Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 1 | Busybox Style Guide |
| 2 | =================== |
| 3 | |
| 4 | This document describes the coding style conventions used in Busybox. If you |
| 5 | add a new file to Busybox or are editing an existing file, please format your |
| 6 | code according to this style. If you are the maintainer of a file that does |
| 7 | not follow these guidelines, please -- at your own convenience -- modify the |
| 8 | file(s) you maintain to bring them into conformance with this style guide. |
| 9 | Please note that this is a low priority task. |
| 10 | |
| 11 | To help you format the whitespace of your programs, an ".indent.pro" file is |
| 12 | included in the main Busybox source directory that contains option flags to |
| 13 | format code as per this style guide. This way you can run GNU indent on your |
| 14 | files by typing 'indent myfile.c myfile.h' and it will magically apply all the |
| 15 | right formatting rules to your file. Please _do_not_ run this on all the files |
| 16 | in the directory, just your own. |
| 17 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 18 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 19 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 20 | Declaration Order |
| 21 | ----------------- |
| 22 | |
| 23 | Here is the order in which code should be laid out in a file: |
| 24 | |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 25 | - commented program name and one-line description |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 26 | - commented author name and email address(es) |
| 27 | - commented GPL boilerplate |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 28 | - commented longer description / notes for the program (if needed) |
Mark Whitley | 9ead689 | 2001-03-03 00:44:55 +0000 | [diff] [blame] | 29 | - #includes of .h files with angle brackets (<>) around them |
| 30 | - #includes of .h files with quotes ("") around them |
| 31 | - #defines (if any, note the section below titled "Avoid the Preprocessor") |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 32 | - const and global variables |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 33 | - function declarations (if necessary) |
| 34 | - function implementations |
| 35 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 36 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 37 | |
| 38 | Whitespace and Formatting |
| 39 | ------------------------- |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 40 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 41 | This is everybody's favorite flame topic so let's get it out of the way right |
| 42 | up front. |
| 43 | |
| 44 | |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 45 | Tabs vs. Spaces in Line Indentation |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 46 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 47 | |
| 48 | The preference in Busybox is to indent lines with tabs. Do not indent lines |
| 49 | with spaces and do not indents lines using a mixture of tabs and spaces. (The |
| 50 | indentation style in the Apache and Postfix source does this sort of thing: |
| 51 | \s\s\s\sif (expr) {\n\tstmt; --ick.) The only exception to this rule is |
| 52 | multi-line comments that use an asterisk at the beginning of each line, i.e.: |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 53 | |
| 54 | /t/* |
| 55 | /t * This is a block comment. |
| 56 | /t * Note that it has multiple lines |
| 57 | /t * and that the beginning of each line has a tab plus a space |
| 58 | /t * except for the opening '/*' line where the slash |
| 59 | /t * is used instead of a space. |
| 60 | /t */ |
| 61 | |
| 62 | Furthermore, The preference is that tabs be set to display at four spaces |
| 63 | wide, but the beauty of using only tabs (and not spaces) at the beginning of |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 64 | lines is that you can set your editor to display tabs at *whatever* number of |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 65 | spaces is desired and the code will still look fine. |
| 66 | |
| 67 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 68 | Operator Spacing |
| 69 | ~~~~~~~~~~~~~~~~ |
| 70 | |
| 71 | Put spaces between terms and operators. Example: |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 72 | |
| 73 | Don't do this: |
| 74 | |
| 75 | for(i=0;i<num_items;i++){ |
| 76 | |
| 77 | Do this instead: |
| 78 | |
| 79 | for (i = 0; i < num_items; i++) { |
| 80 | |
| 81 | While it extends the line a bit longer, the spaced version is more |
| 82 | readable. An allowable exception to this rule is the situation where |
| 83 | excluding the spacing makes it more obvious that we are dealing with a |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 84 | single term (even if it is a compound term) such as: |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 85 | |
| 86 | if (str[idx] == '/' && str[idx-1] != '\\') |
| 87 | |
| 88 | or |
| 89 | |
| 90 | if ((argc-1) - (optind+1) > 0) |
| 91 | |
| 92 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 93 | Bracket Spacing |
| 94 | ~~~~~~~~~~~~~~~ |
| 95 | |
| 96 | If an opening bracket starts a function, it should be on the |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 97 | next line with no spacing before it. However, if a bracket follows an opening |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 98 | control block, it should be on the same line with a single space (not a tab) |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 99 | between it and the opening control block statement. Examples: |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 100 | |
| 101 | Don't do this: |
| 102 | |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 103 | while (!done) |
| 104 | { |
| 105 | |
| 106 | do |
| 107 | { |
| 108 | |
| 109 | Don't do this either: |
| 110 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 111 | while (!done){ |
Mark Whitley | 925edb8 | 2001-02-03 00:20:14 +0000 | [diff] [blame] | 112 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 113 | do{ |
| 114 | |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 115 | And for heaven's sake, don't do this: |
| 116 | |
| 117 | while (!done) |
| 118 | { |
Mark Whitley | 925edb8 | 2001-02-03 00:20:14 +0000 | [diff] [blame] | 119 | |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 120 | do |
| 121 | { |
| 122 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 123 | Do this instead: |
| 124 | |
| 125 | while (!done) { |
Mark Whitley | 925edb8 | 2001-02-03 00:20:14 +0000 | [diff] [blame] | 126 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 127 | do { |
| 128 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 129 | |
Mark Whitley | 925edb8 | 2001-02-03 00:20:14 +0000 | [diff] [blame] | 130 | Spacing around Parentheses |
| 131 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 132 | |
| 133 | Put a space between C keywords and left parens, but not between |
| 134 | function names and the left paren that starts it's parameter list (whether it |
| 135 | is being declared or called). Examples: |
| 136 | |
| 137 | Don't do this: |
| 138 | |
| 139 | while(foo) { |
| 140 | for(i = 0; i < n; i++) { |
| 141 | |
| 142 | Do this instead: |
| 143 | |
| 144 | while (foo) { |
| 145 | for (i = 0; i < n; i++) { |
| 146 | |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 147 | But do functions like this: |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 148 | |
| 149 | static int my_func(int foo, char bar) |
| 150 | ... |
| 151 | baz = my_func(1, 2); |
| 152 | |
Mark Whitley | 925edb8 | 2001-02-03 00:20:14 +0000 | [diff] [blame] | 153 | Also, don't put a space between the left paren and the first term, nor between |
| 154 | the last arg and the right paren. |
| 155 | |
| 156 | Don't do this: |
| 157 | |
| 158 | if ( x < 1 ) |
| 159 | strcmp( thisstr, thatstr ) |
| 160 | |
| 161 | Do this instead: |
| 162 | |
| 163 | if (x < 1) |
| 164 | strcmp(thisstr, thatstr) |
| 165 | |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 166 | |
| 167 | Cuddled Elses |
| 168 | ~~~~~~~~~~~~~ |
| 169 | |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 170 | Also, please "cuddle" your else statements by putting the else keyword on the |
| 171 | same line after the right bracket that closes an 'if' statement. |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 172 | |
| 173 | Don't do this: |
| 174 | |
| 175 | if (foo) { |
| 176 | stmt; |
| 177 | } |
| 178 | else { |
| 179 | stmt; |
| 180 | } |
| 181 | |
| 182 | Do this instead: |
| 183 | |
| 184 | if (foo) { |
| 185 | stmt; |
| 186 | } else { |
| 187 | stmt; |
| 188 | } |
| 189 | |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 190 | The exception to this rule is if you want to include a comment before the else |
| 191 | block. Example: |
| 192 | |
| 193 | if (foo) { |
| 194 | stmts... |
| 195 | } |
| 196 | /* otherwise, we're just kidding ourselves, so re-frob the input */ |
| 197 | else { |
| 198 | other_stmts... |
| 199 | } |
| 200 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 201 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 202 | |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 203 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 204 | Variable and Function Names |
| 205 | --------------------------- |
| 206 | |
| 207 | Use the K&R style with names in all lower-case and underscores occasionally |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 208 | used to separate words (e.g., "variable_name" and "numchars" are both |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 209 | acceptable). Using underscores makes variable and function names more readable |
| 210 | because it looks like whitespace; using lower-case is easy on the eyes. |
| 211 | |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 212 | Frowned upon: |
| 213 | |
| 214 | hitList |
| 215 | TotalChars |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 216 | szFileName |
| 217 | pf_Nfol_TriState |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 218 | |
| 219 | Preferred: |
| 220 | |
| 221 | hit_list |
| 222 | total_chars |
| 223 | file_name |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 224 | sensible_name |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 225 | |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 226 | Exceptions: |
| 227 | |
| 228 | - Enums, macros, and constant variables should all be in upper-case with |
| 229 | words optionally seperatedy by underscores (i.e. FIFOTYPE, ISBLKDEV()). |
| 230 | |
| 231 | - Nobody is going to get mad at you for using 'pvar' as the name of a |
| 232 | variable that is a pointer to 'var'. |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 233 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 234 | Note: The Busybox codebase is very much a mixture of code gathered from a |
Mark Whitley | 9028e2c | 2000-11-17 21:28:39 +0000 | [diff] [blame] | 235 | variety of sources. This explains why the current codebase contains such a |
| 236 | hodge-podge of different naming styles (Java, Pascal, K&R, just-plain-weird, |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 237 | etc.). The K&R guideline explained above should therefore be used on new files |
| 238 | that are added to the repository. Furthermore, the maintainer of an existing |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 239 | file that uses alternate naming conventions should -- at his own convenience |
| 240 | -- convert those names over to K&R style; converting variable names is a very |
| 241 | low priority task. Perhaps in the future we will include some magical Perl |
| 242 | script that can go through and convert variable names, left as an exercise for |
| 243 | the reader for now. |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 244 | |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 245 | For the time being, if you want to do a search-and-replace of a variable name |
| 246 | in different files, do the following in the busybox directory: |
| 247 | |
| 248 | $ perl -pi -e 's/\bOldVar\b/new_var/g' *.[ch] |
| 249 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 250 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 251 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 252 | Avoid The Preprocessor |
| 253 | ---------------------- |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 254 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 255 | At best, the preprocessor is a necessary evil, helping us account for platform |
| 256 | and architecture differences. Using the preprocessor unnecessarily is just |
| 257 | plain evil. |
Mark Whitley | 2368a38 | 2000-08-22 00:20:21 +0000 | [diff] [blame] | 258 | |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 259 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 260 | The Folly of #define |
| 261 | ~~~~~~~~~~~~~~~~~~~~ |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 262 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 263 | Use 'const <type> var' for declaring constants. |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 264 | |
| 265 | Don't do this: |
| 266 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 267 | #define var 80 |
| 268 | |
| 269 | Do this instead, when the variable is in a header file and will be used in |
| 270 | several source files: |
| 271 | |
| 272 | const int var = 80; |
| 273 | |
| 274 | Or do this when the variable is used only in a single source file: |
| 275 | |
| 276 | static const int var = 80; |
| 277 | |
| 278 | Declaring variables as '[static] const' gives variables an actual type and |
| 279 | makes the compiler do type checking for you; the preprocessor does _no_ type |
| 280 | checking whatsoever, making it much more error prone. Declaring variables with |
| 281 | '[static] const' also makes debugging programs much easier since the value of |
| 282 | the variable can be easily queried and displayed. |
| 283 | |
| 284 | |
| 285 | The Folly of Macros |
| 286 | ~~~~~~~~~~~~~~~~~~~ |
| 287 | |
| 288 | Use 'static inline' instead of a macro. |
| 289 | |
| 290 | Don't do this: |
| 291 | |
| 292 | #define mini_func(param1, param2) (param1 << param2) |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 293 | |
| 294 | Do this instead: |
| 295 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 296 | static inline int mini_func(int param1, param2) |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 297 | { |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 298 | return (param1 << param2); |
| 299 | } |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 300 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 301 | Static inline functions are greatly preferred over macros. They provide type |
| 302 | safety, have no length limitations, no formatting limitations, and under gcc |
| 303 | they are as cheap as macros. Besides, really long macros with backslashes at |
| 304 | the end of each line are ugly as sin. |
| 305 | |
| 306 | |
| 307 | The Folly of #ifdef |
| 308 | ~~~~~~~~~~~~~~~~~~~ |
| 309 | |
| 310 | Code cluttered with ifdefs is difficult to read and maintain. Don't do it. |
| 311 | Instead, put your ifdefs in a header, and conditionally define 'static inline' |
| 312 | functions, (or *maybe* macros), which are used in the code. |
| 313 | |
| 314 | Don't do this: |
| 315 | |
| 316 | ret = my_func(bar, baz); |
| 317 | if (!ret) |
| 318 | return -1; |
| 319 | #ifdef BB_FEATURE_FUNKY |
| 320 | maybe_do_funky_stuff(bar, baz); |
| 321 | #endif |
| 322 | |
| 323 | Do this instead: |
| 324 | |
| 325 | (in .h header file) |
| 326 | |
Mark Whitley | d238a7b | 2001-02-09 00:28:59 +0000 | [diff] [blame] | 327 | #ifdef BB_FEATURE_FUNKY |
| 328 | static inline void maybe_do_funky_stuff (int bar, int baz) |
| 329 | { |
| 330 | /* lotsa code in here */ |
| 331 | } |
| 332 | #else |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 333 | static inline void maybe_do_funky_stuff (int bar, int baz) {} |
| 334 | #endif |
| 335 | |
| 336 | (in the .c source file) |
| 337 | |
| 338 | ret = my_func(bar, baz); |
| 339 | if (!ret) |
| 340 | return -1; |
| 341 | maybe_do_funky_stuff(bar, baz); |
| 342 | |
| 343 | The great thing about this approach is that the compiler will optimize away |
Mark Whitley | d238a7b | 2001-02-09 00:28:59 +0000 | [diff] [blame] | 344 | the "no-op" case (the empty function) when the feature is turned off. |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 345 | |
| 346 | Note also the use of the word 'maybe' in the function name to indicate |
| 347 | conditional execution. |
| 348 | |
| 349 | |
| 350 | |
| 351 | Notes on Strings |
| 352 | ---------------- |
| 353 | |
| 354 | Strings in C can get a little thorny. Here's some guidelines for dealing with |
| 355 | strings in Busybox. (There is surely more that could be added to this |
| 356 | section.) |
| 357 | |
| 358 | |
| 359 | String Files |
| 360 | ~~~~~~~~~~~~ |
| 361 | |
| 362 | Put all help/usage messages in usage.c. Put other strings in messages.c. |
| 363 | Putting these strings into their own file is a calculated decision designed to |
| 364 | confine spelling errors to a single place and aid internationalization |
| 365 | efforts, if needed. (Side Note: we might want to use a single file - maybe |
| 366 | called 'strings.c' - instead of two, food for thought). |
| 367 | |
| 368 | |
| 369 | Testing String Equivalence |
| 370 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 371 | |
| 372 | There's a right way and a wrong way to test for sting equivalence with |
| 373 | strcmp(): |
| 374 | |
| 375 | The wrong way: |
| 376 | |
| 377 | if (!strcmp(string, "foo")) { |
| 378 | ... |
| 379 | |
| 380 | The right way: |
| 381 | |
| 382 | if (strcmp(string, "foo") == 0){ |
| 383 | ... |
| 384 | |
| 385 | The use of the "equals" (==) operator in the latter example makes it much more |
| 386 | obvious that you are testing for equivalence. The former example with the |
| 387 | "not" (!) operator makes it look like you are testing for an error. In a more |
| 388 | perfect world, we would have a streq() function in the string library, but |
| 389 | that ain't the world we're living in. |
| 390 | |
| 391 | |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 392 | Avoid Dangerous String Functions |
| 393 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 394 | |
| 395 | Unfortunately, the way C handles strings makes them prone to overruns when |
| 396 | certain library functions are (mis)used. The following table offers a summary |
| 397 | of some of the more notorious troublemakers: |
| 398 | |
| 399 | function overflows preferred |
| 400 | ---------------------------------------- |
| 401 | strcpy dest string strncpy |
| 402 | strcat dest string strncat |
| 403 | gets string it gets fgets |
| 404 | getwd buf string getcwd |
| 405 | [v]sprintf str buffer [v]snprintf |
| 406 | realpath path buffer use with pathconf |
| 407 | [vf]scanf its arguments just avoid it |
| 408 | |
| 409 | |
| 410 | The above is by no means a complete list. Be careful out there. |
| 411 | |
| 412 | |
| 413 | |
| 414 | Avoid Big Static Buffers |
| 415 | ------------------------ |
| 416 | |
| 417 | First, some background to put this discussion in context: Static buffers look |
| 418 | like this in code: |
| 419 | |
| 420 | /* in a .c file outside any functions */ |
| 421 | static char *buffer[BUFSIZ]; /* happily used by any function in this file, |
| 422 | but ick! big! */ |
| 423 | |
| 424 | The problem with these is that any time any busybox app is run, you pay a |
| 425 | memory penalty for this buffer, even if the applet that uses said buffer is |
| 426 | not run. This can be fixed, thusly: |
| 427 | |
Eric Andersen | d35c215 | 2001-01-25 23:49:09 +0000 | [diff] [blame] | 428 | static char *buffer; |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 429 | ... |
| 430 | other_func() |
| 431 | { |
| 432 | strcpy(buffer, lotsa_chars); /* happily uses global *buffer */ |
| 433 | ... |
| 434 | foo_main() |
| 435 | { |
| 436 | buffer = xmalloc(sizeof(char)*BUFSIZ); |
| 437 | ... |
| 438 | |
| 439 | However, this approach trades bss segment for text segment. Rather than |
| 440 | mallocing the buffers (and thus growing the text size), buffers can be |
| 441 | declared on the stack in the *_main() function and made available globally by |
| 442 | assigning them to a global pointer thusly: |
| 443 | |
Eric Andersen | d35c215 | 2001-01-25 23:49:09 +0000 | [diff] [blame] | 444 | static char *pbuffer; |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 445 | ... |
| 446 | other_func() |
| 447 | { |
| 448 | strcpy(pbuffer, lotsa_chars); /* happily uses global *pbuffer */ |
| 449 | ... |
| 450 | foo_main() |
| 451 | { |
| 452 | char *buffer[BUFSIZ]; /* declared locally, on stack */ |
| 453 | pbuffer = buffer; /* but available globally */ |
| 454 | ... |
| 455 | |
Eric Andersen | d35c215 | 2001-01-25 23:49:09 +0000 | [diff] [blame] | 456 | This last approach has some advantages (low code size, space not used until |
| 457 | it's needed), but can be a problem in some low resource machines that have |
Mark Whitley | d238a7b | 2001-02-09 00:28:59 +0000 | [diff] [blame] | 458 | very limited stack space (e.g., uCLinux). |
| 459 | |
| 460 | A macro is declared in busybox.h that implements compile-time selection |
| 461 | between xmalloc() and stack creation, so you can code the line in question as |
| 462 | |
Eric Andersen | d35c215 | 2001-01-25 23:49:09 +0000 | [diff] [blame] | 463 | RESERVE_BB_BUFFER(buffer, BUFSIZ); |
Mark Whitley | d238a7b | 2001-02-09 00:28:59 +0000 | [diff] [blame] | 464 | |
| 465 | and the right thing will happen, based on your configuration. |
Mark Whitley | a5b55ca | 2001-01-24 00:18:13 +0000 | [diff] [blame] | 466 | |
| 467 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 468 | |
| 469 | Miscellaneous Coding Guidelines |
| 470 | ------------------------------- |
| 471 | |
| 472 | The following are important items that don't fit into any of the above |
| 473 | sections. |
| 474 | |
| 475 | |
| 476 | Model Busybox Applets After GNU Counterparts |
| 477 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 478 | |
| 479 | When in doubt about the proper behavior of a Busybox program (output, |
| 480 | formatting, options, etc.), model it after the equivalent GNU program. |
| 481 | Doesn't matter how that program behaves on some other flavor of *NIX; doesn't |
| 482 | matter what the POSIX standard says or doesn't say, just model Busybox |
| 483 | programs after their GNU counterparts and nobody has to get hurt. |
| 484 | |
| 485 | The only time we deviate from emulating the GNU behavior is when: |
| 486 | |
| 487 | - We are deliberately not supporting a feature (such as a command line |
| 488 | switch) |
| 489 | - Emulating the GNU behavior is prohibitively expensive (lots more code |
| 490 | would be required, lots more memory would be used, etc.) |
Eric Andersen | 0730943 | 2000-11-29 22:12:19 +0000 | [diff] [blame] | 491 | - The difference is minor or cosmetic |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 492 | |
| 493 | A note on the 'cosmetic' case: Output differences might be considered |
| 494 | cosmetic, but if the output is significant enough to break other scripts that |
| 495 | use the output, it should really be fixed. |
| 496 | |
| 497 | |
| 498 | Scope |
| 499 | ~~~~~ |
| 500 | |
| 501 | If a const variable is used only in a single source file, put it in the source |
| 502 | file and not in a header file. Likewise, if a const variable is used in only |
| 503 | one function, do not make it global to the file. Instead, declare it inside |
Eric Andersen | 0730943 | 2000-11-29 22:12:19 +0000 | [diff] [blame] | 504 | the function body. Bottom line: Make a conscious effort to limit declarations |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 505 | to the smallest scope possible. |
| 506 | |
| 507 | Inside applet files, all functions should be declared static so as to keep the |
| 508 | global name space clean. The only exception to this rule is the "applet_main" |
| 509 | function which must be declared extern. |
| 510 | |
| 511 | If you write a function that performs a task that could be useful outside the |
| 512 | immediate file, turn it into a general-purpose function with no ties to any |
| 513 | applet and put it in the utility.c file instead. |
| 514 | |
| 515 | |
| 516 | Brackets Are Your Friends |
| 517 | ~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 518 | |
| 519 | Please use brackets on all if and else statements, even if it is only one |
| 520 | line. Example: |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 521 | |
| 522 | Don't do this: |
| 523 | |
| 524 | if (foo) |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 525 | stmt1; |
| 526 | stmt2 |
| 527 | stmt3; |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 528 | |
| 529 | Do this instead: |
| 530 | |
| 531 | if (foo) { |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 532 | stmt1; |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 533 | } |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 534 | stmt2 |
| 535 | stmt3; |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 536 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 537 | The "bracketless" approach is error prone because someday you might add a line |
| 538 | like this: |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 539 | |
| 540 | if (foo) |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 541 | stmt1; |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 542 | new_line(); |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 543 | stmt2 |
| 544 | stmt3; |
Mark Whitley | 40bfc76 | 2000-07-24 22:36:06 +0000 | [diff] [blame] | 545 | |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 546 | And the resulting behavior of your program would totally bewilder you. (Don't |
| 547 | laugh, it happens to us all.) Remember folks, this is C, not Python. |
| 548 | |
| 549 | |
| 550 | Function Declarations |
| 551 | ~~~~~~~~~~~~~~~~~~~~~ |
| 552 | |
| 553 | Do not use old-style function declarations that declare variable types between |
| 554 | the parameter list and opening bracket. Example: |
| 555 | |
| 556 | Don't do this: |
| 557 | |
| 558 | int foo(parm1, parm2) |
| 559 | char parm1; |
| 560 | float parm2; |
| 561 | { |
| 562 | .... |
| 563 | |
| 564 | Do this instead: |
| 565 | |
| 566 | int foo(char parm1, float parm2) |
| 567 | { |
| 568 | .... |
| 569 | |
| 570 | The only time you would ever need to use the old declaration syntax is to |
Eric Andersen | 0730943 | 2000-11-29 22:12:19 +0000 | [diff] [blame] | 571 | support ancient, antediluvian compilers. To our good fortune, we have access |
Mark Whitley | d58ff87 | 2000-11-22 19:25:39 +0000 | [diff] [blame] | 572 | to more modern compilers and the old declaration syntax is neither necessary |
| 573 | nor desired. |
| 574 | |
Mark Whitley | 3680c58 | 2000-12-20 22:35:12 +0000 | [diff] [blame] | 575 | |
| 576 | Emphasizing Logical Blocks |
| 577 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 578 | |
| 579 | Organization and readability are improved by putting extra newlines around |
| 580 | blocks of code that perform a single task. These are typically blocks that |
| 581 | begin with a C keyword, but not always. |
| 582 | |
| 583 | Furthermore, you should put a single comment (not necessarily one line, just |
| 584 | one comment) before the block, rather than commenting each and every line. |
| 585 | There is an optimal ammount of commenting that a program can have; you can |
| 586 | comment too much as well as too little. |
| 587 | |
| 588 | A picture is really worth a thousand words here, so here is an example that |
| 589 | illustrates emphasizing logical blocks: |
| 590 | |
| 591 | while (line = get_line_from_file(fp)) { |
| 592 | |
| 593 | /* eat the newline, if any */ |
| 594 | if (line[strlen(line)-1] == '\n') { |
| 595 | line[strlen(line)-1] = '\0'; |
| 596 | } |
| 597 | |
| 598 | /* ignore blank lines */ |
| 599 | if (strlen(file_to_act_on) == 0) { |
| 600 | continue; |
| 601 | } |
| 602 | |
| 603 | /* if the search string is in this line, print it, |
| 604 | * unless we were told to be quiet */ |
| 605 | if (strstr(line, search) && !be_quiet) { |
| 606 | puts(line); |
| 607 | } |
| 608 | |
| 609 | /* clean up */ |
| 610 | free(line); |
| 611 | } |
Mark Whitley | 9ead689 | 2001-03-03 00:44:55 +0000 | [diff] [blame] | 612 | |
| 613 | |
| 614 | Processing Options with getopt |
| 615 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 616 | |
| 617 | If your applet needs to process command-line switches, please use getopt() to |
| 618 | do so. Numerous examples can be seen in many of the existing applets, but |
| 619 | basically it boils down to two things: at the top of the .c file, have this |
| 620 | line in the midst of your #includes: |
| 621 | |
| 622 | #include <getopt.h> |
| 623 | |
| 624 | And a code block similar to the following near the top of your applet_main() |
| 625 | routine: |
| 626 | |
| 627 | while ((opt = getopt(argc, argv, "abc")) > 0) { |
| 628 | switch (opt) { |
| 629 | case 'a': |
| 630 | do_a_opt = 1; |
| 631 | break; |
| 632 | case 'b': |
| 633 | do_b_opt = 1; |
| 634 | break; |
| 635 | case 'c': |
| 636 | do_c_opt = 1; |
| 637 | break; |
| 638 | default: |
| 639 | show_usage(); /* in utility.c */ |
| 640 | } |
| 641 | } |
| 642 | |
| 643 | If your applet takes no options (such as 'init'), there should be a line |
| 644 | somewhere in the file reads: |
| 645 | |
| 646 | /* no options, no getopt */ |
| 647 | |
| 648 | That way, when people go grepping to see which applets need to be converted to |
| 649 | use getopt, they won't get false positives. |
| 650 | |
| 651 | Additional Note: Do not use the getopt_long library function and do not try to |
| 652 | hand-roll your own long option parsing. Busybox applets should only support |
| 653 | short options, plus explanations and examples in usage.h. |