LinuxLists.cc - [PATCH 0/1] Add format attribute to enable printf warnings

2022-05-09 10:23:56

Subject: [PATCH 0/1] Add format attribute to enable printf warnings

Hi Ammar,

When we use printf and fprintf functions from nolibc, we don't get any
warning from the compiler if we have wrong arguments, for example the
following calls will compile silently:
```
printf("%s %s\n", "aaa");
fprintf(stdout, "%s %s\n", "xxx", 1);
```
Those calls are undefined behavior. We can catch it at compile time by
adding format attribute to those function declarations. After this
patch, we get the following warnings:
```
warning: format `%s` expects a matching `char *` argument [-Wformat=]
warning: format `%s` expects argument of type `char *`, but argument 4 has type `int` [-Wformat=]
```

Signed-off-by: Alviro Iskandar Setiawan <[email protected]>
---

Alviro Iskandar Setiawan (1):
tools/nolibc/stdio: Add format attribute to enable printf warnings

tools/include/nolibc/stdio.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

base-commit: 2fbaf4ddb5e2f64a565247683093b869b5b3f792
prerequisite-patch-id: 1bcffd448f6984eee80d86560af19672cd4ae716
prerequisite-patch-id: 3e31c80bd4dd532e30b4bba76e5d98647e21184b
prerequisite-patch-id: 34e531967a67791d5b3c3e071527de7235715906
prerequisite-patch-id: 14105c6ae9dcc068ddf12a7c1bf431066199b813
prerequisite-patch-id: 4299173943ea579f538da00488fb1a7b1a690a79
prerequisite-patch-id: dd85164f2ec9eb8cea64ab801abac614f9d0c8f5
prerequisite-patch-id: 2c1b940635d1564e26b9959eb57cf9fa6983cb2f
prerequisite-patch-id: 8b1b453d855c9b8081353ffbddd03f6cfcfa2ab6
--
Alviro Iskandar Setiawan

2022-05-09 11:22:14

by Alviro Iskandar Setiawan

[permalink] [raw]

Subject: [PATCH 1/1] tools/nolibc/stdio: Add format attribute to enable printf warnings

When we use printf and fprintf functions from nolibc, we don't get any
warning from the compiler if we have wrong arguments, for example the
following calls will compile silently:
```
printf("%s %s\n", "aaa");
fprintf(stdout, "%s %s\n", "xxx", 1);
```
Those calls are undefined behavior. We can catch it at compile time by
adding format attribute to those function declarations. After this
patch, we get the following warnings:
```
warning: format `%s` expects a matching `char *` argument [-Wformat=]
warning: format `%s` expects argument of type `char *`, but argument 4 has type `int` [-Wformat=]
```

Signed-off-by: Alviro Iskandar Setiawan <[email protected]>
---
tools/include/nolibc/stdio.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/include/nolibc/stdio.h b/tools/include/nolibc/stdio.h
index 15dedf8d0902..009dd6ae68f2 100644
--- a/tools/include/nolibc/stdio.h
+++ b/tools/include/nolibc/stdio.h
@@ -273,7 +273,7 @@ int vfprintf(FILE *stream, const char *fmt, va_list args)
return written;
}

-static __attribute__((unused))
+static __attribute__((unused)) __attribute__((format(printf, 2, 3)))
int fprintf(FILE *stream, const char *fmt, ...)
{
va_list args;
@@ -285,7 +285,7 @@ int fprintf(FILE *stream, const char *fmt, ...)
return ret;
}

-static __attribute__((unused))
+static __attribute__((unused)) __attribute__((format(printf, 1, 2)))
int printf(const char *fmt, ...)
{
va_list args;
--
Alviro Iskandar Setiawan

2022-05-14 01:45:24

by Ammar Faizi

[permalink] [raw]

Subject: Re: [PATCH 1/1] tools/nolibc/stdio: Add format attribute to enable printf warnings

I will send it to Willy soon.

Anyway, __attribute__ can have multiple arguments, so no need
to write it twice. I simplified it, the end result patch below...

Thank you!

---
From 7998cda9acdbfec6d6ba73642c27d710996c27ed Mon Sep 17 00:00:00 2001
From: Alviro Iskandar Setiawan <[email protected]>
Subject: tools/nolibc/stdio: Add format attribute to enable printf warnings

When we use printf and fprintf functions from the nolibc, we don't
get any warning from the compiler if we have the wrong arguments.
For example, the following calls will compile silently:
```
printf("%s %s\n", "aaa");
fprintf(stdout, "%s %s\n", "xxx", 1);
```
(Note the wrong arguments).

Those calls are undefined behavior. The compiler can help us warn
about the above mistakes by adding a `printf` format attribute to
those functions declaration. This patch adds it, and now it yields
these warnings for those mistakes:
```
warning: format `%s` expects a matching `char *` argument [-Wformat=]
warning: format `%s` expects argument of type `char *`, but argument 4 has type `int` [-Wformat=]
```

[ammarfaizi2: Simplify the attribute placement.]

Signed-off-by: Alviro Iskandar Setiawan <[email protected]>
Signed-off-by: Ammar Faizi <[email protected]>
---
tools/include/nolibc/stdio.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/include/nolibc/stdio.h b/tools/include/nolibc/stdio.h
index 15dedf8d0902..a3cebc4bc3ac 100644
--- a/tools/include/nolibc/stdio.h
+++ b/tools/include/nolibc/stdio.h
@@ -273,7 +273,7 @@ int vfprintf(FILE *stream, const char *fmt, va_list args)
return written;
}

-static __attribute__((unused))
+static __attribute__((unused, format(printf, 2, 3)))
int fprintf(FILE *stream, const char *fmt, ...)
{
va_list args;
@@ -285,7 +285,7 @@ int fprintf(FILE *stream, const char *fmt, ...)
return ret;
}

-static __attribute__((unused))
+static __attribute__((unused, format(printf, 1, 2)))
int printf(const char *fmt, ...)
{
va_list args;

--
Ammar Faizi