man.bsd.lv manual page server

DESCRIPTION

/*
 * VERY important single-line comments look like this.
 */

/* Most single-line comments look like this. */

/*
 * Multi-line comments look like this.  Make them real sentences.  Fill
 * them so they look like real paragraphs.
 */

/*
 * XXX in a comment indicates code which is incomplete, suboptimal,
 * or otherwise deserving of further attention.
 */

Version control system ID tags should only exist once in a file (unlike this one). All VCS (version control system) revision identification from files obtained from elsewhere should be maintained in comments, including, where applicable, multiple IDs showing a file's history. In general, keep the IDs intact, including any ‘$’s. There is no reason to add "From" in front of foreign VCS IDs. All VCS IDs should generally be placed in comments somewhere near the top of the source, typically either before or after the copyright message.

Leave another blank line before the header files.

Kernel include files (i.e. sys/*.h) come first; normally, include <sys/types.h> OR <sys/param.h>, but not both. <sys/types.h> includes <sys/cdefs.h>, and it is okay to depend on that.

#include <sys/types.h>	/* Non-local includes in angle brackets. */

For a network program, put the network include files next.

#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <netinet/in.h>
#include <protocols/rwhod.h>

Do not use files in /usr/include for files in the kernel.

Leave a blank line before the next group, the /usr include files, which should be sorted alphabetically by name.

#include <stdio.h>

Global pathnames are defined in <paths.h>. Pathnames local to the program go in "pathnames.h" in the local directory.

#include <paths.h>

Leave another blank line before the user include files.

#include "pathnames.h"		/* Local includes in double quotes. */

Do not #define or declare names in the implementation namespace except for implementing application interfaces.

The names of “unsafe” macros (ones that have side effects), and the names of macros for manifest constants, are all in uppercase. The expansions of expression-like macros are either a single token or have outer parentheses. Put a single tab character between the #define and the macro name. If a macro is an inline expansion of a function, the function name is all in lowercase and the macro has the same name all in uppercase. If a macro needs more than a single line, use braces (‘{’ and ‘}’). Right-justify the backslashes; it makes it easier to read. If the macro encapsulates a compound statement, enclose it in a do loop, so that it can safely be used in if statements. Any final statement-terminating semicolon should be supplied by the macro invocation rather than the macro, to make parsing easier for pretty-printers and editors.

#define	MACRO(x, y) do {						\
	variable = (x) + (y);						\
	(y) += 2;							\
} while (0)

Enumeration values are all uppercase.

enum enumtype { ONE, TWO } et;

As fixed size integers the POSIX defined types are preferred:

uint8_t		8 bits fixed size unsigned integer
uint16_t	16 bits fixed size unsigned integer
uint32_t	32 bits fixed size unsigned integer
uint64_t	64 bits fixed size unsigned integer

When declaring variables in structures, declare them sorted by use, then by size, and then in alphabetical order. The first category normally does not apply, but there are exceptions. Each one gets its own line. Try to make the structure readable by aligning the member names using either one or two tabs depending upon your judgment. You should use one tab if it suffices to align most of the member names. Names following extremely long types should be separated by a single space.

Major structures should be declared at the top of the file in which they are used, or in separate header files if they are used in multiple source files. Use of the structures should be by separate declarations and should be extern if they are declared in a header file.

struct foo {
	struct foo	*next;		/* List of active foo. */
	struct mumble	amumble;	/* Comment for mumble. */
	int		bar;		/* Try to align the comments. */
	struct verylongtypename *baz;	/* Won't fit in 2 tabs. */
};
struct foo *foohead;			/* Head of global foo list. */

Use queue(3) macros rather than rolling your own lists, whenever possible. Thus, the previous example would be better written:

#include <sys/queue.h>

struct foo {
	LIST_ENTRY(foo)	link;		/* Use queue macros for foo lists. */
	struct mumble	amumble;	/* Comment for mumble. */
	int		bar;		/* Try to align the comments. */
	struct verylongtypename *baz;	/* Won't fit in 2 tabs. */
};
LIST_HEAD(, foo) foohead;		/* Head of global foo list. */

Avoid using typedefs for structure types. This makes it impossible for applications to use pointers to such a structure opaquely, which is both possible and beneficial when using an ordinary struct tag. When convention requires a typedef, make its name match the struct tag. Avoid typedefs ending in “_t”, except as specified in Standard C or by POSIX.

/* Make the structure name match the typedef. */
typedef struct bar {
	int	level;
} BAR;
typedef	int		foo;		/* This is foo. */
typedef	const long	baz;		/* This is baz. */

All functions are prototyped somewhere.

Function prototypes for private functions (i.e. functions not used elsewhere) go at the top of the first source module. Functions local to one source module should be declared static.

Functions used from other parts of the kernel are prototyped in the relevant include file.

Functions that are used locally in more than one module go into a separate header file, e.g. "extern.h".

Do not use the register keyword and the __P macro from the include file <sys/cdefs.h>. Code in the DragonFly source tree is not expected to be K&R compliant.

Changes to existing files should be consistent with that file's conventions. In general, code can be considered “new code” when it makes up about 50% or more of the file(s) involved. This is enough to break precedents in the existing code and use the current style guidelines.

Function prototypes for the kernel have parameter names associated with parameter types. E.g., in the kernel use:

void	function(int fd);

Prototypes that are visible to userland applications should not include parameter names with the types, to avoid possible collisions with defined macro names. I.e., use:

void	function(int);

Prototypes may have an extra space after a tab to enable function names to line up:

static char	*function(int, const char *, struct foo *, struct bar *,
		     struct baz **);
static void	 usage(void);

/*
 * All major routines should have a comment briefly describing what
 * they do.  The comment before the "main" routine should describe
 * what the program does.
 */
int
main(int argc, char **argv)
{
	long num;
	int ch;
	char *ep;

For consistency, getopt(3) should be used to parse options. Options should be sorted in the getopt(3) call and the switch statement, unless parts of the switch cascade. Elements in a switch statement that cascade should have a FALLTHROUGH comment, unless they contain no code of their own. Numerical arguments should be checked for accuracy. Code that cannot be reached should have a NOTREACHED comment.

	while ((ch = getopt(argc, argv, "abn:")) != -1)
		switch (ch) {		/* Indent the switch. */
		case 'a':		/* Don't indent the case. */
			aflag = 1;
			/* FALLTHROUGH */
		case 'b':
			bflag = 1;
			break;
		case 'n':
			num = strtol(optarg, &ep, 10);
			if (num <= 0 || *ep != '\0') {
				warnx("illegal number, -n argument -- %s",
				    optarg);
				usage();
			}
			break;
		default:
			usage();
			/* NOTREACHED */
		}
	argc -= optind;
	argv += optind;

Put a single space after control statement keywords (if, do, while, for, switch). No braces are used for control statements with zero or only a single statement unless that statement is more than a single line in which case they are permitted. ‘Forever’ loops (loops with no test expression, which are only terminated by a break, return or exit inside the loop body) are done with for's, not while's.

	for (p = buf; *p != '\0'; ++p)
		;	/* nothing */
	for (;;)
		stmt;
	for (;;) {
		z = a + really + long + statement + that + needs +
		    two + lines + gets + indented + four + spaces +
		    on + the + second + and + subsequent + lines;
	}
	for (;;) {
		if (cond)
			stmt;
	}
	if (val != NULL)
		val = realloc(val, newsize);

Parts of a for loop may be left empty. Do not put declarations inside blocks unless the routine is unusually complicated.

	for (; cnt < 15; cnt++) {
		stmt1;
		stmt2;
	}

Indentation used for program block structure is an 8 character tab. Second level indents used for line continuation are four spaces. If you have to wrap a long statement, put the operator at the end of the line.

	while (cnt < 20 && this_variable_name_is_really_far_too_long &&
	    ep != NULL) {
		z = a + really + long + statement + that + needs +
		    two + lines + gets + indented + four + spaces +
		    on + the + second + and + subsequent + lines;
	}

Do not add whitespace at the end of a line, and only use tabs followed by spaces to form the indentation. Do not use more spaces than a tab will produce and do not use spaces in front of tabs.

Closing and opening braces go on the same line as the else. Braces that are not necessary may be left out, but always use braces around complex or confusing sequences, for example if any part of a conditional is multi-line, use braces for all parts of the conditional, and use braces around multi-line substatements of loops or conditionals even if they are theoretically one statement from the compiler's point of view.

	if (test)
		stmt;
	else if (bar)
		stmt;
	else
		stmt;

	if (test) {
		stmt;
	} else if (bar) {
		stmt;
		stmt;
	} else {
		stmt;
	}

	/* THIS IS WRONG, BRACES SHOULD BE USED */
	if (fubar)
		/* xyz */
		x = 1;

	/* THIS IS ALSO WRONG, USE BRACES AROUND THE OUTER CONDITIONAL */
	if (fubar)
		if (barbaz)
			x = 1;

Do not put spaces after function names, after ‘(’ or ‘[’ characters, or preceding ‘]’, ‘)’, ‘;’, or ‘,’ characters. But do put a space after commas and semicolons if there is further text on the same line.

	error = function(a1, a2);
	if (error != 0)
		exit(error);

Unary operators do not require spaces around them, but binary operators (except for ‘.’ and ‘->’) do. Do not use parentheses unless they are required for precedence or unless the statement is confusing without them. Remember that other people may become confused more easily than you. Do YOU understand the following?

	a = b->c[0] + ~d == (e || f) || g && h ? i : j >> 1;
	k = !(l & FLAGS);

Casts are not followed by a space. Note that indent(1) does not understand this rule. Also, for the purposes of formatting, treat return and sizeof as functions. In other words, they are not followed by a space, and their single argument should be enclosed in parentheses.

Exits should be 0 on success, or according to the predefined values in sysexits(3).

	exit(EX_OK);	/*
			 * Avoid obvious comments such as
			 * "Exit 0 on success."
			 */
}

The function type should be on a line by itself preceding the function.

static char *
function(int a1, int a2, float fl, int a4)
{

When declaring variables in functions declare them sorted by size, then in alphabetical order; multiple ones per line are okay. If a line overflows reuse the type keyword.

Be careful to not obfuscate the code by initializing variables in the declarations. Use this feature only thoughtfully. DO NOT use function calls in initializers.

	struct foo one, *two;
	double three;
	int *four, five;
	char *six, seven, eight, nine, ten, eleven, twelve;

	four = myfunction();

Do not declare functions inside other functions; ANSI C says that such declarations have file scope regardless of the nesting of the declaration. Hiding file declarations in what appears to be a local scope is undesirable and will elicit complaints from a good compiler.

NULL is the preferred null pointer constant. Use NULL instead of (type *)0 or (type *)NULL in contexts where the compiler knows the type, e.g., in assignments. Use (type *)NULL in other contexts, in particular for all function args. (Casting is essential for variadic args and is necessary for other args if the function prototype might not be in scope.) Test pointers against NULL, e.g., use:

(p = f()) == NULL

not:

!(p = f())

Do not use ! for tests unless it is a boolean, e.g. use

if (*p == '\0')

not

if (!*p)

Do not cast the unused return value of a function to (void).

Routines returning void * should not have their return values cast to any pointer type.

Use err(3) or warn(3), do not roll your own.

	if ((four = malloc(sizeof(struct foo))) == NULL)
		err(1, NULL);
	if ((six = (int *)overflow()) == NULL)
		errx(1, "number overflowed");
	return(eight);
}

Avoid old-style function declarations that look like this:

static char *
function(a1, a2, fl, a4)
	int a1, a2;	/* Declare ints, too, don't default them. */
	float fl;	/* Beware double vs. float prototype differences. */
	int a4;		/* List in order declared. */
{

Use ANSI function declarations instead. Long parameter lists are wrapped so that the first parameter on each line lines up.

Try to avoid using obsolete functions such as: ftime(3), getwd(3), index(3), rindex(3), mktemp(3) and utimes(3).

All new code must avoid using unbounded string functions. For example, strlcpy(3) should be used instead of strcpy(3), and snprintf(3) should be used instead of sprintf(3).

Varargs procedures should be formatted as follows:

#include <stdarg.h>

void
vaf(const char *fmt, ...)
{
	va_list va;

	va_start(va, fmt);
	STUFF;
	va_end(va);
	/* No return needed for void functions. */
}

Use printf(3), not fputs(3), puts(3), putchar(3), whatever; it is faster and usually cleaner, not to mention avoiding stupid bugs.

Usage statements should look like the manual pages SYNOPSIS. The usage statement should be structured in the following order:

1. Options without operands come first, in alphabetical order, inside a single set of brackets (‘[’ and ‘]’).
2. Options with operands come next, also in alphabetical order, with each option and its argument inside its own pair of brackets.
3. Required arguments (if any) are next, listed in the order they should be specified on the command line.
4. Finally, any optional arguments should be listed, listed in the order they should be specified, and all inside brackets.

A bar (‘|’) separates “either-or” options/arguments, and multiple options/arguments which are specified together are placed in a single set of brackets.

"usage: f [-aDde] [-b b_arg] [-m m_arg] req1 req2 [opt1 [opt2]]\n"
"usage: f [-a | -b] [-c [-dEe] [-n number]]\n"

void
usage(void)
{
	fprintf(stderr, "usage: f [-ab]\n");
	exit(EX_USAGE);
}

Note that the manual page options description should list the options in pure alphabetical order. That is, without regard to whether an option takes arguments or not. The alphabetical ordering should take into account the case ordering shown above.

New core kernel code should be reasonably compliant with the style guides. The guidelines for third-party maintained modules and device drivers are more relaxed but at a minimum should be internally consistent with their style.

Stylistic changes (including whitespace changes) are hard on the source repository and are to be avoided without good reason. Code that is approximately DragonFly KNF style compliant in the repository must not diverge from compliance.

DragonFly's default warning options are a reasonable subset and -Werror is enabled for kernel and world, so passing buildworld or buildkernel alone is a good check. The warnings of most recent compilers are of high quality. Further analysis can be done using one of the various code checkers such as cppcheck(1) or clang(1)'s static analyzer.