Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SR-10655] Compiler should help to validate string format with variadic arguments (proper CFStringCreateWithFormat support) #3420

Open
swift-ci opened this issue May 10, 2019 · 0 comments
Open

[SR-10655] Compiler should help to validate string format with variadic arguments (proper CFStringCreateWithFormat support) #3420

swift-ci opened this issue May 10, 2019 · 0 comments
Labels
Compiler Foundation Improvement

Comments

@swift-ci
Copy link
Contributor

Previous ID SR-10655
Radar rdar://problem/19414352
Original Reporter kappe (JIRA User)
Type Improvement
Additional Detail from JIRA
Votes 0
Component/s Compiler, Foundation
Labels Improvement
Assignee None
Priority Medium

md5: cd16cac8882354c1bbbf9f0719d8c2dd

relates to:

  • SR-9109 String.init(format::), String.init(format:arguments:), String.init(format:locale::), String.init(format:locale:arguments), and String.localizedStringWithFormat are dangerous and should be removed.

Issue Description:

From: https://bugs.swift.org/browse/SR-9109

Quoting @itaiferber:

A version of CFStringCreateWithFormat which takes a number of arguments isn’t any better than what we have today — between the format string and the arguments themselves, the source of truth is taken to be the format string. Because of how C is, there’s no way to know how many arguments are passed in, so there’s no way to validate the input against the source of truth

Adding another parameter adds further potential inconsistency with that source of truth:

  • You can mistype the count but have the correct format string and number of arguments

  • You can have the right count and format string, but still pass in the wrong number of arguments

  • You can have the right number of arguments and count, but screw up the format string

  • Rinse and repeat for all combinations, including the count, format string, and arguments being inconsistent

Instead, we have the compiler to verify things in C and Obj-C for CFStringCreateWithFormat and -[NSString initWithFormat:] — both are marked with the same attributes as the printf family of functions so the compiler warns on mismatches and inconsistencies, as it should:

CFStringRef string = CFStringCreateWithFormat(NULL, NULL, CFSTR("%d, %d"), 5); // warning: more '%' conversions than data arguments

If a developer chooses to ignore those warnings, then it’s no surprise if things don’t work.

What we don’t have, though, is a similar facility in Swift:

let str = String(format: "%d, %d", 5)
print(str)

produces no warnings. It would be nice to be able to annotate String.init(format:_🙂 with a similar annotation to keep developers safe in the same way.

If we want to maintain the use of CVarArg in swift the compiler should help with the format validation implementing something like the objc `NS_FORMAT_FUNCTION()`

A real-life example is os_log, that is the way-to-go for logging but it's a pain to use, with countless crashes due to wrong format strings.

Something like this:

os_log("ups %@, %@, %d", "bug!")

In swift compiles with no problems, when in Objc gives you the proper warnings.
@swift-ci swift-ci transferred this issue from apple/swift-issues Apr 25, 2022
@shahmishal shahmishal transferred this issue from apple/swift May 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Compiler Foundation Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@swift-ci