[PATCH] D25266: Add a static_assert to enforce that parameters to llvm::format() are not totally unsafe

Mehdi AMINI via llvm-commits llvm-commits at lists.llvm.org
Tue Oct 4 23:05:22 PDT 2016 

mehdi_amini created this revision.
mehdi_amini added reviewers: bogner, Bigcheese, dexonsmith.
mehdi_amini added a subscriber: llvm-commits.

I had for the second time today a bug where llvm::format("%s", Str)
was called with Str being a StringRef. The Linux and MacOS bots were
fine, but windows having different calling convention, it printed
garbage.

Instead we can catch this at compile-time: it is never expected to
call a C vararg printf-like function with non scalar type I believe.


https://reviews.llvm.org/D25266

Files:
  llvm/include/llvm/Support/Format.h


Index: llvm/include/llvm/Support/Format.h
===================================================================
--- llvm/include/llvm/Support/Format.h
+++ llvm/include/llvm/Support/Format.h
@@ -75,6 +75,16 @@
 /// printed, this synthesizes the string into a temporary buffer provided and
 /// returns whether or not it is big enough.
 
+// Helper to validate that format() parameters are scalars or pointers.
+template <typename... Args> struct validate_format_parameters;
+template <typename Arg, typename... Args>
+struct validate_format_parameters<Arg, Args...> {
+  static_assert(std::is_scalar<Arg>::value,
+                "format can't be used with non fundamental / non pointer type");
+  validate_format_parameters() { validate_format_parameters<Args...>(); }
+};
+template <> struct validate_format_parameters<> {};
+
 template <typename... Ts>
 class format_object final : public format_object_base {
   std::tuple<Ts...> Vals;
@@ -91,7 +101,9 @@
 
 public:
   format_object(const char *fmt, const Ts &... vals)
-      : format_object_base(fmt), Vals(vals...) {}
+      : format_object_base(fmt), Vals(vals...) {
+    validate_format_parameters<Ts...>();
+  }
 
   int snprint(char *Buffer, unsigned BufferSize) const override {
     return snprint_tuple(Buffer, BufferSize, index_sequence_for<Ts...>());


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25266.73595.patch
Type: text/x-patch
Size: 1314 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161005/14d37a18/attachment.bin>

More information about the llvm-commits mailing list