Welcome to Software Development on Codidact!
Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.
Counting number of assignments that a `fscanf` format strings implies
I'm writing a function that counts the number of assignments for a fscanf format string. I studied the documentation in C standard 7.21.6.2
It looks like it works. It passes all test cases I have written and yields no warnings with -Wall -Wextra -pedantic -std=c17. While I appreciate design advises, my main concern is if the code is correct or not, so I would be grateful if you found any test case that breaks it. Minor things like variable naming and such is not really interesting.
The function requires the format string to be valid. If not, the behavior is undefined.
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <assert.h>
// Counts the number of assignments that should be made by scanf and alike.
//
// Assumes a valid format string. If it's not valid, behavior is undefined.
int count_assignments(const char *fmt) {
int ret = 0;
// Note that n is removed, because it suppresses assignments
static const char specifiers[] = "diouxaefgcspAEFGX";
static const char singlelength[] = "hljztL";
static const char doublelength[] = "hl";
while(*fmt) {
if(*fmt == '%') {
fmt++;
// Skip width modification
while(isdigit(*fmt)) fmt++;
// Check length modification
if(strchr(singlelength, *fmt)) {
fmt++;
if(strchr(doublelength, *fmt)) {
fmt++;
goto READ_SPECIFIER;
}
goto READ_SPECIFIER;
}
if(*fmt == '[') {
while(*fmt != ']') fmt++;
ret++;
goto END;
}
goto READ_SPECIFIER;
}
goto END;
READ_SPECIFIER:
if(strchr(specifiers, *fmt))
ret++;
END:
fmt++;
}
return ret;
}
int main(void)
{
struct test_case {
const char *fmt;
const int n;
} test_cases[] = {
{ "foo", 0 },
{ "%s", 1 },
{ "%d%d", 2 },
{ "%lld", 1 },
{ "%%", 0 },
{ "%d%%%d", 2 },
{ "%2333d%c%33f", 3 },
{ "%[bar]", 1 }
};
for(size_t i=0; i<sizeof test_cases/sizeof test_cases[0]; i++) {
struct test_case tc = test_cases[i];
printf("%s %d %d\n", tc.fmt, tc.n, count_assignments(tc.fmt));
assert(count_assignments(tc.fmt) == tc.n);
}
}
3 answers
You are accessing this answer with a direct link, so it's being shown above all other answers regardless of its score. You can return to the normal view.
I have found an improvement that is worth posting as an answer to my question.
One thing that I was not comfortable with was coming up with test cases and figuring out how many assignments a format string should have by just analyzing it visually. so I had to find a second way to achieve the same thing that I'm trying to do.
I did it by writing a function that takes a format string as argument, creates a file called warning.c which only contains a main function with a single scanf call with the format string specified. then the function executes a compile command and counts the number of warnings, because there is one warning for each argument that is missing, and I'm giving no arguments. Here is the code for that:
size_t get_no_warnings(const char *fmt)
{
FILE *fp = fopen("warning.c", "w");
if(!fp) {
perror("Error opening file");
exit(EXIT_FAILURE);
}
fprintf(fp, "#include <stdio.h>\n\nint main(void) {\n\tscanf(\"%s\");\n}\n", fmt);
fclose(fp);
fp = popen("gcc warning.c -Wall -Wextra -pedantic 2>&1 | grep \"warning: format\" | wc -l", "r");
if(!fp) {
perror("Error executing command");
exit(EXIT_FAILURE);
}
char output[100];
fgets(output, sizeof(output), fp);
size_t ret;
if(sscanf(output, "%zu", &ret) != 1) {
perror("Error reading output");
exit(EXIT_FAILURE);
}
return ret;
}
With that, I can modify my original code like this. I can change
assert(count_assignments(tc.fmt) == tc.n);
to
assert(count_assignments(tc.fmt) == get_no_warnings(tc.fmt));
I have not made up my mind yet if I should remove the n field from test_case. It would look better, but I'm not sure if it's worth the effort, plus that I assume it's a good thing that I also check if my manual inspection is correct or not. If it's not, there's something about format strings that I don't understand properly.
0 comment threads
Just looking at your code, I think you'll need to look at a few nasties in scan sets:
-
%[^]%a-z]stops at the second], not the first, for example, and I think your code would misconstrue the%aas a conversion rather than part of the scan set. - Likewise
%[]%[a-z]; the one scan set there stops at the second], but your code would count two scan sets, I believe.
You also need to know about %n (it's a conversion specifier, but it doesn't get counted). You've removed it from the list of conversion specifiers, so you may be OK with that (but your testing should test it).
You'll need to worry about suppressed conversions %23*f (which don't get counted either).
I think your code would accept %hld or %lhu as valid (whereas %hhd and %llu are valid — it should be two of the same length modifier). That's one specific case of the more general comment:
You are not validating the format — which is OK, as long as you know that's what you're (not) doing.
Consider using look-up tables to increase execution speed (at the cost of some 200 bytes .rodata use). For example this:
static const char specifiers[] = "diouxaefgcspAEFGX";
could be replaced with
static const bool specifiers[UCHAR_MAX] = {
['d'] = true,
['i'] = true,
...
};
C guarantees that any specifier not mentioned in the above array initialization will get set to false.
Then instead of the repeated slow strchr calls, you could simply do
unsigned char ch = (unsigned char)*fmt;
if(specifiers[ch])
The conversion to unsigned is defensive programming in case of signed char and 8 bit non-ASCII characters or a mangled EOF made it inside the string.
2 comment threads