Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Notifications
Mark all as read
Code Reviews

Counting number of assignments that a `fscanf` format strings implies

+4
−0

I'm writing a function that counts the number of assignments for a fscanf format string. I studied the documentation in C standard 7.21.6.2

It looks like it works. It passes all test cases I have written and yields no warnings with -Wall -Wextra -pedantic -std=c17. While I appreciate design advises, my main concern is if the code is correct or not, so I would be grateful if you found any test case that breaks it. Minor things like variable naming and such is not really interesting.

The function requires the format string to be valid. If not, the behavior is undefined.

#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <assert.h>

// Counts the number of assignments that should be made by scanf and alike.
//
// Assumes a valid format string. If it's not valid, behavior is undefined.

int count_assignments(const char *fmt) {
    int ret = 0;

    // Note that n is removed, because it suppresses assignments
    static const char specifiers[] = "diouxaefgcspAEFGX";
    static const char singlelength[] = "hljztL";
    static const char doublelength[] = "hl";

    while(*fmt) {
        if(*fmt == '%') { 
            fmt++;

            // Skip width modification
            while(isdigit(*fmt)) fmt++;

            // Check length modification
            if(strchr(singlelength, *fmt)) {
                fmt++;
                if(strchr(doublelength, *fmt)) {
                    fmt++;
                    goto READ_SPECIFIER;
                }
                goto READ_SPECIFIER;
            }
            if(*fmt == '[') {
                while(*fmt != ']') fmt++;
                ret++;
                goto END;
            }
            goto READ_SPECIFIER;
        }

        goto END;
        
    READ_SPECIFIER:
        if(strchr(specifiers, *fmt)) 
            ret++;
    END:
        fmt++;
    }

    return ret;
}

int main(void)
{
    struct test_case {
        const char *fmt;
        const int n;
    } test_cases[] = {
        { "foo", 0 },
        { "%s", 1 },
        { "%d%d", 2 },
        { "%lld", 1 },
        { "%%", 0 },
        { "%d%%%d", 2 },
        { "%2333d%c%33f", 3 },
        { "%[bar]", 1 }
    };

    for(size_t i=0; i<sizeof test_cases/sizeof test_cases[0]; i++) {
        struct test_case tc = test_cases[i];
        printf("%s %d %d\n", tc.fmt, tc.n, count_assignments(tc.fmt));
        assert(count_assignments(tc.fmt) == tc.n);
    }
}
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

2 comment threads

Handling `%%` in a `scanf()` format string? (1 comment)
General comments (2 comments)

3 answers

+3
−0

Just looking at your code, I think you'll need to look at a few nasties in scan sets:

  • %[^]%a-z] stops at the second ], not the first, for example, and I think your code would misconstrue the %a as a conversion rather than part of the scan set.
  • Likewise %[]%[a-z]; the one scan set there stops at the second ], but your code would count two scan sets, I believe.

You also need to know about %n (it's a conversion specifier, but it doesn't get counted). You've removed it from the list of conversion specifiers, so you may be OK with that (but your testing should test it).

You'll need to worry about suppressed conversions %23*f (which don't get counted either).

I think your code would accept %hld or %lhu as valid (whereas %hhd and %llu are valid — it should be two of the same length modifier). That's one specific case of the more general comment:

You are not validating the format — which is OK, as long as you know that's what you're (not) doing.

Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

General comments (4 comments)
+3
−0

Consider using look-up tables to increase execution speed (at the cost of some 200 bytes .rodata use). For example this:

static const char specifiers[] = "diouxaefgcspAEFGX";

could be replaced with

static const bool specifiers[UCHAR_MAX] = {
  ['d'] = true,
  ['i'] = true,
  ...

};

C guarantees that any specifier not mentioned in the above array initialization will get set to false.

Then instead of the repeated slow strchr calls, you could simply do

unsigned char ch = (unsigned char)*fmt;
if(specifiers[ch])

The conversion to unsigned is defensive programming in case of signed char and 8 bit non-ASCII characters or a mangled EOF made it inside the string.

Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

General comments (1 comment)
+2
−0

I have found an improvement that is worth posting as an answer to my question.

One thing that I was not comfortable with was coming up with test cases and figuring out how many assignments a format string should have by just analyzing it visually. so I had to find a second way to achieve the same thing that I'm trying to do.

I did it by writing a function that takes a format string as argument, creates a file called warning.c which only contains a main function with a single scanf call with the format string specified. then the function executes a compile command and counts the number of warnings, because there is one warning for each argument that is missing, and I'm giving no arguments. Here is the code for that:

size_t get_no_warnings(const char *fmt)
{
    FILE *fp = fopen("warning.c", "w");
    if(!fp) {
        perror("Error opening file");
        exit(EXIT_FAILURE);
    }

    fprintf(fp, "#include <stdio.h>\n\nint main(void) {\n\tscanf(\"%s\");\n}\n", fmt);
    fclose(fp);

    fp = popen("gcc warning.c -Wall -Wextra -pedantic 2>&1 | grep \"warning: format\" | wc -l", "r");

    if(!fp) {
        perror("Error executing command");
        exit(EXIT_FAILURE);
    }

    char output[100];
    fgets(output, sizeof(output), fp);
    size_t ret;
    if(sscanf(output, "%zu", &ret) != 1) {
	perror("Error reading output");
	exit(EXIT_FAILURE);
    }
    return ret;
}

With that, I can modify my original code like this. I can change

assert(count_assignments(tc.fmt) == tc.n);

to

assert(count_assignments(tc.fmt) == get_no_warnings(tc.fmt));

I have not made up my mind yet if I should remove the n field from test_case. It would look better, but I'm not sure if it's worth the effort, plus that I assume it's a good thing that I also check if my manual inspection is correct or not. If it's not, there's something about format strings that I don't understand properly.

Why does this post require moderator attention?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »