Working copy for coding style updates #43
Conversation
policies/codingstyle-updates.txt
Outdated
|
|
||
| if (this_is_true() | ||
| && !that_is_false()) { | ||
| code(); |
There was a problem hiding this comment.
Do we want to say this isn't necessary for an "else if"?
policies/codingstyle-updates.txt
Outdated
| ... | ||
|
|
||
| Try not to break long lines within a function call, but if you have to, indent | ||
| the rest of the parameter list to be after the function's opening paren. |
There was a problem hiding this comment.
What about cases where the opening paren is very far over to the right? Sometimes to the point that you still couldn't fit params on any line.
There was a problem hiding this comment.
Good point, added some text and pushed new commit.
policies/codingstyle-updates.txt
Outdated
| if (test()) { | ||
| /* already alerted */ | ||
| close(); | ||
| } |
There was a problem hiding this comment.
I wonder what would you think of
if (test()) /* alredy alerted? */
close();
There was a problem hiding this comment.
My personal view is that the comment should go on the line above the if, or below it.
/* If already alerted, go away */
if (test())
close();
There was a problem hiding this comment.
Just in case for reference, "you" in my remark was plural :-) Otherwise as for placing it [comment] above, it works for single if, but imagine you have say three-term elsif chain...
There was a problem hiding this comment.
it's ugly but i added some words.
policies/codingstyle-updates.txt
Outdated
| #define join(a, b) a ## quote(a) | ||
|
|
||
| Free routines should properly handle null; don't check for null before calling | ||
| a free routine. |
There was a problem hiding this comment.
I don't know what's "free routine" and I can't relate this to anything that was discussed earlier. My impression of prior discussion is rather if a pointer value being NULL is not an actually permitted/recognized value, then don't check for it. Is it incorrect impression?
There was a problem hiding this comment.
X509_free, OPENSSL_free, etc. They take NULL just like C's free does.
There was a problem hiding this comment.
Ah! Then "object freeing subroutines" perhaps? To eliminate ambiguity?
policies/codingstyle-updates.txt
Outdated
| When possible, use size_t for sizes of things (including array indicies) | ||
|
|
||
| Prefer ossl_assert over assert. Do not use OPENSSL_assert() in libcrypto or | ||
| libssl. |
There was a problem hiding this comment.
As you might know I'm in favour of using as little lingo as possible. With this in mind I'd argue that ossl_assert and assert are equally appropriate, just serve different purposes. assert has rather documentation purpose, i.e. is to be used to document assumptions/boundary conditions, not unlikely static. ossl_assert on the other hand is meant to be used rather with if(!ossl_assert()) handler(), i.e. when there is something that can be done at run-time [in non-debug build] when assertion doesn't hold. Or in other words, if there is no actual need for ossl_assert I wouldn't be opposed to use of assert. Because it's standard and recognized construct. In other words I'd argue against unconditional ban of assert.
There was a problem hiding this comment.
The difference is that ossl_assert returns a value in non-debug environments while assert is void. That makes
if (ossl_assert(...
possible. It's used nearly 100 times in openssl code.
There was a problem hiding this comment.
The difference is that ossl_assert returns a value in non-debug environments while assert is void.
This doesn't contradict what I'm saying, rather contrary. They are different and as such have different applications. And in such case you can't really say "prefer one over another"...
There was a problem hiding this comment.
I think there could be a tendency to use assert where ossl_assert might be more appropriate. So rather than saying prefer one over the other, perhaps we should explain when you should use each one?
There was a problem hiding this comment.
I thought we didn't want crashes, and that if you had an assert, there had to be a runtime test and error return, and that this led to ossl_assert which combines both.
There was a problem hiding this comment.
As initially said, I don't see relation between ossl_assert and assert as "instead". In sense that it's not always the case that ossl_assert would be more appropriate. If anything, ossl_assert is rather replacement for normal if (condition) handler, except that it will crash in debug build taking the snapshot of hard-to-reproduce case. But here is question in the context. In the essence we are commenting on to-do list for updates. But what about the actual outcome? Does this to-do item mean that there will be "use of assertions" paragraph? If so, it might be meaningful to discuss that.
There was a problem hiding this comment.
I am trying to put down what we think is the right thing to say. If we don't have agreement, we can just remove this item.
There was a problem hiding this comment.
There seems at least agreement that we shouldn't use OPENSSL_assert(). There is also agreement that we can use ossl_assert() and assert(). We should say at least that. I do think that we should, in most cases, prefer ossl_assert() over assert() - but it sounds like that will be difficult to agree - so we could just drop that bit of it.
There was a problem hiding this comment.
??? I'm not suggesting to remove the item. just don't see place for "ossl_assert instead of assert". Absolutely not if it appears as single sentence in the middle of guide. I rather expect that there will be a paragraph, i.e. multiple sentences. One can even wonder if it's worth clarifying the historical background, i.e. that there was OPENSSL_assert and that we are omitting it in favour of "soft" assertions, i.e. ones that crash only in debug builds.
policies/codingstyle-updates.txt
Outdated
| if (this_is_true() | ||
| && !that_is_false()) { | ||
| code(); | ||
| ... |
There was a problem hiding this comment.
This i a bit confusing. First, you talk about giving continuation lines in conditionals in general an extra indent, and then you seem to give if a special case...
Side note: if someone has a c-mode (emacs) hack to get that extra indentation, let me know. Doing it by hand is a royal pain...
There was a problem hiding this comment.
If you have a better way to word it, please let me know. if is a special case.
There was a problem hiding this comment.
I'm with Richard in sense that it is confusing. If extra indentation in multi-line condition is specific to "if", then having example in paragraph prior mentioning "if" is confusing.
There was a problem hiding this comment.
Just in case to clarify. It's suggested to use extra indentation [in multi-line condition] specifically with "if" [and not for example with "while" as there is no visual dissonance].
There was a problem hiding this comment.
Pushed commit that says "two indents for a continued if" Does that help?
policies/codingstyle-updates.txt
Outdated
|
|
||
| #define foo(a, b) ((a) * (b)) | ||
| #define quote(a) #a | ||
| #define join(a, b) a ## quote(a) |
There was a problem hiding this comment.
quote(b) perhaps? This is relevant to the example but having an unused parameter to the macro is a little odd.
policies/codingstyle-updates.txt
Outdated
| [ Matt said "initialize in the declaration if appropriate; can someone provide wording? ] | ||
|
|
||
| This is controversial, so maybe drop it. Don't use else after return or goto | ||
| unless it makes the flow more clear. |
There was a problem hiding this comment.
Can anyone give an example where it makes the flow clearer?
The best I can think of is a sequence like:
if (...)
....
else if (...)
return
else
However, here there is a semantic difference between having the else and not, so it isn't a good example of clarifying code flow.
Stronger would be:
Don't use else after return or goto unless doing so changes the meaning of the code (to what is required).
There was a problem hiding this comment.
The best I can think of is a sequence
It's exactly the case, switch-like chains. One can even wonder if it's worth explicitly mentioning just that.
There was a problem hiding this comment.
Any (very rough is fine!) suggestions on wording?
There was a problem hiding this comment.
I'm just wondering if it would be appropriate to mention specifically "switch-like if chains". Like in "returns are tolerated in switch-like 'if' chains [as otherwise are discouraged/frown upon]."
policies/codingstyle-updates.txt
Outdated
| Prefer ossl_assert over assert. Do not use OPENSSL_assert() in libcrypto or | ||
| libssl. | ||
|
|
||
| [ Matt said "initialize in the declaration if appropriate; can someone provide wording? ] |
There was a problem hiding this comment.
I'm a little iffy here. I generally agree with the sentiment but there are lots of exceptions.
- Declaration long before first use.
- Series of complicated initialisers.
It will come down to appropriate.
What about:
Initialize variables as part of their declarations when it makes the intent clearer.
or:
Favor variable initialization as part of declaration unless it makes the intent of the code less clear.
|
Added a commit to try and address @paulidale 's concerns. |
|
Pushed new command that tries to get the assert wording right, and also mentions the else-return sequence construct. |
policies/codingstyle-updates.txt
Outdated
|
|
||
| some_long_condition() | ||
| && (short1() || short2()) | ||
| && some_other_flag != 0 |
There was a problem hiding this comment.
I don't quite follow why extra indent here. I mean how is it different from above example? If short1() and short2() are strongly related and deserve to be in (), then how is it different from just short1()?
There was a problem hiding this comment.
Oh! On related note I wonder if it makes sense to explicitly recommend following formatting for multi-line ?:
condition ? this()
: that();
In other words with : aligned with ?
There was a problem hiding this comment.
The nested indent examples were wrong, I fixed them.
I am curious what others think of ?: I like this:
foo()
? that()
: this()
for what it's worth.
There was a problem hiding this comment.
Please, when coming up with this, consider creating cc-mode mods for us emacs users.
(otherwise, I think I know whose name I'm gonna scream in frustration ;-))
policies/codingstyle-updates.txt
Outdated
| @@ -0,0 +1,75 @@ | |||
| A summary of the discussion thread so far. Not surprisingly, it's all about | |||
| the whitespace. :) | |||
There was a problem hiding this comment.
You mean those 2 spaces after the '.'?
|
Quoting openssl/openssl#5626 (comment): "Even though styling guide refers to it as preferred style, I can't recall that we would actually tolerate opening Would it be appropriate to re-word "commenting" section so that one doesn't have to put it as "I can't recall"? Or do we tolerate? Even in such case it might be appropriate to put it "preferred, but not the only acceptable, ..." |
| ossl_assert() or assert(), as appropriate. | ||
|
|
||
| Favor variable initialization as part of declaration unless it makes the | ||
| intent of the code less clear. |
There was a problem hiding this comment.
At couple of occasions I felt compelled to object something similar to
int a, b, c = 3, d, e, f;
I'd argue that assignment should be either last or on its own line.
There was a problem hiding this comment.
added a commit to address this.
|
Added a commit about multi-line comments. |
|
The vote was two yes, two no, three abstain and one not voting. Closing the PR. I hope someone else will take this up. |
This is to have a better place to review coding style changes and comment before the OMC vote.