DragonFly On-Line Manual Pages
STYLE(9) DragonFly Kernel Developer's Manual STYLE(9)
NAME
style -- kernel source file style guide
DESCRIPTION
This file specifies the preferred style for kernel source files in the
DragonFly source tree. It is also a guide for preferred userland code
style. Many of the style rules are implicit in the examples. Be careful
to check the examples before assuming that style is silent on an issue.
/*
* VERY important single-line comments look like this.
*/
/* Most single-line comments look like this. */
/*
* Multi-line comments look like this. Make them real sentences. Fill
* them so they look like real paragraphs.
*/
/*
* XXX in a comment indicates code which is incomplete, suboptimal,
* or otherwise deserving of further attention.
*/
Version control system ID tags should only exist once in a file (unlike
this one). All VCS (version control system) revision identification from
files obtained from elsewhere should be maintained in comments, includ-
ing, where applicable, multiple IDs showing a file's history. In gen-
eral, keep the IDs intact, including any `$'s. There is no reason to add
"From" in front of foreign VCS IDs. All VCS IDs should generally be
placed in comments somewhere near the top of the source, typically either
before or after the copyright message.
Leave another blank line before the header files.
Kernel include files (i.e. sys/*.h) come first; normally, include
<sys/types.h> OR <sys/param.h>, but not both. <sys/types.h> includes
<sys/cdefs.h>, and it is okay to depend on that.
#include <sys/types.h> /* Non-local includes in angle brackets. */
For a network program, put the network include files next.
#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <netinet/in.h>
#include <protocols/rwhod.h>
Do not use files in /usr/include for files in the kernel.
Leave a blank line before the next group, the /usr include files, which
should be sorted alphabetically by name.
#include <stdio.h>
Global pathnames are defined in <paths.h>. Pathnames local to the pro-
gram go in "pathnames.h" in the local directory.
#include <paths.h>
Leave another blank line before the user include files.
#include "pathnames.h" /* Local includes in double quotes. */
Do not #define or declare names in the implementation namespace except
for implementing application interfaces.
The names of ``unsafe'' macros (ones that have side effects), and the
names of macros for manifest constants, are all in uppercase. The expan-
sions of expression-like macros are either a single token or have outer
parentheses. Put a single tab character between the #define and the
macro name. If a macro is an inline expansion of a function, the func-
tion name is all in lowercase and the macro has the same name all in
uppercase. If a macro needs more than a single line, use braces (`{' and
`}'). Right-justify the backslashes; it makes it easier to read. If the
macro encapsulates a compound statement, enclose it in a do loop, so that
it can safely be used in if statements. Any final statement-terminating
semicolon should be supplied by the macro invocation rather than the
macro, to make parsing easier for pretty-printers and editors.
#define MACRO(x, y) do { \
variable = (x) + (y); \
(y) += 2; \
} while (0)
Enumeration values are all uppercase.
enum enumtype { ONE, TWO } et;
As fixed size integers the POSIX defined types are preferred:
uint8_t 8 bits fixed size unsigned integer
uint16_t 16 bits fixed size unsigned integer
uint32_t 32 bits fixed size unsigned integer
uint64_t 64 bits fixed size unsigned integer
When declaring variables in structures, declare them sorted by use, then
by size, and then in alphabetical order. The first category normally
does not apply, but there are exceptions. Each one gets its own line.
Try to make the structure readable by aligning the member names using
either one or two tabs depending upon your judgment. You should use one
tab if it suffices to align most of the member names. Names following
extremely long types should be separated by a single space.
Major structures should be declared at the top of the file in which they
are used, or in separate header files if they are used in multiple source
files. Use of the structures should be by separate declarations and
should be extern if they are declared in a header file.
struct foo {
struct foo *next; /* List of active foo. */
struct mumble amumble; /* Comment for mumble. */
int bar; /* Try to align the comments. */
struct verylongtypename *baz; /* Won't fit in 2 tabs. */
};
struct foo *foohead; /* Head of global foo list. */
Use queue(3) macros rather than rolling your own lists, whenever possi-
ble. Thus, the previous example would be better written:
#include <sys/queue.h>
struct foo {
LIST_ENTRY(foo) link; /* Use queue macros for foo lists. */
struct mumble amumble; /* Comment for mumble. */
int bar; /* Try to align the comments. */
struct verylongtypename *baz; /* Won't fit in 2 tabs. */
};
LIST_HEAD(, foo) foohead; /* Head of global foo list. */
Avoid using typedefs for structure types. This makes it impossible for
applications to use pointers to such a structure opaquely, which is both
possible and beneficial when using an ordinary struct tag. When conven-
tion requires a typedef, make its name match the struct tag. Avoid type-
defs ending in ``_t'', except as specified in Standard C or by POSIX.
/* Make the structure name match the typedef. */
typedef struct bar {
int level;
} BAR;
typedef int foo; /* This is foo. */
typedef const long baz; /* This is baz. */
All functions are prototyped somewhere.
Function prototypes for private functions (i.e. functions not used else-
where) go at the top of the first source module. Functions local to one
source module should be declared static.
Functions used from other parts of the kernel are prototyped in the rele-
vant include file.
Functions that are used locally in more than one module go into a sepa-
rate header file, e.g. "extern.h".
Do not use the register keyword and the __P macro from the include file
<sys/cdefs.h>. Code in the DragonFly source tree is not expected to be
K&R compliant.
Changes to existing files should be consistent with that file's conven-
tions. In general, code can be considered ``new code'' when it makes up
about 50% or more of the file(s) involved. This is enough to break
precedents in the existing code and use the current style guidelines.
Function prototypes for the kernel have parameter names associated with
parameter types. E.g., in the kernel use:
void function(int fd);
Prototypes that are visible to userland applications should not include
parameter names with the types, to avoid possible collisions with defined
macro names. I.e., use:
void function(int);
Prototypes may have an extra space after a tab to enable function names
to line up:
static char *function(int, const char *, struct foo *, struct bar *,
struct baz **);
static void usage(void);
/*
* All major routines should have a comment briefly describing what
* they do. The comment before the "main" routine should describe
* what the program does.
*/
int
main(int argc, char **argv)
{
long num;
int ch;
char *ep;
For consistency, getopt(3) should be used to parse options. Options
should be sorted in the getopt(3) call and the switch statement, unless
parts of the switch cascade. Elements in a switch statement that cascade
should have a FALLTHROUGH comment, unless they contain no code of their
own. Numerical arguments should be checked for accuracy. Code that can-
not be reached should have a NOTREACHED comment.
while ((ch = getopt(argc, argv, "abn:")) != -1)
switch (ch) { /* Indent the switch. */
case 'a': /* Don't indent the case. */
aflag = 1;
/* FALLTHROUGH */
case 'b':
bflag = 1;
break;
case 'n':
num = strtol(optarg, &ep, 10);
if (num <= 0 || *ep != '\0') {
warnx("illegal number, -n argument -- %s",
optarg);
usage();
}
break;
default:
usage();
/* NOTREACHED */
}
argc -= optind;
argv += optind;
Put a single space after control statement keywords (if, do, while, for,
switch). No braces are used for control statements with zero or only a
single statement unless that statement is more than a single line in
which case they are permitted. `Forever' loops (loops with no test
expression, which are only terminated by a break, return or exit inside
the loop body) are done with for's, not while's.
for (p = buf; *p != '\0'; ++p)
; /* nothing */
for (;;)
stmt;
for (;;) {
z = a + really + long + statement + that + needs +
two + lines + gets + indented + four + spaces +
on + the + second + and + subsequent + lines;
}
for (;;) {
if (cond)
stmt;
}
if (val != NULL)
val = realloc(val, newsize);
Parts of a for loop may be left empty. Do not put declarations inside
blocks unless the routine is unusually complicated.
for (; cnt < 15; cnt++) {
stmt1;
stmt2;
}
Indentation used for program block structure is an 8 character tab. Sec-
ond level indents used for line continuation are four spaces. If you
have to wrap a long statement, put the operator at the end of the line.
while (cnt < 20 && this_variable_name_is_really_far_too_long &&
ep != NULL) {
z = a + really + long + statement + that + needs +
two + lines + gets + indented + four + spaces +
on + the + second + and + subsequent + lines;
}
Do not add whitespace at the end of a line, and only use tabs followed by
spaces to form the indentation. Do not use more spaces than a tab will
produce and do not use spaces in front of tabs.
Closing and opening braces go on the same line as the else. Braces that
are not necessary may be left out, but always use braces around complex
or confusing sequences, for example if any part of a conditional is
multi-line, use braces for all parts of the conditional, and use braces
around multi-line substatements of loops or conditionals even if they are
theoretically one statement from the compiler's point of view.
if (test)
stmt;
else if (bar)
stmt;
else
stmt;
if (test) {
stmt;
} else if (bar) {
stmt;
stmt;
} else {
stmt;
}
/* THIS IS WRONG, BRACES SHOULD BE USED */
if (fubar)
/* xyz */
x = 1;
/* THIS IS ALSO WRONG, USE BRACES AROUND THE OUTER CONDITIONAL */
if (fubar)
if (barbaz)
x = 1;
Do not put spaces after function names, after `(' or `[' characters, or
preceding `]', `)', `;', or `,' characters. But do put a space after
commas and semicolons if there is further text on the same line.
error = function(a1, a2);
if (error != 0)
exit(error);
Unary operators do not require spaces around them, but binary operators
(except for `.' and `->') do. Do not use parentheses unless they are
required for precedence or unless the statement is confusing without
them. Remember that other people may become confused more easily than
you. Do YOU understand the following?
a = b->c[0] + ~d == (e || f) || g && h ? i : j >> 1;
k = !(l & FLAGS);
Casts are not followed by a space. Note that indent(1) does not under-
stand this rule. Also, for the purposes of formatting, treat return and
sizeof as functions. In other words, they are not followed by a space,
and their single argument should be enclosed in parentheses.
Exits should be 0 on success, or according to the predefined values in
sysexits(3).
exit(EX_OK); /*
* Avoid obvious comments such as
* "Exit 0 on success."
*/
}
The function type should be on a line by itself preceding the function.
static char *
function(int a1, int a2, float fl, int a4)
{
When declaring variables in functions declare them sorted by size, then
in alphabetical order; multiple ones per line are okay. If a line over-
flows reuse the type keyword.
Be careful to not obfuscate the code by initializing variables in the
declarations. Use this feature only thoughtfully. DO NOT use function
calls in initializers.
struct foo one, *two;
double three;
int *four, five;
char *six, seven, eight, nine, ten, eleven, twelve;
four = myfunction();
Do not declare functions inside other functions; ANSI C says that such
declarations have file scope regardless of the nesting of the declara-
tion. Hiding file declarations in what appears to be a local scope is
undesirable and will elicit complaints from a good compiler.
NULL is the preferred null pointer constant. Use NULL instead of (type
*)0 or (type *)NULL in contexts where the compiler knows the type, e.g.,
in assignments. Use (type *)NULL in other contexts, in particular for
all function args. (Casting is essential for variadic args and is neces-
sary for other args if the function prototype might not be in scope.)
Test pointers against NULL, e.g., use:
(p = f()) == NULL
not:
!(p = f())
Do not use ! for tests unless it is a boolean, e.g. use
if (*p == '\0')
not
if (!*p)
Do not cast the unused return value of a function to (void).
Routines returning void * should not have their return values cast to any
pointer type.
Use err(3) or warn(3), do not roll your own.
if ((four = malloc(sizeof(struct foo))) == NULL)
err(1, NULL);
if ((six = (int *)overflow()) == NULL)
errx(1, "number overflowed");
return(eight);
}
Avoid old-style function declarations that look like this:
static char *
function(a1, a2, fl, a4)
int a1, a2; /* Declare ints, too, don't default them. */
float fl; /* Beware double vs. float prototype differences. */
int a4; /* List in order declared. */
{
Use ANSI function declarations instead. Long parameter lists are wrapped
so that the first parameter on each line lines up.
Try to avoid using obsolete functions such as: ftime(3), getwd(3),
index(3), rindex(3), mktemp(3) and utimes(3).
All new code must avoid using unbounded string functions. For example,
strlcpy(3) should be used instead of strcpy(3), and snprintf(3) should be
used instead of sprintf(3).
Varargs procedures should be formatted as follows:
#include <stdarg.h>
void
vaf(const char *fmt, ...)
{
va_list va;
va_start(va, fmt);
STUFF;
va_end(va);
/* No return needed for void functions. */
}
Use printf(3), not fputs(3), puts(3), putchar(3), whatever; it is faster
and usually cleaner, not to mention avoiding stupid bugs.
Usage statements should look like the manual pages SYNOPSIS. The usage
statement should be structured in the following order:
1. Options without operands come first, in alphabetical order, inside a
single set of brackets (`[' and `]').
2. Options with operands come next, also in alphabetical order, with
each option and its argument inside its own pair of brackets.
3. Required arguments (if any) are next, listed in the order they
should be specified on the command line.
4. Finally, any optional arguments should be listed, listed in the
order they should be specified, and all inside brackets.
A bar (`|') separates ``either-or'' options/arguments, and multiple
options/arguments which are specified together are placed in a single set
of brackets.
"usage: f [-aDde] [-b b_arg] [-m m_arg] req1 req2 [opt1 [opt2]]\n"
"usage: f [-a | -b] [-c [-dEe] [-n number]]\n"
void
usage(void)
{
fprintf(stderr, "usage: f [-ab]\n");
exit(EX_USAGE);
}
Note that the manual page options description should list the options in
pure alphabetical order. That is, without regard to whether an option
takes arguments or not. The alphabetical ordering should take into
account the case ordering shown above.
New core kernel code should be reasonably compliant with the style
guides. The guidelines for third-party maintained modules and device
drivers are more relaxed but at a minimum should be internally consistent
with their style.
Stylistic changes (including whitespace changes) are hard on the source
repository and are to be avoided without good reason. Code that is
approximately DragonFly KNF style compliant in the repository must not
diverge from compliance.
DragonFly's default warning options are a reasonable subset and -Werror
is enabled for kernel and world, so passing buildworld or buildkernel
alone is a good check. The warnings of most recent compilers are of high
quality. Further analysis can be done using one of the various code
checkers such as cppcheck(1) or clang(1)'s static analyzer.
SEE ALSO
indent(1), err(3), sysexits(3), warn(3)
HISTORY
This man page is largely based on the src/admin/style/style file from the
4.4BSD-Lite2 release, with occasional updates to reflect the current
practice and desire of the DragonFly project.
DragonFly 3.5 February 5, 2013 DragonFly 3.5