[cfe-dev] Extending printf format string checking to cover ObjC format strings in NSLog
kremenek at apple.com
Mon Jun 16 11:29:39 PDT 2008
On Jun 16, 2008, at 3:28 AM, Nikita Zhuk wrote:
> Current printf format string checking is very useful but it's
> limited to printf -style functions which use C format strings. I
> would like to propose extending this functionality to cover
> Objective-C format strings in NSLog function. A simple
> implementation of this extension is attached to this message.
> Speaking of format strings in ObjC, are there any plans to extend
> format string checking to cover ObjC methods which accept format
> strings as one of their arguments, such as various -[NSString
> initWithFormat:...] methods?
> Best regards,
> Nikita Zhuk
Thanks Nikita! Applied:
This is a good introductory patch for ObjC format strings. A couple
points worth thinking about:
1) NSLog uses the "NSString" attribute to document it has a "format-
string" interface. From Foundation.h:
extern void NSLog(NSString *format, ...)
__attribute__((format(__NSString__, 1, 2)));
Instead of checking for "NSLog", we should probably generalize the
checking to just use the NSString attribute. Right now we parse the
NSString attribute, and create a FormatAttr object to represent that
attribute. We should probably generalize FormatAttr (or add a flag)
to indicate that it came from __NSString__.
2) Format string checking for __NSString__ is not exactly the same as
printf checking. According to Apple's documentation, the set of
format specifiers is not the same as for printf:
For example, Objective-C format strings support things like %D, %qX,
etc., but these are not supported by printf. printf also supports %n
(which is a security hole), but Objective-C format strings do not
support %n. We'll need to extend the format-string checking to
distinguish between these two modes.
FYI: The C99 documentation for printf format-string arguments is in
section 188.8.131.52 of the C99 Standard.
Overall, our format string checking needs to be greatly improved, and
include things like more comprehensive type checking between
specifiers and arguments, etc. I plan on working on this over the
next couple days.
Thanks for the patch!
More information about the cfe-dev