From: Dan Cross <crossd@gmail.com>
To: Alejandro Colomar <alx.manpages@gmail.com>
Cc: tuhs@tuhs.org
Subject: [TUHS] Re: printf (was: python)
Date: Fri, 4 Aug 2023 12:06:14 -0400 [thread overview]
Message-ID: <CAEoi9W4LL_BaD2BJU=weaONscuUKewryKtYqX5Cv6EojruOMWA@mail.gmail.com> (raw)
In-Reply-To: <5dd50d2c-0049-31bf-8975-08ed899a9387@gmail.org>
On Thu, Aug 3, 2023 at 7:55 PM Alejandro Colomar <alx.manpages@gmail.com> wrote:
> On 2023-08-03 23:29, Dan Cross wrote:
> > On Thu, Aug 3, 2023 at 2:05 PM Alejandro Colomar <alx.manpages@gmail.com> wrote:
> >> On 2023-08-03 19:51, John Cowan wrote:
> >>> On Thu, Aug 3, 2023 at 1:29 PM Alejandro Colomar <alx.manpages@gmail.com>
> >>> wrote:
> >>>
> >>> But if speed is not a problem, I'd keep the good ol' syntax that
> >>>
> >>> everybody knows. No need to make everybody learn a "cool" new print
> >>>> function, that probably won't be as tunable as printf(3) is.
> >>>>
> >>>>
> >>> By that argument, there would be no C, only Algol 68 and PL/I, or subsets
> >>> of them.
> >>>
> >>
> >> I didn't claim that there's never a reason to invent new syntax. My claim
> >> was rather that in this case, there isn't.
> >>
> >> - printf(3) is more powerful than any other existing formatting function
> >> that I know of any language --I'm still curious of what's the equivalent
> >> of "%+'0#8.5f" in other formatting functions--.
> >
> > One issue is that this isn't standard C: the `'` verb for grouping by
> > thousands is an SUSv2 extension. I just checked the latest C23 draft,
> > and unless I missed it, it doesn't appear to have made it in.
>
> Being in POSIX.1 it's portable to most (all?) current systems. ISO C
> is a baseline for an implementation. A quality implementation will
> go beyond that standard (or will be rather useless). POSIX.1 is more
> of a useful thing.
I don't know that that's true, but I can see how one could get into a
"no true Scotsman" fallacy pretty quickly arguing over it.
> But yeah, we can remove that "'" to get the idea.
>
> > But things like that are fairly straight-forward in many other
> > languages. For example, in Go, the format string is nearly identical,
> > modulo the `'`:
>
> Yup; I like go in that sense.
>
> [...]
>
> >
> >> - It is also reasonably fast (at least for such a highly-customizable
> >> formatting function), and I'd like to see any system beat that while
> >> keeping the customizability.
> >
> > At Google, a group of exceptionally talented engineers wrote a
> > replacement in C++ for both type safety and because, bluntly, `printf`
> > (actually `snprintf`) was too slow. I believe the overall mechanism
> > made it into ABSL.
>
> I think you mean absl::StrFormat(). It has printf(3)-like syntax, so
> I can't say say much against it. I don't know the details of how they
> achieved the claimed 2x ~ 3x performance compared to snprintf(3). I'm
> curious to know if it's an inherent limitation of snprintf(3), or if
> it's just that glibc is very unoptimized --which is true anyway, because
> no-one has really maintained the printf(3) code in a long time--.
I don't recall the details now, but I seem to remember that much of it
was moving the burden of parsing the formatting directives to compile
time (though I may be misremembering).
> It's interesting, because then std::format() is not that miraculous
> compared to snprintf(3).
>
> >
> >> - It is type-safe, with the right tools.
> >
> > No it's not, and it really can't be. True, there are linters that can
> > try to match up types _if_ the format string is a constant and all the
> > arguments are known at e.g. compile time, but C permits one to
> > construct the format string at run time (or just select between a
> > bunch of variants); the language gives you no tools to enforce type
> > safety in a meaningful way once you do that.
>
> Isn't a variable format string a security vulnerability? Where do you
> need it?
It _can_ be a security vulnerability, but it doesn't necessarily
_need_ to be. If one is careful in how one constructs it, such things
can be very safe indeed.
As to where one needs it, there are examples like `vsyslog()`, but
that's almost besides the point, which is that given that you _can_ do
things like that, the language can't really save you by type-checking
the arguments to printf; and once varargs are in the mix? Forget about
it.
- Dan C.
next prev parent reply other threads:[~2023-08-04 16:07 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-30 18:22 [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman Norman Wilson
2023-07-30 21:43 ` Rob Pike
2023-07-30 23:34 ` George Michaelson
2023-07-30 23:59 ` Erik E. Fair
2023-07-31 0:26 ` Warner Losh
2023-07-31 22:57 ` Grant Taylor via TUHS
2023-07-31 23:05 ` Warner Losh
2023-08-01 2:45 ` Grant Taylor via TUHS
2023-08-01 1:51 ` Niklas Karlsson
2023-08-01 2:47 ` Grant Taylor via TUHS
2023-08-01 3:20 ` Theodore Ts'o
2023-07-31 0:41 ` segaloco via TUHS
2023-08-01 9:22 ` Marc Donner
2023-08-01 10:58 ` Erik E. Fair
2023-08-02 0:37 ` Dave Horsfall
2023-08-02 14:52 ` Ron Natalie
2023-08-02 21:14 ` Grant Taylor via TUHS
2023-08-02 22:20 ` segaloco via TUHS
2023-08-02 22:37 ` Warner Losh
2023-08-02 23:49 ` Rich Salz
2023-08-03 0:51 ` [TUHS] Re: python Larry McVoy
2023-08-03 1:20 ` George Michaelson
2023-08-03 2:53 ` Bakul Shah
2023-08-03 2:55 ` segaloco via TUHS
2023-08-03 3:24 ` George Michaelson
2023-08-03 3:32 ` Warner Losh
2023-08-03 3:55 ` Bakul Shah
2023-08-03 8:32 ` Rob Pike
2023-08-03 14:19 ` Bakul Shah
2023-08-03 14:56 ` Dan Halbert
2023-08-03 15:20 ` will.senn
2023-08-03 22:05 ` Dan Cross
2023-08-04 0:24 ` John Cowan
2023-08-04 15:17 ` Dan Cross
2023-08-05 4:44 ` Bakul Shah
2023-08-03 15:41 ` John Cowan
2023-08-03 2:07 ` Clem Cole
2023-08-03 2:21 ` Pete Wright via TUHS
2023-08-03 2:56 ` Warner Losh
2023-08-03 12:36 ` Mike Markowski
2023-08-03 13:29 ` Rob Pike
2023-08-03 15:24 ` emanuel stiebler
2023-08-03 15:39 ` Steffen Nurpmeso
2023-08-04 1:01 ` Larry McVoy
2023-08-04 1:28 ` segaloco via TUHS
2023-08-04 1:58 ` Adam Thornton
2023-08-04 15:04 ` Dan Cross
2023-08-04 15:10 ` Larry McVoy
2023-08-03 16:57 ` [TUHS] Re: [TULSA] " Phil Budne
2023-08-03 17:00 ` Rich Salz
2023-08-03 20:35 ` [TUHS] Split addressing (I/D) space (inspired by the death of the python... thread) Will Senn
2023-08-03 21:05 ` [TUHS] " Kenneth Goodwin
2023-08-03 21:10 ` Ronald Natalie
2023-08-03 21:16 ` Warner Losh
2023-08-03 21:24 ` Ronald Natalie
2023-08-03 22:34 ` Kenneth Goodwin
2023-08-03 21:05 ` Ronald Natalie
2023-08-03 21:44 ` Clem Cole
2023-08-03 22:08 ` Will Senn
2023-08-03 22:54 ` Clem Cole
2023-08-03 23:08 ` Dave Horsfall
2023-08-03 23:15 ` Clem Cole
2023-08-04 0:38 ` John Cowan
2023-08-03 17:29 ` [TUHS] Re: [TULSA] Re: python Alejandro Colomar
2023-08-03 17:51 ` John Cowan
2023-08-03 18:05 ` Alejandro Colomar
2023-08-03 21:29 ` Dan Cross
2023-08-03 23:55 ` [TUHS] printf (was: python) Alejandro Colomar
2023-08-04 16:06 ` Dan Cross [this message]
2023-08-04 16:57 ` [TUHS] " Alejandro Colomar
2023-08-04 21:16 ` Dan Cross
2023-08-03 21:02 ` [TUHS] Re: [TULSA] Re: python Steffen Nurpmeso
2023-08-03 23:47 ` Larry McVoy
2023-08-03 23:54 ` Will Senn
2023-08-04 19:20 ` [TUHS] " Ed Bradford
2023-08-04 19:47 ` Larry McVoy
2023-08-05 5:40 ` Ed Bradford
2023-08-02 23:33 ` [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman Dave Horsfall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEoi9W4LL_BaD2BJU=weaONscuUKewryKtYqX5Cv6EojruOMWA@mail.gmail.com' \
--to=crossd@gmail.com \
--cc=alx.manpages@gmail.com \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).