Comment by rurban

1 day ago

I implemented a secure printf_s and its API is the problem. You cannot dead-code eliminate all the unused methods. And it's type unsafe. There are much better API's to implement a safe printer with all the formatting options still. format is not one of them

4 comments

rurban

bobmcnamara 1 day ago

The only hack I could think of is having the compiler front end generate calls to different functions based on the content of the format string, similar to how some compilers replace memset with a 32-bit memset based on the type of the destination pointer

And it all falls apart as soon as a format string cannot be known at compile time.

Someone 20 hours ago
> The only hack I could think of is having the compiler front end generate calls to different functions based on the content of the format string
Compilers do that, at least for the simple case of constant strings; gcc can compile a printf call as puts. See https://stackoverflow.com/questions/60080021/compiler-change...
- bobmcnamara 5 hours ago
  
  That's the only one I've ever seen, and it's really just checking for the absence of '%'.
  What if it could convert:
  printf("parsed: %s to %i\n", x, y);
  To:
  puts("parsed: "); puts(x); puts(" to "); _puti(y); putc('\n');
  Well. Then we'd have a lot more function calls overhead. Maybe something like:
  _printf_nofloat("parsed: %s to %i\n", x, y);
  
  1 reply →