From 9eeb723a01e896c9ec0b051ba374860eb5fc9df7 Mon Sep 17 00:00:00 2001 From: David Young Date: Fri, 20 Dec 2019 13:04:50 -0600 Subject: Clean up the Linux coding standard a bit, add the OpenBSD coding standard. The OpenBSD standard is probably in rough shape, still. --- doc/linux-coding-style.md | 388 +++++++++++++++++++++----------------------- doc/openbsd-coding-style.md | 282 ++++++++++++++------------------ 2 files changed, 303 insertions(+), 367 deletions(-) diff --git a/doc/linux-coding-style.md b/doc/linux-coding-style.md index 547e14b..da2f2a0 100644 --- a/doc/linux-coding-style.md +++ b/doc/linux-coding-style.md @@ -84,35 +84,35 @@ benefit of warning you when you're nesting your functions too deep. Heed that warning. The preferred way to ease multiple indentation levels in a switch -statement is to align the `switch`{.docutils .literal} and its -subordinate `case`{.docutils .literal} labels in the same column instead -of `double-indenting`{.docutils .literal} the `case`{.docutils .literal} +statement is to align the `switch` and its +subordinate `case` labels in the same column instead +of `double-indenting` the `case` labels. E.g.: ``` -switch (suffix) { -case 'G': -case 'g': - mem <<= 30; - break; -case 'M': -case 'm': - mem <<= 20; - break; -case 'K': -case 'k': - mem <<= 10; - /* fall through */ -default: - break; -} + switch (suffix) { + case 'G': + case 'g': + mem <<= 30; + break; + case 'M': + case 'm': + mem <<= 20; + break; + case 'K': + case 'k': + mem <<= 10; + /* fall through */ + default: + break; + } ``` Don't put multiple statements on a single line unless you have something to hide: ``` -if (condition) do_this; do_something_everytime; + if (condition) do_this; do_something_everytime; ``` Don't put multiple assignments on a single line either. Kernel coding @@ -158,16 +158,16 @@ This applies to all non-function statement blocks (if, switch, for, while, do). E.g.: ``` - switch (action) { - case KOBJ_ADD: - return "add"; - case KOBJ_REMOVE: - return "remove"; - case KOBJ_CHANGE: - return "change"; - default: - return NULL; - } + switch (action) { + case KOBJ_ADD: + return "add"; + case KOBJ_REMOVE: + return "remove"; + case KOBJ_CHANGE: + return "change"; + default: + return NULL; + } ``` However, there is one special case, namely functions: they have the @@ -187,8 +187,8 @@ special anyway (you can't nest them in C). Note that the closing brace is empty on a line of its own, **except** in the cases where it is followed by a continuation of the same statement, -ie a `while`{.docutils .literal} in a do-statement or an -`else`{.docutils .literal} in an if-statement, like this: +ie a `while` in a do-statement or an +`else` in an if-statement, like this: ``` do { @@ -244,15 +244,15 @@ single statement; in the latter case use braces in both branches: } ``` -### Spaces[¶](#spaces "Permalink to this headline"){.headerlink} +### Spaces Linux kernel style for use of spaces depends (mostly) on function-versus-keyword usage. Use a space after (most) keywords. The notable exceptions are sizeof, typeof, alignof, and \_\_attribute\_\_, which look somewhat like functions (and are usually used with parentheses in Linux, although they are not required in the language, as -in: `sizeof info`{.docutils .literal} after -`struct fileinfo info;`{.docutils .literal} is declared). +in: `sizeof info` after +`struct fileinfo info;` is declared). So use a space after these keywords: @@ -274,7 +274,7 @@ example is **bad**: ``` When declaring pointer data or a function that returns a pointer type, -the preferred use of `*`{.docutils .literal} is adjacent to the data +the preferred use of `*` is adjacent to the data name or function name and not adjacent to the type name. Examples: ``` @@ -311,7 +311,7 @@ no space after the prefix increment & decrement unary operators: and no space around the `.` and `->` structure member operators. Do not leave trailing whitespace at the ends of lines. Some editors with -`smart`{.docutils .literal} indentation will insert whitespace at the +`smart` indentation will insert whitespace at the beginning of new lines as appropriate, so you can start typing the next line of code right away. However, some such editors do not remove the whitespace if you end up not putting a line of code there, such as if @@ -328,18 +328,17 @@ fail by changing their context lines. C is a Spartan language, and so should your naming be. Unlike Modula-2 and Pascal programmers, C programmers do not use cute names like ThisVariableIsATemporaryCounter. A C programmer would call that variable -`tmp`{.docutils .literal}, which is much easier to write, and not the +`tmp`, which is much easier to write, and not the least more difficult to understand. HOWEVER, while mixed-case names are frowned upon, descriptive names for -global variables are a must. To call a global function `foo`{.docutils -.literal} is a shooting offense. +global variables are a must. To call a global function `foo` is a shooting offense. GLOBAL variables (to be used only if you **really** need them) need to have descriptive names, as do global functions. If you have a function that counts the number of active users, you should call that -`count_active_users()`{.docutils .literal} or similar, you should -**not** call it `cntusr()`{.docutils .literal}. +`count_active_users()` or similar, you should +**not** call it `cntusr()`. Encoding the type of a function into the name (so-called Hungarian notation) is brain damaged - the compiler knows the types anyway and can @@ -347,10 +346,9 @@ check those, and it only confuses the programmer. No wonder MicroSoft makes buggy programs. LOCAL variable names should be short, and to the point. If you have some -random integer loop counter, it should probably be called `i`{.docutils -.literal}. Calling it `loop_counter`{.docutils .literal} is +random integer loop counter, it should probably be called `i`. Calling it `loop_counter` is non-productive, if there is no chance of it being mis-understood. -Similarly, `tmp`{.docutils .literal} can be just about any type of +Similarly, `tmp` can be just about any type of variable that is used to hold a temporary value. If you are afraid to mix up your local variable names, you have another @@ -359,7 +357,7 @@ See chapter 6 (Functions). ## Typedefs -Please don't use things like `vps_t`{.docutils .literal}. It's a +Please don't use things like `vps_t`. It's a **mistake** to use typedef for structures and pointers. When you see a ``` @@ -372,80 +370,69 @@ in the source, what does it mean? In contrast, if it says struct virtual_container *a; ``` -you can actually tell what `a`{.docutils .literal} is. - -Lots of people think that typedefs `help readability`{.docutils -.literal}. Not so. They are useful only for: - ->
-> -> 1. totally opaque objects (where the typedef is actively used to -> **hide** what the object is). -> -> Example: `pte_t`{.docutils .literal} etc. opaque objects that you -> can only access using the proper accessor functions. -> -> ::: {.admonition .note} -> Note -> -> Opaqueness and `accessor functions`{.docutils .literal} are not -> good in themselves. The reason we have them for things like pte\_t -> etc. is that there really is absolutely **zero** portably -> accessible information there. -> ::: -> -> 2. Clear integer types, where the abstraction **helps** avoid -> confusion whether it is `int`{.docutils .literal} or -> `long`{.docutils .literal}. -> -> u8/u16/u32 are perfectly fine typedefs, although they fit into -> category (d) better than here. -> -> ::: {.admonition .note} -> Note -> -> Again - there needs to be a **reason** for this. If something is -> `unsigned long`{.docutils .literal}, then there's no reason to do -> -> >
-> > -> > typedef unsigned long myflags\_t; -> > -> >
-> ::: -> -> but if there is a clear reason for why it under certain -> circumstances might be an `unsigned int`{.docutils .literal} and -> under other configurations might be `unsigned long`{.docutils -> .literal}, then by all means go ahead and use a typedef. -> -> 3. when you use sparse to literally create a **new** type for -> type-checking. -> -> 4. New types which are identical to standard C99 types, in certain -> exceptional circumstances. -> -> Although it would only take a short amount of time for the eyes -> and brain to become accustomed to the standard types like -> `uint32_t`{.docutils .literal}, some people object to their use -> anyway. -> -> Therefore, the Linux-specific `u8/u16/u32/u64`{.docutils .literal} -> types and their signed equivalents which are identical to standard -> types are permitted -- although they are not mandatory in new code -> of your own. -> -> When editing existing code which already uses one or the other set -> of types, you should conform to the existing choices in that code. -> -> 5. Types safe for use in userspace. -> -> In certain structures which are visible to userspace, we cannot -> require C99 types and cannot use the `u32`{.docutils .literal} -> form above. Thus, we use \_\_u32 and similar types in all -> structures which are shared with userspace. -> ->
+you can actually tell what `a` is. + +Lots of people think that typedefs `help readability`. Not so. They are useful only for: + +1. totally opaque objects (where the typedef is actively used to + **hide** what the object is). + + Example: `pte_t` etc. opaque objects that you + can only access using the proper accessor functions. + + #### Note + + Opaqueness and `accessor functions` are not + good in themselves. The reason we have them for things like pte\_t + etc. is that there really is absolutely **zero** portably + accessible information there. + ::: + +2. Clear integer types, where the abstraction **helps** avoid + confusion whether it is `int` or + `long`. + + u8/u16/u32 are perfectly fine typedefs, although they fit into + category (d) better than here. + + #### Note + + Again - there needs to be a **reason** for this. If something is + `unsigned long`, then there's no reason to do + +``` + typedef unsigned long myflags\_t; +``` + + but if there is a clear reason for why it under certain + circumstances might be an `unsigned int` and + under other configurations might be `unsigned long`, then by all means go ahead and use a typedef. + +3. when you use sparse to literally create a **new** type for + type-checking. + +4. New types which are identical to standard C99 types, in certain + exceptional circumstances. + + Although it would only take a short amount of time for the eyes + and brain to become accustomed to the standard types like + `uint32_t`, some people object to their use + anyway. + + Therefore, the Linux-specific `u8/u16/u32/u64` + types and their signed equivalents which are identical to standard + types are permitted -- although they are not mandatory in new code + of your own. + + When editing existing code which already uses one or the other set + of types, you should conform to the existing choices in that code. + +5. Types safe for use in userspace. + + In certain structures which are visible to userspace, we cannot + require C99 types and cannot use the `u32` + form above. Thus, we use \_\_u32 and similar types in all + structures which are shared with userspace. Maybe there are other cases too, but the rule should basically be to NEVER EVER use a typedef unless you can clearly match one of those @@ -549,10 +536,10 @@ The rationale for using gotos is: A common type of bug to be aware of is `one err bugs` which look like this: ``` - err: - kfree(foo->bar); - kfree(foo); - return ret; + err: + kfree(foo->bar); + kfree(foo); + return ret; ``` The bug in this code is that on some exit paths `foo` is NULL. Normally the fix for this is to split it up into two @@ -560,11 +547,11 @@ error labels `err_free_bar:` and `err_free_foo:`: ``` - err_free_bar: - kfree(foo->bar); - err_free_foo: - kfree(foo); - return ret; + err_free_bar: + kfree(foo->bar); + err_free_foo: + kfree(foo); + return ret; ``` Ideally you should simulate errors to test all exit paths. @@ -585,33 +572,31 @@ but try to avoid excess. Instead, put the comments at the head of the function, telling people what it does, and possibly WHY it does it. When commenting the kernel API functions, please use the kernel-doc -format. See the files at [[Documentation/doc-guide/]{.std -.std-ref}](../doc-guide/index.html#doc-guide){.reference .internal} and -`scripts/kernel-doc`{.docutils .literal} for details. +format. See the files at [[Documentation/doc-guide/]](../doc-guide/index.html#doc-guide) and `scripts/kernel-doc` for details. The preferred style for long (multi-line) comments is: ``` - /* - * This is the preferred style for multi-line - * comments in the Linux kernel source code. - * Please use it consistently. - * - * Description: A column of asterisks on the left side, - * with beginning and ending almost-blank lines. - */ + /* + * This is the preferred style for multi-line + * comments in the Linux kernel source code. + * Please use it consistently. + * + * Description: A column of asterisks on the left side, + * with beginning and ending almost-blank lines. + */ ``` For files in net/ and drivers/net/ the preferred style for long (multi-line) comments is a little different. ``` - /* The preferred comment style for files in net/ and drivers/net - * looks like this. - * - * It is nearly the same as the generally preferred comment style, - * but there is no initial almost-blank line. - */ + /* The preferred comment style for files in net/ and drivers/net + * looks like this. + * + * It is nearly the same as the generally preferred comment style, + * but there is no initial almost-blank line. + */ ``` It's also important to comment data, whether they are basic types or @@ -622,7 +607,7 @@ comment on each item, explaining its use. ## You've made a mess of it That's OK, we all do. You've probably been told by your long-time Unix -user helper that `GNU emacs`{.docutils .literal} automatically formats +user helper that `GNU emacs` automatically formats the C sources for you, and you've noticed that yes, it does do that, but the defaults it uses are less than desirable (in fact, they are worse than random typing - an infinite number of monkeys typing into GNU emacs @@ -665,31 +650,30 @@ file: ``` This will make emacs go better with the kernel coding style for C files -below `~/src/linux-trees`{.docutils .literal}. +below `~/src/linux-trees`. But even if you fail in getting emacs to do sane formatting, not -everything is lost: use `indent`{.docutils .literal}. +everything is lost: use `indent`. Now, again, GNU indent has the same brain-dead settings that GNU emacs has, which is why you need to give it a few command line options. However, that's not too bad, because even the makers of GNU indent recognize the authority of K&R (the GNU people aren't evil, they are just severely misguided in this matter), so you just give indent the -options `-kr -i8`{.docutils .literal} (stands for -`K&R, 8 character indents`{.docutils .literal}), or use -`scripts/Lindent`{.docutils .literal}, which indents in the latest +options `-kr -i8` (stands for +`K&R, 8 character indents`), or use +`scripts/Lindent`, which indents in the latest style. -`indent`{.docutils .literal} has a lot of options, and especially when +`indent` has a lot of options, and especially when it comes to comment re-formatting you may want to take a look at the man -page. But remember: `indent`{.docutils .literal} is not a fix for bad +page. But remember: `indent` is not a fix for bad programming. ## Kconfig configuration files For all of the Kconfig\* configuration files throughout the source tree, -the indentation is somewhat different. Lines under a `config`{.docutils -.literal} definition are indented with one tab, while help text is +the indentation is somewhat different. Lines under a `config` definition are indented with one tab, while help text is indented an additional two spaces. Example: ``` @@ -735,14 +719,13 @@ counting is a memory management technique. Usually both are needed, and they are not to be confused with each other. Many data structures can indeed have two levels of reference counting, -when there are users of different `classes`{.docutils .literal}. The +when there are users of different `classes`. The subclass count counts the number of subclass users, and decrements the global count just once when the subclass count goes to zero. -Examples of this kind of `multi-level-reference-counting`{.docutils -.literal} can be found in memory management -(`struct mm_struct`{.docutils .literal}: mm\_users and mm\_count), and -in filesystem code (`struct super_block`{.docutils .literal}: s\_count +Examples of this kind of `multi-level-reference-counting` can be found in memory management +(`struct mm_struct`: mm\_users and mm\_count), and +in filesystem code (`struct super_block`: s\_count and s\_active). Remember: if another thread can find your data structure, and you don't @@ -753,7 +736,7 @@ have a reference count on it, you almost certainly have a bug. Names of macros defining constants and labels in enums are capitalized. ``` - #define CONSTANT 0x12345 +#define CONSTANT 0x12345 ``` Enums are preferred when defining several related constants. @@ -768,11 +751,11 @@ Macros with multiple statements should be enclosed in a do - while block: ``` - #define macrofun(a, b, c) \ - do { \ - if (a == 5) \ - do_this(b, c); \ - } while (0) +#define macrofun(a, b, c) \ + do { \ + if (a == 5) \ + do_this(b, c); \ + } while (0) ``` Things to avoid when using macros: @@ -780,21 +763,21 @@ Things to avoid when using macros: 1. macros that affect control flow: ``` - #define FOO(x) \ - do { \ - if (blah(x) < 0) \ - return -EBUGGERED; \ - } while (0) +#define FOO(x) \ + do { \ + if (blah(x) < 0) \ + return -EBUGGERED; \ + } while (0) ``` is a **very** bad idea. It looks like a function call but exits the -`calling`{.docutils .literal} function; don't break the internal parsers +`calling` function; don't break the internal parsers of those who will read the code. 2. macros that depend on having a local variable with a magic name: ``` - #define FOO(val) bar(index, val) +#define FOO(val) bar(index, val) ``` might look like a good thing, but it's confusing as hell when one reads @@ -808,20 +791,20 @@ expressions must enclose the expression in parentheses. Beware of similar issues with macros using parameters. ``` - #define CONSTANT 0x4000 - #define CONSTEXP (CONSTANT | 3) +#define CONSTANT 0x4000 +#define CONSTEXP (CONSTANT | 3) ``` 5\) namespace collisions when defining local variables in macros resembling functions: ``` - #define FOO(x) \ - ({ \ - typeof(x) ret; \ - ret = calc_ret(x); \ - (ret); \ - }) +#define FOO(x) \ +({ \ + typeof(x) ret; \ + ret = calc_ret(x); \ + (ret); \ +}) ``` ret is a common name for a local variable - \_\_foo\_ret is less likely @@ -835,8 +818,8 @@ kernel. Kernel developers like to be seen as literate. Do mind the spelling of kernel messages to make a good impression. Do not use crippled words -like `dont`{.docutils .literal}; use `do not`{.docutils .literal} or -`don't`{.docutils .literal} instead. Make the messages concise, clear, +like `dont`; use `do not` or +`don't` instead. Make the messages concise, clear, and unambiguous. Kernel messages do not have to be terminated with a period. @@ -876,7 +859,7 @@ about them. The preferred form for passing a size of a struct is the following: ``` - p = kmalloc(sizeof(*p), ...); +p = kmalloc(sizeof(*p), ...); ``` The alternative form where struct name is spelled out hurts readability @@ -891,13 +874,13 @@ the C programming language. The preferred form for allocating an array is the following: ``` - p = kmalloc_array(n, sizeof(...), ...); +p = kmalloc_array(n, sizeof(...), ...); ``` The preferred form for allocating a zeroed array is the following: ``` - p = kcalloc(n, sizeof(...), ...); +p = kcalloc(n, sizeof(...), ...); ``` Both forms check for overflow on the allocation size n \* sizeof(\...), @@ -906,7 +889,7 @@ and return NULL if that occurred. ## The inline disease There appears to be a common misperception that gcc has a magic "make me -faster" speedup option called `inline`{.docutils .literal}. While the +faster" speedup option called `inline`. While the use of inlines can be appropriate (for example as a means of replacing macros, see Chapter 12), it very often is not. Abundant use of the inline keyword leads to a much bigger kernel, which in turn slows the @@ -935,7 +918,7 @@ hint that tells gcc to do something it would have done anyway. Functions can return values of many different kinds, and one of the most common is a value indicating whether the function succeeded or failed. Such a value can be represented as an error-code integer (-Exxx = -failure, 0 = success) or a `succeeded`{.docutils .literal} boolean (0 = +failure, 0 = success) or a `succeeded` boolean (0 = failure, non-zero = success). Mixing up these two sorts of representations is a fertile source of @@ -948,9 +931,9 @@ follow this convention: the function should return an error-code integer. If the name is a predicate, the function should return a "succeeded" boolean. -For example, `add work`{.docutils .literal} is a command, and the +For example, `add work` is a command, and the add\_work() function returns 0 for success or -EBUSY for failure. In the -same way, `PCI device present`{.docutils .literal} is a predicate, and +same way, `PCI device present` is a predicate, and the pci\_dev\_present() function returns 1 if it succeeds in finding a matching device or 0 if it doesn't. @@ -972,14 +955,14 @@ yourself. For example, if you need to calculate the length of an array, take advantage of the macro ``` - #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) ``` Similarly, if you need to calculate the size of some structure member, use ``` - #define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f)) +#define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f)) ``` There are also min() and max() macros that do strict type checking if @@ -1031,7 +1014,7 @@ Remember that inline assembly can use C parameters. Large, non-trivial assembly functions should go in .S files, with corresponding C prototypes defined in C header files. The C prototypes -for assembly functions should use `asmlinkage`{.docutils .literal}. +for assembly functions should use `asmlinkage`. You may need to mark your asm statement as volatile, to prevent GCC from removing it if GCC doesn't notice any side effects. You don't always @@ -1075,9 +1058,9 @@ Kconfig symbol into a C boolean expression, and use it in a normal C conditional: ``` - if (IS_ENABLED(CONFIG_SOMETHING)) { - ... - } + if (IS_ENABLED(CONFIG_SOMETHING)) { + ... + } ``` The compiler will constant-fold the conditional away, and include or @@ -1093,12 +1076,12 @@ lines), place a comment after the \#endif on the same line, noting the conditional expression used. For instance: ``` - #ifdef CONFIG_SOMETHING - ... - #endif /* CONFIG_SOMETHING */ +#ifdef CONFIG_SOMETHING +... +#endif /* CONFIG_SOMETHING */ ``` -Appendix I) References[¶](#appendix-i-references "Permalink to this headline"){.headerlink} +## Appendix I) References The C Programming Language, Second Edition by Brian W. Kernighan and Dennis M. Ritchie. Prentice Hall, Inc., 1988. ISBN 0-13-110362-8 @@ -1115,8 +1098,7 @@ WG14 is the international standardization working group for the programming language C, URL: Kernel process/coding-style.rst, by -[greg@kroah.com](mailto:greg%40kroah.com){.reference .external} at OLS -2002: +[greg@kroah.com](mailto:greg%40kroah.com) at OLS 2002: ------------------------------------------------------------------------ diff --git a/doc/openbsd-coding-style.md b/doc/openbsd-coding-style.md index a18bfb8..1693dfd 100644 --- a/doc/openbsd-coding-style.md +++ b/doc/openbsd-coding-style.md @@ -1,61 +1,23 @@ -[OpenBSD](https://www.openbsd.org/) manual page server -====================================================== - -Manual Page Search Parameters - -man - -apropos - -\ -All Sections 1 - General Commands 2 - System Calls 3 - Library Functions -3p - Perl Library 4 - Device Drivers 5 - File Formats 6 - Games 7 - -Miscellaneous Information 8 - System Manager\'s Manual 9 - Kernel -Developer\'s Manual All Architectures amd64 alpha armv7 arm64 hppa i386 -landisk loongson luna88k macppc mips64 octeon sgi socppc sparc64 amiga -arc armish arm32 atari aviion beagle cats hppa64 hp300 ia64 mac68k -mvme68k mvme88k mvmeppc palm pc532 pegasos pmax powerpc solbourne sparc -sun3 vax wgrisc x68k zaurus OpenBSD-current OpenBSD-6.6 OpenBSD-6.5 -OpenBSD-6.4 POSIX-2013 4.4BSD-Lite2 UNIX-7 FreeBSD-12.0 FreeBSD-11.2 -DragonFly-5.6.1 NetBSD-8.1 Linux-5.03 OpenBSD-6.3 OpenBSD-6.2 -OpenBSD-6.1 OpenBSD-6.0 OpenBSD-5.9 OpenBSD-5.8 OpenBSD-5.7 OpenBSD-5.6 -OpenBSD-5.5 OpenBSD-5.4 OpenBSD-5.3 OpenBSD-5.2 OpenBSD-5.1 OpenBSD-5.0 -OpenBSD-4.9 OpenBSD-4.8 OpenBSD-4.7 OpenBSD-4.6 OpenBSD-4.5 OpenBSD-4.4 -OpenBSD-4.3 OpenBSD-4.2 OpenBSD-4.1 OpenBSD-4.0 OpenBSD-3.9 OpenBSD-3.8 -OpenBSD-3.7 OpenBSD-3.6 OpenBSD-3.5 OpenBSD-3.4 OpenBSD-3.3 OpenBSD-3.2 -OpenBSD-3.1 OpenBSD-3.0 OpenBSD-2.9 OpenBSD-2.8 OpenBSD-2.7 OpenBSD-2.6 -OpenBSD-2.5 OpenBSD-2.4 OpenBSD-2.3 OpenBSD-2.2 FreeBSD-11.1 -FreeBSD-10.4 FreeBSD-10.3 FreeBSD-10.2 FreeBSD-10.0 DragonFly-4.8.0 -DragonFly-4.4.2 DragonFly-3.8.2 NetBSD-8.0 NetBSD-7.1.2 NetBSD-7.1 -NetBSD-7.0.2 NetBSD-7.0.1 NetBSD-7.0 NetBSD-6.1.5 Linux-5.02 Linux-5.01 -Linux-5.00 Linux-4.16 Linux-4.13 Linux-4.05 - ------------------------------------------------------------------------- - ---------- ---------------------------- ---------- STYLE(9) Kernel Developer\'s Manual STYLE(9) ---------- ---------------------------- ---------- -::: {.manual-text} -::: {.section .Sh} -[NAME](#NAME){.permalink} {#NAME .Sh} +NAME ========================= -`style`{.Nm} --- [Kernel source file style guide (KNF)]{.Nd} -::: +`style` --- Kernel source file style guide (KNF) -::: {.section .Sh} -[DESCRIPTION](#DESCRIPTION){.permalink} {#DESCRIPTION .Sh} +DESCRIPTION ======================================= This file specifies the preferred style for kernel source files in the -[OpenBSD]{.Ux} source tree. It is also a guide for preferred userland +[OpenBSD] source tree. It is also a guide for preferred userland code style. These guidelines should be followed for all new code. In general, code can be considered "new code" when it makes up about 50% or more of the file(s) involved. This is enough to break precedents in the existing code and use the current style guidelines. -::: {.Bd .Pp .Bd-indent} +``` /* * Style guide for the OpenBSD KNF (Kernel Normal Form). */ @@ -70,47 +32,47 @@ existing code and use the current style guidelines. * Multi-line comments look like this. Make them real sentences. * Fill them so they look like real paragraphs. */ -::: +``` -Kernel include files (i.e., ``{.In}) come first; normally, -you\'ll need ``{.In} OR ``{.In}, but not both! -``{.In} includes ``{.In}, and it\'s okay to +Kernel include files (i.e., ``) come first; normally, +you\'ll need `` OR ``, but not both! +`` includes ``, and it\'s okay to depend on that. -::: {.Bd .Pp .Bd-indent} +``` #include /* Non-local includes in brackets. */ -::: +``` If it\'s a network program, put the network include files next. -::: {.Bd .Pp .Bd-indent} +``` #include #include #include #include -::: +``` -Then there\'s a blank line, followed by the [/usr/include]{.Pa} files. -The [/usr/include]{.Pa} files, for the most part, should be sorted. +Then there\'s a blank line, followed by the `/usr/include` files. +The `/usr/include` files, for the most part, should be sorted. -Global pathnames are defined in [/usr/include/paths.h]{.Pa}. Pathnames -local to the program go in [pathnames.h]{.Pa} in the local directory. +Global pathnames are defined in `/usr/include/paths.h`. Pathnames +local to the program go in `pathnames.h` in the local directory. -::: {.Bd .Pp .Bd-indent} +``` #include -::: +``` Then there\'s a blank line, and the user include files. -::: {.Bd .Pp .Bd-indent} +``` #include "pathnames.h" /* Local includes in double quotes. */ -::: +``` All functions are prototyped somewhere. Function prototypes for private functions (i.e., functions not used elsewhere) go at the top of the first source module. In userland, -functions local to one source module should be declared '`static`{.Li}'. +functions local to one source module should be declared '`static`'. This should not be done in kernel land since it makes it impossible to use the kernel debugger. @@ -118,41 +80,41 @@ Functions used from other parts of the kernel are prototyped in the relevant include file. Functions that are used locally in more than one module go into a -separate header file, e.g., [extern.h]{.Pa}. +separate header file, e.g., `extern.h`. Prototypes should not have variable names associated with the types; i.e., -::: {.Bd .Pp .Bd-indent} +``` void function(int); -::: +``` not: -::: {.Bd .Bd-indent} +``` void function(int a); -::: +``` Prototypes may have an extra space after a tab to enable function names to line up: -::: {.Bd .Pp .Bd-indent} +``` static char *function(int, const char *); static void usage(void); -::: +``` There should be no space between the function name and the argument list. -Use `__dead`{.Li} from ``{.In} for functions that don\'t +Use `__dead` from `` for functions that don\'t return, i.e., -::: {.Bd .Pp .Bd-indent} +``` __dead void abort(void); -::: +``` In header files, put function prototypes within -`__BEGIN_DECLS / __END_DECLS`{.Dv} matching pairs. This makes the header +`__BEGIN_DECLS / __END_DECLS` matching pairs. This makes the header file usable from C++. Macros are capitalized and parenthesized, and should avoid side-effects. @@ -160,24 +122,24 @@ If they are an inline expansion of a function, the function is defined all in lowercase; the macro has the same name all in uppercase. If the macro needs more than a single line, use braces. Right-justify the backslashes, as the resulting definition is easier to read. If the macro -encapsulates a compound statement, enclose it in a "`do`{.Li}" loop, so -that it can safely be used in "`if`{.Li}" statements. Any final +encapsulates a compound statement, enclose it in a "`do`" loop, so +that it can safely be used in "`if`" statements. Any final statement-terminating semicolon should be supplied by the macro invocation rather than the macro, to make parsing easier for pretty-printers and editors. -::: {.Bd .Pp .Bd-indent} +``` #define MACRO(x, y) do { \ variable = (x) + (y); \ (y) += 2; \ } while (0) -::: +``` Enumeration values are all uppercase. -::: {.Bd .Pp .Bd-indent} +``` enum enumtype { ONE, TWO } et; -::: +``` When defining unsigned integers use "unsigned int" rather than just "unsigned"; the latter has been a source of confusion in the past. @@ -186,26 +148,26 @@ When declaring variables in structures, declare them sorted by use, then by size (largest to smallest), then by alphabetical order. The first category normally doesn\'t apply, but there are exceptions. Each one gets its own line. Put a tab after the first word, i.e., use -'`int^Ix;`{.Li}' and '`struct^Ifoo *x;`{.Li}'. +'`int^Ix;`' and '`struct^Ifoo *x;`'. Major structures should be declared at the top of the file in which they are used, or in separate header files if they are used in multiple source files. Use of the structures should be by separate declarations -and should be "`extern`{.Li}" if they are declared in a header file. +and should be `extern` if they are declared in a header file. -::: {.Bd .Pp .Bd-indent} +``` struct foo { struct foo *next; /* List of active foo */ struct mumble amumble; /* Comment for mumble */ int bar; }; struct foo *foohead; /* Head of global foo list */ -::: +``` -Use [queue(3)](/queue.3){.Xr} macros rather than rolling your own lists, +Use [queue(3)](/queue.3) macros rather than rolling your own lists, whenever possible. Thus, the previous example would be better written: -::: {.Bd .Pp .Bd-indent} +``` #include struct foo { LIST_ENTRY(foo) link; /* Queue macro glue for foo lists */ @@ -213,16 +175,16 @@ whenever possible. Thus, the previous example would be better written: int bar; }; LIST_HEAD(, foo) foohead; /* Head of global foo list */ -::: +``` Avoid using typedefs for structure types. This makes it impossible for applications to use pointers to such a structure opaquely, which is both possible and beneficial when using an ordinary struct tag. When convention requires a typedef, make its name match the struct tag. Avoid -typedefs ending in "`_t`{.Li}", except as specified in Standard C or by +typedefs ending in "`_t`", except as specified in Standard C or by POSIX. -::: {.Bd .Pp .Bd-indent} +``` /* * All major routines should have a comment briefly describing what * they do. The comment before the "main" routine should describe @@ -233,15 +195,15 @@ POSIX. { int aflag, bflag, ch, num; const char *errstr; -::: +``` -For consistency, [getopt(3)](/getopt.3){.Xr} should be used to parse -options. Options should be sorted in the [getopt(3)](/getopt.3){.Xr} +For consistency, [getopt(3)](/getopt.3) should be used to parse +options. Options should be sorted in the [getopt(3)](/getopt.3) call and the switch statement, unless parts of the switch cascade. Elements in a switch statement that cascade should have a FALLTHROUGH comment. Numerical arguments should be checked for accuracy. -::: {.Bd .Pp .Bd-indent} +``` while ((ch = getopt(argc, argv, "abn:")) != -1) { switch (ch) { /* Indent the switch. */ case 'a': /* Don't indent the case. */ @@ -263,14 +225,14 @@ comment. Numerical arguments should be checked for accuracy. } argc -= optind; argv += optind; -::: +``` -Use a space after keywords (`if`{.Li}, `while`{.Li}, `for`{.Li}, -`return`{.Li}, `switch`{.Li}). No braces are used for control statements +Use a space after keywords (`if`, `while`, `for`, +`return`, `switch`). No braces are used for control statements with zero or only a single statement unless that statement is more than a single line, in which case they are permitted. -::: {.Bd .Pp .Bd-indent} +``` for (p = buf; *p != '\0'; ++p) continue; for (;;) @@ -284,26 +246,26 @@ a single line, in which case they are permitted. if (cond) stmt; } -::: +``` Parts of a for loop may be left empty. -::: {.Bd .Pp .Bd-indent} +``` for (; cnt < 15; cnt++) { stmt1; stmt2; } -::: +``` Indentation is an 8 character tab. Second level indents are four spaces. All code should fit in 80 columns. -::: {.Bd .Pp .Bd-indent} +``` while (cnt < 20) z = a + really + long + statement + that + needs + two + lines + gets + indented + four + spaces + on + the + second + and + subsequent + lines; -::: +``` Do not add whitespace at the end of a line, and only use tabs followed by spaces to form the indentation. Do not use more spaces than a tab @@ -312,7 +274,7 @@ will produce and do not use spaces in front of tabs. Closing and opening braces go on the same line as the else. Braces that aren\'t necessary may be left out, unless they cause a compiler warning. -::: {.Bd .Pp .Bd-indent} +``` if (test) stmt; else if (bar) { @@ -320,15 +282,15 @@ aren\'t necessary may be left out, unless they cause a compiler warning. stmt; } else stmt; -::: +``` Do not use spaces after function names. Commas have a space after them. Do not use spaces after '(' or '\[' or preceding '\]' or ')' characters. -::: {.Bd .Pp .Bd-indent} +``` if ((error = function(a1, a2))) exit(error); -::: +``` Unary operators don\'t require spaces; binary operators do. Don\'t use parentheses unless they\'re required for precedence, the statement is @@ -336,52 +298,52 @@ confusing without them, or the compiler generates a warning without them. Remember that other people may be confused more easily than you. Do YOU understand the following? -::: {.Bd .Pp .Bd-indent} +``` a = b->c[0] + ~d == (e || f) || g && h ? i : j >> 1; k = !(l & FLAGS); -::: +``` Exits should be 0 on success, or non-zero for errors. -::: {.Bd .Pp .Bd-indent} +``` /* * Avoid obvious comments such as * "Exit 0 on success." */ exit(0); -::: +``` The function type should be on a line by itself preceding the function. -::: {.Bd .Pp .Bd-indent} +``` static char * function(int a1, int a2, float fl, int a4) { -::: +``` When declaring variables in functions, declare them sorted by size (largest to smallest), then in alphabetical order; multiple ones per line are okay. Old style function declarations should be avoided. ANSI style function declarations should go in an include file such as -"[extern.h]{.Pa}". If a line overflows, reuse the type keyword. +`extern.h`. If a line overflows, reuse the type keyword. Be careful not to obfuscate the code by initializing variables in the declarations. Use this feature only thoughtfully. DO NOT use function calls in initializers! -::: {.Bd .Pp .Bd-indent} +``` struct foo one, *two; double three; int *four, five; char *six, seven, eight, nine, ten, eleven, twelve; four = myfunction(); -::: +``` Do not declare functions inside other functions. -Casts and `sizeof`{.Fn}() calls are not followed by a space. Note that -[indent(1)](/indent.1){.Xr} does not understand this rule. +Casts and `sizeof()` calls are not followed by a space. Note that +[indent(1)](/indent.1) does not understand this rule. Use of the "register" specifier is discouraged in new code. Optimizing compilers such as gcc can generally do a better job of choosing which @@ -390,13 +352,13 @@ exception to this is in functions containing assembly code where the "register" specifier is required for proper code generation in the absence of compiler optimization. -When using `longjmp`{.Fn}() or `vfork`{.Fn}() in a program, the -`-W`{.Fl} or `-Wall`{.Fl} flag should be used to verify that the +When using `longjmp()` or `vfork()` in a program, the +`-W` or `-Wall` flag should be used to verify that the compiler does not generate warnings such as -::: {.Bd .Pp .Bd-indent} +``` warning: variable `foo' might be clobbered by `longjmp' or `vfork'. -::: +``` If any warnings of this type occur, you must apply the "volatile" type-qualifier to the variable in question. Failure to do so may result @@ -405,29 +367,29 @@ pointers, the location of "volatile" specifies if the type-qualifier applies to the pointer, or the thing being pointed to. A volatile pointer is declared with "volatile" to the right of the "\*". Example: -::: {.Bd .Pp .Bd-indent} +``` char *volatile foo; -::: +``` says that "foo" is volatile, but "\*foo" is not. To make "\*foo" volatile use the syntax -::: {.Bd .Pp .Bd-indent} +``` volatile char *foo; -::: +``` If both the pointer and the thing pointed to are volatile use -::: {.Bd .Pp .Bd-indent} +``` volatile char *volatile foo; -::: +``` "const" is also a type-qualifier and the same rules apply. The description of a read-only hardware register might look something like: -::: {.Bd .Pp .Bd-indent} +``` const volatile char *reg; -::: +``` Global flags set inside signal handlers should be of type "volatile sig\_atomic\_t" if possible. This guarantees that the variable may be @@ -435,39 +397,39 @@ accessed as an atomic entity, even when a signal has been delivered. Global variables of other types (such as structures) are not guaranteed to have consistent values when accessed via a signal handler. -`NULL`{.Dv} is the preferred null pointer constant. Use `NULL`{.Dv} +`NULL` is the preferred null pointer constant. Use `NULL` instead of (type \*)0 or (type \*)NULL in all cases except for arguments to variadic functions where the compiler does not know the type. -Don\'t use '`!`{.Li}' for tests unless it\'s a boolean, i.e., use +Don\'t use `!` for tests unless it\'s a boolean, i.e., use -::: {.Bd .Pp .Bd-indent} +``` if (*p == '\0') -::: +``` not -::: {.Bd .Bd-indent} +``` if (!*p) -::: +``` -Routines returning `void *`{.Li} should not have their return values +Routines returning `void *` should not have their return values cast to any pointer type. -Use the [err(3)](/err.3){.Xr} and [warn(3)](/warn.3){.Xr} family of +Use the [err(3)](/err.3) and [warn(3)](/warn.3) family of functions. Don\'t roll your own! -::: {.Bd .Pp .Bd-indent} +``` if ((four = malloc(sizeof(struct foo))) == NULL) err(1, NULL); if ((six = (int *)overflow()) == NULL) errx(1, "Number overflowed."); return eight; -::: +``` Old-style function declarations look like this: -::: {.Bd .Pp .Bd-indent} +``` static char * function(a1, a2, fl, a4) int a1, a2; /* Declare ints, too, don't default them. */ @@ -476,7 +438,7 @@ Old-style function declarations look like this: { ... } -::: +``` Use ANSI function declarations unless you explicitly need K&R compatibility. Long parameter lists are wrapped with a normal four space @@ -484,7 +446,7 @@ indent. Variable numbers of arguments should look like this: -::: {.Bd .Pp .Bd-indent} +``` #include void @@ -503,7 +465,7 @@ Variable numbers of arguments should look like this: static void usage(void) { -::: +``` Usage statements should take the same form as the synopsis in manual pages. Options without operands come first, in alphabetical order inside @@ -519,18 +481,18 @@ set of braces. If numbers are used as options, they should be placed first, as shown in the example below. Uppercase letters take precedence over lowercase. -::: {.Bd .Pp .Bd-indent} +``` "usage: f [-12aDde] [-b b_arg] [-m m_arg] req1 req2 [opt1 [opt2]]\n" "usage: f [-a | -b] [-c [-de] [-n number]]\n" -::: +``` -The [getprogname(3)](/getprogname.3){.Xr} function may be used instead +The [getprogname(3)](/getprogname.3) function may be used instead of hard-coding the program name. -::: {.Bd .Pp .Bd-indent} +``` fprintf(stderr, "usage: %s [-ab]\n", getprogname()); exit(1); -::: +``` New core kernel code should be reasonably compliant with the style guides. The guidelines for third-party maintained modules and device @@ -538,42 +500,34 @@ drivers are more relaxed but at a minimum should be internally consistent with their style. Whenever possible, code should be run through a code checker (e.g., -"`gcc -Wall -W -Wpointer-arith -Wbad-function-cast ...`{.Li}" or +"`gcc -Wall -W -Wpointer-arith -Wbad-function-cast ...`" or splint from the ports tree) and produce minimal warnings. Since lint has been removed, the only lint-style comment that should be used is FALLTHROUGH, as it\'s useful to humans. Other lint-style comments such as ARGSUSED, LINTED, and NOTREACHED may be deleted. Note that documentation follows its own style guide, as documented in -[mdoc(7)](/mdoc.7){.Xr}. -::: +[mdoc(7)](/mdoc.7). -::: {.section .Sh} -[FILES](#FILES){.permalink} {#FILES .Sh} +FILES =========================== -[/usr/share/misc/license.template]{.Pa} +`/usr/share/misc/license.template` : Example license for new code. -::: -::: {.section .Sh} -[SEE ALSO](#SEE_ALSO){.permalink} {#SEE_ALSO .Sh} +SEE ALSO ================================= -[indent(1)](/indent.1){.Xr}, [err(3)](/err.3){.Xr}, -[queue(3)](/queue.3){.Xr}, [warn(3)](/warn.3){.Xr}, -[mdoc(7)](/mdoc.7){.Xr} -::: +[indent(1)](/indent.1), [err(3)](/err.3), +[queue(3)](/queue.3), [warn(3)](/warn.3), +[mdoc(7)](/mdoc.7) -::: {.section .Sh} -[HISTORY](#HISTORY){.permalink} {#HISTORY .Sh} +HISTORY =============================== This man page is largely based on the src/admin/style/style file from -the [4.4BSD-Lite2]{.Ux} release, with updates to reflect the current -practice and desire of the [OpenBSD]{.Ux} project. -::: -::: +the `4.4BSD-Lite2` release, with updates to reflect the current +practice and desire of the OpenBSD project. ------------------ ----------------- December 5, 2018 OpenBSD-current -- cgit v0.12