- Couchbase Editors's Note
- Introduction
- Languages, Libraries, and Standards
- Mechanical Source Issues
- Style Issues
- The High-Level Issues
- The Low-Level Issues
- Name Types, Functions, Variables, and Enumerators Properly
- Use exceptions instead of assert()s
- Do Not Use
using namespace std
- Provide a Virtual Method Anchor for Classes in Headers
- Don't use default labels in fully covered switches over enumerations
- Don't use
inline
when defining a function in a class definition
- Microscopic Details
- Clang Tidy
- See Also
This document is a fork of LLVM's CodingStandards, with additions / removals as appropriate for KV-Engine. This was chosen as a starting point (instead of creating our own from scratch) because the vast majority of LLVM's document is applicable to Couchbase:
- LLVM has a number of parallels with KV-Engine (systems / infrastructure software implemented in Modern C++, but needs to support multiple platforms so not /too/ modern).
- LLVM's coding style is similar to ours.
Having said that, there are a number of differences. Those which are simply textual have been search-replaced (LLVM -> KV-Engine); others which are not at all relevent simply deleted.
The remaining differences are aspirational - the LLVM standard (and hence now this one ;) ) - contains many suggestions for good style which I would like to encourage in our code. While we don't at time of writing meet all these guidelines, we should strive to.
- CB Note:
- Couchbase-specific annotations/commentary are indicated with (CB Note:) tag (such as here). These are used when it is useful to keep the original LLVM content, but highlight how the KV-Engine standards differ.
This document attempts to describe a few coding standards that are being used in the KV-Engine source tree. Although no coding standards should be regarded as absolute requirements to be followed in all instances, coding standards are particularly important for large-scale code bases that follow a library-based design (like KV-Engine).
While this document may provide guidance for some mechanical formatting issues, whitespace, or other "microscopic details", these are not fixed standards. Always follow the golden rule:
If you are extending, enhancing, or bug fixing already implemented code, use the style that is already being used so that the source is uniform and easy to follow.
There are some conventions that are not uniformly followed in the code base (e.g. the naming convention). This is because they are relatively new, and a lot of code was written before they were put in place. Our long term goal is for the entire codebase to follow the convention, but we explicitly do not want patches that do large-scale reformating of existing code. On the other hand, it is reasonable to rename the methods of a class if you're about to change it in some other way. Just do the reformating as a separate commit from the functionality change.
The ultimate goal of these guidelines is to increase the readability and maintainability of our common source base. If you have suggestions for topics to be included, please mail them to DaveR.
In 2015 Bjarne Stroustrup & others announced the C++ Core Guidelines<http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines> - a collaborative effort to help people use modern C++ efficiently. To quote from their introduction:
The guidelines are focused on relatively higher-level issues, such as interfaces, resource management, memory management, and concurrency. Such rules affect application architecture and library design. Following the rules will lead to code that is statically type-safe, has no resource leaks, and catches many more programming logic errors than is common in code today. And it will run fast -- you can afford to do things right.
Since their introduction they have quickly become a de-facto (if not offical, given Bjarne's blessing!) standard in the C++ community, and KV-Engine is no different - we aim to follow where appropriate the Core C++ Guidelines.
For any topic not explicitly covered or overruled in this document, please make use of the advise in the Core C++ Guidelines.
Most source code in KV-Engine and other KV-Engine projects using these coding standards is C++ code. There are some places where C code is used either due to environment restrictions, historical restrictions, or due to third-party source code imported into the tree. Generally, our preference is for standards conforming, modern, and portable C++ code as the implementation language of choice.
KV-Engine is currently written using C++11 conforming code, although we restrict ourselves to features which are available in the major toolchains supported as host compilers. Regardless of the supported features, code is expected to (when reasonable) be standard, portable, and modern C++11 code. We avoid unnecessary vendor-specific extensions, etc.
Use the C++ standard library facilities whenever they are available for a particular task. KV-Engine and related projects emphasize and rely on the standard library facilities for as much as possible. Common support libraries providing functionality missing from the standard library for which there are standard interfaces or active work on adding standard interfaces will often be implemented in the cb namespace following the expected standard interface.
While KV-Engine uses C++11, not all features are available in all of the toolchains which we support.
The ultimate definition of this set is what build bots with those respective toolchains accept. Don't argue with the build bots. However, we have some guidance below to help you know what to expect.
Each toolchain provides a good reference for what it accepts:
- Clang: http://clang.llvm.org/cxx_status.html
- GCC: http://gcc.gnu.org/projects/cxx0x.html
- MSVC: http://msdn.microsoft.com/en-us/library/hh567368.aspx
In most cases, the MSVC list will be the dominating factor. Here is a summary of the features that are expected to work. Features not on this list are unlikely to be supported by our host compilers.
- CB Note:
- The following list hasn't been verified against the Couchbase builders, but it's probably a reasonable starting point for our environment also.
- Rvalue references: N2118
- But not Rvalue references for
*this
or member qualifiers (N2439)
- But not Rvalue references for
- Static assert: N1720
auto
type deduction: N1984, N1737- Trailing return types: N2541
- Lambdas: N2927
- But not lambdas with default arguments.
decltype
: N2343- Nested closing right angle brackets: N1757
- Extern templates: N1987
nullptr
: N2431- Strongly-typed and forward declarable enums: N2347, N2764
- Local and unnamed types as template arguments: N2657
- Range-based for-loop: N2930
- But
{}
are required around innerdo {} while()
loops. As a result,{}
are required around function-like macros inside range-based for loops.
- But
override
andfinal
: N2928, N3206, N3272- Atomic operations and the C++11 memory model: N2429
- Variadic templates: N2242
- Explicit conversion operators: N2437
- Defaulted and deleted functions: N2346
- Initializer lists: N2627
- Delegating constructors: N1986
- Default member initializers (non-static data member initializers): N2756
- Feel free to use these wherever they make sense and where the = syntax is allowed. Don't use braced initialization syntax.
The supported features in the C++11 standard libraries are less well tracked, but also much greater. Most of the standard libraries implement most of C++11's library. The most likely lowest common denominator is Linux support. For libc++, the support is just poorly tested and undocumented but expected to be largely complete. YMMV. For libstdc++, the support is documented in detail in the libstdc++ manual. There are some very minor missing facilities that are unlikely to be common problems, and there are a few larger gaps that are worth being aware of:
- Not all of the type traits are implemented
- No regular expression library.
- While most of the atomics library is well implemented, the fences are missing. Fortunately, they are rarely needed.
- The locale support is incomplete.
Other than these areas you should assume the standard library is available and working as expected until some build bot tells you otherwise. If you're in an uncertain area of one of the above points, but you cannot test on a Linux system, your best approach is to minimize your use of these features, and watch the Linux build bots to find out if your usage triggered a bug.
Comments are one critical part of readability and maintainability. Everyone knows they should comment their code, and so should you. When writing comments, write them as English prose, which means they should use proper capitalization, punctuation, etc. Aim to describe what the code is trying to do and why, not how it does it at a micro level. A comment must add value to the reader, which means that you shouldn't add "boilerplate" comments like:
/// Enum to represent colors
enum class Color { Red, Blue };
/// Get the username
std::string getUsername()
All comments are part of the codebase and must be maintained, and adding comments which don't add any value just means adding things we need to maintain (and an incorrect comment is worse than no comment).
Here are a few critical things to document:
Every source file should have a header on it that describes the basic purpose of the file. The standard header looks like this:
/*
* Copyright 2024-Present Couchbase, Inc.
*
* Use of this software is governed by the Business Source License
* included in the file licenses/BSL-Couchbase.txt. As of the Change
* Date specified in that file, in accordance with the Business Source
* License, use of this software will be governed by the Apache License,
* Version 2.0, included in the file licenses/APL2.txt.
*/
/**
* Checkpoint Cursor implementation
*
* A checkpoint cursor, representing the current position in a Checkpoint
* series.
* ...
*/
The main body is a doxygen
comment (identified by the /**
comment
marker instead of the usual //
) describing the purpose of the file. The
first sentence (or a passage beginning with @brief
) is used as an abstract.
Any additional information should be separated by a blank line. If an
algorithm is being implemented or something tricky is going on, a reference
to the paper where it is published should be included, as well as any notes or
gotchas in the code to watch out for.
Classes are one fundamental part of a good object oriented design. As such, a
class definition should have a comment block that explains what the class is
used for and how it works. Every non-trivial class is expected to have a
doxygen
comment block.
Methods defined in a class (as well as any global functions) should also be documented properly. A quick note about what it does and a description of the borderline behaviour is all that is necessary here (unless something particularly tricky or insidious is going on). The hope is that people can figure out how to use your interfaces without reading the code itself.
Good things to talk about here are what happens when something unexpected happens: does the method return null? Abort? Format your hard disk?
In general, prefer C++ style comments (//
for normal comments, ///
for
doxygen
documentation comments). They take less space, require
less typing, don't have nesting problems, etc. There are a few cases when it is
useful to use C style (/* */
for normal, /** */
for doxygen
) comments however:
- When writing C code: Obviously if you are writing C code, use C style comments.
- When writing a header file that may be
#include
d by a C source file. - When writing a source file that is used by a tool that only accepts C style comments.
- When writing a multi-line comment (3 or more lines).
Commenting out large blocks of code is discouraged, but if you really have to do
this (for documentation purposes or as a suggestion for debug printing), use
#if 0
and #endif
. These nest properly and are better behaved in general
than C style comments.
Use the @file
command to turn the standard file header into a file-level
comment.
Include descriptive paragraphs for all public interfaces (public classes,
member and non-member functions). Don't just restate the information that can
be inferred from the API name. The first sentence (or a paragraph beginning
with @brief
) is used as an abstract. Try to use a single sentence as the
@brief
adds visual clutter. Put detailed discussion into separate
paragraphs.
To refer to parameter names inside a paragraph, use the @p name
command.
Don't use the @arg name
command since it starts a new paragraph that
contains documentation for the parameter.
Wrap non-inline code examples in @code ... @endcode
.
To document a function parameter, start a new paragraph with the
@param name
command. If the parameter is used as an out or an in/out
parameter, use the @param [out] name
or @param [in,out] name
command,
respectively.
To describe function return value, start a new paragraph with the @return
command.
A minimal documentation comment:
/// Sets the xyzzy property to @p baz.
void setXyzzy(bool baz);
A documentation comment that uses all Doxygen features in a preferred way:
/// Does foo and bar.
///
/// Does not do foo the usual way if Wp Baz is true.
///
/// Typical usage:
/// @code
/// fooBar(false, "quux", res);
/// @endcode
///
/// @param quux kind of foo to do.
/// @param [out] result filled with bar sequence on foo success.
///
/// @return true on success.
bool fooBar(bool baz, StringRef quux, std::vector<int>& result);
Don't duplicate the documentation comment in the header file and in the implementation file. Put the documentation comments for public APIs into the header file. Documentation comments for private APIs can go to the implementation file. In any case, implementation files can include additional comments (not necessarily in Doxygen markup) to explain implementation details as needed.
Don't duplicate function or class name at the beginning of the comment. For humans it is obvious which function or class is being documented; automatic documentation processing tools are smart enough to bind the comment to the correct declaration.
Wrong:
// In Something.h:
/// Something - An abstraction for some complicated thing.
class Something {
public:
/// fooBar - Does foo and bar.
void fooBar();
};
// In Something.cpp:
/// fooBar - Does foo and bar.
void Something::fooBar() { ... }
Correct:
// In Something.h:
/// An abstraction for some complicated thing.
class Something {
public:
/// Does foo and bar.
void fooBar();
};
// In Something.cpp:
// Builds a B-tree in order to do foo. See paper by...
void Something::fooBar() { ... }
It is not required to use additional Doxygen features, but sometimes it might be a good idea to do so.
Immediately after the header file comment (and #pragma once
guard if working on a
header file), the minimal list of #includes required by the file should be
listed. We prefer these #include
s to be listed in this order:
- Project configuration header (
"config.h"
) - Main Module Header
- Local/Private Headers (
"other_class.h"
,"other_class2.h"
) - Subproject headers (
<platform/...>
,<memcached/...>
, etc) - System
#include
s (<iostream>
)
and each category should be sorted lexicographically by the full path.
This ordering is enforced via our Clang Format config file; however if that needs to be overridden then you can add a blank line between sets of headers as clang-format only sorts within a single paragraph of headers.
The Main Module Header file applies to .cc
files which implement an
interface defined by a .h
file. This #include
should always be included
first regardless of where it lives on the file system. By including a
header file first in the .cc
files that implement the interfaces, we ensure
that the header does not have any hidden dependencies which are not explicitly
#include
d in the header, but should be. It is also a form of documentation
in the .cc
file to indicate where the interfaces it implements are defined.
Write your code to fit within 80 columns of text. This helps those of us who
like to print out code and look at your code in an xterm
without resizing
it.
The longer answer is that there must be some limit to the width of the code in order to reasonably allow developers to have multiple files side-by-side in windows on a modest display. If you are going to pick a width limit, it is somewhat arbitrary but you might as well pick something standard. Going with 90 columns (for example) instead of 80 columns wouldn't add any significant value and would be detrimental to printing out code. Also many other projects have standardized on 80 columns, so some people have already configured their editors for it (vs something else, like 90 columns).
This is one of many contentious issues in coding standards, but it is not up for debate.
In all cases, prefer spaces to tabs in source files. People have different preferred indentation levels, and different styles of indentation that they like; this is fine. What isn't fine is that different editors/viewers expand tabs out to different tab stops. This can cause your code to look completely unreadable, and it is not worth dealing with.
As always, follow the Golden Rule above: follow the style of existing code if you are modifying and extending it. If you like two spaces of indentation, DO NOT do that in the middle of a chunk of code with four spaces of indentation. Also, do not reindent a whole source file: it makes for incredible diffs that are absolutely worthless.
Okay, in your first year of programming you were told that indentation is important. If you didn't believe and internalize this then, now is the time. Just do it. With the introduction of C++11, there are some new formatting challenges that merit some suggestions to help have consistent, maintainable, and tool-friendly formatting and indentation.
Braces should be used for all control structures (if
, else
,
switch
, do
, while
). This avoids any parse ambiguity, and
also reduces the "impact" on existing lines if a single-line condition
has to be expanded.
Example:
int manipulate(const std::vector<Foo>& vec) {
if (v.size() == 0) {
return 0;
}
for (auto& v: vec) {
if (v.isBlah()) {
// handle Blah case...
} else if (v.isUnusual()) {
// handle Unusual case...
}
}
...
}
When formatting a multi-line lambda, format it like a block of code, that's what it is. If there is only one multi-line lambda in a statement, and there are no expressions lexically after it in the statement, drop the indent to the standard four space indent for a block of code, as if it were an if-block opened by the preceding part of the statement:
std::sort(foo.begin(), foo.end(), [&](Foo a, Foo b) -> bool {
if (a.blah < b.blah) {
return true;
}
if (a.baz < b.baz) {
return true;
}
return a.bam < b.bam;
});
To take best advantage of this formatting, if you are designing an API which
accepts a continuation or single callable argument (be it a functor, or
a std::function
), it should be the last argument if at all possible.
If there are multiple multi-line lambdas in a statement, or there is anything
interesting after the lambda in the statement, indent the block four spaces from
the indent of the []
:
dyn_switch(v->stripPointerCasts(),
[] (PHINode* pn) {
// process phis...
},
[] (SelectInst* si) {
// process selects...
},
[] (LoadInst* li) {
// process loads...
},
[] (AllocaInst* ai) {
// process allocas...
});
With C++11, there are significantly more uses of braced lists to perform initialization. These allow you to easily construct aggregate temporaries in expressions among other niceness. They now have a natural way of ending up nested within each other and within function calls in order to build up aggregates (such as option structs) from local variables. To make matters worse, we also have many more uses of braces in an expression context that are not performing initialization.
The historically common formatting of braced initialization of aggregate variables does not mix cleanly with deep nesting, general expression contexts, function arguments, and lambdas. We suggest new code use a simple rule for formatting braced initialization lists: act as-if the braces were parentheses in a function call. The formatting rules exactly match those already well understood for formatting nested function calls. Examples:
foo({a, b, c}, {1, 2, 3});
llvm::Constant* mask[] = {
llvm::ConstantInt::get(llvm::Type::getInt32Ty(getLLVMContext()), 0),
llvm::ConstantInt::get(llvm::Type::getInt32Ty(getLLVMContext()), 1),
llvm::ConstantInt::get(llvm::Type::getInt32Ty(getLLVMContext()), 2)};
This formatting scheme also makes it particularly easy to get predictable, consistent, and automatic formatting with tools like Clang Format.
- CB Note:
We have a Clang Format config file (in
tlm/dot-clang-format
) which specifies the code style which should be used. This is installed byrepo
into the top-level of the checkout, and so is automatically picked up byclang-format
.Do not completely reformat a whole file when you change it - this introduces unnecessary whitespace (see the Golden Rule). Instead, use git clang-format which only reformats the line(s) which have already been touched by a patch.
If your code has compiler warnings in it, something is wrong --- you aren't casting values correctly, you have "questionable" constructs in your code, or you are doing something legitimately wrong. Compiler warnings can cover up legitimate errors in output and make dealing with a translation unit difficult.
It is not possible to prevent all warnings from all compilers, nor is it
desirable. Instead, pick a standard compiler (like gcc
) that provides a
good thorough set of warnings, and stick to it. At least in the case of
gcc
, it is possible to work around any spurious errors by changing the
syntax of the code slightly. For example, a warning that annoys me occurs when
I write code like this:
if (v = getValue()) {
...
}
gcc
will warn me that I probably want to use the ==
operator, and that I
probably mistyped it. In most cases, I haven't, and I really don't want the
spurious errors. To fix this particular problem, I rewrite the code like
this:
if ((v = getValue())) {
...
}
which shuts gcc
up. Any gcc
warning that annoys you can be fixed by
massaging the code appropriately.
In almost all cases, it is possible and within reason to write completely portable code. If there are cases where it isn't possible to write portable code, isolate it behind a well defined (and well documented) interface.
In practice, this means that you shouldn't assume much about the host compiler (and Visual Studio tends to be the lowest common denominator). If advanced features are used, they should only be an implementation detail of a library which has a simple exposed API.
Static constructors and destructors (e.g. global variables whose types have a constructor or destructor) should not be added to the code base, and should be removed wherever possible. Note the well known problems where the order of initialization is undefined between globals in different source files.
That said, KV-Engine unfortunately does contain static constructors. It would be a
great project for someone to purge all static
constructors from KV-Engine, and then enable the -Wglobal-constructors
warning
flag (when building with Clang) to ensure we do not regress in the future.
In C++, the class
and struct
keywords can be used almost
interchangeably. The only difference is when they are used to declare a class:
class
makes all members private by default while struct
makes all
members public by default.
Unfortunately, not all compilers follow the rules and some will generate
different symbols based on whether class
or struct
was used to declare
the symbol (e.g., MSVC). This can lead to problems at link time.
- All declarations and definitions of a given
class
orstruct
must use the same keyword. For example:
class Foo;
// Breaks mangling in MSVC.
struct Foo { int data; };
- As a rule of thumb,
struct
should be kept to structures where all members are declared public.
// Foo feels like a class... this is strange.
struct Foo {
private:
int data;
public:
Foo() : Data(0) { }
int getData() const { return data; }
void setData(int d) { data = d; }
};
// Bar isn't POD, but it does look like a struct.
struct Bar {
int data;
Bar() : data(0) { }
};
In C++11 there is a "generalized initialization syntax" which allows calling constructors using braced initializer lists. Do not use these to call constructors with any interesting logic or if you care that you're calling some particular constructor. Those should look like function calls using parentheses rather than like aggregate initialization. Similarly, if you need to explicitly name the type and call its constructor to create a temporary, don't use a braced initializer list. Instead, use a braced initializer list (without any type for temporaries) when doing aggregate initialization or something notionally equivalent. Examples:
class Foo {
public:
// Construct a Foo by reading data from the disk in the whizbang format, ...
Foo(std::string filename);
// Construct a Foo by looking up the Nth element of some global data ...
Foo(int n);
// ...
};
// The Foo constructor call is very deliberate, no braces.
std::fill(foo.begin(), foo.end(), Foo("name"));
// The pair is just being constructed like an aggregate, use braces.
bar_map.insert({my_key, my_value});
If you use a braced initializer list when initializing a variable, use an equals before the open curly brace:
int data[] = {0, 1, 2, 3};
Some are advocating a policy of "almost always auto
" in C++11, however KV-Engine
uses a more moderate stance. Use auto
if and only if it makes the code more
readable or easier to maintain. Don't "almost always" use auto
, but do use
auto
with initializers like cast<Foo>(...)
or other places where the
type is already obvious from the context. Another time when auto
works well
for these purposes is when the type would have been abstracted away anyways,
often behind a container's typedef such as std::vector<T>::iterator
.
The convenience of auto
makes it easy to forget that its default behavior
is a copy. Particularly in range-based for
loops, careless copies are
expensive.
As a rule of thumb, use auto &
unless you need to copy the result, and use
auto *
when copying pointers.
// Typically there's no reason to copy.
for (const auto& val : Container) { observe(val); }
for (auto& val : Container) { val.change(); }
// Remove the reference if you really want a new copy.
for (auto val : Container) { val.change(); saveSomewhere(val); }
// Copy pointers, but make it clear that they're pointers.
for (const auto* ptr : container) { observe(*ptr); }
for (auto* ptr : container) { ptr->change(); }
C++ doesn't do too well in the modularity department. There is no real
encapsulation or data hiding (unless you use expensive protocol classes), but it
is what we have to work with. When you write a public header file (in the memcached
source tree, they live in the top level "include
" directory), you are
defining a module of functionality.
Ideally, modules should be completely independent of each other, and their
header files should only #include
the absolute minimum number of headers
possible. A module is not just a class, a function, or a namespace: it's a
collection of these that defines an interface. This interface may be several
functions, classes, or data structures, but the important issue is how they work
together.
In general, a module should be implemented by one or more .cc
files. Each
of these .cc
files should include the header that defines their interface
first. This ensures that all of the dependences of the module header have been
properly added to the module header itself, and are not implicit. System
headers should be included after user headers for a translation unit.
#include
hurts compile time performance. Don't do it unless you have to,
especially in header files.
But wait! Sometimes you need to have the definition of a class to use it, or to
inherit from it. In these cases go ahead and #include
that header file. Be
aware however that there are many cases where you don't need to have the full
definition of a class. If you are using a pointer or reference to a class, you
don't need the header file. If you are simply returning a class instance from a
prototyped function or method, you don't need it. In fact, for most cases, you
simply don't need the definition of a class. And not #include
ing speeds up
compilation.
It is easy to try to go too overboard on this recommendation, however. You must include all of the header files that you are using --- you can include them either directly or indirectly through another header file. To make sure that you don't accidentally forget to include a header file in your module header, make sure to include your module header first in the implementation file (as mentioned above). This way there won't be any hidden dependencies that you'll find out about later.
Many modules have a complex implementation that causes them to use more than one
implementation (.cc
) file. It is often tempting to put the internal
communication interface (helper classes, extra functions, etc) in the public
module header file. Don't do this!
If you really need to do something like this, put a private header file in the same directory as the source files, and include it locally. This ensures that your private interface remains private and undisturbed by outsiders.
Note
It's okay to put extra implementation methods in a public class itself. Just make them private (or protected) and all is well.
When reading code, keep in mind how much state and how many previous decisions
have to be remembered by the reader to understand a block of code. Aim to
reduce indentation where possible when it doesn't make it more difficult to
understand the code. One great way to do this is by making use of early exits
and the continue
keyword in long loops. As an example of using an early
exit from a function, consider this "bad" code:
Value* doSomething(Instruction* i) {
if (!isa<TerminatorInst>(i) &&
i->hasOneUse() && doOtherThing(i)) {
... some long code ....
}
return 0;
}
This code has several problems if the body of the 'if'
is large. When
you're looking at the top of the function, it isn't immediately clear that this
only does interesting things with non-terminator instructions, and only
applies to things with the other predicates. Second, it is relatively difficult
to describe (in comments) why these predicates are important because the if
statement makes it difficult to lay out the comments. Third, when you're deep
within the body of the code, it is indented an extra level. Finally, when
reading the top of the function, it isn't clear what the result is if the
predicate isn't true; you have to read to the end of the function to know that
it returns null.
It is much preferred to format the code like this:
Value* doSomething(Instruction* i) {
// Terminators never need 'something' done to them because ...
if (isa<TerminatorInst>(i)) {
return 0;
}
// We conservatively avoid transforming instructions with multiple uses
// because goats like cheese.
if (!i->hasOneUse()) {
return 0;
}
// This is really just here for example.
if (!doOtherThing(i)) {
return 0;
}
... some long code ....
}
This fixes these problems. A similar problem frequently happens in for
loops. A silly example is something like this:
for (auto& op : basicBlocks) {
if (BinaryOperator* bo = dyn_cast<BinaryOperator>(op)) {
Value* lhs = bo->getOperand(0);
Value* rhs = bo->getOperand(1);
if (lhs != rhs) {
...
}
}
}
When you have very, very small loops, this sort of structure is fine. But if it
exceeds more than 10-15 lines, it becomes difficult for people to read and
understand at a glance. The problem with this sort of code is that it gets very
nested very quickly. Meaning that the reader of the code has to keep a lot of
context in their brain to remember what is going immediately on in the loop,
because they don't know if/when the if
conditions will have else
s etc.
It is strongly preferred to structure the loop like this:
for (auto& op : basicBlocks) {
BinaryOperator* bo = dyn_cast<BinaryOperator>(op);
if (!bo) continue;
Value *lhs = bo->getOperand(0);
Value *rhs = bo->getOperand(1);
if (lhs == rhs) continue;
...
}
This has all the benefits of using early exits for functions: it reduces nesting
of the loop, it makes it easier to describe why the conditions are true, and it
makes it obvious to the reader that there is no else
coming up that they
have to push context into their brain for. If a loop is large, this can be a
big understandability win.
For similar reasons above (reduction of indentation and easier reading), please
do not use 'else'
or 'else if'
after something that interrupts control
flow --- like return
, break
, continue
, etc. For
example, this is bad:
case 'J': {
if (signed) {
type = context.getsigjmp_bufType();
if (type.isNull()) {
error = ASTContext::GE_Missing_sigjmp_buf;
return qualType();
} else {
break;
}
} else {
type = context.getjmp_bufType();
if (type.isNull()) {
error = ASTContext::GE_Missing_jmp_buf;
return qualType();
} else {
break;
}
}
}
It is better to write it like this:
case 'J':
if (signed) {
type = context.getsigjmp_bufType();
if (type.isNull()) {
error = ASTContext::GE_Missing_sigjmp_buf;
return qualType();
}
} else {
type = context.getjmp_bufType();
if (type.isNull()) {
error = ASTContext::GE_Missing_jmp_buf;
return qualType();
}
}
break;
Or better yet (in this case) as:
case 'J':
if (signed) {
type = context.getsigjmp_bufType();
} else {
type = context.getjmp_bufType();
}
if (type.isNull()) {
error = signed ? ASTContext::GE_Missing_sigjmp_buf
: ASTContext::GE_Missing_jmp_buf;
return qualType();
}
break;
The idea is to reduce indentation and the amount of code you have to keep track of when reading the code.
When writing if
/ else
statements, prefer to write the
if-statment with the true case first and then the false - for example this
is bad - it can be confusing to read as it reads "backwards":
if (!foo) {
// code for false case...
} else {
// code for true case...
}
Instead, prefer giving the positive case first:
if (foo) {
// code for true case...
} else {
// code for false case...
}
Having said that, one should prioritize simpler code over if
/
else
ordering - see early exits.
It is very common to write small loops that just compute a boolean value. There are a number of ways that people commonly write these, but an example of this sort of thing is:
bool foundFoo = false;
for (auto& bar : barList) {
if (bar->isFoo()) {
foundFoo = true;
break;
}
if (foundFoo) {
...
}
This sort of code is awkward to write, and is almost always a bad sign. Instead of this sort of loop, we strongly prefer to use a predicate function (which may be static) that uses early exits to compute the predicate. We prefer the code to be structured like this:
/// @return true if the specified list has an element that is a foo.
static bool containsFoo(const std::vector<Bar*>& barList) {
for (const auto& bar : barList) {
if (bar.isFoo()) {
return true;
}
}
return false;
}
...
if (containsFoo(barList)) {
...
}
There are many reasons for doing this: it reduces indentation and factors out code which can often be shared by other code that checks for the same predicate. More importantly, it forces you to pick a name for the function, and forces you to write a comment for it. In this silly example, this doesn't add much value. However, if the condition is complex, this can make it a lot easier for the reader to understand the code that queries for this predicate. Instead of being faced with the in-line details of how we check to see if the BarList contains a foo, we can trust the function name and continue reading with better locality.
Poorly-chosen names can mislead the reader and cause bugs. We cannot stress enough how important it is to use descriptive names. Pick names that match the semantics and role of the underlying entities, within reason. Avoid abbreviations unless they are well known. After picking a good name, make sure to use consistent capitalization for the name, as inconsistency requires clients to either memorize the APIs or to look it up to find the exact spelling.
In general, names should be in camel case (e.g. TextFileReader
and
isLValue()
). Different kinds of declarations have different rules:
- Type names (including classes, structs, enums, typedefs, etc) should be
nouns and start with an upper-case letter (e.g.
TextFileReader
). - Type template parameters (e.g.
template <typename Param> ...
ortemplate <class MyClass>
) are types, so they should follow the naming convensions for types. - Variable names should be nouns (as they represent state). The name should
be camel case, and start with an lower case letter (e.g.
leader
orboats
). - Function names should be verb phrases (as they represent actions), and
command-like function should be imperative. The name should be camel case,
and start with a lower case letter (e.g.
openFile()
orisFoo()
). - Enum declarations (e.g.
enum Foo {...}
) are types, so they should follow the naming conventions for types. - Enumerators (e.g.
enum { Foo, Bar }
) should start with an upper-case letter, just like types. Prefer C++11 enum classes where possible. Explicit values for enumerations (enum Foo { Bar = 0, Baz = 1, ...}
should only be used when the actual values matter, for example when using an enum for a bitfield. - Namespaces (e.g.
namespace foo {}
) should be a single word all lowercase. Namespaces act as a prefix so should be kept as short as reasonably possible, using abbrevations where well known (e.g.mcbp
vsbinaryprotocol
).
As an exception, classes that mimic STL classes can have member names in STL's
style of lower-case words separated by underscores (e.g. begin()
,
push_back()
, and empty()
). Classes that provide multiple
iterators should add a singular prefix to begin()
and end()
(e.g. global_begin()
and use_begin()
).
Here are some examples of good and bad names:
class VehicleMaker {
...
Factory<Tire> f; // Bad -- abbreviation and non-descriptive.
Factory<Tire> factory; // Better.
Factory<Tire> tireFactory; // Even better -- if VehicleMaker has more than one
// kind of factories.
};
Vehicle makeVehicle(VehicleType Type) {
VehicleMaker m; // Might be OK if having a short life-span.
Tire tmp1 = m.makeTire(); // Bad -- 'tmp1' provides no information.
Light headlight = m.makeLight("head"); // Good -- descriptive.
...
}
Use exceptions for preconditions and assumptions, you never know when a bug (not necessarily even yours) might be caught early by a check, which reduces debugging time dramatically.
assert
(or even our custom cb_assert
) should not be used in
non-test code - cb_assert
will always abort (and hence terminate)
KV-Engine. Exceptions on the other hand can be caught and one can
choose how to handle them on a case-by-case basis. See KV-Engine
Error Handling Best Practices for further discussion on handling
errors.
When creating exceptions to throw, ALWAYS inherit from
std::exception
(or one of its subclasses). This gives a consistent
interface to obtain the description (what()
), and provides a common
base-class for all exceptions used. All exceptions generated by the standard
library inherit from std::exception
.
To further assist with debugging, make sure to put some kind of error
message in the exception what()
message. This should include an
indication of where the exception was raised (Class::methodName), and
a description of what exceptional situation occurred.
Throw exceptions by value (i.e. don't use new
), and catch by (const
)
reference. This ensures that there's no explicit need to delete
an
exception, and no unnecessary copies are made.
Here are some examples of good and bad code:
void doSomething(int a) {
try {
if (a > 100) {
throw new std::invalid_argument( // Bad -- thrown via `new`.
"a too large"); // Bad -- no indication where
// exception came from.
// Bad -- no indication what
// value `a` was.
}
} catch (std::invalid_argument e) { // Bad -- caught by value.
...
}
...
try {
if (a < 10) {
throw std::invalid_argument( // Good -- throw directly
"doSomething: a (which is " + std::to_string(a) +
") is less than 10") // Good -- include method name
// and value
}
} catch (std::invalid_argument& e) { // Good -- caught by reference.
...
}
In KV-Engine, we prefer to explicitly prefix all identifiers from the standard
namespace with an "std::
" prefix, rather than rely on "using namespace
std;
".
In header files, adding a 'using namespace XXX'
directive pollutes the
namespace of any source file that #include
s the header. This is clearly a
bad thing.
In implementation files (e.g. .cc
files), the rule is more of a stylistic
rule, but is still important. Basically, using explicit namespace prefixes
makes the code clearer, because it is immediately obvious what facilities
are being used and where they are coming from. And more portable, because
namespace clashes cannot occur between KV-Engine code and other namespaces. The
portability rule is important because different standard library implementations
expose different symbols (potentially ones they shouldn't), and future revisions
to the C++ standard will add more symbols to the std
namespace. As such, we
never use 'using namespace std;'
in KV-Engine.
The exception to the general rule (i.e. it's not an exception for the std
namespace) is for implementation files. For example, code in the
KV-Engine project implements code that lives in the 'cb' namespace. As such, it is
ok, and actually clearer, for the .cc
files to have a 'using namespace
cb;'
directive at the top, after the #include
s. This reduces
indentation in the body of the file for source editors that indent based on
braces, and keeps the conceptual context cleaner. The general form of this rule
is that any .cc
file that implements code in any namespace may use that
namespace (and its parents'), but should not use any others.
If a class is defined in a header file and has a vtable (either it has virtual
methods or it derives from classes with virtual methods), it must always have at
least one out-of-line virtual method in the class. Without this, the compiler
will copy the vtable and RTTI into every .o
file that #include
s the
header, bloating .o
file sizes and increasing link times.
-Wswitch
warns if a switch, without a default label, over an enumeration
does not cover every enumeration value. If you write a default label on a fully
covered switch over an enumeration then the -Wswitch
warning won't fire
when new elements are added to that enumeration.
Don't:
enum class Color { Red, Green } color;
switch (color) {
case Color::Red:
...
break;
case Color::Green:
...
break;
default:
throw std::logic_error("Unhandled case");
}
Don't:
enum class Color { Red, Green } color;
switch (color) {
case Color::Red:
...
break;
case Color::Green:
...
break;
}
Note that it is valid (although generally not desirable) behaviour to assign a value to an enumeration type which doesn't equal any of the named enumerators, for example the following is valid:
enum class E {A=0, B=1, C=2};
E e = static_cast<E>(3);
As such, if you omit the default for a fully-covered switch, the compiler can
_still_ warn about unexpected control-flow - i.e. it cannot assume that one of
the cases has been taken (warning: control reaches end of non-void function
).
To avoid this warning use folly::assume_unreachable()
:
enum class E {A, B, C};
std::string to_string(E e) {
switch (e) {
case E::A: return "A";
case E::B: return "B";
case E::C: return "C";
}
folly::assume_unreachable();
}
A member function defined in a class definition is implicitly inline, so don't
put the inline
keyword in this case.
Don't:
class Foo {
public:
inline void bar() {
// ...
}
};
Do:
class Foo {
public:
void bar() {
// ...
}
};
This section describes preferred low-level formatting guidelines along with reasoning on why we prefer them.
We prefer to put a space before an open parenthesis only in control flow statements, but not in normal function call expressions and function-like macros. For example, this is good:
if (x) ...
for (i = 0; i != 100; ++i) ...
while (llvmRocks) ...
somefunc(42);
cb_assert(3 != 4 && "laws of math are failing me");
a = foo(42, 92) + bar(x);
and this is bad:
if(x) ...
for(i = 0; i != 100; ++i) ...
while(llvmRocks) ...
somefunc (42);
cb_assert (3 != 4 && "laws of math are failing me");
a = foo (42, 92) + bar (x);
The reason for doing this is not completely arbitrary. This style makes control
flow operators stand out more, and makes expressions flow better. The function
call operator binds very tightly as a postfix operator. Putting a space after a
function name (as in the last example) makes it appear that the code might bind
the arguments of the left-hand-side of a binary operator with the argument list
of a function and the name of the right side. More specifically, it is easy to
misread the "A
" example as:
a = foo ((42, 92) + bar) (x);
when skimming through the code. By avoiding a space in a function, we avoid this misinterpretation.
Pointers and references should be written with the *
/ &
symbol next to the type, not the variable. For example, this is good:
const char* str;
Foo& foo = otherFoo;
...
void frobnicate(const Foo& foo, size_t amount);
...
void consumeFoo(Foo&& foo);
This is ultimately a stylistic choice - we basically have two choices (next to type or variable) and so for consistency (see Golden Rule) we must pick one. However this is also the style recommended by the Core C++ Guidelines so we are in good company :).
Hard fast rule: Preincrement (++x
) may be no slower than postincrement
(x++
) and could very well be a lot faster than it. Use preincrementation
whenever possible.
The semantics of postincrement include making a copy of the value being incremented, returning it, and then preincrementing the "work value". For primitive types, this isn't a big deal. But for iterators, it can be a huge issue (for example, some iterators contains stack and set objects in them... copying an iterator could invoke the copy ctor's of these as well). In general, get in the habit of always using preincrement, and you won't have a problem.
In general, we strive to reduce indentation wherever possible. This is useful
because we want code to fit into 80 columns without wrapping horribly, but
also because it makes it easier to understand the code. To facilitate this and
avoid some insanely deep nesting on occasion, don't indent namespaces. If it
helps readability, feel free to add a comment indicating what namespace is
being closed by a }
. For example:
namespace llvm {
namespace knowledge {
/// This class represents things that Smith can have an intimate
/// understanding of and contains the data associated with it.
class Grokable {
...
public:
explicit Grokable() { ... }
virtual ~Grokable() = 0;
...
};
} // end namespace knowledge
} // end namespace llvm
Feel free to skip the closing comment when the namespace being closed is obvious for any reason. For example, the outer-most namespace in a header file is rarely a source of confusion. But namespaces both anonymous and named in source files that are being closed half way through the file probably could use clarification.
After talking about namespaces in general, you may be wondering about anonymous
namespaces in particular. Anonymous namespaces are a great language feature
that tells the C++ compiler that the contents of the namespace are only visible
within the current translation unit, allowing more aggressive optimization and
eliminating the possibility of symbol name collisions. Anonymous namespaces are
to C++ as "static" is to C functions and global variables. While "static
"
is available in C++, anonymous namespaces are more general: they can make entire
classes private to a file.
The problem with anonymous namespaces is that they naturally want to encourage indentation of their body, and they reduce locality of reference: if you see a random function definition in a C++ file, it is easy to see if it is marked static, but seeing if it is in an anonymous namespace requires scanning a big chunk of the file.
Because of this, we have a simple guideline: make anonymous namespaces as small as possible, and only use them for class declarations. For example, this is good:
namespace {
class StringSort {
...
public:
StringSort(...)
bool operator<(const char* rhs) const;
};
} // end anonymous namespace
static void runHelper() {
...
}
bool StringSort::operator<(const char* rhs) const {
...
}
This is bad:
namespace {
class StringSort {
...
public:
StringSort(...)
bool operator<(const char* RHS) const;
};
void runHelper() {
...
}
bool StringSort::operator<(const char* rhs) const {
...
}
} // end anonymous namespace
This is bad specifically because if you're looking at "runHelper
" in the middle
of a large C++ file, that you have no immediate way to tell if it is local to
the file. When it is marked static explicitly, this is immediately obvious.
Also, there is no reason to enclose the definition of "operator<
" in the
namespace just because it was declared there.
KV-Engine uses Clang-Tidy
(from Clang's tools extra git repo)
as part of our commit validation, to help prevent common bugs and help to ensure
our code base adheres to modern coding standards. To help with this we provide a
Clang-Tidy config (.clang-tidy) file which can be found
here. Which is
automatically copied to a .clang-tidy
in the root directory of a
Couchbase Server checkout. This config can also be used inconjuction with CLion,
information on how to do this can be found on the
CLion website.
For more more information on the format of the file please refer to Configuration files:
section of the Clang-Tidy's help. Definitions for each Clang-Tidy check does can
be found on the clang website.
A lot of these comments and recommendations have been culled from other sources. Two particularly important books for our work are:
- Effective C++ by Scott Meyers. Also interesting and useful are "More Effective C++" and "Effective STL" by the same author.
- Large-Scale C++ Software Design by John Lakos
If you get some free time, and you haven't read them: do so, you might learn something.