (where it has no meaning)}}
printf("%+p", p); // expected-warning{{flag '+' results in undefined behavior in 'p' conversion specifier}}
printf("% p", p); // expected-warning{{flag ' ' results in undefined behavior in 'p' conversion specifier}}
printf("%0p", p); // expected-warning{{flag '0' results in undefined behavior in 'p' conversion specifier}}
printf("%s", s); // no-warning
printf("%+s", p); // expected-warning{{flag '+' results in undefined behavior in 's' conversion specifier}}
printf("% s", p); // expected-warning{{flag ' ' results in undefined behavior in 's' conversion specifier}}
printf("%0s", p); // expected-warning{{flag '0' results in undefined behavior in 's' conversion specifier}}
}
Refactor the logic for printf argument type-checking into analyze_printf::ArgTypeResult. Implement printf argument type checking for '%s'. Fixes <rdar://problem/3065808>. llvm-svn: 96310
2010-02-16 09:46:59 +08:00
void test12() {
unsigned char buf[4];
printf ("%.4s\n", buf); // no-warning
Fix test case. llvm-svn: 96311
2010-02-16 09:47:05 +08:00
printf ("%.4s\n", &buf); // expected-warning{{conversion specifies type 'char *' but the argument has type 'unsigned char (*)[4]'}}
Refactor the logic for printf argument type-checking into analyze_printf::ArgTypeResult. Implement printf argument type checking for '%s'. Fixes <rdar://problem/3065808>. llvm-svn: 96310
2010-02-16 09:46:59 +08:00
}
Add basic type checking of format string conversion specifiers and their arguments. Thanks to Cristian Draghici for his help with this patch! llvm-svn: 94864
2010-01-30 08:49:51 +08:00
typedef struct __aslclient *aslclient;
typedef struct __aslmsg *aslmsg;
int asl_log(aslclient asl, aslmsg msg, int level, const char *format, ...) __attribute__((__format__ (__printf__, 4, 5)));
void test_asl(aslclient asl) {
// Test case from <rdar://problem/7341605>.
asl_log(asl, 0, 3, "Error: %m"); // no-warning
asl_log(asl, 0, 3, "Error: %W"); // expected-warning{{invalid conversion specifier 'W'}}
}
Implement promotion for enumeration types. WHAT!?! It turns out that Type::isPromotableIntegerType() was not considering enumeration types to be promotable, so we would never do the promotion despite having properly computed the promotion type when the enum was defined. Various operations on values of enum type just "worked" because we could still compute the integer rank of an enum type; the oddity, however, is that operations such as "add an enum and an unsigned" would often have an enum result type (!). The bug actually showed up as a spurious -Wformat diagnostic (<rdar://problem/7595366>), but in theory it could cause miscompiles. In this commit: - Enum types with a promotion type of "int" or "unsigned int" are promotable. - Tweaked the computation of promotable types for enums - For all of the ABIs, treat enum types the same way as their underlying types (*not* their promotion types) for argument passing and return values - Extend the ABI tester with support for enumeration types llvm-svn: 95117
2010-02-03 04:10:50 +08:00
// <rdar://problem/7595366>
typedef enum { A } int_t;
void f0(int_t x) { printf("%d\n", x); }