util: Support dynamic width & precision in ConstevalFormatString

This is needed in the next commit to add compile-time checking to strprintf
calls, because bitcoin-cli.cpp uses dynamic width in many format strings.

This change is easiest to review ignoring whitespace.

Co-authored-by: MarcoFalke <*~=`'#}+{/-|&$^[email protected]>
Co-authored-by: Hodlinator <[email protected]>
Co-authored-by: l0rinc <[email protected]>

Author: 4 people

src/test/util_string_tests.cpp

@@ -20,7 +20,7 @@ inline void PassFmt(util::ConstevalFormatString<NumArgs> fmt)
     decltype(fmt)::Detail_CheckNumFormatSpecifiers(fmt.fmt);
 }
 template <unsigned WrongNumArgs>
-inline void FailFmtWithError(std::string_view wrong_fmt, std::string_view error)
+inline void FailFmtWithError(const char* wrong_fmt, std::string_view error)
 {
     BOOST_CHECK_EXCEPTION(util::ConstevalFormatString<WrongNumArgs>::Detail_CheckNumFormatSpecifiers(wrong_fmt), const char*, HasReason(error));
 }
@@ -44,6 +44,8 @@ BOOST_AUTO_TEST_CASE(ConstevalFormatString_NumSpec)
     PassFmt<1>("%+2s");
     PassFmt<1>("%.6i");
     PassFmt<1>("%5.2f");
+    PassFmt<1>("%5.f");
+    PassFmt<1>("%.f");
     PassFmt<1>("%#x");
     PassFmt<1>("%1$5i");
     PassFmt<1>("%1$-5i");
@@ -54,32 +56,60 @@ BOOST_AUTO_TEST_CASE(ConstevalFormatString_NumSpec)
     PassFmt<1>("%_");
     PassFmt<1>("%\n");
 
-    // The `*` specifier behavior is unsupported and can lead to runtime
-    // errors when used in a ConstevalFormatString. Please refer to the
-    // note in the ConstevalFormatString docs.
-    PassFmt<1>("%*c");
-    PassFmt<2>("%2$*3$d");
-    PassFmt<1>("%.*f");
+    PassFmt<2>("%*c");
+    PassFmt<2>("%+*c");
+    PassFmt<2>("%.*f");
+    PassFmt<3>("%*.*f");
+    PassFmt<3>("%2$*3$d");
+    PassFmt<3>("%2$*3$.9d");
+    PassFmt<3>("%2$.*3$d");
+    PassFmt<3>("%2$9.*3$d");
+    PassFmt<3>("%2$+9.*3$d");
+    PassFmt<4>("%3$*2$.*4$f");
+
+    // Make sure multiple flag characters "- 0+" are accepted
+    PassFmt<3>("'%- 0+*.*f'");
+    PassFmt<3>("'%1$- 0+*3$.*2$f'");
 
     auto err_mix{"Format specifiers must be all positional or all non-positional!"};
     FailFmtWithError<1>("%s%1$s", err_mix);
+    FailFmtWithError<2>("%2$*d", err_mix);
+    FailFmtWithError<2>("%*2$d", err_mix);
+    FailFmtWithError<2>("%.*3$d", err_mix);
+    FailFmtWithError<2>("%2$.*d", err_mix);
 
     auto err_num{"Format specifier count must match the argument count!"};
     FailFmtWithError<1>("", err_num);
     FailFmtWithError<0>("%s", err_num);
     FailFmtWithError<2>("%s", err_num);
     FailFmtWithError<0>("%1$s", err_num);
     FailFmtWithError<2>("%1$s", err_num);
+    FailFmtWithError<1>("%*c", err_num);
 
     auto err_0_pos{"Positional format specifier must have position of at least 1"};
     FailFmtWithError<1>("%$s", err_0_pos);
     FailFmtWithError<1>("%$", err_0_pos);
     FailFmtWithError<0>("%0$", err_0_pos);
     FailFmtWithError<0>("%0$s", err_0_pos);
+    FailFmtWithError<2>("%2$*$d", err_0_pos);
+    FailFmtWithError<2>("%2$*0$d", err_0_pos);
+    FailFmtWithError<3>("%3$*2$.*$f", err_0_pos);
+    FailFmtWithError<3>("%3$*2$.*0$f", err_0_pos);
 
     auto err_term{"Format specifier incorrectly terminated by end of string"};
     FailFmtWithError<1>("%", err_term);
+    FailFmtWithError<1>("%9", err_term);
+    FailFmtWithError<1>("%9.", err_term);
+    FailFmtWithError<1>("%9.9", err_term);
+    FailFmtWithError<1>("%*", err_term);
+    FailFmtWithError<1>("%+*", err_term);
+    FailFmtWithError<1>("%.*", err_term);
+    FailFmtWithError<1>("%9.*", err_term);
     FailFmtWithError<1>("%1$", err_term);
+    FailFmtWithError<1>("%1$9", err_term);
+    FailFmtWithError<2>("%1$*2$", err_term);
+    FailFmtWithError<2>("%1$.*2$", err_term);
+    FailFmtWithError<2>("%1$9.*2$", err_term);
 }
 
 BOOST_AUTO_TEST_SUITE_END()

src/util/string.h

@@ -25,53 +25,65 @@ namespace util {
  * strings, to reduce the likelihood of tinyformat throwing exceptions at
  * run-time. Validation is partial to try and prevent the most common errors
  * while avoiding re-implementing the entire parsing logic.
- *
- * @note Counting of `*` dynamic width and precision fields (such as `%*c`,
- * `%2$*3$d`, `%.*f`) is not implemented to minimize code complexity as long as
- * they are not used in the codebase. Usage of these fields is not counted and
- * can lead to run-time exceptions. Code wanting to use the `*` specifier can
- * side-step this struct and call tinyformat directly.
  */
 template <unsigned num_params>
 struct ConstevalFormatString {
     const char* const fmt;
     consteval ConstevalFormatString(const char* str) : fmt{str} { Detail_CheckNumFormatSpecifiers(fmt); }
-    constexpr static void Detail_CheckNumFormatSpecifiers(std::string_view str)
+    constexpr static void Detail_CheckNumFormatSpecifiers(const char* str)
     {
         unsigned count_normal{0}; // Number of "normal" specifiers, like %s
         unsigned count_pos{0};    // Max number in positional specifier, like %8$s
-        for (auto it{str.begin()}; it < str.end();) {
-            if (*it != '%') {
-                ++it;
-                continue;
-            }
+        for (auto it{str}; *it != '\0'; ++it) {
+            if (*it != '%' || *++it == '%') continue; // Skip escaped %%
 
-            if (++it >= str.end()) throw "Format specifier incorrectly terminated by end of string";
-            if (*it == '%') {
-                // Percent escape: %%
-                ++it;
-                continue;
-            }
+            auto add_arg = [&] {
+                unsigned maybe_num{0};
+                while ('0' <= *it && *it <= '9') {
+                    maybe_num *= 10;
+                    maybe_num += *it - '0';
+                    ++it;
+                }
 
-            unsigned maybe_num{0};
-            while ('0' <= *it && *it <= '9') {
-                maybe_num *= 10;
-                maybe_num += *it - '0';
-                ++it;
+                if (*it == '$') {
+                    ++it;
+                    // Positional specifier, like %8$s
+                    if (maybe_num == 0) throw "Positional format specifier must have position of at least 1";
+                    count_pos = std::max(count_pos, maybe_num);
+                } else {
+                    // Non-positional specifier, like %s
+                    ++count_normal;
+                }
             };
 
-            if (*it == '$') {
-                // Positional specifier, like %8$s
-                if (maybe_num == 0) throw "Positional format specifier must have position of at least 1";
-                count_pos = std::max(count_pos, maybe_num);
-                if (++it >= str.end()) throw "Format specifier incorrectly terminated by end of string";
-            } else {
-                // Non-positional specifier, like %s
-                ++count_normal;
+            // Increase argument count and consume positional specifier, if present.
+            add_arg();
+
+            // Consume flags.
+            while (*it == '#' || *it == '0' || *it == '-' || *it == ' ' || *it == '+') ++it;
+
+            auto parse_size = [&] {
+                if (*it == '*') {
+                    ++it;
+                    add_arg();
+                } else {
+                    while ('0' <= *it && *it <= '9') ++it;
+                }
+            };
+
+            // Consume dynamic or static width value.
+            parse_size();
+
+            // Consume dynamic or static precision value.
+            if (*it == '.') {
                 ++it;
+                parse_size();
             }
-            // The remainder "[flags][width][.precision][length]type" of the
-            // specifier is not checked. Parsing continues with the next '%'.
+
+            if (*it == '\0') throw "Format specifier incorrectly terminated by end of string";
+
+            // Length and type in "[flags][width][.precision][length]type"
+            // is not checked. Parsing continues with the next '%'.
         }
         if (count_normal && count_pos) throw "Format specifiers must be all positional or all non-positional!";
         unsigned count{count_normal | count_pos};