1
0
mirror of https://github.com/sheumann/hush.git synced 2025-01-03 16:29:50 +00:00
hush/docs/style-guide.txt

690 lines
19 KiB
Plaintext

Busybox Style Guide
===================
This document describes the coding style conventions used in Busybox. If you
add a new file to Busybox or are editing an existing file, please format your
code according to this style. If you are the maintainer of a file that does
not follow these guidelines, please -- at your own convenience -- modify the
file(s) you maintain to bring them into conformance with this style guide.
Please note that this is a low priority task.
To help you format the whitespace of your programs, an ".indent.pro" file is
included in the main Busybox source directory that contains option flags to
format code as per this style guide. This way you can run GNU indent on your
files by typing 'indent myfile.c myfile.h' and it will magically apply all the
right formatting rules to your file. Please _do_not_ run this on all the files
in the directory, just your own.
Declaration Order
-----------------
Here is the order in which code should be laid out in a file:
- commented program name and one-line description
- commented author name and email address(es)
- commented GPL boilerplate
- commented longer description / notes for the program (if needed)
- #includes of .h files with angle brackets (<>) around them
- #includes of .h files with quotes ("") around them
- #defines (if any, note the section below titled "Avoid the Preprocessor")
- const and global variables
- function declarations (if necessary)
- function implementations
Whitespace and Formatting
-------------------------
This is everybody's favorite flame topic so let's get it out of the way right
up front.
Tabs vs. Spaces in Line Indentation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The preference in Busybox is to indent lines with tabs. Do not indent lines
with spaces and do not indents lines using a mixture of tabs and spaces. (The
indentation style in the Apache and Postfix source does this sort of thing:
\s\s\s\sif (expr) {\n\tstmt; --ick.) The only exception to this rule is
multi-line comments that use an asterisk at the beginning of each line, i.e.:
\t/*
\t * This is a block comment.
\t * Note that it has multiple lines
\t * and that the beginning of each line has a tab plus a space
\t * except for the opening '/*' line where the slash
\t * is used instead of a space.
\t */
Furthermore, The preference is that tabs be set to display at four spaces
wide, but the beauty of using only tabs (and not spaces) at the beginning of
lines is that you can set your editor to display tabs at *whatever* number of
spaces is desired and the code will still look fine.
Operator Spacing
~~~~~~~~~~~~~~~~
Put spaces between terms and operators. Example:
Don't do this:
for(i=0;i<num_items;i++){
Do this instead:
for (i = 0; i < num_items; i++) {
While it extends the line a bit longer, the spaced version is more
readable. An allowable exception to this rule is the situation where
excluding the spacing makes it more obvious that we are dealing with a
single term (even if it is a compound term) such as:
if (str[idx] == '/' && str[idx-1] != '\\')
or
if ((argc-1) - (optind+1) > 0)
Bracket Spacing
~~~~~~~~~~~~~~~
If an opening bracket starts a function, it should be on the
next line with no spacing before it. However, if a bracket follows an opening
control block, it should be on the same line with a single space (not a tab)
between it and the opening control block statement. Examples:
Don't do this:
while (!done)
{
do
{
Don't do this either:
while (!done){
do{
And for heaven's sake, don't do this:
while (!done)
{
do
{
Do this instead:
while (!done) {
do {
Exceptions:
- if you have long logic statements that need to be wrapped, then uncuddling
the bracket to improve readability is allowed:
if (some_really_long_checks && some_other_really_long_checks \
&& some_more_really_long_checks)
{
do_foo_now;
Spacing around Parentheses
~~~~~~~~~~~~~~~~~~~~~~~~~~
Put a space between C keywords and left parens, but not between function names
and the left paren that starts it's parameter list (whether it is being
declared or called). Examples:
Don't do this:
while(foo) {
for(i = 0; i < n; i++) {
Do this instead:
while (foo) {
for (i = 0; i < n; i++) {
But do functions like this:
static int my_func(int foo, char bar)
...
baz = my_func(1, 2);
Also, don't put a space between the left paren and the first term, nor between
the last arg and the right paren.
Don't do this:
if ( x < 1 )
strcmp( thisstr, thatstr )
Do this instead:
if (x < 1)
strcmp(thisstr, thatstr)
Cuddled Elses
~~~~~~~~~~~~~
Also, please "cuddle" your else statements by putting the else keyword on the
same line after the right bracket that closes an 'if' statement.
Don't do this:
if (foo) {
stmt;
}
else {
stmt;
}
Do this instead:
if (foo) {
stmt;
} else {
stmt;
}
The exception to this rule is if you want to include a comment before the else
block. Example:
if (foo) {
stmts...
}
/* otherwise, we're just kidding ourselves, so re-frob the input */
else {
other_stmts...
}
Variable and Function Names
---------------------------
Use the K&R style with names in all lower-case and underscores occasionally
used to separate words (e.g., "variable_name" and "numchars" are both
acceptable). Using underscores makes variable and function names more readable
because it looks like whitespace; using lower-case is easy on the eyes.
Frowned upon:
hitList
TotalChars
szFileName
pf_Nfol_TriState
Preferred:
hit_list
total_chars
file_name
sensible_name
Exceptions:
- Enums, macros, and constant variables are occasionally written in all
upper-case with words optionally seperatedy by underscores (i.e. FIFOTYPE,
ISBLKDEV()).
- Nobody is going to get mad at you for using 'pvar' as the name of a
variable that is a pointer to 'var'.
Converting to K&R
~~~~~~~~~~~~~~~~~
The Busybox codebase is very much a mixture of code gathered from a variety of
sources. This explains why the current codebase contains such a hodge-podge of
different naming styles (Java, Pascal, K&R, just-plain-weird, etc.). The K&R
guideline explained above should therefore be used on new files that are added
to the repository. Furthermore, the maintainer of an existing file that uses
alternate naming conventions should, at his own convenience, convert those
names over to K&R style. Converting variable names is a very low priority
task.
If you want to do a search-and-replace of a single variable name in different
files, you can do the following in the busybox directory:
$ perl -pi -e 's/\bOldVar\b/new_var/g' *.[ch]
If you want to convert all the non-K&R vars in your file all at once, follow
these steps:
- In the busybox directory type 'examples/mk2knr.pl files-to-convert'. This
does not do the actual conversion, rather, it generates a script called
'convertme.pl' that shows what will be converted, giving you a chance to
review the changes beforehand.
- Review the 'convertme.pl' script that gets generated in the busybox
directory and remove / edit any of the substitutions in there. Please
especially check for false positives (strings that should not be
converted).
- Type './convertme.pl same-files-as-before' to perform the actual
conversion.
- Compile and see if everything still works.
Please be aware of changes that have cascading effects into other files. For
example, if you're changing the name of something in, say utility.c, you
should probably run 'examples/mk2knr.pl utility.c' at first, but when you run
the 'convertme.pl' script you should run it on _all_ files like so:
'./convertme.pl *.[ch]'.
Avoid The Preprocessor
----------------------
At best, the preprocessor is a necessary evil, helping us account for platform
and architecture differences. Using the preprocessor unnecessarily is just
plain evil.
The Folly of #define
~~~~~~~~~~~~~~~~~~~~
Use 'const <type> var' for declaring constants.
Don't do this:
#define var 80
Do this instead, when the variable is in a header file and will be used in
several source files:
const int var = 80;
Or do this when the variable is used only in a single source file:
static const int var = 80;
Declaring variables as '[static] const' gives variables an actual type and
makes the compiler do type checking for you; the preprocessor does _no_ type
checking whatsoever, making it much more error prone. Declaring variables with
'[static] const' also makes debugging programs much easier since the value of
the variable can be easily queried and displayed.
The Folly of Macros
~~~~~~~~~~~~~~~~~~~
Use 'static inline' instead of a macro.
Don't do this:
#define mini_func(param1, param2) (param1 << param2)
Do this instead:
static inline int mini_func(int param1, param2)
{
return (param1 << param2);
}
Static inline functions are greatly preferred over macros. They provide type
safety, have no length limitations, no formatting limitations, have an actual
return value, and under gcc they are as cheap as macros. Besides, really long
macros with backslashes at the end of each line are ugly as sin.
The Folly of #ifdef
~~~~~~~~~~~~~~~~~~~
Code cluttered with ifdefs is difficult to read and maintain. Don't do it.
Instead, put your ifdefs at the top of your .c file (or in a header), and
conditionally define 'static inline' functions, (or *maybe* macros), which are
used in the code.
Don't do this:
ret = my_func(bar, baz);
if (!ret)
return -1;
#ifdef CONFIG_FEATURE_FUNKY
maybe_do_funky_stuff(bar, baz);
#endif
Do this instead:
(in .h header file)
#ifdef CONFIG_FEATURE_FUNKY
static inline void maybe_do_funky_stuff (int bar, int baz)
{
/* lotsa code in here */
}
#else
static inline void maybe_do_funky_stuff (int bar, int baz) {}
#endif
(in the .c source file)
ret = my_func(bar, baz);
if (!ret)
return -1;
maybe_do_funky_stuff(bar, baz);
The great thing about this approach is that the compiler will optimize away
the "no-op" case (the empty function) when the feature is turned off.
Note also the use of the word 'maybe' in the function name to indicate
conditional execution.
Notes on Strings
----------------
Strings in C can get a little thorny. Here's some guidelines for dealing with
strings in Busybox. (There is surely more that could be added to this
section.)
String Files
~~~~~~~~~~~~
Put all help/usage messages in usage.c. Put other strings in messages.c.
Putting these strings into their own file is a calculated decision designed to
confine spelling errors to a single place and aid internationalization
efforts, if needed. (Side Note: we might want to use a single file - maybe
called 'strings.c' - instead of two, food for thought).
Testing String Equivalence
~~~~~~~~~~~~~~~~~~~~~~~~~~
There's a right way and a wrong way to test for sting equivalence with
strcmp():
The wrong way:
if (!strcmp(string, "foo")) {
...
The right way:
if (strcmp(string, "foo") == 0){
...
The use of the "equals" (==) operator in the latter example makes it much more
obvious that you are testing for equivalence. The former example with the
"not" (!) operator makes it look like you are testing for an error. In a more
perfect world, we would have a streq() function in the string library, but
that ain't the world we're living in.
Avoid Dangerous String Functions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unfortunately, the way C handles strings makes them prone to overruns when
certain library functions are (mis)used. The following table offers a summary
of some of the more notorious troublemakers:
function overflows preferred
----------------------------------------
strcpy dest string strncpy
strcat dest string strncat
gets string it gets fgets
getwd buf string getcwd
[v]sprintf str buffer [v]snprintf
realpath path buffer use with pathconf
[vf]scanf its arguments just avoid it
The above is by no means a complete list. Be careful out there.
Avoid Big Static Buffers
------------------------
First, some background to put this discussion in context: Static buffers look
like this in code:
/* in a .c file outside any functions */
static char buffer[BUFSIZ]; /* happily used by any function in this file,
but ick! big! */
The problem with these is that any time any busybox app is run, you pay a
memory penalty for this buffer, even if the applet that uses said buffer is
not run. This can be fixed, thusly:
static char *buffer;
...
other_func()
{
strcpy(buffer, lotsa_chars); /* happily uses global *buffer */
...
foo_main()
{
buffer = xmalloc(sizeof(char)*BUFSIZ);
...
However, this approach trades bss segment for text segment. Rather than
mallocing the buffers (and thus growing the text size), buffers can be
declared on the stack in the *_main() function and made available globally by
assigning them to a global pointer thusly:
static char *pbuffer;
...
other_func()
{
strcpy(pbuffer, lotsa_chars); /* happily uses global *pbuffer */
...
foo_main()
{
char *buffer[BUFSIZ]; /* declared locally, on stack */
pbuffer = buffer; /* but available globally */
...
This last approach has some advantages (low code size, space not used until
it's needed), but can be a problem in some low resource machines that have
very limited stack space (e.g., uCLinux).
A macro is declared in busybox.h that implements compile-time selection
between xmalloc() and stack creation, so you can code the line in question as
RESERVE_CONFIG_BUFFER(buffer, BUFSIZ);
and the right thing will happen, based on your configuration.
Miscellaneous Coding Guidelines
-------------------------------
The following are important items that don't fit into any of the above
sections.
Model Busybox Applets After GNU Counterparts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When in doubt about the proper behavior of a Busybox program (output,
formatting, options, etc.), model it after the equivalent GNU program.
Doesn't matter how that program behaves on some other flavor of *NIX; doesn't
matter what the POSIX standard says or doesn't say, just model Busybox
programs after their GNU counterparts and it will make life easier on (nearly)
everyone.
The only time we deviate from emulating the GNU behavior is when:
- We are deliberately not supporting a feature (such as a command line
switch)
- Emulating the GNU behavior is prohibitively expensive (lots more code
would be required, lots more memory would be used, etc.)
- The difference is minor or cosmetic
A note on the 'cosmetic' case: Output differences might be considered
cosmetic, but if the output is significant enough to break other scripts that
use the output, it should really be fixed.
Scope
~~~~~
If a const variable is used only in a single source file, put it in the source
file and not in a header file. Likewise, if a const variable is used in only
one function, do not make it global to the file. Instead, declare it inside
the function body. Bottom line: Make a conscious effort to limit declarations
to the smallest scope possible.
Inside applet files, all functions should be declared static so as to keep the
global name space clean. The only exception to this rule is the "applet_main"
function which must be declared extern.
If you write a function that performs a task that could be useful outside the
immediate file, turn it into a general-purpose function with no ties to any
applet and put it in the utility.c file instead.
Brackets Are Your Friends
~~~~~~~~~~~~~~~~~~~~~~~~~
Please use brackets on all if and else statements, even if it is only one
line. Example:
Don't do this:
if (foo)
stmt1;
stmt2
stmt3;
Do this instead:
if (foo) {
stmt1;
}
stmt2
stmt3;
The "bracketless" approach is error prone because someday you might add a line
like this:
if (foo)
stmt1;
new_line();
stmt2
stmt3;
And the resulting behavior of your program would totally bewilder you. (Don't
laugh, it happens to us all.) Remember folks, this is C, not Python.
Function Declarations
~~~~~~~~~~~~~~~~~~~~~
Do not use old-style function declarations that declare variable types between
the parameter list and opening bracket. Example:
Don't do this:
int foo(parm1, parm2)
char parm1;
float parm2;
{
....
Do this instead:
int foo(char parm1, float parm2)
{
....
The only time you would ever need to use the old declaration syntax is to
support ancient, antediluvian compilers. To our good fortune, we have access
to more modern compilers and the old declaration syntax is neither necessary
nor desired.
Emphasizing Logical Blocks
~~~~~~~~~~~~~~~~~~~~~~~~~~
Organization and readability are improved by putting extra newlines around
blocks of code that perform a single task. These are typically blocks that
begin with a C keyword, but not always.
Furthermore, you should put a single comment (not necessarily one line, just
one comment) before the block, rather than commenting each and every line.
There is an optimal amount of commenting that a program can have; you can
comment too much as well as too little.
A picture is really worth a thousand words here, the following example
illustrates how to emphasize logical blocks:
while (line = get_line_from_file(fp)) {
/* eat the newline, if any */
chomp(line);
/* ignore blank lines */
if (strlen(file_to_act_on) == 0) {
continue;
}
/* if the search string is in this line, print it,
* unless we were told to be quiet */
if (strstr(line, search) && !be_quiet) {
puts(line);
}
/* clean up */
free(line);
}
Processing Options with getopt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If your applet needs to process command-line switches, please use getopt() to
do so. Numerous examples can be seen in many of the existing applets, but
basically it boils down to two things: at the top of the .c file, have this
line in the midst of your #includes:
#include <getopt.h>
And a code block similar to the following near the top of your applet_main()
routine:
while ((opt = getopt(argc, argv, "abc")) > 0) {
switch (opt) {
case 'a':
do_a_opt = 1;
break;
case 'b':
do_b_opt = 1;
break;
case 'c':
do_c_opt = 1;
break;
default:
show_usage(); /* in utility.c */
}
}
If your applet takes no options (such as 'init'), there should be a line
somewhere in the file reads:
/* no options, no getopt */
That way, when people go grepping to see which applets need to be converted to
use getopt, they won't get false positives.
Additional Note: Do not use the getopt_long library function and do not try to
hand-roll your own long option parsing. Busybox applets should only support
short options. Explanations and examples of the short options should be
documented in usage.h.