Printf

Last updated April 21, 2024

printf is a C standard library function that formats text and writes it to standard output.

The standard library provides many other similar functions that form a family of printf-like functions. These functions accept a format string parameter and a variable number of value parameters that the function serializes per the format string and writes to an output stream or a string buffer.

The format string is encoded as a template language consisting of verbatim text and format specifiers that each specify how to serialize a value. As the format string is processed left-to-right, a subsequent value is used for each format specifier found. A format specifier starts with a % character and has one or more following characters that specify how to serialize a value.

The format string syntax and semantics is the same for all of the functions in the printf-like family.

Mismatch between the format specifiers and count and type of values can cause a crash or vulnerability.

The printf format string is complementary to the scanf format string, which provides formatted input (lexing a.k.a. parsing). Both format strings provide relatively simple functionality compared to other template engines, lexers and parsers.

The formatting design has been copied in other programming languages.

History

1950s: Fortran

Early programming languages like Fortran used special statements with different syntax from other calculations to build formatting descriptions.^[1] In this example, the format is specified on line 601, and the PRINT^{[lower-alpha 1]} command refers to it by line number:

PRINT 601,IA,IB,AREA 601 FORMAT(4HA=,I5,5HB=,I5,8HAREA=,F10.2,13HSQUAREUNITS)

Hereby:

4H indicates a string of 4 characters " A= " (H means Hollerith Field);
I5 indicates an integer field of width 5;
F10.2 indicates a floating-point field of width 10 with 2 digits after the decimal point.

An output with input arguments 100, 200, and 1500.25 might look like this:

 A=   100  B=   200  AREA=    1500.25 SQUARE UNITS

1960s: BCPL and ALGOL 68

In 1967, BCPL appeared.^[2] Its library included the writef routine.^[3] An example application looks like this:

WRITEF("%I2-QUEENS PROBLEM HAS %I5 SOLUTIONS*N", NUMQUEENS, COUNT)

Hereby:

%I2 indicates an integer of width 2 (the order of the format specification's field width and type is reversed compared to C's printf);
%I5 indicates an integer of width 5;
*N is a BCPL language escape sequence representing a newline character (for which C uses the escape sequence \n).

In 1968, ALGOL 68 had a more function-like API, but still used special syntax (the $ delimiters surround special formatting syntax):

printf(($"Color "g", number1 "6d,", number2 "4zd,", hex "16r2d,", float "-d.2d,", unsigned value"-3d"."l$,"red",123456,89,BIN255,3.14,250));

In contrast to Fortran, using normal function calls and data types simplifies the language and compiler, and allows the implementation of the input/output to be written in the same language. These advantages outweigh the disadvantages (such as a complete lack of type safety in many instances) and in most newer languages I/O is not part of the syntax.

1970s: C

In 1973, printf is included as a C routine as part of Version 4 Unix.^[4]

1990s: Shell command

In 1990, a printf shell command is attested as part of 4.3BSD-Reno. It is modeled after the standard library function.^[5]

In 1991, a printf command is bundled with GNU shellutils (now part of GNU Core Utilities).

Format specifier

Formatting a value is specified as markup in the format string. For example, the following outputs "Your age is " and then the value of variable age in decimal format.

printf("Your age is %d",age);

Syntax

The syntax for a format specifier is:

%[parameter][flags][width][.precision][length]type

Parameter field

The parameter field is optional. If included, then matching specifiers to values is not sequential. The numeric value, n, selects the nth value parameter.

Character	Description
n$	n is the index of the value parameter to serialize using this format specifier

This is a POSIX extension; not C99.

This field allows for using the same value multiple times in a format string instead of having to pass the value multiple times. If a specifier includes this field, then subsequent specifiers must also.

For example,

printf("%2$d %2$#x; %1$d %1$#x",16,17)

outputs: 17 0x11; 16 0x10.

This field is particularly useful for localizing messages to different natural languages that often use different word order.

In Microsoft Windows, support for this feature is via a different function, printf_p.

Flags field

The flags field can be zero or more of (in any order):

Character	Description
- (minus)	Left-align the output of this placeholder. (The default is to right-align the output.)
+ (plus)	Prepends a plus for positive signed-numeric types. positive = `+`, negative = `-`. (The default does not prepend anything in front of positive numbers.)
(space)	Prepends a space for positive signed-numeric types. positive = , negative = `-`. This flag is ignored if the + flag exists. (The default does not prepend anything in front of positive numbers.)
0 (zero)	When the 'width' option is specified, prepends zeros for numeric types. (The default prepends spaces.) For example, `printf("%4X",3)` produces `3`, while `printf("%04X",3)` produces `0003`.
' (apostrophe)	The integer or exponent of a decimal has the thousands grouping separator applied.
# (hash)	Alternate form: For g and G types, trailing zeros are not removed. For f, F, e, E, g, G types, the output always contains a decimal point. For o, x, X types, the text 0, 0x, 0X, respectively, is prepended to non-zero numbers.

Width field

The width field specifies the minimum number of characters to output. If the value can be represented in fewer characters, then the value is left-padded with spaces so that output is the number of characters specified. If the value requires more characters, then the output is longer than the specified width. A value is never truncated.

For example, printf("%3d",12) specifies a width of 3 and outputs 12 with a space on the left to output 3 characters. The call printf("%3d",1234) outputs 1234 which is 4 characters long since that is the minimum width for that value even though the width specified is 3.

If the width field is omitted, the output is the minimum number of characters for the value.

If the field is specified as *, then the width value is read from the list of values in the call.^[6] For example, printf("%*d",3,10) outputs 10 where the second parameter, 3, is the width (matches with *) and 10 is the value to serialize (matches with d).

Though not part of the width field, a leading zero is interpreted as the zero-padding flag mentioned above, and a negative value is treated as the positive value in conjunction with the left-alignment - flag also mentioned above.

The width field can be used to format values as a table (tabulated output). But, columns do not align if any value is larger than fits in the width specified. For example, notice that the last line value (1234) does not fit in the first column of width 3 and therefore the column is not aligned.

1112121231231234123

Precision field

The precision field usually specifies a maximum limit of the output, depending on the particular formatting type. For floating-point numeric types, it specifies the number of digits to the right of the decimal point that the output should be rounded. For the string type, it limits the number of characters that should be output, after which the string is truncated.

The precision field may be omitted, or a numeric integer value, or a dynamic value when passed as another argument when indicated by an asterisk *. For example, printf("%.*s",3,"abcdef") outputs abc.

Length field

The length field can be omitted or be any of:

Character	Description
hh	For integer types, causes printf to expect an int-sized integer argument which was promoted from a char.
h	For integer types, causes printf to expect an int-sized integer argument which was promoted from a short.
l	For integer types, causes printf to expect a long-sized integer argument. For floating-point types, this is ignored. float arguments are always promoted to double when used in a varargs call.^[7]
ll	For integer types, causes printf to expect a long long-sized integer argument.
L	For floating-point types, causes printf to expect a long double argument.
z	For integer types, causes printf to expect a size_t-sized integer argument.
j	For integer types, causes printf to expect a intmax_t-sized integer argument.
t	For integer types, causes printf to expect a ptrdiff_t-sized integer argument.

Platform-specific length options came to exist prior to widespread use of the ISO C99 extensions, including:

Characters	Description	Commonly found platforms
I	For signed integer types, causes printf to expect ptrdiff_t-sized integer argument; for unsigned integer types, causes printf to expect size_t-sized integer argument.	Win32/Win64
I32	For integer types, causes printf to expect a 32-bit (double word) integer argument.	Win32/Win64
I64	For integer types, causes printf to expect a 64-bit (quad word) integer argument.	Win32/Win64
q	For integer types, causes printf to expect a 64-bit (quad word) integer argument.	BSD

ISO C99 includes the inttypes.h header file that includes a number of macros for platform-independent printf coding. For example: printf("%"PRId64,t); specifies decimal format for a 64-bit signed integer. Since the macros evaluate to a string literal, and the compiler concatenates adjacent string literals, the expression "%"PRId64 compiles to a single string.

Macros include:

Macro	Description
PRId32	Typically equivalent to I32d (Win32/Win64) or d
PRId64	Typically equivalent to I64d (Win32/Win64), lld (32-bit platforms) or ld (64-bit platforms)
PRIi32	Typically equivalent to I32i (Win32/Win64) or i
PRIi64	Typically equivalent to I64i (Win32/Win64), lli (32-bit platforms) or li (64-bit platforms)
PRIu32	Typically equivalent to I32u (Win32/Win64) or u
PRIu64	Typically equivalent to I64u (Win32/Win64), llu (32-bit platforms) or lu (64-bit platforms)
PRIx32	Typically equivalent to I32x (Win32/Win64) or x
PRIx64	Typically equivalent to I64x (Win32/Win64), llx (32-bit platforms) or lx (64-bit platforms)

Type field

The type field can be any of:

Character	Description
%	Prints a literal % character (this type does not accept any flags, width, precision, length fields).
d, i	int as a signed integer. %d and %i are synonymous for output, but are different when used with `scanf` for input (where using %i will interpret a number as hexadecimal if it's preceded by 0x, and octal if it's preceded by 0.)
u	Print decimal unsigned int.
f, F	double in normal (fixed-point) notation. f and F only differs in how the strings for an infinite number or NaN are printed (inf, infinity and nan for f; INF, INFINITY and NAN for F).
e, E	double value in standard form (d.ddde±dd). An E conversion uses the letter E (rather than e) to introduce the exponent. The exponent always contains at least two digits; if the value is zero, the exponent is 00. In Windows, the exponent contains three digits by default, e.g. 1.5e002, but this can be altered by Microsoft-specific `_set_output_format` function.
g, G	double in either normal or exponential notation, whichever is more appropriate for its magnitude. g uses lower-case letters, G uses upper-case letters. This type differs slightly from fixed-point notation in that insignificant zeroes to the right of the decimal point are not included. Also, the decimal point is not included on whole numbers.
x, X	unsigned int as a hexadecimal number. x uses lower-case letters and X uses upper-case.
o	unsigned int in octal.
s	null-terminated string.
c	char (character).
p	void* (pointer to void) in an implementation-defined format.
a, A	double in hexadecimal notation, starting with 0x or 0X. a uses lower-case letters, A uses upper-case letters.^[8]^[9] (C++11 iostreams have a hexfloat that works the same).
n	Print nothing, but writes the number of characters written so far into an integer pointer parameter. In Java this prints a newline.^[10]

Custom data type formatting

A common way to handle formatting with a custom data type is to format the custom data type value into a string, then use the %s specifier to include the serialized value in a larger message.

Some printf-like functions allow extensions to the escape-character-based mini-language, thus allowing the programmer to use a specific formatting function for non-builtin types. One is the (now deprecated) glibc's register_printf_function(). However, it is rarely used due to the fact that it conflicts with static format string checking. Another is Vstr custom formatters, which allows adding multi-character format names.

Some applications (like the Apache HTTP Server) include their own printf-like function, and embed extensions into it. However these all tend to have the same problems that register_printf_function() has.

The Linux kernel printk function supports a number of ways to display kernel structures using the generic %p specification, by appending additional format characters.^[11] For example, %pI4 prints an IPv4 address in dotted-decimal form. This allows static format string checking (of the %p portion) at the expense of full compatibility with normal printf.

Family

Variants of printf provide the formatting features but with additional or slightly different behavior.

fprintf outputs to a system file object which allows output to other than standard output.

sprintf writes to a string buffer instead of standard output.

snprintf provides a level of safety over sprintf since the caller provides a length (n) parameter that specifies the maximum number or chars to write to the buffer.

For most printf-family functions, there is a variant that accepts va_list rather than a variable length parameter list. For example, there is a vfprintf, vsprintf, vsnprintf.

Vulnerabilities

Format string attack

Extra value parameters are ignored, but if the format string has more format specifiers than value parameters passed the behavior is undefined. For some C compilers, an extra format specifier results in consuming a value even though there isn't one. This can allow the format string attack. Generally, for C, arguments are be passed on the stack. If too few arguments are passed, then printf can read past the end of the stackframe, thus allowing an attacker to read the stack.

Some compilers, like the GNU Compiler Collection, will statically check the format strings of printf-like functions and warn about problems (when using the flags -Wall or -Wformat). GCC will also warn about user-defined printf-style functions if the non-standard "format" __attribute__ is applied to the function.

Uncontrolled format string exploit

The format string is often a string literal, which allows static analysis of the function call. However, the format string can be the value of a variable, which allows for dynamic formatting but also a security vulnerability known as an uncontrolled format string exploit.

Memory write

Although an outputting function on the surface, printf allows writing to a memory location specified by an argument via %n. This functionality is occasionally used as a part of more elaborate format-string attacks.^[12]

The %n functionality also makes printf accidentally Turing-complete even with a well-formed set of arguments. A game of tic-tac-toe written in the format string is a winner of the 27th IOCCC.^[13]

Programming languages with printf

Notable programming languages that include printf or printf-like functionality.

Excluded are languages that use format strings that deviate from the style in this article (such as AMPL and Elixir), languages that inherit their implementation from the JVM or other environment (such as Clojure and Scala), and languages that do not have a standard native printf implementation but have external libraries which emulate printf behavior (such as JavaScript).

awk ^[14]
C
C++
D
F#
G (LabVIEW)
GNU MathProg
GNU Octave
Go
Haskell
J
Java (since version 1.5) and JVM languages
Julia (via Printf standard library^[15])
Lua (string.format)
Maple
MATLAB
Max (via the sprintf object)
Mythryl
Objective-C
OCaml (via the Printf module)
PARI/GP
Perl
PHP
Python (via % operator)^[16]
R
Raku (via printf, sprintf, and fmt)
Red/System
Ruby
Tcl (via format command)
Transact-SQL (via xp_sprintf)
Vala (via print() and FileStream.printf())

Notes

↑ According to the 1956 Fortran manual^[1], the PRINT command prints on the attached printer. The manual also introduces the command WRITE OUTPUT TAPE that also uses the FORMAT statement to write on a tape unit.

Related Research Articles

C is a general-purpose computer programming language. It was created in the 1970s by Dennis Ritchie, and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted CPUs. It has found lasting use in operating systems, device drivers, and protocol stacks, but its use in application software has been decreasing. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems.

A "Hello, World!" program is generally a simple computer program which outputs to the screen a message similar to "Hello, World!" while ignoring any user input. A small piece of code in most general-purpose programming languages, this program is used to illustrate a language's basic syntax. A "Hello, World!" program is often the first written by a student of a new programming language, but such a program can also be used as a sanity check to ensure that the computer software intended to compile or run source code is correctly installed, and that its operator understands how to use it.

x86 assembly language is the name for the family of assembly languages which provide some level of backward compatibility with CPUs back to the Intel 8008 microprocessor, which was launched in April 1972. It is used to produce object code for the x86 class of processors.

The C preprocessor is the macro preprocessor for several computer programming languages, such as C, Objective-C, C++, and a variety of Fortran languages. The preprocessor provides inclusion of header files, macro expansions, conditional compilation, and line control.

The syntax of the C programming language is the set of rules governing writing of software in C. It is designed to allow for programs that are extremely terse, have a close relationship with the resulting object code, and yet provide relatively high-level data abstraction. C was the first widely successful high-level language for portable operating-system development.

bc, for basic calculator, is "an arbitrary-precision calculator language" with syntax similar to the C programming language. bc is typically used as either a mathematical scripting language or as an interactive mathematical shell.

In mathematics and in computer programming, a variadic function is a function of indefinite arity, i.e., one which accepts a variable number of arguments. Support for variadic functions differs widely among programming languages.

In the C programming language, data types constitute the semantics and characteristics of storage of data elements. They are expressed in the language syntax in form of declarations for memory locations or variables. Data types also determine the types of operations or methods of processing of data elements.

Format is a function in Common Lisp that can produce formatted text using a format string similar to the printf format string. It provides more functionality than printf, allowing the user to output numbers in various formats, apply certain format specifiers only under certain conditions, iterate over data structures, output data tabularly, and even recurse, calling format internally to handle data structures that include their own preferred formatting strings. This functionally originates in MIT's Lisp Machine Lisp, where it was based on Multics ioa_.

scanf, short for scan formatted, is a C standard library function that reads and parses text from standard input.

sizeof is a unary operator in the programming languages C and C++. It generates the storage size of an expression or a data type, measured in the number of char-sized units. Consequently, the construct sizeof (char) is guaranteed to be 1. The actual number of bits of type char is specified by the preprocessor macro CHAR_BIT, defined in the standard include file limits.h. On most modern computing platforms this is eight bits. The result of sizeof has an unsigned integer type that is usually denoted by size_t.

setjmp.h is a header defined in the C standard library to provide "non-local jumps": control flow that deviates from the usual subroutine call and return sequence. The complementary functions setjmp and longjmp provide this functionality.

stdarg.h is a header in the C standard library of the C programming language that allows functions to accept an indefinite number of arguments. It provides facilities for stepping through a list of function arguments of unknown number and type. C++ provides this functionality in the header cstdarg.

This article compares a large number of programming languages by tabulating their data types, their expression, statement, and declaration syntax, and some common operating-system interfaces.

In computer programming, variadic templates are templates that take a variable number of arguments.

In Unix and Unix-like operating systems, printf is a shell builtin that formats and outputs text like the same-named C function.

In computer programming, string interpolation is the process of evaluating a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values. It is a form of simple template processing or, in formal terms, a form of quasi-quotation. The placeholder may be a variable name, or in some languages an arbitrary expression, in either case evaluated in the current context.

In computer programming, ellipsis notation is used to denote ranges, an unspecified number of arguments, or a parent directory. Most programming languages require the ellipsis to be written as a series of periods; a single (Unicode) ellipsis character cannot be used.

printk is a C function from the Linux kernel interface that prints messages to the kernel log. It accepts a string parameter called the format string, which specifies a method for rendering an arbitrary number of varied data type parameter(s) into a string. The string is then printed to the kernel log.

In the C programming language, an escape sequence is specially delimited text in a character or string literal that represents one or more other characters to the compiler. It allows a programmer to specify characters that are otherwise difficult or impossible to specify in a literal.

References

1 2 Backus, John Warner; Beeber, R. J.; Best, Sheldon F.; Goldberg, Richard; Herrick, Harlan L.; Hughes, R. A.; Mitchell, L. B.; Nelson, Robert A.; Nutt, Roy; Sayre, David; Sheridan, Peter B.; Stern, Harold; Ziller, Irving (15 October 1956). Sayre, David (ed.). The FORTRAN Automatic Coding System for the IBM 704 EDPM: Programmer's Reference Manual (PDF). New York, USA: Applied Science Division and Programming Research Department, International Business Machines Corporation. pp. 26–30. Archived (PDF) from the original on 4 July 2022. Retrieved 4 July 2022. (2+51+1 pages)
↑ "BCPL". cl.cam.ac.uk. Retrieved 19 March 2018.
↑ Richards, Martin; Whitby-Strevens, Colin (1979). BCPL - the language and its compiler. Cambridge University Press. p. 50.
↑ McIlroy, M. D. (1987). A Research Unix reader: annotated excerpts from the Programmer's Manual, 1971–1986 (PDF) (Technical report). CSTR. Bell Labs. 139.
↑ "printf (4.3+Reno BSD)". man.freebsd.org. Retrieved 1 April 2024.
↑ "printf". cplusplus.com. Retrieved 10 June 2020.
↑ ISO/IEC (1999). ISO/IEC 9899:1999(E): Programming Languages – C §7.19.6.1 para 7.
↑ ""The GNU C Library Reference Manual", "12.12.3 Table of Output Conversions"". Gnu.org. Retrieved 17 March 2014.
↑ "printf" (%a added in C99)
↑ "Formatting Numeric Print Output". The Java Tutorials. Oracle Inc. Retrieved 19 March 2018.
↑ "Linux kernel Documentation/printk-formats.txt". Git.kernel.org. Archived from the original on 29 April 2015. Retrieved 17 March 2014.
↑ https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf ^{[ bare URL PDF ]}
↑ "Best of show – abuse of libc". Ioccc.org. Retrieved 5 May 2022.
↑ ""The Open Group Base Specifications Issue 7, 2018 edition", "POSIX awk", "Output Statements"". pubs.opengroup.org. Retrieved 29 May 2022.
↑ "Printf Standard Library". The Julia Language Manual. Retrieved 22 February 2021.
↑ "Built-in Types: printf-style String Formatting", The Python Standard Library, Python Software Foundation, retrieved 24 February 2021

External links

C++ reference for std::fprintf
gcc printf format specifications quick reference
printf : print formatted output – System Interfaces Reference, The Single UNIX Specification , Version 4 from The Open Group
The Formatter specification in Java 1.5
GNU Bash printf(1) builtin

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[2] According to the 1956 Fortran manual^[1], the PRINT command prints on the attached printer. The manual also introduces the command WRITE OUTPUT TAPE that also uses the FORMAT statement to write on a tape unit.

[Sayre_1956-1] 1 2 Backus, John Warner; Beeber, R. J.; Best, Sheldon F.; Goldberg, Richard; Herrick, Harlan L.; Hughes, R. A.; Mitchell, L. B.; Nelson, Robert A.; Nutt, Roy; Sayre, David; Sheridan, Peter B.; Stern, Harold; Ziller, Irving (15 October 1956). Sayre, David (ed.). The FORTRAN Automatic Coding System for the IBM 704 EDPM: Programmer's Reference Manual (PDF). New York, USA: Applied Science Division and Programming Research Department, International Business Machines Corporation. pp. 26–30. Archived (PDF) from the original on 4 July 2022. Retrieved 4 July 2022. (2+51+1 pages)

[3] "BCPL". cl.cam.ac.uk. Retrieved 19 March 2018.

[4] Richards, Martin; Whitby-Strevens, Colin (1979). BCPL - the language and its compiler. Cambridge University Press. p. 50.

[reader-5] McIlroy, M. D. (1987). A Research Unix reader: annotated excerpts from the Programmer's Manual, 1971–1986 (PDF) (Technical report). CSTR. Bell Labs. 139.

[6] "printf (4.3+Reno BSD)". man.freebsd.org. Retrieved 1 April 2024.

[7] "printf". cplusplus.com. Retrieved 10 June 2020.

[c99io-8] ISO/IEC (1999). ISO/IEC 9899:1999(E): Programming Languages – C §7.19.6.1 para 7.

[9] ""The GNU C Library Reference Manual", "12.12.3 Table of Output Conversions"". Gnu.org. Retrieved 17 March 2014.

[10] "printf" (%a added in C99)

[11] "Formatting Numeric Print Output". The Java Tutorials. Oracle Inc. Retrieved 19 March 2018.

[12] "Linux kernel Documentation/printk-formats.txt". Git.kernel.org. Archived from the original on 29 April 2015. Retrieved 17 March 2014.

[13] ttps://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf ^{[ bare URL PDF ]}

[14] "Best of show – abuse of libc". Ioccc.org. Retrieved 5 May 2022.

[15] ""The Open Group Base Specifications Issue 7, 2018 edition", "POSIX awk", "Output Statements"". pubs.opengroup.org. Retrieved 29 May 2022.

[16] "Printf Standard Library". The Julia Language Manual. Retrieved 22 February 2021.

[17] "Built-in Types: printf-style String Formatting", The Python Standard Library, Python Software Foundation, retrieved 24 February 2021

[1]

[lower-alpha 1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

v t e Unix command-line interface programs and shell builtins
File system	cat chattr chmod chown chgrp cksum cmp cp dd du df file fuser ln ls mkdir mv pax pwd rm rmdir split tee touch type umask
Processes	at bg crontab fg kill nice ps time
User environment	env exit logname mesg talk tput uname who write
Text processing	awk basename comm csplit cut diff dirname ed ex fold head iconv join m4 more nl paste patch printf read sed sort strings tail tr troff uniq vi wc xargs
Shell builtins	alias cd echo test unset wait
Searching	find grep
Documentation	man
Software development	ar ctags lex make nm strip yacc
Miscellaneous	bc cal expr lp od sleep true and false
Categories Standard Unix programs Unix SUS2008 utilities List