2020-06-12 15:15:04 -06:00
# Coding conventions in the Samba tree
2008-10-01 17:27:42 +02:00
2020-06-12 15:15:04 -06:00
## Quick Start
2007-06-27 18:28:18 +00:00
Coding style guidelines are about reducing the number of unnecessary
2010-05-11 14:58:19 +02:00
reformatting patches and making things easier for developers to work
together.
2007-06-27 18:28:18 +00:00
You don't have to like them or even agree with them, but once put in place
we all have to abide by them (or vote to change them). However, coding
2009-08-10 13:50:31 -07:00
style should never outweigh coding itself and so the guidelines
2008-08-05 12:55:20 +02:00
described here are hopefully easy enough to follow as they are very
2007-06-27 18:28:18 +00:00
common and supported by tools and editors.
2018-03-23 15:12:06 +13:00
The basic style for C code is the Linux kernel coding style (See
Documentation/CodingStyle in the kernel source tree). This closely matches
what most Samba developers use already anyways, with a few exceptions as
mentioned below.
2007-06-27 18:28:18 +00:00
2020-06-12 15:15:04 -06:00
The coding style for Python code is documented in
2020-07-29 15:35:12 +12:00
[PEP8 ](https://www.python.org/dev/peps/pep-0008/ ). New Python code
should be compatible with Python 3.6 onwards.
2011-10-13 23:08:45 +02:00
2007-06-27 18:28:18 +00:00
But to save you the trouble of reading the Linux kernel style guide, here
are the highlights.
* Maximum Line Width is 80 Characters
2010-05-11 14:58:19 +02:00
The reason is not about people with low-res screens but rather sticking
2007-06-27 18:28:18 +00:00
to 80 columns prevents you from easily nesting more than one level of
2020-06-12 15:15:04 -06:00
if statements or other code blocks. Use [source3/script/count_80_col.pl ](source3/script/count_80_col.pl )
2007-06-27 18:28:18 +00:00
to check your changes.
* Use 8 Space Tabs to Indent
2010-05-11 14:58:19 +02:00
No whitespace fillers.
2007-06-27 18:28:18 +00:00
* No Trailing Whitespace
2020-06-12 15:15:04 -06:00
Use [source3/script/strip_trail_ws.pl ](source3/script/strip_trail_ws.pl ) to clean up your files before
2010-05-11 14:58:19 +02:00
committing.
2007-06-27 18:28:18 +00:00
2010-05-11 14:58:19 +02:00
* Follow the K& R guidelines. We won't go through all of them here. Do you
have a copy of "The C Programming Language" anyways right? You can also use
2020-06-12 15:15:04 -06:00
the [format_indent.sh script found in source3/script/ ](source3/script/format_indent.sh ) if all else fails.
2007-06-27 18:28:18 +00:00
2020-06-12 15:15:04 -06:00
## Editor Hints
2007-06-27 18:28:18 +00:00
2020-06-12 15:15:04 -06:00
### Emacs
2007-06-27 18:28:18 +00:00
Add the follow to your $HOME/.emacs file:
2024-06-28 13:01:24 +02:00
```lisp
2007-06-27 18:28:18 +00:00
(add-hook 'c-mode-hook
(lambda ()
(c-set-style "linux")
(c-toggle-auto-state)))
2020-06-12 15:15:04 -06:00
```
2007-06-27 18:28:18 +00:00
2020-06-12 15:15:04 -06:00
### Vi
2007-06-27 18:28:18 +00:00
(Thanks to SATOH Fumiyasu < fumiyas @osstech .jp > for these hints):
2009-08-10 13:50:31 -07:00
For the basic vi editor included with all variants of \*nix, add the
2007-06-27 18:28:18 +00:00
following to $HOME/.exrc:
2024-06-28 13:01:24 +02:00
```vim
2007-06-27 18:28:18 +00:00
set tabstop=8
set shiftwidth=8
2020-06-12 15:15:04 -06:00
```
2007-06-27 18:28:18 +00:00
2010-05-11 14:58:19 +02:00
For Vim, the following settings in $HOME/.vimrc will also deal with
displaying trailing whitespace:
2007-06-27 18:28:18 +00:00
2024-06-28 13:01:24 +02:00
```vim
2007-06-27 18:28:18 +00:00
if has("syntax") & & (& t_Co > 2 || has("gui_running"))
syntax on
function! ActivateInvisibleCharIndicator()
syntax match TrailingSpace "[ \t]\+$" display containedin=ALL
highlight TrailingSpace ctermbg=Red
endf
autocmd BufNewFile,BufRead * call ActivateInvisibleCharIndicator()
endif
2007-07-04 14:15:26 +00:00
" Show tabs, trailing whitespace, and continued lines visually
set list listchars=tab:»·,trail:·,extends:…
2007-06-27 18:28:18 +00:00
2007-09-27 19:20:37 +00:00
" highlight overly long lines same as TODOs.
set textwidth=80
autocmd BufNewFile,BufRead *.c,* .h exec 'match Todo /\%>' . & textwidth . 'v.\+/'
2020-06-12 15:15:04 -06:00
```
2022-07-19 15:38:27 +02:00
### How to use clang-format
2007-09-27 19:20:37 +00:00
2022-07-19 15:38:27 +02:00
Install 'git-format-clang' which is part of the clang suite (Fedora:
git-clang-format, openSUSE: clang-tools).
Now do your changes and stage them with `git add` . Once they are staged
format the code using `git clang-format` before you commit.
2016-10-02 20:41:45 +03:00
2022-07-19 15:38:27 +02:00
Now the formatting changed can be viewed with `git diff` against the
staged changes.
2007-09-27 19:20:37 +00:00
2020-06-12 15:15:04 -06:00
## FAQ & Statement Reference
2007-06-27 18:28:18 +00:00
2020-06-12 15:15:04 -06:00
### Comments
2007-06-27 18:28:18 +00:00
2010-05-11 14:58:19 +02:00
Comments should always use the standard C syntax. C++
2010-07-10 14:15:08 +02:00
style comments are not currently allowed.
The lines before a comment should be empty. If the comment directly
belongs to the following code, there should be no empty line
after the comment, except if the comment contains a summary
of multiple following code blocks.
2010-07-10 10:06:17 +02:00
This is good:
2024-06-28 13:01:24 +02:00
```c
2010-07-10 10:06:17 +02:00
...
int i;
/*
* This is a multi line comment,
* which explains the logical steps we have to do:
*
* 1. We need to set i=5, because...
* 2. We need to call complex_fn1
*/
/* This is a one line comment about i = 5. */
i = 5;
/*
* This is a multi line comment,
* explaining the call to complex_fn1()
*/
ret = complex_fn1();
if (ret != 0) {
...
/**
* @brief This is a doxygen comment.
*
* This is a more detailed explanation of
* this simple function.
*
* @param [in] param1 The parameter value of the function.
*
* @param [out] result1 The result value of the function.
*
* @return 0 on success and -1 on error.
*/
int example(int param1, int *result1);
2020-06-12 15:15:04 -06:00
```
2010-07-10 10:06:17 +02:00
This is bad:
2024-06-28 13:01:24 +02:00
```c
2010-07-10 10:06:17 +02:00
...
int i;
/*
* This is a multi line comment,
* which explains the logical steps we have to do:
*
* 1. We need to set i=5, because...
* 2. We need to call complex_fn1
*/
/* This is a one line comment about i = 5. */
i = 5;
/*
* This is a multi line comment,
* explaining the call to complex_fn1()
*/
ret = complex_fn1();
if (ret != 0) {
...
/*This is a one line comment.*/
/* This is a multi line comment,
with some more words...*/
/*
* This is a multi line comment,
* with some more words...*/
2020-06-12 15:15:04 -06:00
```
2007-06-28 19:27:30 +00:00
2023-04-03 09:44:45 +02:00
### Indentation & Whitespace & 80 columns
2007-06-28 19:27:30 +00:00
2010-05-11 14:58:19 +02:00
To avoid confusion, indentations have to be tabs with length 8 (not 8
' ' characters). When wrapping parameters for function calls,
2009-08-10 13:50:31 -07:00
align the parameter list with the first parameter on the previous line.
2010-05-11 14:58:19 +02:00
Use tabs to get as close as possible and then fill in the final 7
2007-06-28 19:27:30 +00:00
characters or less with whitespace. For example,
2024-06-28 13:01:24 +02:00
```c
2007-06-28 19:27:30 +00:00
var1 = foo(arg1, arg2,
arg3);
2020-06-12 15:15:04 -06:00
```
2007-06-28 19:27:30 +00:00
2010-05-11 14:58:19 +02:00
The previous example is intended to illustrate alignment of function
parameters across lines and not as encourage for gratuitous line
2007-06-28 19:27:30 +00:00
splitting. Never split a line before columns 70 - 79 unless you
2016-10-02 20:37:37 +03:00
have a really good reason. Be smart about formatting.
2007-06-28 19:27:30 +00:00
2018-03-10 07:08:28 +02:00
One exception to the previous rule is function calls, declarations, and
definitions. In function calls, declarations, and definitions, either the
2016-10-02 20:40:06 +03:00
declaration is a one-liner, or each parameter is listed on its own
line. The rationale is that if there are many parameters, each one
should be on its own line to make tracking interface changes easier.
2007-06-28 19:27:30 +00:00
2020-06-12 15:15:04 -06:00
## If, switch, & Code blocks
2007-06-28 19:27:30 +00:00
2020-06-12 15:15:04 -06:00
Always follow an `if` keyword with a space but don't include additional
2007-06-28 19:27:30 +00:00
spaces following or preceding the parentheses in the conditional.
This is good:
2024-06-28 13:01:24 +02:00
```c
2007-06-28 19:27:30 +00:00
if (x == 1)
2020-06-12 15:15:04 -06:00
```
2007-06-28 19:27:30 +00:00
This is bad:
2024-06-28 13:01:24 +02:00
```c
2007-06-28 19:27:30 +00:00
if ( x == 1 )
2020-06-12 15:15:04 -06:00
```
2007-06-28 19:27:30 +00:00
2009-11-18 11:43:01 +01:00
Yes we have a lot of code that uses the second form and we are trying
2007-06-28 19:27:30 +00:00
to clean it up without being overly intrusive.
Note that this is a rule about parentheses following keywords and not
2009-11-18 11:43:01 +01:00
functions. Don't insert a space between the name and left parentheses when
2007-06-28 19:27:30 +00:00
invoking functions.
2020-06-12 15:15:04 -06:00
Braces for code blocks used by `for` , `if` , `switch` , `while` , `do..while` , etc.
2009-11-18 11:43:01 +01:00
should begin on the same line as the statement keyword and end on a line
of their own. You should always include braces, even if the block only
contains one statement. NOTE: Functions are different and the beginning left
2010-05-11 14:58:19 +02:00
brace should be located in the first column on the next line.
2007-06-28 19:27:30 +00:00
If the beginning statement has to be broken across lines due to length,
the beginning brace should be on a line of its own.
2009-11-18 11:43:01 +01:00
The exception to the ending rule is when the closing brace is followed by
2020-06-12 15:15:04 -06:00
another language keyword such as else or the closing while in a `do..while`
2007-06-28 19:27:30 +00:00
loop.
2010-05-11 14:58:19 +02:00
Good examples:
2007-06-28 19:27:30 +00:00
2024-06-28 13:01:24 +02:00
```c
2007-06-28 19:27:30 +00:00
if (x == 1) {
printf("good\n");
}
2009-11-18 11:43:01 +01:00
for (x=1; x< 10 ; x + + ) {
2007-06-28 19:27:30 +00:00
print("%d\n", x);
}
2009-11-18 11:43:01 +01:00
for (really_really_really_really_long_var_name=0;
really_really_really_really_long_var_name< 10 ;
really_really_really_really_long_var_name++)
{
print("%d\n", really_really_really_really_long_var_name);
}
2007-06-28 19:27:30 +00:00
do {
printf("also good\n");
} while (1);
2020-06-12 15:15:04 -06:00
```
2007-06-28 19:27:30 +00:00
2010-05-11 14:58:19 +02:00
Bad examples:
2007-06-28 19:27:30 +00:00
2024-06-28 13:01:24 +02:00
```c
2007-06-28 19:27:30 +00:00
while (1)
{
print("I'm in a loop!\n"); }
2009-11-18 11:43:01 +01:00
for (x=1;
x< 10 ;
x++)
{
print("no good\n");
}
if (i < 10 )
print("I should be in braces.\n");
2020-06-12 15:15:04 -06:00
```
2009-11-18 11:43:01 +01:00
2007-06-28 19:27:30 +00:00
2020-06-12 15:15:04 -06:00
### Goto
2007-06-28 19:27:30 +00:00
2020-06-12 15:15:04 -06:00
While many people have been academically taught that `goto` s are
2010-05-11 14:58:19 +02:00
fundamentally evil, they can greatly enhance readability and reduce memory
leaks when used as the single exit point from a function. But in no Samba
world what so ever is a goto outside of a function or block of code a good
idea.
2007-06-28 19:27:30 +00:00
2010-05-11 14:58:19 +02:00
Good Examples:
2007-06-28 19:27:30 +00:00
2024-06-28 13:01:24 +02:00
```c
2008-10-01 17:27:42 +02:00
int function foo(int y)
{
int *z = NULL;
int ret = 0;
2009-11-16 10:51:31 +01:00
if (y < 10 ) {
2015-01-20 12:07:38 +01:00
z = malloc(sizeof(int) * y);
if (z == NULL) {
2008-10-01 17:27:42 +02:00
ret = 1;
goto done;
}
2007-06-28 19:27:30 +00:00
}
2008-10-01 17:27:42 +02:00
print("Allocated %d elements.\n", y);
2007-06-28 19:27:30 +00:00
2010-05-11 14:58:19 +02:00
done:
2015-01-20 12:07:38 +01:00
if (z != NULL) {
2008-10-01 17:27:42 +02:00
free(z);
2010-05-11 08:03:56 +02:00
}
2007-06-28 19:27:30 +00:00
2008-10-01 17:27:42 +02:00
return ret;
}
2020-06-12 15:15:04 -06:00
```
2007-06-28 19:27:30 +00:00
2020-06-12 15:15:04 -06:00
### Primitive Data Types
2007-09-14 12:06:34 +00:00
2010-05-11 14:58:19 +02:00
Samba has large amounts of historical code which makes use of data types
commonly supported by the C99 standard. However, at the time such types
as boolean and exact width integers did not exist and Samba developers
were forced to provide their own. Now that these types are guaranteed to
be available either as part of the compiler C99 support or from
lib/replace/, new code should adhere to the following conventions:
2007-09-14 12:06:34 +00:00
2020-06-12 15:15:04 -06:00
* Booleans are of type `bool` (not `BOOL` )
* Boolean values are `true` and `false` (not `True` or `False` )
* Exact width integers are of type `[u]int[8|16|32|64]_t`
2009-11-14 12:55:41 +01:00
2016-02-15 15:51:26 +01:00
Most of the time a good name for a boolean variable is 'ok'. Here is an
example we often use:
2024-06-28 13:01:24 +02:00
```c
2016-02-15 15:51:26 +01:00
bool ok;
ok = foo();
if (!ok) {
/* do something */
}
2020-06-12 15:15:04 -06:00
```
2016-02-15 15:51:26 +01:00
It makes the code more readable and is easy to debug.
2009-11-14 12:55:41 +01:00
2020-06-12 15:15:04 -06:00
### Typedefs
2009-11-14 12:55:41 +01:00
2020-06-12 15:15:04 -06:00
Samba tries to avoid `typedef struct { .. } x_t;` so we do always try to use
`struct x { .. };` . We know there are still such typedefs in the code,
2010-05-11 14:58:19 +02:00
but for new code, please don't do that anymore.
2009-11-16 10:52:27 +01:00
2020-06-12 15:15:04 -06:00
### Initialize pointers
2015-10-20 12:01:22 +02:00
All pointer variables MUST be initialized to NULL. History has
demonstrated that uninitialized pointer variables have lead to various
bugs and security issues.
Pointers MUST be initialized even if the assignment directly follows
the declaration, like pointer2 in the example below, because the
instructions sequence may change over time.
Good Example:
2024-06-28 13:01:24 +02:00
```c
2015-10-20 12:01:22 +02:00
char *pointer1 = NULL;
char *pointer2 = NULL;
pointer2 = some_func2();
...
pointer1 = some_func1();
2020-06-12 15:15:04 -06:00
```
2015-10-20 12:01:22 +02:00
Bad Example:
2024-06-28 13:01:24 +02:00
```c
2015-10-20 12:01:22 +02:00
char *pointer1;
char *pointer2;
pointer2 = some_func2();
...
pointer1 = some_func1();
2020-06-12 15:15:04 -06:00
```
2024-06-27 09:02:04 +01:00
### Initialize structs
All structures MUST be at least initialised to 0/NULL.
Current recommended initialization:
```c
struct somestruct {
int ival;
bool bval;
double dval;
char *sval;
};
struct somestruct var1 = {};
```
avoid:
```c
struct somestruct var1 = {0};
```
as it can be less portable, in particular if the first element of the struct in question is a nested struct.
Of course if specific members need non-zero initialization then use something like:
```c
struct bar {
int inner;
};
struct foo {
int outer;
struct bar nested;
};
struct foo var2 = {
.outer = 5,
.nested = {
.inner = 3,
},
};
```
2015-10-20 12:01:22 +02:00
2020-06-12 15:15:04 -06:00
### Make use of helper variables
2009-11-16 10:52:27 +01:00
Please try to avoid passing function calls as function parameters
in new code. This makes the code much easier to read and
it's also easier to use the "step" command within gdb.
2010-05-11 14:58:19 +02:00
Good Example:
2009-11-16 10:52:27 +01:00
2024-06-28 13:01:24 +02:00
```c
2015-10-20 12:01:22 +02:00
char *name = NULL;
2016-02-15 15:53:50 +01:00
int ret;
2009-11-16 10:52:27 +01:00
name = get_some_name();
if (name == NULL) {
...
}
ret = some_function_my_name(name);
...
2020-06-12 15:15:04 -06:00
```
2009-11-16 10:52:27 +01:00
2010-05-11 14:58:19 +02:00
Bad Example:
2009-11-16 10:52:27 +01:00
2024-06-28 13:01:24 +02:00
```c
2009-11-16 10:52:27 +01:00
ret = some_function_my_name(get_some_name());
...
2020-06-12 15:15:04 -06:00
```
2009-11-16 10:52:27 +01:00
2015-01-19 10:48:20 +01:00
Please try to avoid passing function return values to if- or
while-conditions. The reason for this is better handling of code under a
debugger.
Good example:
2024-06-28 13:01:24 +02:00
```c
2015-01-19 10:48:20 +01:00
x = malloc(sizeof(short)*10);
2015-01-20 12:07:38 +01:00
if (x == NULL) {
2015-01-19 10:48:20 +01:00
fprintf(stderr, "Unable to alloc memory!\n");
}
2020-06-12 15:15:04 -06:00
```
2015-01-19 10:48:20 +01:00
Bad example:
2024-06-28 13:01:24 +02:00
```c
2015-01-19 10:48:20 +01:00
if ((x = malloc(sizeof(short)*10)) == NULL ) {
fprintf(stderr, "Unable to alloc memory!\n");
}
2020-06-12 15:15:04 -06:00
```
2015-01-19 10:48:20 +01:00
There are exceptions to this rule. One example is walking a data structure in
an iterator style:
2024-06-28 13:01:24 +02:00
```c
2015-01-19 10:48:20 +01:00
while ((opt = poptGetNextOpt(pc)) != -1) {
... do something with opt ...
}
2020-06-12 15:15:04 -06:00
```
2015-01-19 10:48:20 +01:00
2018-11-21 15:58:21 +01:00
Another exception: DBG messages for example printing a SID or a GUID:
Here we don't expect any surprise from the printing functions, and the
main reason of this guideline is to make debugging easier. That reason
rarely exists for this particular use case, and we gain some
efficiency because the DBG_ macros don't evaluate their arguments if
the debuglevel is not high enough.
2024-06-28 13:01:24 +02:00
```c
2018-11-21 15:58:21 +01:00
if (!NT_STATUS_IS_OK(status)) {
struct dom_sid_buf sid_buf;
struct GUID_txt_buf guid_buf;
DBG_WARNING(
"objectSID [%s] for GUID [%s] invalid\n",
dom_sid_str_buf(objectsid, & sid_buf),
GUID_buf_string(& cache->entries[idx], &guid_buf));
}
2020-06-12 15:15:04 -06:00
```
2018-11-21 15:58:21 +01:00
2015-01-19 10:48:20 +01:00
But in general, please try to avoid this pattern.
2020-06-12 15:15:04 -06:00
### Control-Flow changing macros
2012-05-30 10:14:51 +02:00
2020-06-12 15:15:04 -06:00
Macros like `NT_STATUS_NOT_OK_RETURN` that change control flow
(`return` /`goto` /etc) from within the macro are considered bad, because
2012-05-30 10:14:51 +02:00
they look like function calls that never change control flow. Please
do not use them in new code.
The only exception is the test code that depends repeated use of calls
2020-06-12 15:15:04 -06:00
like `CHECK_STATUS` , `CHECK_VAL` and others.
2013-11-01 12:04:38 +00:00
2020-06-12 15:15:04 -06:00
### Error and out logic
2017-08-09 15:24:41 +02:00
Don't do this:
2024-06-28 13:01:24 +02:00
```c
2017-08-09 15:24:41 +02:00
frame = talloc_stackframe();
if (ret == LDB_SUCCESS) {
if (result->count == 0) {
ret = LDB_ERR_NO_SUCH_OBJECT;
} else {
struct ldb_message *match =
get_best_match(dn, result);
if (match == NULL) {
TALLOC_FREE(frame);
return LDB_ERR_OPERATIONS_ERROR;
}
*msg = talloc_move(mem_ctx, &match);
}
}
TALLOC_FREE(frame);
return ret;
2020-06-12 15:15:04 -06:00
```
2017-08-09 15:24:41 +02:00
It should be:
2024-06-28 13:01:24 +02:00
```c
2017-08-09 15:24:41 +02:00
frame = talloc_stackframe();
if (ret != LDB_SUCCESS) {
TALLOC_FREE(frame);
return ret;
}
if (result->count == 0) {
TALLOC_FREE(frame);
return LDB_ERR_NO_SUCH_OBJECT;
}
match = get_best_match(dn, result);
if (match == NULL) {
TALLOC_FREE(frame);
return LDB_ERR_OPERATIONS_ERROR;
}
*msg = talloc_move(mem_ctx, &match);
TALLOC_FREE(frame);
return LDB_SUCCESS;
2020-06-12 15:15:04 -06:00
```
2017-08-09 15:24:41 +02:00
2020-06-12 15:15:04 -06:00
### DEBUG statements
2013-11-01 12:04:38 +00:00
2015-10-21 11:12:22 -07:00
Use these following macros instead of DEBUG:
2013-11-01 12:04:38 +00:00
2024-06-28 13:01:24 +02:00
```c
2023-11-23 13:20:23 +01:00
DBG_ERR log level 0 error conditions
DBG_WARNING log level 1 warning conditions
DBG_NOTICE log level 3 normal, but significant, condition
DBG_INFO log level 5 informational message
DBG_DEBUG log level 10 debug-level message
2020-06-12 15:15:04 -06:00
```
2013-11-01 12:04:38 +00:00
2015-10-21 11:12:22 -07:00
Example usage:
2024-06-28 13:01:24 +02:00
```c
2015-10-21 11:12:22 -07:00
DBG_ERR("Memory allocation failed\n");
DBG_DEBUG("Received %d bytes\n", count);
2020-06-12 15:15:04 -06:00
```
2015-10-21 11:12:22 -07:00
The messages from these macros are automatically prefixed with the
function name.
2022-07-19 11:46:13 +02:00
### PRINT format specifiers PRIuxx
Use %PRIu32 instead of %u for uint32_t. Do not assume that this is valid:
/usr/include/inttypes.h
104:# define PRIu32 "u"
It could be possible to have a platform where "unsigned" is 64-bit. In theory
even 16-bit. The point is that "unsigned" being 32-bit is nowhere specified.
The PRIuxx specifiers are standard.
Example usage:
2024-06-28 13:01:24 +02:00
```c
2022-07-19 11:46:13 +02:00
D_DEBUG("Resolving %"PRIu32" SID(s).\n", state->num_sids);
```
Note:
Do not use PRIu32 for uid_t and gid_t, they do not have to be uint32_t.