1

I am fully aware of the existence of this question.

However, printf_s considers presence of specifier %n as an error, thus no write operation to format would ever be expected from printf_s. What sense does restrict make here?

iDingDong
  • 447
  • 2
  • 11
  • 1
    The accepted answer on that post has *"Since restrict may or may not make code run faster, but it can never make it slower (assuming the compiler is sane), it should be used always"* – StoryTeller - Unslander Monica Nov 27 '19 at 06:49
  • That answer also pointed out the exception "(unless) it makes no significant performance improvement in this specific case", as in this case, I cannot see any possibility even for insignificant performance improvement. – iDingDong Nov 27 '19 at 07:00
  • Those bullets are for weighing risk against benefit. Both must should to *not* use it, i.e. if there is substantial risk of UB and no real benefit, don't use it. But what you detailed is the lack of possibility for undefined behavior. Which means we are left with a potential improvement that carries no risk. So following the original advice, use it. – StoryTeller - Unslander Monica Nov 27 '19 at 07:05
  • That was convincing, however other standard library functions like `strlen` did not think the same. I still wonder why would `printf_s` be any different. – iDingDong Nov 27 '19 at 07:16
  • You have to bear in mind that different people at different time periods work on the standardization of specific features. Sometimes they miss things that could be improved. – StoryTeller - Unslander Monica Nov 27 '19 at 07:18
  • `strlen_s` was also from Annex K, entering the standard accompanied by `printf_s`. "Different time periods" does not explain this. – iDingDong Nov 27 '19 at 07:35
  • But people missing things *does* explain it. Wait on an answer if you wish, but I'll be pleasantly surprised if it goes deeper than this. – StoryTeller - Unslander Monica Nov 27 '19 at 07:42
  • It's probably been simply copied from the similar `printf()` signature without change (that would explain why `strlen_s()` has no `restrict). – Toby Speight Nov 27 '19 at 08:34

1 Answers1

0

A function parameter of pointer to character type can not only alias other function parameters but also global objects. In particular, since printf and printf_s modify stdout, any pointer to character type could, in principle, point to the same FILE object or other objects that an implementation might use for IO under the hood.

This is a bit far fetched, but basically this restrict here and in many other places says, don't try to be funny and use a separate character array for your format.

Jens Gustedt
  • 76,821
  • 6
  • 102
  • 177
  • Do you mean stdout could be redirected to format? How could that be done? – iDingDong Nov 29 '19 at 08:30
  • Not redirected, used. `printf((char*)stdout)`, would otherwise be a valid call, provided that you know that the bytes in the `FILE` structure contain a null character and no `%` characters. – Jens Gustedt Nov 29 '19 at 12:19
  • Then how about `wprintf_s`? Aliasing `FILE` as `wchar_t` causes UB regardless of `restrict` for breaking strict aliasing rule. That makes `wprintf_s((wchar_t*)stdout)` unnecessary to compromise to. – iDingDong Nov 30 '19 at 01:27