search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* config/xtensa/xtensa.h (ASM_OUTPUT_POOL_PROLOGUE): Emit a
[official-gcc.git] / gcc / c-format.c
blobd52cfba7c70e3f73490436877a332c0603ac6c50
1 /* Check calls to formatted I/O functions (-Wformat).
2 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
3 2001, 2002 Free Software Foundation, Inc.
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 2, or (at your option) any later
10 version.
11
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING. If not, write to the Free
19 Software Foundation, 59 Temple Place - Suite 330, Boston, MA
20 02111-1307, USA. */
21
22 #include "config.h"
23 #include "system.h"
24 #include "tree.h"
25 #include "flags.h"
26 #include "toplev.h"
27 #include "c-common.h"
28 #include "intl.h"
29 #include "diagnostic.h"
30
31 \f
32 /* Command line options and their associated flags. */
33
34 /* Warn about format/argument anomalies in calls to formatted I/O functions
35 (*printf, *scanf, strftime, strfmon, etc.). */
36
37 int warn_format;
38
39 /* Warn about Y2K problems with strftime formats. */
40
41 int warn_format_y2k;
42
43 /* Warn about excess arguments to formats. */
44
45 int warn_format_extra_args;
46
47 /* Warn about non-literal format arguments. */
48
49 int warn_format_nonliteral;
50
51 /* Warn about possible security problems with calls to format functions. */
52
53 int warn_format_security;
54
55 /* Set format warning options according to a -Wformat=n option. */
56
57 void
58 set_Wformat (setting)
59 int setting;
60 {
61 warn_format = setting;
62 warn_format_y2k = setting;
63 warn_format_extra_args = setting;
64 if (setting != 1)
65 {
66 warn_format_nonliteral = setting;
67 warn_format_security = setting;
68 }
69 }
70
71 \f
72 /* Handle attributes associated with format checking. */
73
74 /* This must be in the same order as format_types, with format_type_error
75 last. */
76 enum format_type { printf_format_type, scanf_format_type,
77 strftime_format_type, strfmon_format_type,
78 format_type_error };
79
80 typedef struct function_format_info
81 {
82 enum format_type format_type; /* type of format (printf, scanf, etc.) */
83 unsigned HOST_WIDE_INT format_num; /* number of format argument */
84 unsigned HOST_WIDE_INT first_arg_num; /* number of first arg (zero for varargs) */
85 } function_format_info;
86
87 static bool decode_format_attr PARAMS ((tree,
88 function_format_info *, int));
89 static enum format_type decode_format_type PARAMS ((const char *));
90
91 /* Handle a "format" attribute; arguments as in
92 struct attribute_spec.handler. */
93 tree
94 handle_format_attribute (node, name, args, flags, no_add_attrs)
95 tree *node;
96 tree name ATTRIBUTE_UNUSED;
97 tree args;
98 int flags;
99 bool *no_add_attrs;
100 {
101 tree type = *node;
102 function_format_info info;
103 tree argument;
104 unsigned HOST_WIDE_INT arg_num;
105
106 if (!decode_format_attr (args, &info, 0))
107 {
108 *no_add_attrs = true;
109 return NULL_TREE;
110 }
111
112 /* If a parameter list is specified, verify that the format_num
113 argument is actually a string, in case the format attribute
114 is in error. */
115 argument = TYPE_ARG_TYPES (type);
116 if (argument)
117 {
118 for (arg_num = 1; argument != 0 && arg_num != info.format_num;
119 ++arg_num, argument = TREE_CHAIN (argument))
120 ;
121
122 if (! argument
123 || TREE_CODE (TREE_VALUE (argument)) != POINTER_TYPE
124 || (TYPE_MAIN_VARIANT (TREE_TYPE (TREE_VALUE (argument)))
125 != char_type_node))
126 {
127 if (!(flags & (int) ATTR_FLAG_BUILT_IN))
128 error ("format string arg not a string type");
129 *no_add_attrs = true;
130 return NULL_TREE;
131 }
132
133 else if (info.first_arg_num != 0)
134 {
135 /* Verify that first_arg_num points to the last arg,
136 the ... */
137 while (argument)
138 arg_num++, argument = TREE_CHAIN (argument);
139
140 if (arg_num != info.first_arg_num)
141 {
142 if (!(flags & (int) ATTR_FLAG_BUILT_IN))
143 error ("args to be formatted is not '...'");
144 *no_add_attrs = true;
145 return NULL_TREE;
146 }
147 }
148 }
149
150 if (info.format_type == strftime_format_type && info.first_arg_num != 0)
151 {
152 error ("strftime formats cannot format arguments");
153 *no_add_attrs = true;
154 return NULL_TREE;
155 }
156
157 return NULL_TREE;
158 }
159
160
161 /* Handle a "format_arg" attribute; arguments as in
162 struct attribute_spec.handler. */
163 tree
164 handle_format_arg_attribute (node, name, args, flags, no_add_attrs)
165 tree *node;
166 tree name ATTRIBUTE_UNUSED;
167 tree args;
168 int flags;
169 bool *no_add_attrs;
170 {
171 tree type = *node;
172 tree format_num_expr = TREE_VALUE (args);
173 unsigned HOST_WIDE_INT format_num;
174 unsigned HOST_WIDE_INT arg_num;
175 tree argument;
176
177 /* Strip any conversions from the first arg number and verify it
178 is a constant. */
179 while (TREE_CODE (format_num_expr) == NOP_EXPR
180 || TREE_CODE (format_num_expr) == CONVERT_EXPR
181 || TREE_CODE (format_num_expr) == NON_LVALUE_EXPR)
182 format_num_expr = TREE_OPERAND (format_num_expr, 0);
183
184 if (TREE_CODE (format_num_expr) != INTEGER_CST
185 || TREE_INT_CST_HIGH (format_num_expr) != 0)
186 {
187 error ("format string has invalid operand number");
188 *no_add_attrs = true;
189 return NULL_TREE;
190 }
191
192 format_num = TREE_INT_CST_LOW (format_num_expr);
193
194 /* If a parameter list is specified, verify that the format_num
195 argument is actually a string, in case the format attribute
196 is in error. */
197 argument = TYPE_ARG_TYPES (type);
198 if (argument)
199 {
200 for (arg_num = 1; argument != 0 && arg_num != format_num;
201 ++arg_num, argument = TREE_CHAIN (argument))
202 ;
203
204 if (! argument
205 || TREE_CODE (TREE_VALUE (argument)) != POINTER_TYPE
206 || (TYPE_MAIN_VARIANT (TREE_TYPE (TREE_VALUE (argument)))
207 != char_type_node))
208 {
209 if (!(flags & (int) ATTR_FLAG_BUILT_IN))
210 error ("format string arg not a string type");
211 *no_add_attrs = true;
212 return NULL_TREE;
213 }
214 }
215
216 if (TREE_CODE (TREE_TYPE (type)) != POINTER_TYPE
217 || (TYPE_MAIN_VARIANT (TREE_TYPE (TREE_TYPE (type)))
218 != char_type_node))
219 {
220 if (!(flags & (int) ATTR_FLAG_BUILT_IN))
221 error ("function does not return string type");
222 *no_add_attrs = true;
223 return NULL_TREE;
224 }
225
226 return NULL_TREE;
227 }
228
229
230 /* Decode the arguments to a "format" attribute into a function_format_info
231 structure. It is already known that the list is of the right length.
232 If VALIDATED_P is true, then these attributes have already been validated
233 and this function will abort if they are erroneous; if false, it
234 will give an error message. Returns true if the attributes are
235 successfully decoded, false otherwise. */
236
237 static bool
238 decode_format_attr (args, info, validated_p)
239 tree args;
240 function_format_info *info;
241 int validated_p;
242 {
243 tree format_type_id = TREE_VALUE (args);
244 tree format_num_expr = TREE_VALUE (TREE_CHAIN (args));
245 tree first_arg_num_expr
246 = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
247
248 if (TREE_CODE (format_type_id) != IDENTIFIER_NODE)
249 {
250 if (validated_p)
251 abort ();
252 error ("unrecognized format specifier");
253 return false;
254 }
255 else
256 {
257 const char *p = IDENTIFIER_POINTER (format_type_id);
258
259 info->format_type = decode_format_type (p);
260
261 if (info->format_type == format_type_error)
262 {
263 if (validated_p)
264 abort ();
265 warning ("`%s' is an unrecognized format function type", p);
266 return false;
267 }
268 }
269
270 /* Strip any conversions from the string index and first arg number
271 and verify they are constants. */
272 while (TREE_CODE (format_num_expr) == NOP_EXPR
273 || TREE_CODE (format_num_expr) == CONVERT_EXPR
274 || TREE_CODE (format_num_expr) == NON_LVALUE_EXPR)
275 format_num_expr = TREE_OPERAND (format_num_expr, 0);
276
277 while (TREE_CODE (first_arg_num_expr) == NOP_EXPR
278 || TREE_CODE (first_arg_num_expr) == CONVERT_EXPR
279 || TREE_CODE (first_arg_num_expr) == NON_LVALUE_EXPR)
280 first_arg_num_expr = TREE_OPERAND (first_arg_num_expr, 0);
281
282 if (TREE_CODE (format_num_expr) != INTEGER_CST
283 || TREE_INT_CST_HIGH (format_num_expr) != 0
284 || TREE_CODE (first_arg_num_expr) != INTEGER_CST
285 || TREE_INT_CST_HIGH (first_arg_num_expr) != 0)
286 {
287 if (validated_p)
288 abort ();
289 error ("format string has invalid operand number");
290 return false;
291 }
292
293 info->format_num = TREE_INT_CST_LOW (format_num_expr);
294 info->first_arg_num = TREE_INT_CST_LOW (first_arg_num_expr);
295 if (info->first_arg_num != 0 && info->first_arg_num <= info->format_num)
296 {
297 if (validated_p)
298 abort ();
299 error ("format string arg follows the args to be formatted");
300 return false;
301 }
302
303 return true;
304 }
305 \f
306 /* Check a call to a format function against a parameter list. */
307
308 /* The meaningfully distinct length modifiers for format checking recognised
309 by GCC. */
310 enum format_lengths
311 {
312 FMT_LEN_none,
313 FMT_LEN_hh,
314 FMT_LEN_h,
315 FMT_LEN_l,
316 FMT_LEN_ll,
317 FMT_LEN_L,
318 FMT_LEN_z,
319 FMT_LEN_t,
320 FMT_LEN_j,
321 FMT_LEN_MAX
322 };
323
324
325 /* The standard versions in which various format features appeared. */
326 enum format_std_version
327 {
328 STD_C89,
329 STD_C94,
330 STD_C9L, /* C99, but treat as C89 if -Wno-long-long. */
331 STD_C99,
332 STD_EXT
333 };
334
335 /* The C standard version C++ is treated as equivalent to
336 or inheriting from, for the purpose of format features supported. */
337 #define CPLUSPLUS_STD_VER STD_C94
338 /* The C standard version we are checking formats against when pedantic. */
339 #define C_STD_VER ((int)(c_language == clk_cplusplus \
340 ? CPLUSPLUS_STD_VER \
341 : (flag_isoc99 \
342 ? STD_C99 \
343 : (flag_isoc94 ? STD_C94 : STD_C89))))
344 /* The name to give to the standard version we are warning about when
345 pedantic. FEATURE_VER is the version in which the feature warned out
346 appeared, which is higher than C_STD_VER. */
347 #define C_STD_NAME(FEATURE_VER) (c_language == clk_cplusplus \
348 ? "ISO C++" \
349 : ((FEATURE_VER) == STD_EXT \
350 ? "ISO C" \
351 : "ISO C89"))
352 /* Adjust a C standard version, which may be STD_C9L, to account for
353 -Wno-long-long. Returns other standard versions unchanged. */
354 #define ADJ_STD(VER) ((int)((VER) == STD_C9L \
355 ? (warn_long_long ? STD_C99 : STD_C89) \
356 : (VER)))
357
358 /* Flags that may apply to a particular kind of format checked by GCC. */
359 enum
360 {
361 /* This format converts arguments of types determined by the
362 format string. */
363 FMT_FLAG_ARG_CONVERT = 1,
364 /* The scanf allocation 'a' kludge applies to this format kind. */
365 FMT_FLAG_SCANF_A_KLUDGE = 2,
366 /* A % during parsing a specifier is allowed to be a modified % rather
367 that indicating the format is broken and we are out-of-sync. */
368 FMT_FLAG_FANCY_PERCENT_OK = 4,
369 /* With $ operand numbers, it is OK to reference the same argument more
370 than once. */
371 FMT_FLAG_DOLLAR_MULTIPLE = 8,
372 /* This format type uses $ operand numbers (strfmon doesn't). */
373 FMT_FLAG_USE_DOLLAR = 16,
374 /* Zero width is bad in this type of format (scanf). */
375 FMT_FLAG_ZERO_WIDTH_BAD = 32,
376 /* Empty precision specification is OK in this type of format (printf). */
377 FMT_FLAG_EMPTY_PREC_OK = 64,
378 /* Gaps are allowed in the arguments with $ operand numbers if all
379 arguments are pointers (scanf). */
380 FMT_FLAG_DOLLAR_GAP_POINTER_OK = 128
381 /* Not included here: details of whether width or precision may occur
382 (controlled by width_char and precision_char); details of whether
383 '*' can be used for these (width_type and precision_type); details
384 of whether length modifiers can occur (length_char_specs). */
385 };
386
387
388 /* Structure describing a length modifier supported in format checking, and
389 possibly a doubled version such as "hh". */
390 typedef struct
391 {
392 /* Name of the single-character length modifier. */
393 const char *const name;
394 /* Index into a format_char_info.types array. */
395 const enum format_lengths index;
396 /* Standard version this length appears in. */
397 const enum format_std_version std;
398 /* Same, if the modifier can be repeated, or NULL if it can't. */
399 const char *const double_name;
400 const enum format_lengths double_index;
401 const enum format_std_version double_std;
402 } format_length_info;
403
404
405 /* Structure describing the combination of a conversion specifier
406 (or a set of specifiers which act identically) and a length modifier. */
407 typedef struct
408 {
409 /* The standard version this combination of length and type appeared in.
410 This is only relevant if greater than those for length and type
411 individually; otherwise it is ignored. */
412 enum format_std_version std;
413 /* The name to use for the type, if different from that generated internally
414 (e.g., "signed size_t"). */
415 const char *name;
416 /* The type itself. */
417 tree *type;
418 } format_type_detail;
419
420
421 /* Macros to fill out tables of these. */
422 #define BADLEN { 0, NULL, NULL }
423 #define NOLENGTHS { BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }
424
425
426 /* Structure describing a format conversion specifier (or a set of specifiers
427 which act identically), and the length modifiers used with it. */
428 typedef struct
429 {
430 const char *const format_chars;
431 const int pointer_count;
432 const enum format_std_version std;
433 /* Types accepted for each length modifier. */
434 const format_type_detail types[FMT_LEN_MAX];
435 /* List of other modifier characters allowed with these specifiers.
436 This lists flags, and additionally "w" for width, "p" for precision
437 (right precision, for strfmon), "#" for left precision (strfmon),
438 "a" for scanf "a" allocation extension (not applicable in C99 mode),
439 "*" for scanf suppression, and "E" and "O" for those strftime
440 modifiers. */
441 const char *const flag_chars;
442 /* List of additional flags describing these conversion specifiers.
443 "c" for generic character pointers being allowed, "2" for strftime
444 two digit year formats, "3" for strftime formats giving two digit
445 years in some locales, "4" for "2" which becomes "3" with an "E" modifier,
446 "o" if use of strftime "O" is a GNU extension beyond C99,
447 "W" if the argument is a pointer which is dereferenced and written into,
448 "R" if the argument is a pointer which is dereferenced and read from,
449 "i" for printf integer formats where the '0' flag is ignored with
450 precision, and "[" for the starting character of a scanf scanset. */
451 const char *const flags2;
452 } format_char_info;
453
454
455 /* Structure describing a flag accepted by some kind of format. */
456 typedef struct
457 {
458 /* The flag character in question (0 for end of array). */
459 const int flag_char;
460 /* Zero if this entry describes the flag character in general, or a
461 non-zero character that may be found in flags2 if it describes the
462 flag when used with certain formats only. If the latter, only
463 the first such entry found that applies to the current conversion
464 specifier is used; the values of `name' and `long_name' it supplies
465 will be used, if non-NULL and the standard version is higher than
466 the unpredicated one, for any pedantic warning. For example, 'o'
467 for strftime formats (meaning 'O' is an extension over C99). */
468 const int predicate;
469 /* Nonzero if the next character after this flag in the format should
470 be skipped ('=' in strfmon), zero otherwise. */
471 const int skip_next_char;
472 /* The name to use for this flag in diagnostic messages. For example,
473 N_("`0' flag"), N_("field width"). */
474 const char *const name;
475 /* Long name for this flag in diagnostic messages; currently only used for
476 "ISO C does not support ...". For example, N_("the `I' printf flag"). */
477 const char *const long_name;
478 /* The standard version in which it appeared. */
479 const enum format_std_version std;
480 } format_flag_spec;
481
482
483 /* Structure describing a combination of flags that is bad for some kind
484 of format. */
485 typedef struct
486 {
487 /* The first flag character in question (0 for end of array). */
488 const int flag_char1;
489 /* The second flag character. */
490 const int flag_char2;
491 /* Non-zero if the message should say that the first flag is ignored with
492 the second, zero if the combination should simply be objected to. */
493 const int ignored;
494 /* Zero if this entry applies whenever this flag combination occurs,
495 a non-zero character from flags2 if it only applies in some
496 circumstances (e.g. 'i' for printf formats ignoring 0 with precision). */
497 const int predicate;
498 } format_flag_pair;
499
500
501 /* Structure describing a particular kind of format processed by GCC. */
502 typedef struct
503 {
504 /* The name of this kind of format, for use in diagnostics. Also
505 the name of the attribute (without preceding and following __). */
506 const char *const name;
507 /* Specifications of the length modifiers accepted; possibly NULL. */
508 const format_length_info *const length_char_specs;
509 /* Details of the conversion specification characters accepted. */
510 const format_char_info *const conversion_specs;
511 /* String listing the flag characters that are accepted. */
512 const char *const flag_chars;
513 /* String listing modifier characters (strftime) accepted. May be NULL. */
514 const char *const modifier_chars;
515 /* Details of the flag characters, including pseudo-flags. */
516 const format_flag_spec *const flag_specs;
517 /* Details of bad combinations of flags. */
518 const format_flag_pair *const bad_flag_pairs;
519 /* Flags applicable to this kind of format. */
520 const int flags;
521 /* Flag character to treat a width as, or 0 if width not used. */
522 const int width_char;
523 /* Flag character to treat a left precision (strfmon) as,
524 or 0 if left precision not used. */
525 const int left_precision_char;
526 /* Flag character to treat a precision (for strfmon, right precision) as,
527 or 0 if precision not used. */
528 const int precision_char;
529 /* If a flag character has the effect of suppressing the conversion of
530 an argument ('*' in scanf), that flag character, otherwise 0. */
531 const int suppression_char;
532 /* Flag character to treat a length modifier as (ignored if length
533 modifiers not used). Need not be placed in flag_chars for conversion
534 specifiers, but is used to check for bad combinations such as length
535 modifier with assignment suppression in scanf. */
536 const int length_code_char;
537 /* Pointer to type of argument expected if '*' is used for a width,
538 or NULL if '*' not used for widths. */
539 tree *const width_type;
540 /* Pointer to type of argument expected if '*' is used for a precision,
541 or NULL if '*' not used for precisions. */
542 tree *const precision_type;
543 } format_kind_info;
544
545
546 /* Structure describing details of a type expected in format checking,
547 and the type to check against it. */
548 typedef struct format_wanted_type
549 {
550 /* The type wanted. */
551 tree wanted_type;
552 /* The name of this type to use in diagnostics. */
553 const char *wanted_type_name;
554 /* The level of indirection through pointers at which this type occurs. */
555 int pointer_count;
556 /* Whether, when pointer_count is 1, to allow any character type when
557 pedantic, rather than just the character or void type specified. */
558 int char_lenient_flag;
559 /* Whether the argument, dereferenced once, is written into and so the
560 argument must not be a pointer to a const-qualified type. */
561 int writing_in_flag;
562 /* Whether the argument, dereferenced once, is read from and so
563 must not be a NULL pointer. */
564 int reading_from_flag;
565 /* If warnings should be of the form "field precision is not type int",
566 the name to use (in this case "field precision"), otherwise NULL,
567 for "%s format, %s arg" type messages. If (in an extension), this
568 is a pointer type, wanted_type_name should be set to include the
569 terminating '*' characters of the type name to give a correct
570 message. */
571 const char *name;
572 /* The actual parameter to check against the wanted type. */
573 tree param;
574 /* The argument number of that parameter. */
575 int arg_num;
576 /* The next type to check for this format conversion, or NULL if none. */
577 struct format_wanted_type *next;
578 } format_wanted_type;
579
580
581 static const format_length_info printf_length_specs[] =
582 {
583 { "h", FMT_LEN_h, STD_C89, "hh", FMT_LEN_hh, STD_C99 },
584 { "l", FMT_LEN_l, STD_C89, "ll", FMT_LEN_ll, STD_C9L },
585 { "q", FMT_LEN_ll, STD_EXT, NULL, 0, 0 },
586 { "L", FMT_LEN_L, STD_C89, NULL, 0, 0 },
587 { "z", FMT_LEN_z, STD_C99, NULL, 0, 0 },
588 { "Z", FMT_LEN_z, STD_EXT, NULL, 0, 0 },
589 { "t", FMT_LEN_t, STD_C99, NULL, 0, 0 },
590 { "j", FMT_LEN_j, STD_C99, NULL, 0, 0 },
591 { NULL, 0, 0, NULL, 0, 0 }
592 };
593
594
595 /* This differs from printf_length_specs only in that "Z" is not accepted. */
596 static const format_length_info scanf_length_specs[] =
597 {
598 { "h", FMT_LEN_h, STD_C89, "hh", FMT_LEN_hh, STD_C99 },
599 { "l", FMT_LEN_l, STD_C89, "ll", FMT_LEN_ll, STD_C9L },
600 { "q", FMT_LEN_ll, STD_EXT, NULL, 0, 0 },
601 { "L", FMT_LEN_L, STD_C89, NULL, 0, 0 },
602 { "z", FMT_LEN_z, STD_C99, NULL, 0, 0 },
603 { "t", FMT_LEN_t, STD_C99, NULL, 0, 0 },
604 { "j", FMT_LEN_j, STD_C99, NULL, 0, 0 },
605 { NULL, 0, 0, NULL, 0, 0 }
606 };
607
608
609 /* All tables for strfmon use STD_C89 everywhere, since -pedantic warnings
610 make no sense for a format type not part of any C standard version. */
611 static const format_length_info strfmon_length_specs[] =
612 {
613 /* A GNU extension. */
614 { "L", FMT_LEN_L, STD_C89, NULL, 0, 0 },
615 { NULL, 0, 0, NULL, 0, 0 }
616 };
617
618 static const format_flag_spec printf_flag_specs[] =
619 {
620 { ' ', 0, 0, N_("` ' flag"), N_("the ` ' printf flag"), STD_C89 },
621 { '+', 0, 0, N_("`+' flag"), N_("the `+' printf flag"), STD_C89 },
622 { '#', 0, 0, N_("`#' flag"), N_("the `#' printf flag"), STD_C89 },
623 { '0', 0, 0, N_("`0' flag"), N_("the `0' printf flag"), STD_C89 },
624 { '-', 0, 0, N_("`-' flag"), N_("the `-' printf flag"), STD_C89 },
625 { '\'', 0, 0, N_("`'' flag"), N_("the `'' printf flag"), STD_EXT },
626 { 'I', 0, 0, N_("`I' flag"), N_("the `I' printf flag"), STD_EXT },
627 { 'w', 0, 0, N_("field width"), N_("field width in printf format"), STD_C89 },
628 { 'p', 0, 0, N_("precision"), N_("precision in printf format"), STD_C89 },
629 { 'L', 0, 0, N_("length modifier"), N_("length modifier in printf format"), STD_C89 },
630 { 0, 0, 0, NULL, NULL, 0 }
631 };
632
633
634 static const format_flag_pair printf_flag_pairs[] =
635 {
636 { ' ', '+', 1, 0 },
637 { '0', '-', 1, 0 },
638 { '0', 'p', 1, 'i' },
639 { 0, 0, 0, 0 }
640 };
641
642
643 static const format_flag_spec scanf_flag_specs[] =
644 {
645 { '*', 0, 0, N_("assignment suppression"), N_("the assignment suppression scanf feature"), STD_C89 },
646 { 'a', 0, 0, N_("`a' flag"), N_("the `a' scanf flag"), STD_EXT },
647 { 'w', 0, 0, N_("field width"), N_("field width in scanf format"), STD_C89 },
648 { 'L', 0, 0, N_("length modifier"), N_("length modifier in scanf format"), STD_C89 },
649 { '\'', 0, 0, N_("`'' flag"), N_("the `'' scanf flag"), STD_EXT },
650 { 'I', 0, 0, N_("`I' flag"), N_("the `I' scanf flag"), STD_EXT },
651 { 0, 0, 0, NULL, NULL, 0 }
652 };
653
654
655 static const format_flag_pair scanf_flag_pairs[] =
656 {
657 { '*', 'L', 0, 0 },
658 { 0, 0, 0, 0 }
659 };
660
661
662 static const format_flag_spec strftime_flag_specs[] =
663 {
664 { '_', 0, 0, N_("`_' flag"), N_("the `_' strftime flag"), STD_EXT },
665 { '-', 0, 0, N_("`-' flag"), N_("the `-' strftime flag"), STD_EXT },
666 { '0', 0, 0, N_("`0' flag"), N_("the `0' strftime flag"), STD_EXT },
667 { '^', 0, 0, N_("`^' flag"), N_("the `^' strftime flag"), STD_EXT },
668 { '#', 0, 0, N_("`#' flag"), N_("the `#' strftime flag"), STD_EXT },
669 { 'w', 0, 0, N_("field width"), N_("field width in strftime format"), STD_EXT },
670 { 'E', 0, 0, N_("`E' modifier"), N_("the `E' strftime modifier"), STD_C99 },
671 { 'O', 0, 0, N_("`O' modifier"), N_("the `O' strftime modifier"), STD_C99 },
672 { 'O', 'o', 0, NULL, N_("the `O' modifier"), STD_EXT },
673 { 0, 0, 0, NULL, NULL, 0 }
674 };
675
676
677 static const format_flag_pair strftime_flag_pairs[] =
678 {
679 { 'E', 'O', 0, 0 },
680 { '_', '-', 0, 0 },
681 { '_', '0', 0, 0 },
682 { '-', '0', 0, 0 },
683 { '^', '#', 0, 0 },
684 { 0, 0, 0, 0 }
685 };
686
687
688 static const format_flag_spec strfmon_flag_specs[] =
689 {
690 { '=', 0, 1, N_("fill character"), N_("fill character in strfmon format"), STD_C89 },
691 { '^', 0, 0, N_("`^' flag"), N_("the `^' strfmon flag"), STD_C89 },
692 { '+', 0, 0, N_("`+' flag"), N_("the `+' strfmon flag"), STD_C89 },
693 { '(', 0, 0, N_("`(' flag"), N_("the `(' strfmon flag"), STD_C89 },
694 { '!', 0, 0, N_("`!' flag"), N_("the `!' strfmon flag"), STD_C89 },
695 { '-', 0, 0, N_("`-' flag"), N_("the `-' strfmon flag"), STD_C89 },
696 { 'w', 0, 0, N_("field width"), N_("field width in strfmon format"), STD_C89 },
697 { '#', 0, 0, N_("left precision"), N_("left precision in strfmon format"), STD_C89 },
698 { 'p', 0, 0, N_("right precision"), N_("right precision in strfmon format"), STD_C89 },
699 { 'L', 0, 0, N_("length modifier"), N_("length modifier in strfmon format"), STD_C89 },
700 { 0, 0, 0, NULL, NULL, 0 }
701 };
702
703 static const format_flag_pair strfmon_flag_pairs[] =
704 {
705 { '+', '(', 0, 0 },
706 { 0, 0, 0, 0 }
707 };
708
709
710 #define T_I &integer_type_node
711 #define T89_I { STD_C89, NULL, T_I }
712 #define T99_I { STD_C99, NULL, T_I }
713 #define T_L &long_integer_type_node
714 #define T89_L { STD_C89, NULL, T_L }
715 #define T_LL &long_long_integer_type_node
716 #define T9L_LL { STD_C9L, NULL, T_LL }
717 #define TEX_LL { STD_EXT, NULL, T_LL }
718 #define T_S &short_integer_type_node
719 #define T89_S { STD_C89, NULL, T_S }
720 #define T_UI &unsigned_type_node
721 #define T89_UI { STD_C89, NULL, T_UI }
722 #define T99_UI { STD_C99, NULL, T_UI }
723 #define T_UL &long_unsigned_type_node
724 #define T89_UL { STD_C89, NULL, T_UL }
725 #define T_ULL &long_long_unsigned_type_node
726 #define T9L_ULL { STD_C9L, NULL, T_ULL }
727 #define TEX_ULL { STD_EXT, NULL, T_ULL }
728 #define T_US &short_unsigned_type_node
729 #define T89_US { STD_C89, NULL, T_US }
730 #define T_F &float_type_node
731 #define T89_F { STD_C89, NULL, T_F }
732 #define T99_F { STD_C99, NULL, T_F }
733 #define T_D &double_type_node
734 #define T89_D { STD_C89, NULL, T_D }
735 #define T99_D { STD_C99, NULL, T_D }
736 #define T_LD &long_double_type_node
737 #define T89_LD { STD_C89, NULL, T_LD }
738 #define T99_LD { STD_C99, NULL, T_LD }
739 #define T_C &char_type_node
740 #define T89_C { STD_C89, NULL, T_C }
741 #define T_SC &signed_char_type_node
742 #define T99_SC { STD_C99, NULL, T_SC }
743 #define T_UC &unsigned_char_type_node
744 #define T99_UC { STD_C99, NULL, T_UC }
745 #define T_V &void_type_node
746 #define T89_V { STD_C89, NULL, T_V }
747 #define T_W &wchar_type_node
748 #define T94_W { STD_C94, "wchar_t", T_W }
749 #define TEX_W { STD_EXT, "wchar_t", T_W }
750 #define T_WI &wint_type_node
751 #define T94_WI { STD_C94, "wint_t", T_WI }
752 #define TEX_WI { STD_EXT, "wint_t", T_WI }
753 #define T_ST &c_size_type_node
754 #define T99_ST { STD_C99, "size_t", T_ST }
755 #define T_SST &signed_size_type_node
756 #define T99_SST { STD_C99, "signed size_t", T_SST }
757 #define T_PD &ptrdiff_type_node
758 #define T99_PD { STD_C99, "ptrdiff_t", T_PD }
759 #define T_UPD &unsigned_ptrdiff_type_node
760 #define T99_UPD { STD_C99, "unsigned ptrdiff_t", T_UPD }
761 #define T_IM &intmax_type_node
762 #define T99_IM { STD_C99, "intmax_t", T_IM }
763 #define T_UIM &uintmax_type_node
764 #define T99_UIM { STD_C99, "uintmax_t", T_UIM }
765
766 static const format_char_info print_char_table[] =
767 {
768 /* C89 conversion specifiers. */
769 { "di", 0, STD_C89, { T89_I, T99_SC, T89_S, T89_L, T9L_LL, TEX_LL, T99_SST, T99_PD, T99_IM }, "-wp0 +'I", "i" },
770 { "oxX", 0, STD_C89, { T89_UI, T99_UC, T89_US, T89_UL, T9L_ULL, TEX_ULL, T99_ST, T99_UPD, T99_UIM }, "-wp0#", "i" },
771 { "u", 0, STD_C89, { T89_UI, T99_UC, T89_US, T89_UL, T9L_ULL, TEX_ULL, T99_ST, T99_UPD, T99_UIM }, "-wp0'I", "i" },
772 { "fgG", 0, STD_C89, { T89_D, BADLEN, BADLEN, T99_D, BADLEN, T89_LD, BADLEN, BADLEN, BADLEN }, "-wp0 +#'", "" },
773 { "eE", 0, STD_C89, { T89_D, BADLEN, BADLEN, T99_D, BADLEN, T89_LD, BADLEN, BADLEN, BADLEN }, "-wp0 +#", "" },
774 { "c", 0, STD_C89, { T89_I, BADLEN, BADLEN, T94_WI, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "-w", "" },
775 { "s", 1, STD_C89, { T89_C, BADLEN, BADLEN, T94_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "-wp", "cR" },
776 { "p", 1, STD_C89, { T89_V, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "-w", "c" },
777 { "n", 1, STD_C89, { T89_I, T99_SC, T89_S, T89_L, T9L_LL, BADLEN, T99_SST, T99_PD, T99_IM }, "", "W" },
778 /* C99 conversion specifiers. */
779 { "F", 0, STD_C99, { T99_D, BADLEN, BADLEN, T99_D, BADLEN, T99_LD, BADLEN, BADLEN, BADLEN }, "-wp0 +#'", "" },
780 { "aA", 0, STD_C99, { T99_D, BADLEN, BADLEN, T99_D, BADLEN, T99_LD, BADLEN, BADLEN, BADLEN }, "-wp0 +#", "" },
781 /* X/Open conversion specifiers. */
782 { "C", 0, STD_EXT, { TEX_WI, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "-w", "" },
783 { "S", 1, STD_EXT, { TEX_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "-wp", "R" },
784 /* GNU conversion specifiers. */
785 { "m", 0, STD_EXT, { T89_V, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "-wp", "" },
786 { NULL, 0, 0, NOLENGTHS, NULL, NULL }
787 };
788
789 static const format_char_info scan_char_table[] =
790 {
791 /* C89 conversion specifiers. */
792 { "di", 1, STD_C89, { T89_I, T99_SC, T89_S, T89_L, T9L_LL, TEX_LL, T99_SST, T99_PD, T99_IM }, "*w'I", "W" },
793 { "u", 1, STD_C89, { T89_UI, T99_UC, T89_US, T89_UL, T9L_ULL, TEX_ULL, T99_ST, T99_UPD, T99_UIM }, "*w'I", "W" },
794 { "oxX", 1, STD_C89, { T89_UI, T99_UC, T89_US, T89_UL, T9L_ULL, TEX_ULL, T99_ST, T99_UPD, T99_UIM }, "*w", "W" },
795 { "efgEG", 1, STD_C89, { T89_F, BADLEN, BADLEN, T89_D, BADLEN, T89_LD, BADLEN, BADLEN, BADLEN }, "*w'", "W" },
796 { "c", 1, STD_C89, { T89_C, BADLEN, BADLEN, T94_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "*w", "cW" },
797 { "s", 1, STD_C89, { T89_C, BADLEN, BADLEN, T94_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "*aw", "cW" },
798 { "[", 1, STD_C89, { T89_C, BADLEN, BADLEN, T94_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "*aw", "cW[" },
799 { "p", 2, STD_C89, { T89_V, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "*w", "W" },
800 { "n", 1, STD_C89, { T89_I, T99_SC, T89_S, T89_L, T9L_LL, BADLEN, T99_SST, T99_PD, T99_IM }, "", "W" },
801 /* C99 conversion specifiers. */
802 { "FaA", 1, STD_C99, { T99_F, BADLEN, BADLEN, T99_D, BADLEN, T99_LD, BADLEN, BADLEN, BADLEN }, "*w'", "W" },
803 /* X/Open conversion specifiers. */
804 { "C", 1, STD_EXT, { TEX_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "*w", "W" },
805 { "S", 1, STD_EXT, { TEX_W, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN, BADLEN }, "*aw", "W" },
806 { NULL, 0, 0, NOLENGTHS, NULL, NULL }
807 };
808
809 static const format_char_info time_char_table[] =
810 {
811 /* C89 conversion specifiers. */
812 { "ABZab", 0, STD_C89, NOLENGTHS, "^#", "" },
813 { "cx", 0, STD_C89, NOLENGTHS, "E", "3" },
814 { "HIMSUWdmw", 0, STD_C89, NOLENGTHS, "-_0Ow", "" },
815 { "j", 0, STD_C89, NOLENGTHS, "-_0Ow", "o" },
816 { "p", 0, STD_C89, NOLENGTHS, "#", "" },
817 { "X", 0, STD_C89, NOLENGTHS, "E", "" },
818 { "y", 0, STD_C89, NOLENGTHS, "EO-_0w", "4" },
819 { "Y", 0, STD_C89, NOLENGTHS, "-_0EOw", "o" },
820 { "%", 0, STD_C89, NOLENGTHS, "", "" },
821 /* C99 conversion specifiers. */
822 { "C", 0, STD_C99, NOLENGTHS, "-_0EOw", "o" },
823 { "D", 0, STD_C99, NOLENGTHS, "", "2" },
824 { "eVu", 0, STD_C99, NOLENGTHS, "-_0Ow", "" },
825 { "FRTnrt", 0, STD_C99, NOLENGTHS, "", "" },
826 { "g", 0, STD_C99, NOLENGTHS, "O-_0w", "2o" },
827 { "G", 0, STD_C99, NOLENGTHS, "-_0Ow", "o" },
828 { "h", 0, STD_C99, NOLENGTHS, "^#", "" },
829 { "z", 0, STD_C99, NOLENGTHS, "O", "o" },
830 /* GNU conversion specifiers. */
831 { "kls", 0, STD_EXT, NOLENGTHS, "-_0Ow", "" },
832 { "P", 0, STD_EXT, NOLENGTHS, "", "" },
833 { NULL, 0, 0, NOLENGTHS, NULL, NULL }
834 };
835
836 static const format_char_info monetary_char_table[] =
837 {
838 { "in", 0, STD_C89, { T89_D, BADLEN, BADLEN, BADLEN, BADLEN, T89_LD, BADLEN, BADLEN, BADLEN }, "=^+(!-w#p", "" },
839 { NULL, 0, 0, NOLENGTHS, NULL, NULL }
840 };
841
842
843 /* This must be in the same order as enum format_type. */
844 static const format_kind_info format_types[] =
845 {
846 { "printf", printf_length_specs, print_char_table, " +#0-'I", NULL,
847 printf_flag_specs, printf_flag_pairs,
848 FMT_FLAG_ARG_CONVERT|FMT_FLAG_DOLLAR_MULTIPLE|FMT_FLAG_USE_DOLLAR|FMT_FLAG_EMPTY_PREC_OK,
849 'w', 0, 'p', 0, 'L',
850 &integer_type_node, &integer_type_node
851 },
852 { "scanf", scanf_length_specs, scan_char_table, "*'I", NULL,
853 scanf_flag_specs, scanf_flag_pairs,
854 FMT_FLAG_ARG_CONVERT|FMT_FLAG_SCANF_A_KLUDGE|FMT_FLAG_USE_DOLLAR|FMT_FLAG_ZERO_WIDTH_BAD|FMT_FLAG_DOLLAR_GAP_POINTER_OK,
855 'w', 0, 0, '*', 'L',
856 NULL, NULL
857 },
858 { "strftime", NULL, time_char_table, "_-0^#", "EO",
859 strftime_flag_specs, strftime_flag_pairs,
860 FMT_FLAG_FANCY_PERCENT_OK, 'w', 0, 0, 0, 0,
861 NULL, NULL
862 },
863 { "strfmon", strfmon_length_specs, monetary_char_table, "=^+(!-", NULL,
864 strfmon_flag_specs, strfmon_flag_pairs,
865 FMT_FLAG_ARG_CONVERT, 'w', '#', 'p', 0, 'L',
866 NULL, NULL
867 }
868 };
869
870
871 /* Structure detailing the results of checking a format function call
872 where the format expression may be a conditional expression with
873 many leaves resulting from nested conditional expressions. */
874 typedef struct
875 {
876 /* Number of leaves of the format argument that could not be checked
877 as they were not string literals. */
878 int number_non_literal;
879 /* Number of leaves of the format argument that were null pointers or
880 string literals, but had extra format arguments. */
881 int number_extra_args;
882 /* Number of leaves of the format argument that were null pointers or
883 string literals, but had extra format arguments and used $ operand
884 numbers. */
885 int number_dollar_extra_args;
886 /* Number of leaves of the format argument that were wide string
887 literals. */
888 int number_wide;
889 /* Number of leaves of the format argument that were empty strings. */
890 int number_empty;
891 /* Number of leaves of the format argument that were unterminated
892 strings. */
893 int number_unterminated;
894 /* Number of leaves of the format argument that were not counted above. */
895 int number_other;
896 } format_check_results;
897
898 static void check_format_info PARAMS ((int *, function_format_info *, tree));
899 static void check_format_info_recurse PARAMS ((int *, format_check_results *,
900 function_format_info *, tree,
901 tree, unsigned HOST_WIDE_INT));
902 static void check_format_info_main PARAMS ((int *, format_check_results *,
903 function_format_info *,
904 const char *, int, tree,
905 unsigned HOST_WIDE_INT));
906 static void status_warning PARAMS ((int *, const char *, ...))
907 ATTRIBUTE_PRINTF_2;
908
909 static void init_dollar_format_checking PARAMS ((int, tree));
910 static int maybe_read_dollar_number PARAMS ((int *, const char **, int,
911 tree, tree *,
912 const format_kind_info *));
913 static void finish_dollar_format_checking PARAMS ((int *, format_check_results *, int));
914
915 static const format_flag_spec *get_flag_spec PARAMS ((const format_flag_spec *,
916 int, const char *));
917
918 static void check_format_types PARAMS ((int *, format_wanted_type *));
919
920 /* Decode a format type from a string, returning the type, or
921 format_type_error if not valid, in which case the caller should print an
922 error message. */
923 static enum format_type
924 decode_format_type (s)
925 const char *s;
926 {
927 int i;
928 int slen;
929 slen = strlen (s);
930 for (i = 0; i < (int) format_type_error; i++)
931 {
932 int alen;
933 if (!strcmp (s, format_types[i].name))
934 break;
935 alen = strlen (format_types[i].name);
936 if (slen == alen + 4 && s[0] == '_' && s[1] == '_'
937 && s[slen - 1] == '_' && s[slen - 2] == '_'
938 && !strncmp (s + 2, format_types[i].name, alen))
939 break;
940 }
941 return ((enum format_type) i);
942 }
943
944 \f
945 /* Check the argument list of a call to printf, scanf, etc.
946 ATTRS are the attributes on the function type.
947 PARAMS is the list of argument values. Also, if -Wmissing-format-attribute,
948 warn for calls to vprintf or vscanf in functions with no such format
949 attribute themselves. */
950
951 void
952 check_function_format (status, attrs, params)
953 int *status;
954 tree attrs;
955 tree params;
956 {
957 tree a;
958
959 /* See if this function has any format attributes. */
960 for (a = attrs; a; a = TREE_CHAIN (a))
961 {
962 if (is_attribute_p ("format", TREE_PURPOSE (a)))
963 {
964 /* Yup; check it. */
965 function_format_info info;
966 decode_format_attr (TREE_VALUE (a), &info, 1);
967 check_format_info (status, &info, params);
968 if (warn_missing_format_attribute && info.first_arg_num == 0
969 && (format_types[info.format_type].flags
970 & (int) FMT_FLAG_ARG_CONVERT))
971 {
972 tree c;
973 for (c = TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl));
974 c;
975 c = TREE_CHAIN (c))
976 if (is_attribute_p ("format", TREE_PURPOSE (c))
977 && (decode_format_type (IDENTIFIER_POINTER
978 (TREE_VALUE (TREE_VALUE (c))))
979 == info.format_type))
980 break;
981 if (c == NULL_TREE)
982 {
983 /* Check if the current function has a parameter to which
984 the format attribute could be attached; if not, it
985 can't be a candidate for a format attribute, despite
986 the vprintf-like or vscanf-like call. */
987 tree args;
988 for (args = DECL_ARGUMENTS (current_function_decl);
989 args != 0;
990 args = TREE_CHAIN (args))
991 {
992 if (TREE_CODE (TREE_TYPE (args)) == POINTER_TYPE
993 && (TYPE_MAIN_VARIANT (TREE_TYPE (TREE_TYPE (args)))
994 == char_type_node))
995 break;
996 }
997 if (args != 0)
998 warning ("function might be possible candidate for `%s' format attribute",
999 format_types[info.format_type].name);
1000 }
1001 }
1002 }
1003 }
1004 }
1005
1006 /* This function replaces `warning' inside the printf format checking
1007 functions. If the `status' parameter is non-NULL, then it is
1008 dereferenced and set to 1 whenever a warning is caught. Otherwise
1009 it warns as usual by replicating the innards of the warning
1010 function from diagnostic.c. */
1011 static void
1012 status_warning VPARAMS ((int *status, const char *msgid, ...))
1013 {
1014 diagnostic_context dc;
1015
1016 VA_OPEN (ap, msgid);
1017 VA_FIXEDARG (ap, int *, status);
1018 VA_FIXEDARG (ap, const char *, msgid);
1019
1020 if (status)
1021 *status = 1;
1022 else
1023 {
1024 /* This duplicates the warning function behavior. */
1025 set_diagnostic_context
1026 (&dc, msgid, &ap, input_filename, lineno, /* warn = */ 1);
1027 report_diagnostic (&dc);
1028 }
1029
1030 VA_CLOSE (ap);
1031 }
1032
1033 /* Variables used by the checking of $ operand number formats. */
1034 static char *dollar_arguments_used = NULL;
1035 static char *dollar_arguments_pointer_p = NULL;
1036 static int dollar_arguments_alloc = 0;
1037 static int dollar_arguments_count;
1038 static int dollar_first_arg_num;
1039 static int dollar_max_arg_used;
1040 static int dollar_format_warned;
1041
1042 /* Initialize the checking for a format string that may contain $
1043 parameter number specifications; we will need to keep track of whether
1044 each parameter has been used. FIRST_ARG_NUM is the number of the first
1045 argument that is a parameter to the format, or 0 for a vprintf-style
1046 function; PARAMS is the list of arguments starting at this argument. */
1047
1048 static void
1049 init_dollar_format_checking (first_arg_num, params)
1050 int first_arg_num;
1051 tree params;
1052 {
1053 tree oparams = params;
1054
1055 dollar_first_arg_num = first_arg_num;
1056 dollar_arguments_count = 0;
1057 dollar_max_arg_used = 0;
1058 dollar_format_warned = 0;
1059 if (first_arg_num > 0)
1060 {
1061 while (params)
1062 {
1063 dollar_arguments_count++;
1064 params = TREE_CHAIN (params);
1065 }
1066 }
1067 if (dollar_arguments_alloc < dollar_arguments_count)
1068 {
1069 if (dollar_arguments_used)
1070 free (dollar_arguments_used);
1071 if (dollar_arguments_pointer_p)
1072 free (dollar_arguments_pointer_p);
1073 dollar_arguments_alloc = dollar_arguments_count;
1074 dollar_arguments_used = xmalloc (dollar_arguments_alloc);
1075 dollar_arguments_pointer_p = xmalloc (dollar_arguments_alloc);
1076 }
1077 if (dollar_arguments_alloc)
1078 {
1079 memset (dollar_arguments_used, 0, dollar_arguments_alloc);
1080 if (first_arg_num > 0)
1081 {
1082 int i = 0;
1083 params = oparams;
1084 while (params)
1085 {
1086 dollar_arguments_pointer_p[i] = (TREE_CODE (TREE_TYPE (TREE_VALUE (params)))
1087 == POINTER_TYPE);
1088 params = TREE_CHAIN (params);
1089 i++;
1090 }
1091 }
1092 }
1093 }
1094
1095
1096 /* Look for a decimal number followed by a $ in *FORMAT. If DOLLAR_NEEDED
1097 is set, it is an error if one is not found; otherwise, it is OK. If
1098 such a number is found, check whether it is within range and mark that
1099 numbered operand as being used for later checking. Returns the operand
1100 number if found and within range, zero if no such number was found and
1101 this is OK, or -1 on error. PARAMS points to the first operand of the
1102 format; PARAM_PTR is made to point to the parameter referred to. If
1103 a $ format is found, *FORMAT is updated to point just after it. */
1104
1105 static int
1106 maybe_read_dollar_number (status, format, dollar_needed, params, param_ptr,
1107 fki)
1108 int *status;
1109 const char **format;
1110 int dollar_needed;
1111 tree params;
1112 tree *param_ptr;
1113 const format_kind_info *fki;
1114 {
1115 int argnum;
1116 int overflow_flag;
1117 const char *fcp = *format;
1118 if (! ISDIGIT (*fcp))
1119 {
1120 if (dollar_needed)
1121 {
1122 status_warning (status, "missing $ operand number in format");
1123 return -1;
1124 }
1125 else
1126 return 0;
1127 }
1128 argnum = 0;
1129 overflow_flag = 0;
1130 while (ISDIGIT (*fcp))
1131 {
1132 int nargnum;
1133 nargnum = 10 * argnum + (*fcp - '0');
1134 if (nargnum < 0 || nargnum / 10 != argnum)
1135 overflow_flag = 1;
1136 argnum = nargnum;
1137 fcp++;
1138 }
1139 if (*fcp != '$')
1140 {
1141 if (dollar_needed)
1142 {
1143 status_warning (status, "missing $ operand number in format");
1144 return -1;
1145 }
1146 else
1147 return 0;
1148 }
1149 *format = fcp + 1;
1150 if (pedantic && !dollar_format_warned)
1151 {
1152 status_warning (status,
1153 "%s does not support %%n$ operand number formats",
1154 C_STD_NAME (STD_EXT));
1155 dollar_format_warned = 1;
1156 }
1157 if (overflow_flag || argnum == 0
1158 || (dollar_first_arg_num && argnum > dollar_arguments_count))
1159 {
1160 status_warning (status, "operand number out of range in format");
1161 return -1;
1162 }
1163 if (argnum > dollar_max_arg_used)
1164 dollar_max_arg_used = argnum;
1165 /* For vprintf-style functions we may need to allocate more memory to
1166 track which arguments are used. */
1167 while (dollar_arguments_alloc < dollar_max_arg_used)
1168 {
1169 int nalloc;
1170 nalloc = 2 * dollar_arguments_alloc + 16;
1171 dollar_arguments_used = xrealloc (dollar_arguments_used, nalloc);
1172 dollar_arguments_pointer_p = xrealloc (dollar_arguments_pointer_p,
1173 nalloc);
1174 memset (dollar_arguments_used + dollar_arguments_alloc, 0,
1175 nalloc - dollar_arguments_alloc);
1176 dollar_arguments_alloc = nalloc;
1177 }
1178 if (!(fki->flags & (int) FMT_FLAG_DOLLAR_MULTIPLE)
1179 && dollar_arguments_used[argnum - 1] == 1)
1180 {
1181 dollar_arguments_used[argnum - 1] = 2;
1182 status_warning (status,
1183 "format argument %d used more than once in %s format",
1184 argnum, fki->name);
1185 }
1186 else
1187 dollar_arguments_used[argnum - 1] = 1;
1188 if (dollar_first_arg_num)
1189 {
1190 int i;
1191 *param_ptr = params;
1192 for (i = 1; i < argnum && *param_ptr != 0; i++)
1193 *param_ptr = TREE_CHAIN (*param_ptr);
1194
1195 if (*param_ptr == 0)
1196 {
1197 /* This case shouldn't be caught here. */
1198 abort ();
1199 }
1200 }
1201 else
1202 *param_ptr = 0;
1203 return argnum;
1204 }
1205
1206
1207 /* Finish the checking for a format string that used $ operand number formats
1208 instead of non-$ formats. We check for unused operands before used ones
1209 (a serious error, since the implementation of the format function
1210 can't know what types to pass to va_arg to find the later arguments).
1211 and for unused operands at the end of the format (if we know how many
1212 arguments the format had, so not for vprintf). If there were operand
1213 numbers out of range on a non-vprintf-style format, we won't have reached
1214 here. If POINTER_GAP_OK, unused arguments are OK if all arguments are
1215 pointers. */
1216
1217 static void
1218 finish_dollar_format_checking (status, res, pointer_gap_ok)
1219 int *status;
1220 format_check_results *res;
1221 int pointer_gap_ok;
1222 {
1223 int i;
1224 bool found_pointer_gap = false;
1225 for (i = 0; i < dollar_max_arg_used; i++)
1226 {
1227 if (!dollar_arguments_used[i])
1228 {
1229 if (pointer_gap_ok && (dollar_first_arg_num == 0
1230 || dollar_arguments_pointer_p[i]))
1231 found_pointer_gap = true;
1232 else
1233 status_warning (status, "format argument %d unused before used argument %d in $-style format",
1234 i + 1, dollar_max_arg_used);
1235 }
1236 }
1237 if (found_pointer_gap
1238 || (dollar_first_arg_num
1239 && dollar_max_arg_used < dollar_arguments_count))
1240 {
1241 res->number_other--;
1242 res->number_dollar_extra_args++;
1243 }
1244 }
1245
1246
1247 /* Retrieve the specification for a format flag. SPEC contains the
1248 specifications for format flags for the applicable kind of format.
1249 FLAG is the flag in question. If PREDICATES is NULL, the basic
1250 spec for that flag must be retrieved and this function aborts if
1251 it cannot be found. If PREDICATES is not NULL, it is a string listing
1252 possible predicates for the spec entry; if an entry predicated on any
1253 of these is found, it is returned, otherwise NULL is returned. */
1254
1255 static const format_flag_spec *
1256 get_flag_spec (spec, flag, predicates)
1257 const format_flag_spec *spec;
1258 int flag;
1259 const char *predicates;
1260 {
1261 int i;
1262 for (i = 0; spec[i].flag_char != 0; i++)
1263 {
1264 if (spec[i].flag_char != flag)
1265 continue;
1266 if (predicates != NULL)
1267 {
1268 if (spec[i].predicate != 0
1269 && strchr (predicates, spec[i].predicate) != 0)
1270 return &spec[i];
1271 }
1272 else if (spec[i].predicate == 0)
1273 return &spec[i];
1274 }
1275 if (predicates == NULL)
1276 abort ();
1277 else
1278 return NULL;
1279 }
1280
1281
1282 /* Check the argument list of a call to printf, scanf, etc.
1283 INFO points to the function_format_info structure.
1284 PARAMS is the list of argument values. */
1285
1286 static void
1287 check_format_info (status, info, params)
1288 int *status;
1289 function_format_info *info;
1290 tree params;
1291 {
1292 unsigned HOST_WIDE_INT arg_num;
1293 tree format_tree;
1294 format_check_results res;
1295 /* Skip to format argument. If the argument isn't available, there's
1296 no work for us to do; prototype checking will catch the problem. */
1297 for (arg_num = 1; ; ++arg_num)
1298 {
1299 if (params == 0)
1300 return;
1301 if (arg_num == info->format_num)
1302 break;
1303 params = TREE_CHAIN (params);
1304 }
1305 format_tree = TREE_VALUE (params);
1306 params = TREE_CHAIN (params);
1307 if (format_tree == 0)
1308 return;
1309
1310 res.number_non_literal = 0;
1311 res.number_extra_args = 0;
1312 res.number_dollar_extra_args = 0;
1313 res.number_wide = 0;
1314 res.number_empty = 0;
1315 res.number_unterminated = 0;
1316 res.number_other = 0;
1317
1318 check_format_info_recurse (status, &res, info, format_tree, params, arg_num);
1319
1320 if (res.number_non_literal > 0)
1321 {
1322 /* Functions taking a va_list normally pass a non-literal format
1323 string. These functions typically are declared with
1324 first_arg_num == 0, so avoid warning in those cases. */
1325 if (!(format_types[info->format_type].flags & (int) FMT_FLAG_ARG_CONVERT))
1326 {
1327 /* For strftime-like formats, warn for not checking the format
1328 string; but there are no arguments to check. */
1329 if (warn_format_nonliteral)
1330 status_warning (status, "format not a string literal, format string not checked");
1331 }
1332 else if (info->first_arg_num != 0)
1333 {
1334 /* If there are no arguments for the format at all, we may have
1335 printf (foo) which is likely to be a security hole. */
1336 while (arg_num + 1 < info->first_arg_num)
1337 {
1338 if (params == 0)
1339 break;
1340 params = TREE_CHAIN (params);
1341 ++arg_num;
1342 }
1343 if (params == 0 && (warn_format_nonliteral || warn_format_security))
1344 status_warning (status, "format not a string literal and no format arguments");
1345 else if (warn_format_nonliteral)
1346 status_warning (status, "format not a string literal, argument types not checked");
1347 }
1348 }
1349
1350 /* If there were extra arguments to the format, normally warn. However,
1351 the standard does say extra arguments are ignored, so in the specific
1352 case where we have multiple leaves (conditional expressions or
1353 ngettext) allow extra arguments if at least one leaf didn't have extra
1354 arguments, but was otherwise OK (either non-literal or checked OK).
1355 If the format is an empty string, this should be counted similarly to the
1356 case of extra format arguments. */
1357 if (res.number_extra_args > 0 && res.number_non_literal == 0
1358 && res.number_other == 0 && warn_format_extra_args)
1359 status_warning (status, "too many arguments for format");
1360 if (res.number_dollar_extra_args > 0 && res.number_non_literal == 0
1361 && res.number_other == 0 && warn_format_extra_args)
1362 status_warning (status, "unused arguments in $-style format");
1363 if (res.number_empty > 0 && res.number_non_literal == 0
1364 && res.number_other == 0)
1365 status_warning (status, "zero-length format string");
1366
1367 if (res.number_wide > 0)
1368 status_warning (status, "format is a wide character string");
1369
1370 if (res.number_unterminated > 0)
1371 status_warning (status, "unterminated format string");
1372 }
1373
1374
1375 /* Recursively check a call to a format function. FORMAT_TREE is the
1376 format parameter, which may be a conditional expression in which
1377 both halves should be checked. ARG_NUM is the number of the
1378 format argument; PARAMS points just after it in the argument list. */
1379
1380 static void
1381 check_format_info_recurse (status, res, info, format_tree, params, arg_num)
1382 int *status;
1383 format_check_results *res;
1384 function_format_info *info;
1385 tree format_tree;
1386 tree params;
1387 unsigned HOST_WIDE_INT arg_num;
1388 {
1389 int format_length;
1390 HOST_WIDE_INT offset;
1391 const char *format_chars;
1392 tree array_size = 0;
1393 tree array_init;
1394
1395 if (TREE_CODE (format_tree) == NOP_EXPR)
1396 {
1397 /* Strip coercion. */
1398 check_format_info_recurse (status, res, info,
1399 TREE_OPERAND (format_tree, 0), params,
1400 arg_num);
1401 return;
1402 }
1403
1404 if (TREE_CODE (format_tree) == CALL_EXPR)
1405 {
1406 tree type = TREE_TYPE (TREE_TYPE (TREE_OPERAND (format_tree, 0)));
1407 tree attrs;
1408 bool found_format_arg = false;
1409
1410 /* See if this is a call to a known internationalization function
1411 that modifies the format arg. Such a function may have multiple
1412 format_arg attributes (for example, ngettext). */
1413
1414 for (attrs = TYPE_ATTRIBUTES (type);
1415 attrs;
1416 attrs = TREE_CHAIN (attrs))
1417 if (is_attribute_p ("format_arg", TREE_PURPOSE (attrs)))
1418 {
1419 tree inner_args;
1420 tree format_num_expr;
1421 int format_num;
1422 int i;
1423
1424 /* Extract the argument number, which was previously checked
1425 to be valid. */
1426 format_num_expr = TREE_VALUE (TREE_VALUE (attrs));
1427 while (TREE_CODE (format_num_expr) == NOP_EXPR
1428 || TREE_CODE (format_num_expr) == CONVERT_EXPR
1429 || TREE_CODE (format_num_expr) == NON_LVALUE_EXPR)
1430 format_num_expr = TREE_OPERAND (format_num_expr, 0);
1431
1432 if (TREE_CODE (format_num_expr) != INTEGER_CST
1433 || TREE_INT_CST_HIGH (format_num_expr) != 0)
1434 abort ();
1435
1436 format_num = TREE_INT_CST_LOW (format_num_expr);
1437
1438 for (inner_args = TREE_OPERAND (format_tree, 1), i = 1;
1439 inner_args != 0;
1440 inner_args = TREE_CHAIN (inner_args), i++)
1441 if (i == format_num)
1442 {
1443 check_format_info_recurse (status, res, info,
1444 TREE_VALUE (inner_args), params,
1445 arg_num);
1446 found_format_arg = true;
1447 break;
1448 }
1449 }
1450
1451 /* If we found a format_arg attribute and did a recursive check,
1452 we are done with checking this format string. Otherwise, we
1453 continue and this will count as a non-literal format string. */
1454 if (found_format_arg)
1455 return;
1456 }
1457
1458 if (TREE_CODE (format_tree) == COND_EXPR)
1459 {
1460 /* Check both halves of the conditional expression. */
1461 check_format_info_recurse (status, res, info,
1462 TREE_OPERAND (format_tree, 1), params,
1463 arg_num);
1464 check_format_info_recurse (status, res, info,
1465 TREE_OPERAND (format_tree, 2), params,
1466 arg_num);
1467 return;
1468 }
1469
1470 if (integer_zerop (format_tree))
1471 {
1472 /* FIXME: this warning should go away once Marc Espie's
1473 __attribute__((nonnull)) patch is in. Instead, checking for
1474 nonnull attributes should probably change this function to act
1475 specially if info == NULL and add a res->number_null entry for
1476 that case, or maybe add a function pointer to be called at
1477 the end instead of hardcoding check_format_info_main. */
1478 status_warning (status, "null format string");
1479
1480 /* Skip to first argument to check, so we can see if this format
1481 has any arguments (it shouldn't). */
1482 while (arg_num + 1 < info->first_arg_num)
1483 {
1484 if (params == 0)
1485 return;
1486 params = TREE_CHAIN (params);
1487 ++arg_num;
1488 }
1489
1490 if (params == 0)
1491 res->number_other++;
1492 else
1493 res->number_extra_args++;
1494
1495 return;
1496 }
1497
1498 offset = 0;
1499 if (TREE_CODE (format_tree) == PLUS_EXPR)
1500 {
1501 tree arg0, arg1;
1502
1503 arg0 = TREE_OPERAND (format_tree, 0);
1504 arg1 = TREE_OPERAND (format_tree, 1);
1505 STRIP_NOPS (arg0);
1506 STRIP_NOPS (arg1);
1507 if (TREE_CODE (arg1) == INTEGER_CST)
1508 format_tree = arg0;
1509 else if (TREE_CODE (arg0) == INTEGER_CST)
1510 {
1511 format_tree = arg1;
1512 arg1 = arg0;
1513 }
1514 else
1515 {
1516 res->number_non_literal++;
1517 return;
1518 }
1519 if (!host_integerp (arg1, 0)
1520 || (offset = tree_low_cst (arg1, 0)) < 0)
1521 {
1522 res->number_non_literal++;
1523 return;
1524 }
1525 }
1526 if (TREE_CODE (format_tree) != ADDR_EXPR)
1527 {
1528 res->number_non_literal++;
1529 return;
1530 }
1531 format_tree = TREE_OPERAND (format_tree, 0);
1532 if (TREE_CODE (format_tree) == VAR_DECL
1533 && TREE_CODE (TREE_TYPE (format_tree)) == ARRAY_TYPE
1534 && (array_init = decl_constant_value (format_tree)) != format_tree
1535 && TREE_CODE (array_init) == STRING_CST)
1536 {
1537 /* Extract the string constant initializer. Note that this may include
1538 a trailing NUL character that is not in the array (e.g.
1539 const char a[3] = "foo";). */
1540 array_size = DECL_SIZE_UNIT (format_tree);
1541 format_tree = array_init;
1542 }
1543 if (TREE_CODE (format_tree) != STRING_CST)
1544 {
1545 res->number_non_literal++;
1546 return;
1547 }
1548 if (TYPE_MAIN_VARIANT (TREE_TYPE (TREE_TYPE (format_tree))) != char_type_node)
1549 {
1550 res->number_wide++;
1551 return;
1552 }
1553 format_chars = TREE_STRING_POINTER (format_tree);
1554 format_length = TREE_STRING_LENGTH (format_tree);
1555 if (array_size != 0)
1556 {
1557 /* Variable length arrays can't be initialized. */
1558 if (TREE_CODE (array_size) != INTEGER_CST)
1559 abort ();
1560 if (host_integerp (array_size, 0))
1561 {
1562 HOST_WIDE_INT array_size_value = TREE_INT_CST_LOW (array_size);
1563 if (array_size_value > 0
1564 && array_size_value == (int) array_size_value
1565 && format_length > array_size_value)
1566 format_length = array_size_value;
1567 }
1568 }
1569 if (offset)
1570 {
1571 if (offset >= format_length)
1572 {
1573 res->number_non_literal++;
1574 return;
1575 }
1576 format_chars += offset;
1577 format_length -= offset;
1578 }
1579 if (format_length < 1)
1580 {
1581 res->number_unterminated++;
1582 return;
1583 }
1584 if (format_length == 1)
1585 {
1586 res->number_empty++;
1587 return;
1588 }
1589 if (format_chars[--format_length] != 0)
1590 {
1591 res->number_unterminated++;
1592 return;
1593 }
1594
1595 /* Skip to first argument to check. */
1596 while (arg_num + 1 < info->first_arg_num)
1597 {
1598 if (params == 0)
1599 return;
1600 params = TREE_CHAIN (params);
1601 ++arg_num;
1602 }
1603 /* Provisionally increment res->number_other; check_format_info_main
1604 will decrement it if it finds there are extra arguments, but this way
1605 need not adjust it for every return. */
1606 res->number_other++;
1607 check_format_info_main (status, res, info, format_chars, format_length,
1608 params, arg_num);
1609 }
1610
1611
1612 /* Do the main part of checking a call to a format function. FORMAT_CHARS
1613 is the NUL-terminated format string (which at this point may contain
1614 internal NUL characters); FORMAT_LENGTH is its length (excluding the
1615 terminating NUL character). ARG_NUM is one less than the number of
1616 the first format argument to check; PARAMS points to that format
1617 argument in the list of arguments. */
1618
1619 static void
1620 check_format_info_main (status, res, info, format_chars, format_length,
1621 params, arg_num)
1622 int *status;
1623 format_check_results *res;
1624 function_format_info *info;
1625 const char *format_chars;
1626 int format_length;
1627 tree params;
1628 unsigned HOST_WIDE_INT arg_num;
1629 {
1630 const char *orig_format_chars = format_chars;
1631 tree first_fillin_param = params;
1632
1633 const format_kind_info *fki = &format_types[info->format_type];
1634 const format_flag_spec *flag_specs = fki->flag_specs;
1635 const format_flag_pair *bad_flag_pairs = fki->bad_flag_pairs;
1636
1637 /* -1 if no conversions taking an operand have been found; 0 if one has
1638 and it didn't use $; 1 if $ formats are in use. */
1639 int has_operand_number = -1;
1640
1641 init_dollar_format_checking (info->first_arg_num, first_fillin_param);
1642
1643 while (1)
1644 {
1645 int i;
1646 int suppressed = FALSE;
1647 const char *length_chars = NULL;
1648 enum format_lengths length_chars_val = FMT_LEN_none;
1649 enum format_std_version length_chars_std = STD_C89;
1650 int format_char;
1651 tree cur_param;
1652 tree wanted_type;
1653 int main_arg_num = 0;
1654 tree main_arg_params = 0;
1655 enum format_std_version wanted_type_std;
1656 const char *wanted_type_name;
1657 format_wanted_type width_wanted_type;
1658 format_wanted_type precision_wanted_type;
1659 format_wanted_type main_wanted_type;
1660 format_wanted_type *first_wanted_type = NULL;
1661 format_wanted_type *last_wanted_type = NULL;
1662 const format_length_info *fli = NULL;
1663 const format_char_info *fci = NULL;
1664 char flag_chars[256];
1665 int aflag = 0;
1666 if (*format_chars == 0)
1667 {
1668 if (format_chars - orig_format_chars != format_length)
1669 status_warning (status, "embedded `\\0' in format");
1670 if (info->first_arg_num != 0 && params != 0
1671 && has_operand_number <= 0)
1672 {
1673 res->number_other--;
1674 res->number_extra_args++;
1675 }
1676 if (has_operand_number > 0)
1677 finish_dollar_format_checking (status, res, fki->flags & (int) FMT_FLAG_DOLLAR_GAP_POINTER_OK);
1678 return;
1679 }
1680 if (*format_chars++ != '%')
1681 continue;
1682 if (*format_chars == 0)
1683 {
1684 status_warning (status, "spurious trailing `%%' in format");
1685 continue;
1686 }
1687 if (*format_chars == '%')
1688 {
1689 ++format_chars;
1690 continue;
1691 }
1692 flag_chars[0] = 0;
1693
1694 if ((fki->flags & (int) FMT_FLAG_USE_DOLLAR) && has_operand_number != 0)
1695 {
1696 /* Possibly read a $ operand number at the start of the format.
1697 If one was previously used, one is required here. If one
1698 is not used here, we can't immediately conclude this is a
1699 format without them, since it could be printf %m or scanf %*. */
1700 int opnum;
1701 opnum = maybe_read_dollar_number (status, &format_chars, 0,
1702 first_fillin_param,
1703 &main_arg_params, fki);
1704 if (opnum == -1)
1705 return;
1706 else if (opnum > 0)
1707 {
1708 has_operand_number = 1;
1709 main_arg_num = opnum + info->first_arg_num - 1;
1710 }
1711 }
1712
1713 /* Read any format flags, but do not yet validate them beyond removing
1714 duplicates, since in general validation depends on the rest of
1715 the format. */
1716 while (*format_chars != 0
1717 && strchr (fki->flag_chars, *format_chars) != 0)
1718 {
1719 const format_flag_spec *s = get_flag_spec (flag_specs,
1720 *format_chars, NULL);
1721 if (strchr (flag_chars, *format_chars) != 0)
1722 {
1723 status_warning (status, "repeated %s in format", _(s->name));
1724 }
1725 else
1726 {
1727 i = strlen (flag_chars);
1728 flag_chars[i++] = *format_chars;
1729 flag_chars[i] = 0;
1730 }
1731 if (s->skip_next_char)
1732 {
1733 ++format_chars;
1734 if (*format_chars == 0)
1735 {
1736 status_warning (status, "missing fill character at end of strfmon format");
1737 return;
1738 }
1739 }
1740 ++format_chars;
1741 }
1742
1743 /* Read any format width, possibly * or *m$. */
1744 if (fki->width_char != 0)
1745 {
1746 if (fki->width_type != NULL && *format_chars == '*')
1747 {
1748 i = strlen (flag_chars);
1749 flag_chars[i++] = fki->width_char;
1750 flag_chars[i] = 0;
1751 /* "...a field width...may be indicated by an asterisk.
1752 In this case, an int argument supplies the field width..." */
1753 ++format_chars;
1754 if (params == 0)
1755 {
1756 status_warning (status, "too few arguments for format");
1757 return;
1758 }
1759 if (has_operand_number != 0)
1760 {
1761 int opnum;
1762 opnum = maybe_read_dollar_number (status, &format_chars,
1763 has_operand_number == 1,
1764 first_fillin_param,
1765 &params, fki);
1766 if (opnum == -1)
1767 return;
1768 else if (opnum > 0)
1769 {
1770 has_operand_number = 1;
1771 arg_num = opnum + info->first_arg_num - 1;
1772 }
1773 else
1774 has_operand_number = 0;
1775 }
1776 if (info->first_arg_num != 0)
1777 {
1778 cur_param = TREE_VALUE (params);
1779 if (has_operand_number <= 0)
1780 {
1781 params = TREE_CHAIN (params);
1782 ++arg_num;
1783 }
1784 width_wanted_type.wanted_type = *fki->width_type;
1785 width_wanted_type.wanted_type_name = NULL;
1786 width_wanted_type.pointer_count = 0;
1787 width_wanted_type.char_lenient_flag = 0;
1788 width_wanted_type.writing_in_flag = 0;
1789 width_wanted_type.reading_from_flag = 0;
1790 width_wanted_type.name = _("field width");
1791 width_wanted_type.param = cur_param;
1792 width_wanted_type.arg_num = arg_num;
1793 width_wanted_type.next = NULL;
1794 if (last_wanted_type != 0)
1795 last_wanted_type->next = &width_wanted_type;
1796 if (first_wanted_type == 0)
1797 first_wanted_type = &width_wanted_type;
1798 last_wanted_type = &width_wanted_type;
1799 }
1800 }
1801 else
1802 {
1803 /* Possibly read a numeric width. If the width is zero,
1804 we complain if appropriate. */
1805 int non_zero_width_char = FALSE;
1806 int found_width = FALSE;
1807 while (ISDIGIT (*format_chars))
1808 {
1809 found_width = TRUE;
1810 if (*format_chars != '0')
1811 non_zero_width_char = TRUE;
1812 ++format_chars;
1813 }
1814 if (found_width && !non_zero_width_char &&
1815 (fki->flags & (int) FMT_FLAG_ZERO_WIDTH_BAD))
1816 status_warning (status, "zero width in %s format",
1817 fki->name);
1818 if (found_width)
1819 {
1820 i = strlen (flag_chars);
1821 flag_chars[i++] = fki->width_char;
1822 flag_chars[i] = 0;
1823 }
1824 }
1825 }
1826
1827 /* Read any format left precision (must be a number, not *). */
1828 if (fki->left_precision_char != 0 && *format_chars == '#')
1829 {
1830 ++format_chars;
1831 i = strlen (flag_chars);
1832 flag_chars[i++] = fki->left_precision_char;
1833 flag_chars[i] = 0;
1834 if (!ISDIGIT (*format_chars))
1835 status_warning (status, "empty left precision in %s format",
1836 fki->name);
1837 while (ISDIGIT (*format_chars))
1838 ++format_chars;
1839 }
1840
1841 /* Read any format precision, possibly * or *m$. */
1842 if (fki->precision_char != 0 && *format_chars == '.')
1843 {
1844 ++format_chars;
1845 i = strlen (flag_chars);
1846 flag_chars[i++] = fki->precision_char;
1847 flag_chars[i] = 0;
1848 if (fki->precision_type != NULL && *format_chars == '*')
1849 {
1850 /* "...a...precision...may be indicated by an asterisk.
1851 In this case, an int argument supplies the...precision." */
1852 ++format_chars;
1853 if (has_operand_number != 0)
1854 {
1855 int opnum;
1856 opnum = maybe_read_dollar_number (status, &format_chars,
1857 has_operand_number == 1,
1858 first_fillin_param,
1859 &params, fki);
1860 if (opnum == -1)
1861 return;
1862 else if (opnum > 0)
1863 {
1864 has_operand_number = 1;
1865 arg_num = opnum + info->first_arg_num - 1;
1866 }
1867 else
1868 has_operand_number = 0;
1869 }
1870 if (info->first_arg_num != 0)
1871 {
1872 if (params == 0)
1873 {
1874 status_warning (status, "too few arguments for format");
1875 return;
1876 }
1877 cur_param = TREE_VALUE (params);
1878 if (has_operand_number <= 0)
1879 {
1880 params = TREE_CHAIN (params);
1881 ++arg_num;
1882 }
1883 precision_wanted_type.wanted_type = *fki->precision_type;
1884 precision_wanted_type.wanted_type_name = NULL;
1885 precision_wanted_type.pointer_count = 0;
1886 precision_wanted_type.char_lenient_flag = 0;
1887 precision_wanted_type.writing_in_flag = 0;
1888 precision_wanted_type.reading_from_flag = 0;
1889 precision_wanted_type.name = _("field precision");
1890 precision_wanted_type.param = cur_param;
1891 precision_wanted_type.arg_num = arg_num;
1892 precision_wanted_type.next = NULL;
1893 if (last_wanted_type != 0)
1894 last_wanted_type->next = &precision_wanted_type;
1895 if (first_wanted_type == 0)
1896 first_wanted_type = &precision_wanted_type;
1897 last_wanted_type = &precision_wanted_type;
1898 }
1899 }
1900 else
1901 {
1902 if (!(fki->flags & (int) FMT_FLAG_EMPTY_PREC_OK)
1903 && !ISDIGIT (*format_chars))
1904 status_warning (status, "empty precision in %s format",
1905 fki->name);
1906 while (ISDIGIT (*format_chars))
1907 ++format_chars;
1908 }
1909 }
1910
1911 /* Read any length modifier, if this kind of format has them. */
1912 fli = fki->length_char_specs;
1913 length_chars = NULL;
1914 length_chars_val = FMT_LEN_none;
1915 length_chars_std = STD_C89;
1916 if (fli)
1917 {
1918 while (fli->name != 0 && fli->name[0] != *format_chars)
1919 fli++;
1920 if (fli->name != 0)
1921 {
1922 format_chars++;
1923 if (fli->double_name != 0 && fli->name[0] == *format_chars)
1924 {
1925 format_chars++;
1926 length_chars = fli->double_name;
1927 length_chars_val = fli->double_index;
1928 length_chars_std = fli->double_std;
1929 }
1930 else
1931 {
1932 length_chars = fli->name;
1933 length_chars_val = fli->index;
1934 length_chars_std = fli->std;
1935 }
1936 i = strlen (flag_chars);
1937 flag_chars[i++] = fki->length_code_char;
1938 flag_chars[i] = 0;
1939 }
1940 if (pedantic)
1941 {
1942 /* Warn if the length modifier is non-standard. */
1943 if (ADJ_STD (length_chars_std) > C_STD_VER)
1944 status_warning (status, "%s does not support the `%s' %s length modifier",
1945 C_STD_NAME (length_chars_std), length_chars,
1946 fki->name);
1947 }
1948 }
1949
1950 /* Read any modifier (strftime E/O). */
1951 if (fki->modifier_chars != NULL)
1952 {
1953 while (*format_chars != 0
1954 && strchr (fki->modifier_chars, *format_chars) != 0)
1955 {
1956 if (strchr (flag_chars, *format_chars) != 0)
1957 {
1958 const format_flag_spec *s = get_flag_spec (flag_specs,
1959 *format_chars, NULL);
1960 status_warning (status, "repeated %s in format", _(s->name));
1961 }
1962 else
1963 {
1964 i = strlen (flag_chars);
1965 flag_chars[i++] = *format_chars;
1966 flag_chars[i] = 0;
1967 }
1968 ++format_chars;
1969 }
1970 }
1971
1972 /* Handle the scanf allocation kludge. */
1973 if (fki->flags & (int) FMT_FLAG_SCANF_A_KLUDGE)
1974 {
1975 if (*format_chars == 'a' && !flag_isoc99)
1976 {
1977 if (format_chars[1] == 's' || format_chars[1] == 'S'
1978 || format_chars[1] == '[')
1979 {
1980 /* `a' is used as a flag. */
1981 i = strlen (flag_chars);
1982 flag_chars[i++] = 'a';
1983 flag_chars[i] = 0;
1984 format_chars++;
1985 }
1986 }
1987 }
1988
1989 format_char = *format_chars;
1990 if (format_char == 0
1991 || (!(fki->flags & (int) FMT_FLAG_FANCY_PERCENT_OK)
1992 && format_char == '%'))
1993 {
1994 status_warning (status, "conversion lacks type at end of format");
1995 continue;
1996 }
1997 format_chars++;
1998 fci = fki->conversion_specs;
1999 while (fci->format_chars != 0
2000 && strchr (fci->format_chars, format_char) == 0)
2001 ++fci;
2002 if (fci->format_chars == 0)
2003 {
2004 if (ISGRAPH(format_char))
2005 status_warning (status, "unknown conversion type character `%c' in format",
2006 format_char);
2007 else
2008 status_warning (status, "unknown conversion type character 0x%x in format",
2009 format_char);
2010 continue;
2011 }
2012 if (pedantic)
2013 {
2014 if (ADJ_STD (fci->std) > C_STD_VER)
2015 status_warning (status, "%s does not support the `%%%c' %s format",
2016 C_STD_NAME (fci->std), format_char, fki->name);
2017 }
2018
2019 /* Validate the individual flags used, removing any that are invalid. */
2020 {
2021 int d = 0;
2022 for (i = 0; flag_chars[i] != 0; i++)
2023 {
2024 const format_flag_spec *s = get_flag_spec (flag_specs,
2025 flag_chars[i], NULL);
2026 flag_chars[i - d] = flag_chars[i];
2027 if (flag_chars[i] == fki->length_code_char)
2028 continue;
2029 if (strchr (fci->flag_chars, flag_chars[i]) == 0)
2030 {
2031 status_warning (status, "%s used with `%%%c' %s format",
2032 _(s->name), format_char, fki->name);
2033 d++;
2034 continue;
2035 }
2036 if (pedantic)
2037 {
2038 const format_flag_spec *t;
2039 if (ADJ_STD (s->std) > C_STD_VER)
2040 status_warning (status, "%s does not support %s",
2041 C_STD_NAME (s->std), _(s->long_name));
2042 t = get_flag_spec (flag_specs, flag_chars[i], fci->flags2);
2043 if (t != NULL && ADJ_STD (t->std) > ADJ_STD (s->std))
2044 {
2045 const char *long_name = (t->long_name != NULL
2046 ? t->long_name
2047 : s->long_name);
2048 if (ADJ_STD (t->std) > C_STD_VER)
2049 status_warning (status, "%s does not support %s with the `%%%c' %s format",
2050 C_STD_NAME (t->std), _(long_name),
2051 format_char, fki->name);
2052 }
2053 }
2054 }
2055 flag_chars[i - d] = 0;
2056 }
2057
2058 if ((fki->flags & (int) FMT_FLAG_SCANF_A_KLUDGE)
2059 && strchr (flag_chars, 'a') != 0)
2060 aflag = 1;
2061
2062 if (fki->suppression_char
2063 && strchr (flag_chars, fki->suppression_char) != 0)
2064 suppressed = 1;
2065
2066 /* Validate the pairs of flags used. */
2067 for (i = 0; bad_flag_pairs[i].flag_char1 != 0; i++)
2068 {
2069 const format_flag_spec *s, *t;
2070 if (strchr (flag_chars, bad_flag_pairs[i].flag_char1) == 0)
2071 continue;
2072 if (strchr (flag_chars, bad_flag_pairs[i].flag_char2) == 0)
2073 continue;
2074 if (bad_flag_pairs[i].predicate != 0
2075 && strchr (fci->flags2, bad_flag_pairs[i].predicate) == 0)
2076 continue;
2077 s = get_flag_spec (flag_specs, bad_flag_pairs[i].flag_char1, NULL);
2078 t = get_flag_spec (flag_specs, bad_flag_pairs[i].flag_char2, NULL);
2079 if (bad_flag_pairs[i].ignored)
2080 {
2081 if (bad_flag_pairs[i].predicate != 0)
2082 status_warning (status, "%s ignored with %s and `%%%c' %s format",
2083 _(s->name), _(t->name), format_char,
2084 fki->name);
2085 else
2086 status_warning (status, "%s ignored with %s in %s format",
2087 _(s->name), _(t->name), fki->name);
2088 }
2089 else
2090 {
2091 if (bad_flag_pairs[i].predicate != 0)
2092 status_warning (status, "use of %s and %s together with `%%%c' %s format",
2093 _(s->name), _(t->name), format_char,
2094 fki->name);
2095 else
2096 status_warning (status, "use of %s and %s together in %s format",
2097 _(s->name), _(t->name), fki->name);
2098 }
2099 }
2100
2101 /* Give Y2K warnings. */
2102 if (warn_format_y2k)
2103 {
2104 int y2k_level = 0;
2105 if (strchr (fci->flags2, '4') != 0)
2106 if (strchr (flag_chars, 'E') != 0)
2107 y2k_level = 3;
2108 else
2109 y2k_level = 2;
2110 else if (strchr (fci->flags2, '3') != 0)
2111 y2k_level = 3;
2112 else if (strchr (fci->flags2, '2') != 0)
2113 y2k_level = 2;
2114 if (y2k_level == 3)
2115 status_warning (status, "`%%%c' yields only last 2 digits of year in some locales",
2116 format_char);
2117 else if (y2k_level == 2)
2118 status_warning (status, "`%%%c' yields only last 2 digits of year", format_char);
2119 }
2120
2121 if (strchr (fci->flags2, '[') != 0)
2122 {
2123 /* Skip over scan set, in case it happens to have '%' in it. */
2124 if (*format_chars == '^')
2125 ++format_chars;
2126 /* Find closing bracket; if one is hit immediately, then
2127 it's part of the scan set rather than a terminator. */
2128 if (*format_chars == ']')
2129 ++format_chars;
2130 while (*format_chars && *format_chars != ']')
2131 ++format_chars;
2132 if (*format_chars != ']')
2133 /* The end of the format string was reached. */
2134 status_warning (status, "no closing `]' for `%%[' format");
2135 }
2136
2137 wanted_type = 0;
2138 wanted_type_name = 0;
2139 if (fki->flags & (int) FMT_FLAG_ARG_CONVERT)
2140 {
2141 wanted_type = (fci->types[length_chars_val].type
2142 ? *fci->types[length_chars_val].type : 0);
2143 wanted_type_name = fci->types[length_chars_val].name;
2144 wanted_type_std = fci->types[length_chars_val].std;
2145 if (wanted_type == 0)
2146 {
2147 status_warning (status, "use of `%s' length modifier with `%c' type character",
2148 length_chars, format_char);
2149 /* Heuristic: skip one argument when an invalid length/type
2150 combination is encountered. */
2151 arg_num++;
2152 if (params == 0)
2153 {
2154 status_warning (status, "too few arguments for format");
2155 return;
2156 }
2157 params = TREE_CHAIN (params);
2158 continue;
2159 }
2160 else if (pedantic
2161 /* Warn if non-standard, provided it is more non-standard
2162 than the length and type characters that may already
2163 have been warned for. */
2164 && ADJ_STD (wanted_type_std) > ADJ_STD (length_chars_std)
2165 && ADJ_STD (wanted_type_std) > ADJ_STD (fci->std))
2166 {
2167 if (ADJ_STD (wanted_type_std) > C_STD_VER)
2168 status_warning (status, "%s does not support the `%%%s%c' %s format",
2169 C_STD_NAME (wanted_type_std), length_chars,
2170 format_char, fki->name);
2171 }
2172 }
2173
2174 /* Finally. . .check type of argument against desired type! */
2175 if (info->first_arg_num == 0)
2176 continue;
2177 if ((fci->pointer_count == 0 && wanted_type == void_type_node)
2178 || suppressed)
2179 {
2180 if (main_arg_num != 0)
2181 {
2182 if (suppressed)
2183 status_warning (status, "operand number specified with suppressed assignment");
2184 else
2185 status_warning (status, "operand number specified for format taking no argument");
2186 }
2187 }
2188 else
2189 {
2190 if (main_arg_num != 0)
2191 {
2192 arg_num = main_arg_num;
2193 params = main_arg_params;
2194 }
2195 else
2196 {
2197 ++arg_num;
2198 if (has_operand_number > 0)
2199 {
2200 status_warning (status, "missing $ operand number in format");
2201 return;
2202 }
2203 else
2204 has_operand_number = 0;
2205 if (params == 0)
2206 {
2207 status_warning (status, "too few arguments for format");
2208 return;
2209 }
2210 }
2211 cur_param = TREE_VALUE (params);
2212 params = TREE_CHAIN (params);
2213 main_wanted_type.wanted_type = wanted_type;
2214 main_wanted_type.wanted_type_name = wanted_type_name;
2215 main_wanted_type.pointer_count = fci->pointer_count + aflag;
2216 main_wanted_type.char_lenient_flag = 0;
2217 if (strchr (fci->flags2, 'c') != 0)
2218 main_wanted_type.char_lenient_flag = 1;
2219 main_wanted_type.writing_in_flag = 0;
2220 main_wanted_type.reading_from_flag = 0;
2221 if (aflag)
2222 main_wanted_type.writing_in_flag = 1;
2223 else
2224 {
2225 if (strchr (fci->flags2, 'W') != 0)
2226 main_wanted_type.writing_in_flag = 1;
2227 if (strchr (fci->flags2, 'R') != 0)
2228 main_wanted_type.reading_from_flag = 1;
2229 }
2230 main_wanted_type.name = NULL;
2231 main_wanted_type.param = cur_param;
2232 main_wanted_type.arg_num = arg_num;
2233 main_wanted_type.next = NULL;
2234 if (last_wanted_type != 0)
2235 last_wanted_type->next = &main_wanted_type;
2236 if (first_wanted_type == 0)
2237 first_wanted_type = &main_wanted_type;
2238 last_wanted_type = &main_wanted_type;
2239 }
2240
2241 if (first_wanted_type != 0)
2242 check_format_types (status, first_wanted_type);
2243
2244 }
2245 }
2246
2247
2248 /* Check the argument types from a single format conversion (possibly
2249 including width and precision arguments). */
2250 static void
2251 check_format_types (status, types)
2252 int *status;
2253 format_wanted_type *types;
2254 {
2255 for (; types != 0; types = types->next)
2256 {
2257 tree cur_param;
2258 tree cur_type;
2259 tree orig_cur_type;
2260 tree wanted_type;
2261 tree promoted_type;
2262 int arg_num;
2263 int i;
2264 int char_type_flag;
2265 cur_param = types->param;
2266 cur_type = TREE_TYPE (cur_param);
2267 if (cur_type == error_mark_node)
2268 continue;
2269 char_type_flag = 0;
2270 wanted_type = types->wanted_type;
2271 arg_num = types->arg_num;
2272
2273 /* The following should not occur here. */
2274 if (wanted_type == 0)
2275 abort ();
2276 if (wanted_type == void_type_node && types->pointer_count == 0)
2277 abort ();
2278
2279 if (types->pointer_count == 0)
2280 {
2281 promoted_type = simple_type_promotes_to (wanted_type);
2282 if (promoted_type != NULL_TREE)
2283 wanted_type = promoted_type;
2284 }
2285
2286 STRIP_NOPS (cur_param);
2287
2288 /* Check the types of any additional pointer arguments
2289 that precede the "real" argument. */
2290 for (i = 0; i < types->pointer_count; ++i)
2291 {
2292 if (TREE_CODE (cur_type) == POINTER_TYPE)
2293 {
2294 cur_type = TREE_TYPE (cur_type);
2295 if (cur_type == error_mark_node)
2296 break;
2297
2298 /* Check for writing through a NULL pointer. */
2299 if (types->writing_in_flag
2300 && i == 0
2301 && cur_param != 0
2302 && integer_zerop (cur_param))
2303 status_warning (status,
2304 "writing through null pointer (arg %d)",
2305 arg_num);
2306
2307 /* Check for reading through a NULL pointer. */
2308 if (types->reading_from_flag
2309 && i == 0
2310 && cur_param != 0
2311 && integer_zerop (cur_param))
2312 status_warning (status,
2313 "reading through null pointer (arg %d)",
2314 arg_num);
2315
2316 if (cur_param != 0 && TREE_CODE (cur_param) == ADDR_EXPR)
2317 cur_param = TREE_OPERAND (cur_param, 0);
2318 else
2319 cur_param = 0;
2320
2321 /* See if this is an attempt to write into a const type with
2322 scanf or with printf "%n". Note: the writing in happens
2323 at the first indirection only, if for example
2324 void * const * is passed to scanf %p; passing
2325 const void ** is simply passing an incompatible type. */
2326 if (types->writing_in_flag
2327 && i == 0
2328 && (TYPE_READONLY (cur_type)
2329 || (cur_param != 0
2330 && (TREE_CODE_CLASS (TREE_CODE (cur_param)) == 'c'
2331 || (DECL_P (cur_param)
2332 && TREE_READONLY (cur_param))))))
2333 status_warning (status, "writing into constant object (arg %d)", arg_num);
2334
2335 /* If there are extra type qualifiers beyond the first
2336 indirection, then this makes the types technically
2337 incompatible. */
2338 if (i > 0
2339 && pedantic
2340 && (TYPE_READONLY (cur_type)
2341 || TYPE_VOLATILE (cur_type)
2342 || TYPE_RESTRICT (cur_type)))
2343 status_warning (status, "extra type qualifiers in format argument (arg %d)",
2344 arg_num);
2345
2346 }
2347 else
2348 {
2349 if (types->pointer_count == 1)
2350 status_warning (status, "format argument is not a pointer (arg %d)", arg_num);
2351 else
2352 status_warning (status, "format argument is not a pointer to a pointer (arg %d)", arg_num);
2353 break;
2354 }
2355 }
2356
2357 if (i < types->pointer_count)
2358 continue;
2359
2360 orig_cur_type = cur_type;
2361 cur_type = TYPE_MAIN_VARIANT (cur_type);
2362
2363 /* Check whether the argument type is a character type. This leniency
2364 only applies to certain formats, flagged with 'c'.
2365 */
2366 if (types->char_lenient_flag)
2367 char_type_flag = (cur_type == char_type_node
2368 || cur_type == signed_char_type_node
2369 || cur_type == unsigned_char_type_node);
2370
2371 /* Check the type of the "real" argument, if there's a type we want. */
2372 if (wanted_type == cur_type)
2373 continue;
2374 /* If we want `void *', allow any pointer type.
2375 (Anything else would already have got a warning.)
2376 With -pedantic, only allow pointers to void and to character
2377 types. */
2378 if (wanted_type == void_type_node
2379 && (!pedantic || (i == 1 && char_type_flag)))
2380 continue;
2381 /* Don't warn about differences merely in signedness, unless
2382 -pedantic. With -pedantic, warn if the type is a pointer
2383 target and not a character type, and for character types at
2384 a second level of indirection. */
2385 if (TREE_CODE (wanted_type) == INTEGER_TYPE
2386 && TREE_CODE (cur_type) == INTEGER_TYPE
2387 && (! pedantic || i == 0 || (i == 1 && char_type_flag))
2388 && (TREE_UNSIGNED (wanted_type)
2389 ? wanted_type == unsigned_type (cur_type)
2390 : wanted_type == signed_type (cur_type)))
2391 continue;
2392 /* Likewise, "signed char", "unsigned char" and "char" are
2393 equivalent but the above test won't consider them equivalent. */
2394 if (wanted_type == char_type_node
2395 && (! pedantic || i < 2)
2396 && char_type_flag)
2397 continue;
2398 /* Now we have a type mismatch. */
2399 {
2400 const char *this;
2401 const char *that;
2402
2403 this = IDENTIFIER_POINTER (DECL_NAME (TYPE_NAME (wanted_type)));
2404 that = 0;
2405 if (TYPE_NAME (orig_cur_type) != 0
2406 && TREE_CODE (orig_cur_type) != INTEGER_TYPE
2407 && !(TREE_CODE (orig_cur_type) == POINTER_TYPE
2408 && TREE_CODE (TREE_TYPE (orig_cur_type)) == INTEGER_TYPE))
2409 {
2410 if (TREE_CODE (TYPE_NAME (orig_cur_type)) == TYPE_DECL
2411 && DECL_NAME (TYPE_NAME (orig_cur_type)) != 0)
2412 that = IDENTIFIER_POINTER (DECL_NAME (TYPE_NAME (orig_cur_type)));
2413 else
2414 that = IDENTIFIER_POINTER (TYPE_NAME (orig_cur_type));
2415 }
2416
2417 /* A nameless type can't possibly match what the format wants.
2418 So there will be a warning for it.
2419 Make up a string to describe vaguely what it is. */
2420 if (that == 0)
2421 {
2422 if (TREE_CODE (orig_cur_type) == POINTER_TYPE)
2423 that = _("pointer");
2424 else
2425 that = _("different type");
2426 }
2427
2428 /* Make the warning better in case of mismatch of int vs long. */
2429 if (TREE_CODE (orig_cur_type) == INTEGER_TYPE
2430 && TREE_CODE (wanted_type) == INTEGER_TYPE
2431 && TYPE_PRECISION (orig_cur_type) == TYPE_PRECISION (wanted_type)
2432 && TYPE_NAME (orig_cur_type) != 0
2433 && TREE_CODE (TYPE_NAME (orig_cur_type)) == TYPE_DECL)
2434 that = IDENTIFIER_POINTER (DECL_NAME (TYPE_NAME (orig_cur_type)));
2435
2436 if (strcmp (this, that) != 0)
2437 {
2438 /* There may be a better name for the format, e.g. size_t,
2439 but we should allow for programs with a perverse typedef
2440 making size_t something other than what the compiler
2441 thinks. */
2442 if (types->wanted_type_name != 0
2443 && strcmp (types->wanted_type_name, that) != 0)
2444 this = types->wanted_type_name;
2445 if (types->name != 0)
2446 status_warning (status, "%s is not type %s (arg %d)", types->name, this,
2447 arg_num);
2448 else
2449 status_warning (status, "%s format, %s arg (arg %d)", this, that, arg_num);
2450 }
2451 }
2452 }
2453 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org