|
|
This page documents some Stork coding guidelines.
|
|
|
|
|
|
Refer also to the [Kea coding guidelines](https://gitlab.isc.org/isc-projects/kea/wikis/Processes/coding-guidelines) and [BIND best practices](https://gitlab.isc.org/isc-projects/bind9/wikis/best-practices). They should be used where they do not conflict with the guidelines on this page. This is because we expect some ISC developers work on both versions of code, and in that case it's easier to maintain the code if the styles are as compatible as possible.
|
|
|
Some of the styles derived from BIND 9 that are often forgotten or misunderstood are explicitly mentioned below. Having said that, Stork is a project with radically different environment. We don't need to stick to old rules invented for C code in the 1990s.
|
|
|
|
|
|
# Test-Driven Development
|
|
|
|
|
|
[Kea project](https://gitlab.isc.org/isc-projects/kea) proved beyond any doubt that [TDD](https://en.wikipedia.org/wiki/Test-driven_development) works and improves the code quality. We absolutely want to repeat the exercise in Stork. However, there are some lessons learned in Kea project. In general, unit-tests should be developed alongside the production code (before the code if possible) and included in the same MRs. Having said that, Kea project sometimes went a bit overboard with this and there were cases when people were wasting time implementing unit-tests for trivial getters and setters. That's not the goal here.
|
|
|
|
|
|
The intention is to make sure that the most complex or tricky parts of the code should be testable and we should have reasonable confidence in them being correct. There's another essential aspect here. If you feel that it's not possible to write unit-tests for your new code, perhaps your new code is structured badly? This is one of two major reasons why the tests cannot be written letter. The other is that there's never good time to come back and implement tests...
|
|
|
|
|
|
Finally, Stork is currently approved for 6 months. We don't want to have few features with super extensive tests. This could kill the project. On the other hand, we don't want to have tons of buggy features that don't work. We need to take a middle ground. Please use common sense. If in doubt, please ask @tomek for suggestions.a
|
|
|
|
|
|
# Documentation
|
|
|
|
|
|
<details>
|
|
|
<summary>Testing/Documentation addresses and prefixes</summary>
|
|
|
|
|
|
Use 192.0.2.0/24 (see [RFC5737](https://tools.ietf.org/html/rfc5737) and 2001:db8::/32 (see [RFC3849](https://tools.ietf.org/html/rfc3849) for purposes like addresses used in test cases or examples in documentation. Likewise, use reserved example domain names such as example.com, .test, .example, etc for domain names used in these cases (see [RFC2606](https://tools.ietf.org/html/rfc2606)). They are reserved by specifications and should be the safest in terms of collision avoidance.
|
|
|
|
|
|
</details>
|
|
|
<details>
|
|
|
<summary> TODO Comments </summary>
|
|
|
|
|
|
We sprinkle comments in code with keywords to indicate pending work.
|
|
|
|
|
|
In Kea, @todo is preferred. It should be prepended with triple ///, so it will show up on a nicely auto-generated Doxygen todo list. If there is a corresponding ticket, feel free to specify its number in the comment. Unless other wise specified, issue #1234 means a ticket in the trac, available at http://kea.isc.org.
|
|
|
</details>
|
|
|
|
|
|
## Dead code
|
|
|
|
|
|
Dead code is bad; it suffers from code rot, and it looks unclean. There are some circumstances where there is a reason to keep a bit of unused code around for a while, but these should be the exception rather than the rule, and it should be very clear why it is there, and on what conditions and when it will be re-enabled or removed completely.
|
|
|
|
|
|
Any dead code (both files that are unused and blocks of commented-out code) should in principle be removed. If there is a very good reason to keep it around for a while, it must be accompanied by a comment explaining why it is still there, and when it will be removed or enabled again. This comment should point to a ticket so that we do not forget about it.
|
|
|
|
|
|
# Go Style
|
|
|
|
|
|
Used by backend server and agent. Details TBD
|
|
|
|
|
|
# TypeScript Style
|
|
|
|
|
|
Used by UI. Details TBD
|
|
|
|
|
|
# General
|
|
|
|
|
|
Use all all-lowercase characters for file names. Use dash as a separator (e.g. stork-agent.go). This is consistent with the current practice in kea. Not mixing lower/upper cases will also help avoid name conflicts in a case insensitive file system, such as MacOS.
|
|
|
|
|
|
## Ordering Include Files
|
|
|
|
|
|
We include our own project headers first, then library, and finally system headers, whenever possible. Each header is expected to have any necessary `import` statements it needs, and this helps insure that.
|
|
|
|
|
|
## Line length
|
|
|
|
|
|
The project kicked off in 2019. FullHD are ubiquitous with large 4K displays are getting common. In the general case, the code should have no more than 128 columns. This is let developers display two panels side by side. In some exceptional cases (such as URL), the code may be extended to 160 columns, but this should be rare occurrence.
|
|
|
|
|
|
## Tabs & Indentation
|
|
|
|
|
|
Do not use hard tabs.
|
|
|
|
|
|
Indentation at each level is 4 spaces for C++, other languages should use what is "usual and expected."
|
|
|
|
|
|
## Curly Braces
|
|
|
|
|
|
Always add braces even for a single-line block:
|
|
|
```cpp
|
|
|
if (something_holds) {
|
|
|
perform something;
|
|
|
} else if (nonorthogonal_condition) {
|
|
|
perform otherthing;
|
|
|
} else { // optionally comment to clarify the fully orthogonal case
|
|
|
perform finalthing;
|
|
|
}
|
|
|
```
|
|
|
|
|
|
### Opening Curly Braces for Functions
|
|
|
|
|
|
The opening curly brace should occur on the same line as the argument list, unless the argument list is more than one line long.
|
|
|
|
|
|
```cpp
|
|
|
void
|
|
|
f(int i) {
|
|
|
// whatever
|
|
|
}
|
|
|
|
|
|
int
|
|
|
g(int i, /* other args here */
|
|
|
int last_argument)
|
|
|
{
|
|
|
return (i * i);
|
|
|
}
|
|
|
```
|
|
|
|
|
|
This was derived from the BIND 9 coding guideline. It's known this style may look awkward (and even may look inconsistent) for some, but for the reason stated at the beginning we follow this style.
|
|
|
|
|
|
### Curly Braces for Catch
|
|
|
|
|
|
A catch statement should have braces on a single line, like this:
|
|
|
```cpp
|
|
|
.
|
|
|
.
|
|
|
.
|
|
|
} catch (const SomeException& ex) {
|
|
|
.
|
|
|
.
|
|
|
.
|
|
|
```
|
|
|
|
|
|
Note if the ex parameter is not used it should be omitted.
|
|
|
|
|
|
## Parentheses
|
|
|
|
|
|
Do put a space after 'return', and also parenthesize the return value.
|
|
|
|
|
|
```cpp
|
|
|
return 1; // BAD
|
|
|
return (1); // Good
|
|
|
```
|
|
|
|
|
|
This was derived from the BIND 9 coding guideline.
|
|
|
|
|
|
## Operators
|
|
|
|
|
|
Use operator methods in a readable way. In particular, use the
|
|
|
following style with `operator==`:
|
|
|
|
|
|
```cpp
|
|
|
if (x == 10) { // Good
|
|
|
// do something that has to be done when x is equal to 10
|
|
|
}
|
|
|
```
|
|
|
|
|
|
instead of this:
|
|
|
|
|
|
```cpp
|
|
|
if (10 == x) { // BAD
|
|
|
// do something that has to be done when x is equal to 10
|
|
|
}
|
|
|
```
|
|
|
|
|
|
because the former style is much more readable and intuitive for
|
|
|
humans. While the latter style might help detect bugs like dropping
|
|
|
one `=` in the expression, modern compilers with proper warning levels
|
|
|
can do the same job more comprehensively. This is especially so for
|
|
|
cleanly written C++ code (compared to plain old C).
|
|
|
|
|
|
See also developers' discussions at:
|
|
|
https://lists.isc.org/pipermail/bind10-dev/2012-March/003266.html
|
|
|
|
|
|
### Increment and Decrement operators (++/--)
|
|
|
|
|
|
Use the prefix form of increment/decrement operators by default:
|
|
|
|
|
|
```cpp
|
|
|
// for (int i = 0; i < 10; i++) { // No good
|
|
|
for (int i = 0; i < 10; ++i) { // Good
|
|
|
// do something for i = 0..10
|
|
|
}
|
|
|
```
|
|
|
|
|
|
Preferring the prefix form of these operators is a well known practice
|
|
|
for non trivial types due to performance reasons. And, for
|
|
|
consistency, we use the same style for basic types like `int` even if
|
|
|
it's mostly a preference matter for such types. By being consistent,
|
|
|
it will be easier to notice when we use the less efficient style when
|
|
|
it really matters.
|
|
|
|
|
|
Sometimes the context requires the use of postfix form, in which case
|
|
|
it's okay to use that form. But if the intent is not obvious from the
|
|
|
context, leave a comment about why the different form is used (since
|
|
|
it's subjective whether it's "obvious", it's generally a good idea to
|
|
|
leave the comment in this case).
|
|
|
|
|
|
## Operator Overloading ##
|
|
|
|
|
|
Operator overloading is allowed when it's considered intuitive and
|
|
|
helpful for improving code readability. But care should be taken,
|
|
|
because often it could be only intuitive for that developer who
|
|
|
introduced it. If it doesn't look intuitive for the reviewer, the
|
|
|
developer has responsibility to convince the reviewer; if it fails the
|
|
|
default action is to use non operator method/function for that
|
|
|
purpose.
|
|
|
|
|
|
It's recommended to define `operator<<(std::ostream& os, const TheClass& obj)`
|
|
|
if `TheClass` has `operator==()` and `toText()` methods. This allows
|
|
|
the class can be used in `EXPECT_EQ` (and its variants) in googletests.
|
|
|
|
|
|
The following rule was deprecated. It doesn't seem to be followed
|
|
|
anyway, and no one remembered why it had been introduced.
|
|
|
|
|
|
~~When a class supports operator overloading, then there should also
|
|
|
be non-overloaded methods:~~
|
|
|
|
|
|
```cpp
|
|
|
class Foo {
|
|
|
public:
|
|
|
// This rule was deprecated.
|
|
|
//bool equals(const Foo& other) const;
|
|
|
bool operator==(const Foo& other) const { return (equals(other)); }
|
|
|
}
|
|
|
```
|
|
|
|
|
|
## Explicit Constructors
|
|
|
|
|
|
By default C++ constructors with one argument are conversion functions. When they are not (which is the general case) they should be explicit as in:
|
|
|
```cpp
|
|
|
class Foo {
|
|
|
public:
|
|
|
// Constructor with one argument
|
|
|
explicit Foo(std::string name);
|
|
|
}
|
|
|
```
|
|
|
|
|
|
## Class Attributes
|
|
|
|
|
|
Accessors for class attributes should be called '''`getXxx()`'''.
|
|
|
|
|
|
Mutators for class attributes should be called '''`setXxx()`'''.
|
|
|
|
|
|
(where xxx is the attribute)
|
|
|
|
|
|
## Naming
|
|
|
|
|
|
Don't start things with underscores. According to Stroustrup's C++ book:
|
|
|
Names starting with an underscore are reserved for special facilities in the implementation and the run-time environment, so such names should not be used in application programs.
|
|
|
|
|
|
Class names are '''`LikeThis`''', methods are '''`likeThis()`''', variables are '''`like_this`''', and constants are '''`LIKE_THIS`'''. Data class members are '''`like_this_`'''.
|
|
|
|
|
|
Enumerations are written as
|
|
|
```cpp
|
|
|
enum EnumName {
|
|
|
FOO,
|
|
|
BAR
|
|
|
} enum_instance;
|
|
|
```
|
|
|
|
|
|
Note that unless you have a specific reason to set specific values, leave specific values off. These can be written if needed:
|
|
|
```cpp
|
|
|
enum ExamplePortNumbers {
|
|
|
DNS = 53,
|
|
|
DHCP = 68
|
|
|
};
|
|
|
```
|
|
|
|
|
|
== Where to Put Reference and Pointer Operators ==
|
|
|
|
|
|
In C++, it seems to be more common to not insert a space between the
|
|
|
type and the operator:
|
|
|
|
|
|
```cpp
|
|
|
int* int_var;
|
|
|
int& int_ref;
|
|
|
```
|
|
|
|
|
|
## Sizeof Bool
|
|
|
The C++ standard does not require that `sizeof(bool)` is one: it is compiler dependent!
|
|
|
So it should not be used and `sizeof(uint8_t)` is recommended instead.
|
|
|
|
|
|
## Comments
|
|
|
|
|
|
Multiline comments can be written in C++ or C style (that is, with // or /* */ marks).
|
|
|
|
|
|
```cpp
|
|
|
/*
|
|
|
* This is a comment. It is important probably.
|
|
|
*/
|
|
|
```
|
|
|
|
|
|
```cpp
|
|
|
//
|
|
|
// This is a comment. It is important probably.
|
|
|
//
|
|
|
```
|
|
|
|
|
|
```cpp
|
|
|
/* This is also ok. */
|
|
|
|
|
|
// As is this.
|
|
|
```
|
|
|
|
|
|
Comments at the end of lines should usually be C++ style:
|
|
|
|
|
|
```cpp
|
|
|
class Foo {
|
|
|
int bar_length; // The length of the bar in millimeters.
|
|
|
};
|
|
|
```
|
|
|
|
|
|
### Doxygen Comment Style
|
|
|
|
|
|
When writing a Doxygen special comment block there are several possible styles:
|
|
|
|
|
|
http://www.stack.nl/~dimitri/doxygen/docblocks.html
|
|
|
|
|
|
Doxygen keywords should be prepended with @, not with a backslash. The reason to prefer @ is that backslash may confuse scripts that would go over the code. There is some inconsistency in this regard. There are large parts of older code that still use backslash. It is a matter of personal taste to keep consistency with what is in the file vs. strictly sticking with this principle.
|
|
|
|
|
|
We use the C++ style of 3-slashes:
|
|
|
|
|
|
```cpp
|
|
|
/// A lot of examples are called foo().
|
|
|
///
|
|
|
/// @param baz foo() usually takes an argument
|
|
|
void
|
|
|
foo(Bar baz) {
|
|
|
...
|
|
|
}
|
|
|
```
|
|
|
|
|
|
Make sure inserting a blank line between two function/method
|
|
|
declarations or definitions:
|
|
|
```cpp
|
|
|
class Bad {
|
|
|
/// @brief Short description for bad1
|
|
|
void bad1();
|
|
|
/// @brief Short description for bad2, which may also look for bad1().
|
|
|
void bad2();
|
|
|
};
|
|
|
```
|
|
|
|
|
|
```cpp
|
|
|
class Good {
|
|
|
/// @brief Short description for good1
|
|
|
void good1();
|
|
|
|
|
|
/// @brief Short description for good2, which should be much clearer.
|
|
|
void good2();
|
|
|
};
|
|
|
```
|
|
|
|
|
|
### Explicit @brief for Doxygen
|
|
|
|
|
|
If you don't use @brief as the first thing in your doxygen comment, then doxygen will turn the first paragraph into a @brief description anyway. However, we include it anyway so that everybody understands that this is the @brief description.
|
|
|
|
|
|
## Methods and Functions
|
|
|
|
|
|
### Opening Curly Braces
|
|
|
|
|
|
For methods where the arguments all fit on one line with the curly brace, it should be written on one line:
|
|
|
|
|
|
```cpp
|
|
|
int
|
|
|
methodName(int argument_one, std::string message) {
|
|
|
...
|
|
|
}
|
|
|
```
|
|
|
|
|
|
Where this is not possible the curly brace should go on a line by itself:
|
|
|
|
|
|
```cpp
|
|
|
int
|
|
|
methodName(int argument_one, std::string message,
|
|
|
int another_argument)
|
|
|
{
|
|
|
...
|
|
|
}
|
|
|
```
|
|
|
|
|
|
### Virtual Methods
|
|
|
|
|
|
Explicitly add `virtual` to method declarations in derived classes:
|
|
|
|
|
|
```cpp
|
|
|
|
|
|
class Base {
|
|
|
// this 'virtual' is absolutely necessary
|
|
|
virtual void toBeVirtual();
|
|
|
};
|
|
|
|
|
|
class Derived : public Base {
|
|
|
// this 'virtual' is not necessarily needed, but add it per this guideline
|
|
|
virtual void toBeVirtual();
|
|
|
}
|
|
|
```
|
|
|
|
|
|
This way it's easier to recognize `Derived::toBeVirtual()` is (more
|
|
|
likely to be) defined as a virtual method in the `Base` class without
|
|
|
referring to the base class definition. It could also mean that
|
|
|
`toBeVirtual` is not defined in the base class and is intended to work
|
|
|
as a virtual methods for classes derived further from `Derived`, but
|
|
|
in practice that's a very rare case; in most cases we use these classes
|
|
|
through the (top) base class interfaces.
|
|
|
|
|
|
### Const references
|
|
|
|
|
|
With anything but primitive types (like int or bare pointer), it is better to pass them as const reference when possible, to avoid overhead of calling the copy constructor and copying a lot of data.
|
|
|
|
|
|
This includes smart pointers, some of them can be relatively expensive to copy.
|
|
|
|
|
|
```cpp
|
|
|
void
|
|
|
function(const boost::shared_ptr<DataType>& param) {
|
|
|
...
|
|
|
}
|
|
|
```
|
|
|
|
|
|
### Exception-safe getters and string-production methods
|
|
|
|
|
|
Unless there's a compelling reason to do so neither member value getter methods nor and string-production methods, such as toString(), should throw exceptions. Normally a class member is prevented from ever having an invalid value so there is arguably a getter never has a reason to throw, and string-production methods should always be safe to invoke once a class has been instantiated. Both types of methods are commonly used as log statement arguments where one should not have to worry about catching exceptions.
|
|
|
|
|
|
## Log Statement Safety
|
|
|
|
|
|
It is extremely important to examine all arguments passed into a log
|
|
|
statement to ensure they will produce safe values at runtime:
|
|
|
- Can the argument (or any part of it) be NULL? If so is this taken into account?
|
|
|
- If the argument invokes any fuctions, are they exception safe?
|
|
|
- If it involves indirection, does this always resolve into a usable value?
|
|
|
- If it raises an exception, is the exception caught? This includes double errors, i.e., log statements in an exception handler.
|
|
|
|
|
|
Log statements are less than helpful if they cause the program to segfault or throw.
|
|
|
|
|
|
# User Interface (UI) Guidelines
|
|
|
|
|
|
TBD
|
|
|
|
|
|
# Imported Code
|
|
|
|
|
|
If you import code from another project, try to continue the style of the imported project if changes need to be made. This is for two reasons, one is to make merging future versions easier. The other is the encouragement of submitting changes upstream.
|
|
|
|
|
|
# Guidelines Adopted by Other Projects
|
|
|
|
|
|
Other projects have their own coding guidelines. Here're some
|
|
|
examples of such guidelines. These are reference purposes only;
|
|
|
unless explicitly stated we also adopt some part of other guidelines,
|
|
|
they are not part of the Stork's coding guidelines.
|
|
|
|
|
|
* Google: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml
|
|
|
* Mozilla: https://developer.mozilla.org/en/Mozilla_Coding_Style_Guide
|
|
|
* XORP: http://cvsweb.xorp.org/cgi-bin/cvsweb.cgi/xorp/devnotes/coding-style.txt?rev=1.7;content-type=text%2Fplain
|
|
|
|