ansaurus

Question

Is there a truly safe formatting library for C?

Answer 1

+6 A:

You're writing in C. C is not type-safe. You cannot avoid undefined behaviour if you pass an int* instead of a char*. There's no such thing as "there's no possibility" if your variables are not statically type checked / tagged for runtime checking.

If you have something that produces warnings, that's quite good already...

If you really need or want safety, you may want to have a look at cyclone (C dialect), or some completely different languages.

viraptor 2009-05-09 23:50:28

+1 for x-ref to Cyclone. Interesting.

Jonathan Leffler 2009-05-10 04:01:11

+1: I love Cyclone!

Anthony Cuozzo 2009-05-11 19:12:28

Answer 2

+4 A:

there's no possibility to mismatch the format string from the arguments

If you want a format string, without special compiler support you basically can't do it. That said, you could have a safe formatting library in C if you forgo the format string. I'm not aware of any, but I would not be surprised if they existed.

One could have an interface like:

typedef ... FORMATTER;

FORMATTER create_formatter();
int fmt_add_string_default(FORMATTER f, const char *s);
int fmt_add_string(FORMATTER f, const char *s, int maxlength, const char fill, enum fmt_alignment align);
...
int fmt_add_decimal_default(FORMATTER f, int d);
... // you get the idea
int fmt_write_result(FORMATTER f, char *out, int out_length);
void destroy_formatter(FORMATTER f);

Something like this would be perfectly safe, if a bit verbose.

Logan Capaldo 2009-05-09 23:56:19

It still doesn't meet his impossible requirements, tho. e.g., if the string in fmt_add_string_default is a bad pointer, the app will almost certainly still crash.

Jason Coco 2009-05-10 00:26:38

Well a bad pointer isn't (necessarily) the same thing as passing the wrong type. An interface like the one I've described will prevent the "oops, put the int where I meant to put the char*" which the printf family doesn't. I assume that's what he meant by "there's no possibility to crash by passing the wrong type". You can of course always suborn these things through casts, what have you, but then the answer becomes useless ("Go use a different language."). I chose to interpret it as "What's the safest you can get without changing the programming language."

Logan Capaldo 2009-05-10 01:00:37

Yeah, I understand that, but the answer is go use another language. His requirements preclude using C.

Jason Coco 2009-05-10 01:16:43

Answer 3

+1 A:

No, because whatever "safety" you introduce can be suborned by the language. It's like building your castle on sand - it doesn't matter how good the castle is, it can still be made to fall if you dig out the sand from underneath it.

There is no mechanism in C to enforce specific parameter types, nor should there be.

If people don't use your tools as they're meant to, that's their own problem, in my opinion. You're not supposed to be providing software to three-year-olds - they're expected to have some modicum of intelligence.

paxdiablo 2009-05-10 00:38:22

ansaurus

tags:

views:

answers:

Is there a truly safe formatting library for C?

related questions