test: add test for crash when adding a JOB_NOP

[elogind.git] / CODING_STYLE

diff --git a/CODING_STYLE b/CODING_STYLE
index 996897bcde976479faf2845d6ca7a5f6f9930250..0b1f809e79717812c0fdd007e1ef5786a5f4e916 100644 (file)
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -1,6 +1,9 @@
-

 - 8ch indent, no tabs
 
 - 8ch indent, no tabs
 

+- Don't break code lines too eagerly. We do *not* force line breaks at
+  80ch, all of today's screens should be much larger than that. But
+  then again, don't overdo it, ~140ch should be enough really.
+

 - Variables and functions *must* be static, unless they have a
   prototype, and are supposed to be exported.
 
 - Variables and functions *must* be static, unless they have a
   prototype, and are supposed to be exported.
 


@@ -10,27 +13,27 @@
 - The destructors always unregister the object from the next bigger
   object, not the other way around
 
 - The destructors always unregister the object from the next bigger
   object, not the other way around
 

-- To minimize strict aliasing violations we prefer unions over casting
+- To minimize strict aliasing violations, we prefer unions over casting

 
 

-- For robustness reasons destructors should be able to destruct
+- For robustness reasons, destructors should be able to destruct

   half-initialized objects, too
 
   half-initialized objects, too
 

-- Error codes are returned as negative Exxx. i.e. return -EINVAL. There
-  are some exceptions: for constructors its is OK to return NULL on
-  OOM. For lookup functions NULL is fine too for "not found".
+- Error codes are returned as negative Exxx. e.g. return -EINVAL. There
+  are some exceptions: for constructors, it is OK to return NULL on
+  OOM. For lookup functions, NULL is fine too for "not found".

 
   Be strict with this. When you write a function that can fail due to
   more than one cause, it *really* should have "int" as return value
   for the error code.
 
 
   Be strict with this. When you write a function that can fail due to
   more than one cause, it *really* should have "int" as return value
   for the error code.
 

-- Don't bother with error checking whether writing to stdout/stderr
+- Do not bother with error checking whether writing to stdout/stderr

   worked.
 
 - Do not log errors from "library" code, only do so from "main
   worked.
 
 - Do not log errors from "library" code, only do so from "main

-  program" code. (With one exception: it's OK to log with DEBUG level
+  program" code. (With one exception: it is OK to log with DEBUG level

   from any code, with the exception of maybe inner loops).
 
   from any code, with the exception of maybe inner loops).
 

-- Always check OOM. There's no excuse. In program code you can use
+- Always check OOM. There is no excuse. In program code, you can use

   "log_oom()" for then printing a short message, but not in "library" code.
 
 - Do not issue NSS requests (that includes user name and host name
   "log_oom()" for then printing a short message, but not in "library" code.
 
 - Do not issue NSS requests (that includes user name and host name


@@ -38,14 +41,14 @@
   lookups involve synchronously talking to services that we would need
   to start up
 
   lookups involve synchronously talking to services that we would need
   to start up
 

-- Don't synchronously talk to any other service from PID 1, due to
+- Do not synchronously talk to any other service from PID 1, due to

   risk of deadlocks
 
   risk of deadlocks
 

-- Avoid fixed sized string buffers, unless you really know the maximum
+- Avoid fixed-size string buffers, unless you really know the maximum

   size and that maximum size is small. They are a source of errors,
   size and that maximum size is small. They are a source of errors,

-  since they possibly result in truncated strings. Often it is nicer
-  to use dynamic memory, alloca() or VLAs. If you do allocate fixed
-  size strings on the stack, then it's probably only OK if you either
+  since they possibly result in truncated strings. It is often nicer
+  to use dynamic memory, alloca() or VLAs. If you do allocate fixed-size
+  strings on the stack, then it is probably only OK if you either

   use a maximum size such as LINE_MAX, or count in detail the maximum
   size a string can have. (DECIMAL_STR_MAX and DECIMAL_STR_WIDTH
   macros are your friends for this!)
   use a maximum size such as LINE_MAX, or count in detail the maximum
   size a string can have. (DECIMAL_STR_MAX and DECIMAL_STR_WIDTH
   macros are your friends for this!)


@@ -54,7 +57,7 @@
   doing something wrong!
 
 - Stay uniform. For example, always use "usec_t" for time
   doing something wrong!
 
 - Stay uniform. For example, always use "usec_t" for time

-  values. Don't usec mix msec, and usec and whatnot.
+  values. Do not mix usec and msec, and usec and whatnot.

 
 - Make use of _cleanup_free_ and friends. It makes your code much
   nicer to read!
 
 - Make use of _cleanup_free_ and friends. It makes your code much
   nicer to read!


@@ -74,9 +77,20 @@
       {
       }
 
       {
       }
 

-  But it's OK if you don't.
+  But it is OK if you do not.
+
+- Single-line "if" blocks should not be enclosed in {}. Use this:

 
 

-- Don't write "foo ()", write "foo()".
+  if (foobar)
+          waldo();
+
+  instead of this:
+
+  if (foobar) {
+          waldo();
+  }
+
+- Do not write "foo ()", write "foo()".

 
 - Please use streq() and strneq() instead of strcmp(), strncmp() where applicable.
 
 
 - Please use streq() and strneq() instead of strcmp(), strncmp() where applicable.
 


@@ -99,10 +113,10 @@
 
 - Unless you allocate an array, "double" is always the better choice
   than "float". Processors speak "double" natively anyway, so this is
 
 - Unless you allocate an array, "double" is always the better choice
   than "float". Processors speak "double" natively anyway, so this is

-  no speed benefit, and on calls like printf() "float"s get upgraded
+  no speed benefit, and on calls like printf() "float"s get promoted

   to "double"s anyway, so there is no point.
 
   to "double"s anyway, so there is no point.
 

-- Don't invoke functions when you allocate variables on the stack. Wrong:
+- Do not invoke functions when you allocate variables on the stack. Wrong:

 
   {
           int a = foobar();
 
   {
           int a = foobar();


@@ -123,24 +137,24 @@
   backwards!
 
 - Think about the types you use. If a value cannot sensibly be
   backwards!
 
 - Think about the types you use. If a value cannot sensibly be

-  negative don't use "int", but use "unsigned".
+  negative, do not use "int", but use "unsigned".

 
 

-- Don't use types like "short". They *never* make sense. Use ints,
+- Do not use types like "short". They *never* make sense. Use ints,

   longs, long longs, all in unsigned+signed fashion, and the fixed
   longs, long longs, all in unsigned+signed fashion, and the fixed

-  size types uint32_t and so on, as well as size_t but nothing else.
+  size types uint32_t and so on, as well as size_t, but nothing else.

 
 - Public API calls (i.e. functions exported by our shared libraries)
   must be marked "_public_" and need to be prefixed with "sd_". No
   other functions should be prefixed like that.
 
 
 - Public API calls (i.e. functions exported by our shared libraries)
   must be marked "_public_" and need to be prefixed with "sd_". No
   other functions should be prefixed like that.
 

-- In public API calls you *must* validate all your input arguments for
+- In public API calls, you *must* validate all your input arguments for

   programming error with assert_return() and return a sensible return
   programming error with assert_return() and return a sensible return

-  code. In all other calls it is recommended to check for programming
+  code. In all other calls, it is recommended to check for programming

   errors with a more brutal assert(). We are more forgiving to public
   users then for ourselves! Note that assert() and assert_return()
   really only should be used for detecting programming errors, not for
   runtime errors. assert() and assert_return() by usage of _likely_()
   errors with a more brutal assert(). We are more forgiving to public
   users then for ourselves! Note that assert() and assert_return()
   really only should be used for detecting programming errors, not for
   runtime errors. assert() and assert_return() by usage of _likely_()

-  inform the compiler that he shouldn't expect these checks to fail,
+  inform the compiler that he should not expect these checks to fail,

   and they inform fellow programmers about the expected validity and
   range of parameters.
 
   and they inform fellow programmers about the expected validity and
   range of parameters.
 


@@ -152,18 +166,32 @@
   function or a "non-logging" function. "Logging" functions do logging
   on their own, "non-logging" function never log on their own and
   expect their callers to log. All functions in "library" code,
   function or a "non-logging" function. "Logging" functions do logging
   on their own, "non-logging" function never log on their own and
   expect their callers to log. All functions in "library" code,

-  i.e. in src/shared/ and suchlike must be "non-logging". Everytime a
-  "logging" function calls a "non-logging" function it should log
+  i.e. in src/shared/ and suchlike must be "non-logging". Every time a
+  "logging" function calls a "non-logging" function, it should log

   about the resulting errors. If a "logging" function calls another
   "logging" function, then it should not generate log messages, so
   that log messages are not generated twice for the same errors.
 
 - Avoid static variables, except for caches and very few other
   cases. Think about thread-safety! While most of our code is never
   about the resulting errors. If a "logging" function calls another
   "logging" function, then it should not generate log messages, so
   that log messages are not generated twice for the same errors.
 
 - Avoid static variables, except for caches and very few other
   cases. Think about thread-safety! While most of our code is never

-  used in threaded environments at least the library code should make
+  used in threaded environments, at least the library code should make

   sure it works correctly in them. Instead of doing a lot of locking
   sure it works correctly in them. Instead of doing a lot of locking

-  for that we tend to prefer using TLS to do per-thread caching (which
+  for that, we tend to prefer using TLS to do per-thread caching (which

   only works for small, fixed-size cache objects), or we disable
   caching for any thread that is not the main thread. Use
   is_main_thread() to detect whether the calling thread is the main
   thread.
   only works for small, fixed-size cache objects), or we disable
   caching for any thread that is not the main thread. Use
   is_main_thread() to detect whether the calling thread is the main
   thread.

+
+- Command line option parsing:
+  - Do not print full help() on error, be specific about the error.
+  - Do not print messages to stdout on error.
+  - Do not POSIX_ME_HARDER unless necessary, i.e. avoid "+" in option string.
+
+- Do not write functions that clobber call-by-reference variables on
+  failure. Use temporary variables for these cases and change the
+  passed in variables only on success.
+
+- When you allocate a file descriptor, it should be made O_CLOEXEC
+  right from the beginning, as none of our files should leak to forked
+  binaries by default. Hence, whenever you open a file, O_CLOEXEC must
+  be specified, right from the beginning.