hush/docs/style-guide.txt
Mark Whitley a5b55ca8a9 - Added a section on avoiding static buffers, per mailing list discussions
- Added a section on avoiding dangerous, overrun-prone string functions, per
   mailing list comment by David Douthitt
 - Added comment on how to search-and-replace in multiple files per (very old)
   mailing list comment by Larry Doolittle.
2001-01-24 00:18:13 +00:00

586 lines
16 KiB
Plaintext

Busybox Style Guide
===================
This document describes the coding style conventions used in Busybox. If you
add a new file to Busybox or are editing an existing file, please format your
code according to this style. If you are the maintainer of a file that does
not follow these guidelines, please -- at your own convenience -- modify the
file(s) you maintain to bring them into conformance with this style guide.
Please note that this is a low priority task.
To help you format the whitespace of your programs, an ".indent.pro" file is
included in the main Busybox source directory that contains option flags to
format code as per this style guide. This way you can run GNU indent on your
files by typing 'indent myfile.c myfile.h' and it will magically apply all the
right formatting rules to your file. Please _do_not_ run this on all the files
in the directory, just your own.
Declaration Order
-----------------
Here is the order in which code should be laid out in a file:
- commented program name and one-line description
- commented author name and email address(es)
- commented GPL boilerplate
- commented longer description / notes for the program (if needed)
- #includes and #defines
- const and global variables
- function declarations (if necessary)
- function implementations
Whitespace and Formatting
-------------------------
This is everybody's favorite flame topic so let's get it out of the way right
up front.
Tabs vs. Spaces in Line Indentation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The preference in Busybox is to indent lines with tabs. Do not indent lines
with spaces and do not indents lines using a mixture of tabs and spaces. (The
indentation style in the Apache and Postfix source does this sort of thing:
\s\s\s\sif (expr) {\n\tstmt; --ick.) The only exception to this rule is
multi-line comments that use an asterisk at the beginning of each line, i.e.:
/t/*
/t * This is a block comment.
/t * Note that it has multiple lines
/t * and that the beginning of each line has a tab plus a space
/t * except for the opening '/*' line where the slash
/t * is used instead of a space.
/t */
Furthermore, The preference is that tabs be set to display at four spaces
wide, but the beauty of using only tabs (and not spaces) at the beginning of
lines is that you can set your editor to display tabs at *whatever* number of
spaces is desired and the code will still look fine.
Operator Spacing
~~~~~~~~~~~~~~~~
Put spaces between terms and operators. Example:
Don't do this:
for(i=0;i<num_items;i++){
Do this instead:
for (i = 0; i < num_items; i++) {
While it extends the line a bit longer, the spaced version is more
readable. An allowable exception to this rule is the situation where
excluding the spacing makes it more obvious that we are dealing with a
single term (even if it is a compound term) such as:
if (str[idx] == '/' && str[idx-1] != '\\')
or
if ((argc-1) - (optind+1) > 0)
Bracket Spacing
~~~~~~~~~~~~~~~
If an opening bracket starts a function, it should be on the
next line with no spacing before it. However, if a bracket follows an opening
control block, it should be on the same line with a single space (not a tab)
between it and the opening control block statement. Examples:
Don't do this:
while (!done)
{
do
{
Don't do this either:
while (!done){
do{
And for heaven's sake, don't do this:
while (!done)
{
do
{
Do this instead:
while (!done) {
do {
Paren Spacing
~~~~~~~~~~~~~
Put a space between C keywords and left parens, but not between
function names and the left paren that starts it's parameter list (whether it
is being declared or called). Examples:
Don't do this:
while(foo) {
for(i = 0; i < n; i++) {
Do this instead:
while (foo) {
for (i = 0; i < n; i++) {
But do functions like this:
static int my_func(int foo, char bar)
...
baz = my_func(1, 2);
Cuddled Elses
~~~~~~~~~~~~~
Also, please "cuddle" your else statements by putting the else keyword on the
same line after the right bracket that closes an 'if' statement.
Don't do this:
if (foo) {
stmt;
}
else {
stmt;
}
Do this instead:
if (foo) {
stmt;
} else {
stmt;
}
The exception to this rule is if you want to include a comment before the else
block. Example:
if (foo) {
stmts...
}
/* otherwise, we're just kidding ourselves, so re-frob the input */
else {
other_stmts...
}
Variable and Function Names
---------------------------
Use the K&R style with names in all lower-case and underscores occasionally
used to separate words (e.g., "variable_name" and "numchars" are both
acceptable). Using underscores makes variable and function names more readable
because it looks like whitespace; using lower-case is easy on the eyes.
Frowned upon:
hitList
TotalChars
szFileName
pf_Nfol_TriState
Preferred:
hit_list
total_chars
file_name
sensible_name
Exceptions:
- Enums, macros, and constant variables should all be in upper-case with
words optionally seperatedy by underscores (i.e. FIFOTYPE, ISBLKDEV()).
- Nobody is going to get mad at you for using 'pvar' as the name of a
variable that is a pointer to 'var'.
Note: The Busybox codebase is very much a mixture of code gathered from a
variety of sources. This explains why the current codebase contains such a
hodge-podge of different naming styles (Java, Pascal, K&R, just-plain-weird,
etc.). The K&R guideline explained above should therefore be used on new files
that are added to the repository. Furthermore, the maintainer of an existing
file that uses alternate naming conventions should -- at his own convenience
-- convert those names over to K&R style; converting variable names is a very
low priority task. Perhaps in the future we will include some magical Perl
script that can go through and convert variable names, left as an exercise for
the reader for now.
For the time being, if you want to do a search-and-replace of a variable name
in different files, do the following in the busybox directory:
$ perl -pi -e 's/\bOldVar\b/new_var/g' *.[ch]
Avoid The Preprocessor
----------------------
At best, the preprocessor is a necessary evil, helping us account for platform
and architecture differences. Using the preprocessor unnecessarily is just
plain evil.
The Folly of #define
~~~~~~~~~~~~~~~~~~~~
Use 'const <type> var' for declaring constants.
Don't do this:
#define var 80
Do this instead, when the variable is in a header file and will be used in
several source files:
const int var = 80;
Or do this when the variable is used only in a single source file:
static const int var = 80;
Declaring variables as '[static] const' gives variables an actual type and
makes the compiler do type checking for you; the preprocessor does _no_ type
checking whatsoever, making it much more error prone. Declaring variables with
'[static] const' also makes debugging programs much easier since the value of
the variable can be easily queried and displayed.
The Folly of Macros
~~~~~~~~~~~~~~~~~~~
Use 'static inline' instead of a macro.
Don't do this:
#define mini_func(param1, param2) (param1 << param2)
Do this instead:
static inline int mini_func(int param1, param2)
{
return (param1 << param2);
}
Static inline functions are greatly preferred over macros. They provide type
safety, have no length limitations, no formatting limitations, and under gcc
they are as cheap as macros. Besides, really long macros with backslashes at
the end of each line are ugly as sin.
The Folly of #ifdef
~~~~~~~~~~~~~~~~~~~
Code cluttered with ifdefs is difficult to read and maintain. Don't do it.
Instead, put your ifdefs in a header, and conditionally define 'static inline'
functions, (or *maybe* macros), which are used in the code.
Don't do this:
ret = my_func(bar, baz);
if (!ret)
return -1;
#ifdef BB_FEATURE_FUNKY
maybe_do_funky_stuff(bar, baz);
#endif
Do this instead:
(in .h header file)
#ifndef BB_FEATURE_FUNKY
static inline void maybe_do_funky_stuff (int bar, int baz) {}
#endif
(in the .c source file)
ret = my_func(bar, baz);
if (!ret)
return -1;
maybe_do_funky_stuff(bar, baz);
The great thing about this approach is that the compiler will optimize away
the "no-op" case when the feature is turned off.
Note also the use of the word 'maybe' in the function name to indicate
conditional execution.
Notes on Strings
----------------
Strings in C can get a little thorny. Here's some guidelines for dealing with
strings in Busybox. (There is surely more that could be added to this
section.)
String Files
~~~~~~~~~~~~
Put all help/usage messages in usage.c. Put other strings in messages.c.
Putting these strings into their own file is a calculated decision designed to
confine spelling errors to a single place and aid internationalization
efforts, if needed. (Side Note: we might want to use a single file - maybe
called 'strings.c' - instead of two, food for thought).
Testing String Equivalence
~~~~~~~~~~~~~~~~~~~~~~~~~~
There's a right way and a wrong way to test for sting equivalence with
strcmp():
The wrong way:
if (!strcmp(string, "foo")) {
...
The right way:
if (strcmp(string, "foo") == 0){
...
The use of the "equals" (==) operator in the latter example makes it much more
obvious that you are testing for equivalence. The former example with the
"not" (!) operator makes it look like you are testing for an error. In a more
perfect world, we would have a streq() function in the string library, but
that ain't the world we're living in.
Avoid Dangerous String Functions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unfortunately, the way C handles strings makes them prone to overruns when
certain library functions are (mis)used. The following table offers a summary
of some of the more notorious troublemakers:
function overflows preferred
----------------------------------------
strcpy dest string strncpy
strcat dest string strncat
gets string it gets fgets
getwd buf string getcwd
[v]sprintf str buffer [v]snprintf
realpath path buffer use with pathconf
[vf]scanf its arguments just avoid it
The above is by no means a complete list. Be careful out there.
Avoid Big Static Buffers
------------------------
First, some background to put this discussion in context: Static buffers look
like this in code:
/* in a .c file outside any functions */
static char *buffer[BUFSIZ]; /* happily used by any function in this file,
but ick! big! */
The problem with these is that any time any busybox app is run, you pay a
memory penalty for this buffer, even if the applet that uses said buffer is
not run. This can be fixed, thusly:
static char *buffer
...
other_func()
{
strcpy(buffer, lotsa_chars); /* happily uses global *buffer */
...
foo_main()
{
buffer = xmalloc(sizeof(char)*BUFSIZ);
...
However, this approach trades bss segment for text segment. Rather than
mallocing the buffers (and thus growing the text size), buffers can be
declared on the stack in the *_main() function and made available globally by
assigning them to a global pointer thusly:
static char *pbuffer
...
other_func()
{
strcpy(pbuffer, lotsa_chars); /* happily uses global *pbuffer */
...
foo_main()
{
char *buffer[BUFSIZ]; /* declared locally, on stack */
pbuffer = buffer; /* but available globally */
...
Thus:
- global static buffers are eliminated
- we don't grow the text segment as much because no malloc() call is made;
memory is automatically allocated on the stack when execution context
enters the function. (We still grow text a little bit because of the
assignment, but that's cheap compared to a function call.)
- the buffer is still available globally via the pointer
Miscellaneous Coding Guidelines
-------------------------------
The following are important items that don't fit into any of the above
sections.
Model Busybox Applets After GNU Counterparts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When in doubt about the proper behavior of a Busybox program (output,
formatting, options, etc.), model it after the equivalent GNU program.
Doesn't matter how that program behaves on some other flavor of *NIX; doesn't
matter what the POSIX standard says or doesn't say, just model Busybox
programs after their GNU counterparts and nobody has to get hurt.
The only time we deviate from emulating the GNU behavior is when:
- We are deliberately not supporting a feature (such as a command line
switch)
- Emulating the GNU behavior is prohibitively expensive (lots more code
would be required, lots more memory would be used, etc.)
- The difference is minor or cosmetic
A note on the 'cosmetic' case: Output differences might be considered
cosmetic, but if the output is significant enough to break other scripts that
use the output, it should really be fixed.
Scope
~~~~~
If a const variable is used only in a single source file, put it in the source
file and not in a header file. Likewise, if a const variable is used in only
one function, do not make it global to the file. Instead, declare it inside
the function body. Bottom line: Make a conscious effort to limit declarations
to the smallest scope possible.
Inside applet files, all functions should be declared static so as to keep the
global name space clean. The only exception to this rule is the "applet_main"
function which must be declared extern.
If you write a function that performs a task that could be useful outside the
immediate file, turn it into a general-purpose function with no ties to any
applet and put it in the utility.c file instead.
Brackets Are Your Friends
~~~~~~~~~~~~~~~~~~~~~~~~~
Please use brackets on all if and else statements, even if it is only one
line. Example:
Don't do this:
if (foo)
stmt1;
stmt2
stmt3;
Do this instead:
if (foo) {
stmt1;
}
stmt2
stmt3;
The "bracketless" approach is error prone because someday you might add a line
like this:
if (foo)
stmt1;
new_line();
stmt2
stmt3;
And the resulting behavior of your program would totally bewilder you. (Don't
laugh, it happens to us all.) Remember folks, this is C, not Python.
Function Declarations
~~~~~~~~~~~~~~~~~~~~~
Do not use old-style function declarations that declare variable types between
the parameter list and opening bracket. Example:
Don't do this:
int foo(parm1, parm2)
char parm1;
float parm2;
{
....
Do this instead:
int foo(char parm1, float parm2)
{
....
The only time you would ever need to use the old declaration syntax is to
support ancient, antediluvian compilers. To our good fortune, we have access
to more modern compilers and the old declaration syntax is neither necessary
nor desired.
Emphasizing Logical Blocks
~~~~~~~~~~~~~~~~~~~~~~~~~~
Organization and readability are improved by putting extra newlines around
blocks of code that perform a single task. These are typically blocks that
begin with a C keyword, but not always.
Furthermore, you should put a single comment (not necessarily one line, just
one comment) before the block, rather than commenting each and every line.
There is an optimal ammount of commenting that a program can have; you can
comment too much as well as too little.
A picture is really worth a thousand words here, so here is an example that
illustrates emphasizing logical blocks:
while (line = get_line_from_file(fp)) {
/* eat the newline, if any */
if (line[strlen(line)-1] == '\n') {
line[strlen(line)-1] = '\0';
}
/* ignore blank lines */
if (strlen(file_to_act_on) == 0) {
continue;
}
/* if the search string is in this line, print it,
* unless we were told to be quiet */
if (strstr(line, search) && !be_quiet) {
puts(line);
}
/* clean up */
free(line);
}