History
Early programming languages such as Fortran used special statements with completely different syntax from other calculations to build formatting descriptions. In this example, the format is specified on line 601, and the WRITE command refers to it by line number:Format placeholder specification
Formatting takes place via placeholders within the format string. For example, if a program wanted to print out a person's age, it could present the output by prefixing it with "Your age is ", and using the signed decimal specifier character to denote that we want the integer for the age to be shown immediately after that message, we may use the format string:Syntax
The syntax for a format placeholder isParameter field
This is a POSIX extension and not in C99. The Parameter field can be omitted or can be: This feature mainly sees its use in localization, where the order of occurrence of parameters vary due to the language-dependent convention. On the non-POSIX Microsoft Windows, support for this feature is placed in a separate printf_p function.Flags field
The Flags field can be zero or more (in any order) of:Width field
The Width field specifies a ''minimum'' number of characters to output and is typically used to pad fixed-width fields in tabulated output, where the fields would otherwise be smaller, although it does not cause truncation of oversized fields. The width field may be omitted, or a numeric integer value, or a dynamic value when passed as another argument when indicated by an asterisk . For example, will result in 10
being printed, with a total width of 5 characters.
Though not part of the width field, a leading zero is interpreted as the zero-padding flag mentioned above, and a negative value is treated as the positive value in conjunction with the left-alignment flag also mentioned above.
Precision field
The Precision field usually specifies a ''maximum'' limit on the output, depending on the particular formatting type. For floating-point numeric types, it specifies the number of digits to the right of the decimal point that the output should be rounded. For the string type, it limits the number of characters that should be output, after which the string is truncated. The precision field may be omitted, or a numeric integer value, or a dynamic value when passed as another argument when indicated by an asterisk . For example, will result in being printed.Length field
The Length field can be omitted or be any of: Additionally, several platform-specific length options came to exist prior to widespread use of the ISO C99 extensions: ISO C99 includes theinttypes.h
In the C programming language, data types constitute the semantics and characteristics of storage of data elements. They are expressed in the language syntax in form of declarations for memory locations or variables. Data types also determin ...
header file that includes a number of macros for use in platform-independent coding. These must be outside double-quotes, e.g.
Example macros include:
Type field
The Type field can be any of:Custom format placeholders
There are a few implementations of -like functions that allow extensions to the escape-character-based mini-language, thus allowing the programmer to have a specific formatting function for non-builtin types. One of the most well-known is the (now deprecated) glibc' printk
function supports a number of ways to display kernel structures using the generic specification, by ''appending'' additional format characters. For example, prints an IPv4 address in dotted-decimal form. This allows static format string checking (of the portion) at the expense of full compatibility with normal printf.
Most languages that have a -like function work around the lack of this feature by just using the format and converting the object to a string representation.
Vulnerabilities
Invalid conversion specifications
If there are too few function arguments provided to supply values for all the conversion specifications in the template string, or if the arguments are not of the correct types, the results are undefined, may crash. Implementations are inconsistent about whether syntax errors in the string consume an argument and what type of argument they consume. Excess arguments are ignored. In a number of cases, the undefined behavior has led to " Format string attack" security vulnerabilities. In most C or C++ calling conventions arguments may be passed on the stack, which means in the case of too few arguments printf will read past the end of the current stackframe, thus allowing the attacker to read the stack. Some compilers, like the GNU Compiler Collection, will statically check the format strings of printf-like functions and warn about problems (when using the flags or ). GCC will also warn about user-defined printf-style functions if the non-standard "format" is applied to the function.Field width versus explicit delimiters in tabular output
Using only field widths to provide for tabulation, as with a format like for three integers in three 8-character columns, will not guarantee that field separation will be retained if large numbers occur in the data: 1234567 1234567 1234567 123 123 123 123 12345678123 Loss of field separation can easily lead to corrupt output. In systems which encourage the use of programs as building blocks in scripts, such corrupt data can often be forwarded into and corrupt further processing, regardless of whether the original programmer expected the output would only be read by human eyes. Such problems can be eliminated by including explicit delimiters, even spaces, in all tabular output formats. Simply changing the dangerous example from before to addresses this, formatting identically until numbers become larger, but then explicitly preventing them from becoming merged on output due to the explicitly included spaces: 1234567 1234567 1234567 123 123 123 123 12345678 123 Similar strategies apply to string data.Memory write
Although an outputting function on the surface, allows writing to a memory location specified by an argument via . This functionality is occasionally used as a part of more elaborate format-string attacks. The functionality also makes accidentally Turing-complete even with a well-formed set of arguments. A game of tic-tac-toe written in the format string is a winner of the 27th IOCCC.Programming languages with printf
Not included in this list are languages that use format strings that deviate from the style in this article (such as AMPL and Elixir), languages that inherit their implementation from the JVM or other environment (such as Clojure and Scala), and languages that do not have a standard native printf implementation but have external libraries which emulate printf behavior (such asSee also
* Format (Common Lisp) * C standard library * Format string attack * iostream
* ML (programming language)
* printf debugging
* (Unix)
* printk
(print kernel messages)
* scanf
* References
External links