styleguide/cppguide.html

5818 lines
179 KiB
HTML
Raw Normal View History

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Google C++ Style Guide</title>
<link rel="stylesheet" type="text/css" href="include/styleguide.css">
<script language="javascript" src="include/styleguide.js"></script>
</head>
<body onload="initStyleGuide();">
<div id="content">
<h1>Google C++ Style Guide</h1>
<div class="horizontal_toc" id="tocDiv"></div>
<div class="main_body">
<h2 class="ignoreLink" id="Background">Background</h2>
<p>C++ is the main development language used by
many of Google's open-source projects. As every C++
programmer knows, the language has many powerful features, but
this power brings with it complexity, which in turn can make
code more bug-prone and harder to read and maintain.</p>
<p>The goal of this guide is to manage this complexity by
describing in detail the dos and don'ts of writing C++ code.
These rules exist to
keep the code base manageable while still allowing
coders to use C++ language features productively.</p>
<p><em>Style</em>, also known as readability, is what we call
the conventions that govern our C++ code. The term Style is a
bit of a misnomer, since these conventions cover far more than
just source file formatting.</p>
<p>One way in which we keep the code base manageable is by
enforcing <em>consistency</em>. It is very
important that any
programmer be able to look at
another's code and quickly understand it. Maintaining a uniform
style and following conventions means that we can more easily
use "pattern-matching" to infer what various symbols are and
what invariants are true about them. Creating common, required
idioms and patterns makes code much easier to understand. In
some cases there might be good arguments for changing certain
style rules, but we nonetheless keep things as they are in
order to preserve consistency.</p>
<p>Another issue this guide addresses is that of C++ feature
bloat. C++ is a huge language with many advanced features. In
some cases we constrain, or even ban, use of certain features.
We do this to keep code simple and to avoid the various common
errors and problems that these features can cause. This guide
lists these features and explains why their use is
restricted.</p>
<p> Open-source projects
developed by Google conform to the requirements in this
guide.</p>
<p>Note that this guide is not a C++ tutorial: we assume that
the reader is familiar with the language. </p>
<h2 id="Header_Files">Header Files</h2>
<p>In general, every <code>.cc</code> file should have an
associated <code>.h</code> file. There are some common
exceptions, such as unittests and
small <code>.cc</code> files containing just a
<code>main()</code> function.</p>
<p>Correct use of header files can make a huge difference to
the readability, size and performance of your code.</p>
<p>The following rules will guide you through the various
pitfalls of using header files.</p>
<a id="The_-inl.h_Files"></a>
<h3 id="Self_contained_Headers">Self-contained Headers</h3>
<div class="summary">
<p>Header files should be self-contained and end in <code>.h</code>. Files that
are meant for textual inclusion, but are not headers, should end in
<code>.inc</code>. Separate <code>-inl.h</code> headers are disallowed.</p>
</div>
<div class="stylebody">
<p>All header files should be self-contained. In other
words, users and refactoring tools should not have to adhere to special
conditions in order to include the header. Specifically, a
header should have <a href="#The__define_Guard">header guards</a>,
should include all other headers it needs, and should not require any
particular symbols to be defined.</p>
<p>There are rare cases where a file is not meant to be self-contained, but
instead is meant to be textually included at a specific point in the code.
Examples are files that need to be included multiple times or
platform-specific extensions that essentially are part of other headers. Such
files should use the file extension <code>.inc</code>.</p>
<p>If a template or inline function is declared in a <code>.h</code> file,
define it in that same file. The definitions of these constructs must
be included into every <code>.cc</code> file that uses them, or the
program may fail to link in some build configurations. Do not move these
definitions to separate <code>-inl.h</code> files.</p>
<p>As an exception, a function template that is explicitly
instantiated for all relevant sets of template arguments, or
that is a private member of a class, may
be defined in the only <code>.cc</code> file that
instantiates the template.</p>
</div>
<h3 id="The__define_Guard">The #define Guard</h3>
<div class="summary">
<p>All header files should have <code>#define</code> guards to
prevent multiple inclusion. The format of the symbol name
should be
<code><i>&lt;PROJECT&gt;</i>_<i>&lt;PATH&gt;</i>_<i>&lt;FILE&gt;</i>_H_</code>.</p>
</div>
<div class="stylebody">
<p>To guarantee uniqueness, they should
be based on the full path in a project's source tree. For
example, the file <code>foo/src/bar/baz.h</code> in
project <code>foo</code> should have the following
guard:</p>
<pre>#ifndef FOO_BAR_BAZ_H_
#define FOO_BAR_BAZ_H_
...
#endif // FOO_BAR_BAZ_H_
</pre>
</div>
<h3 id="Forward_Declarations">Forward Declarations</h3>
<div class="summary">
<p>You may forward declare ordinary classes in order to avoid
unnecessary <code>#include</code>s.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>A "forward declaration" is a declaration of a class,
function, or template without an associated definition.
<code>#include</code> lines can often be replaced with
forward declarations of whatever symbols are actually
used by the client code.</p>
</div>
<div class="pros">
<ul>
<li>Unnecessary <code>#include</code>s force the
compiler to open more files and process more
input.</li>
<li>They can also force your code to be recompiled more
often, due to changes in the header.</li>
</ul>
</div>
<div class="cons">
<ul>
<li>It can be difficult to determine the correct form
of a forward declaration in the presence of features
like templates, typedefs, default parameters, and using
declarations.</li>
<li>It can be difficult to determine whether a forward
declaration or a full <code>#include</code> is needed
for a given piece of code, particularly when implicit
conversion operations are involved. In extreme cases,
replacing an <code>#include</code> with a forward
declaration can silently change the meaning of
code.</li>
<li>Forward declaring multiple symbols from a header
can be more verbose than simply
<code>#include</code>ing the header.</li>
<li>Forward declarations of functions and templates can
prevent the header owners from making
otherwise-compatible changes to their APIs; for
example, widening a parameter type, or adding a
template parameter with a default value.</li>
<li>Forward declaring symbols from namespace
<code>std::</code> usually yields undefined
behavior.</li>
<li>Structuring code to enable forward declarations
(e.g. using pointer members instead of object members)
can make the code slower and more complex.</li>
<li>The practical efficiency benefits of forward
declarations are unproven.</li>
</ul>
</div>
<div class="decision">
<ul>
<li>When using a function declared in a header file,
always <code>#include</code> that header.</li>
<li>When using a class template, prefer to
<code>#include</code> its header file.</li>
<li>When using an ordinary class, relying on a forward
declaration is OK, but be wary of situations where a
forward declaration may be insufficient or incorrect;
when in doubt, just <code>#include</code> the
appropriate header.</li>
<li>Do not replace data members with pointers just to
avoid an <code>#include</code>.</li>
</ul>
<p>Please see <a href="#Names_and_Order_of_Includes">Names and Order
of Includes</a> for rules about when to #include a header.</p>
</div>
</div>
<h3 id="Inline_Functions">Inline Functions</h3>
<div class="summary">
<p>Define functions inline only when they are small, say, 10
lines or less.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>You can declare functions in a way that allows the compiler to expand
them inline rather than calling them through the usual
function call mechanism.</p>
</div>
<div class="pros">
<p>Inlining a function can generate more efficient object
code, as long as the inlined function is small. Feel free
to inline accessors and mutators, and other short,
performance-critical functions.</p>
</div>
<div class="cons">
<p>Overuse of inlining can actually make programs slower.
Depending on a function's size, inlining it can cause the
code size to increase or decrease. Inlining a very small
accessor function will usually decrease code size while
inlining a very large function can dramatically increase
code size. On modern processors smaller code usually runs
faster due to better use of the instruction cache.</p>
</div>
<div class="decision">
<p>A decent rule of thumb is to not inline a function if
it is more than 10 lines long. Beware of destructors,
which are often longer than they appear because of
implicit member- and base-destructor calls!</p>
<p>Another useful rule of thumb: it's typically not cost
effective to inline functions with loops or switch
statements (unless, in the common case, the loop or
switch statement is never executed).</p>
<p>It is important to know that functions are not always
inlined even if they are declared as such; for example,
virtual and recursive functions are not normally inlined.
Usually recursive functions should not be inline. The
main reason for making a virtual function inline is to
place its definition in the class, either for convenience
or to document its behavior, e.g., for accessors and
mutators.</p>
</div>
</div>
<h3 id="Function_Parameter_Ordering">Function Parameter Ordering</h3>
<div class="summary">
<p>When defining a function, parameter order is: inputs, then
outputs.</p>
</div>
<div class="stylebody">
<p>Parameters to C/C++ functions are either input to the
function, output from the function, or both. Input
parameters are usually values or <code>const</code>
references, while output and input/output parameters will
be non-<code>const</code> pointers. When ordering
function parameters, put all input-only parameters before
any output parameters. In particular, do not add new
parameters to the end of the function just because they
are new; place new input-only parameters before the
output parameters.</p>
<p>This is not a hard-and-fast rule. Parameters that are
both input and output (often classes/structs) muddy the
waters, and, as always, consistency with related
functions may require you to bend the rule.</p>
</div>
<h3 id="Names_and_Order_of_Includes">Names and Order of Includes</h3>
<div class="summary">
<p>Use standard order for readability and to avoid hidden
dependencies: Related header, C library, C++ library, other libraries'
<code>.h</code>, your project's <code>.h</code>.</p>
</div>
<div class="stylebody">
<p>
All of a project's header files should be
listed as descendants of the project's source
directory without use of UNIX directory shortcuts
<code>.</code> (the current directory) or <code>..</code>
(the parent directory). For example,
<code>google-awesome-project/src/base/logging.h</code>
should be included as:</p>
<pre>#include "base/logging.h"
</pre>
<p>In <code><var>dir/foo</var>.cc</code> or
<code><var>dir/foo_test</var>.cc</code>, whose main
purpose is to implement or test the stuff in
<code><var>dir2/foo2</var>.h</code>, order your includes
as follows:</p>
<ol>
<li><code><var>dir2/foo2</var>.h</code>.</li>
<li>C system files.</li>
<li>C++ system files.</li>
<li>Other libraries' <code>.h</code>
files.</li>
<li>
Your project's <code>.h</code>
files.</li>
</ol>
<p>With the preferred ordering, if
<code><var>dir2/foo2</var>.h</code> omits any necessary
includes, the build of <code><var>dir/foo</var>.cc</code>
or <code><var>dir/foo</var>_test.cc</code> will break.
Thus, this rule ensures that build breaks show up first
for the people working on these files, not for innocent
people in other packages.</p>
<p><code><var>dir/foo</var>.cc</code> and
<code><var>dir2/foo2</var>.h</code> are usually in the same
directory (e.g. <code>base/basictypes_test.cc</code> and
<code>base/basictypes.h</code>), but may sometimes be in different
directories too.</p>
<p>Within each section the includes should be ordered
alphabetically. Note that older code might not conform to
this rule and should be fixed when convenient.</p>
<p>You should include all the headers that define the symbols you rely
upon (except in cases of <a href="#Forward_Declarations">forward
declaration</a>). If you rely on symbols from <code>bar.h</code>,
don't count on the fact that you included <code>foo.h</code> which
(currently) includes <code>bar.h</code>: include <code>bar.h</code>
yourself, unless <code>foo.h</code> explicitly demonstrates its intent
to provide you the symbols of <code>bar.h</code>. However, any
includes present in the related header do not need to be included
again in the related <code>cc</code> (i.e., <code>foo.cc</code> can
rely on <code>foo.h</code>'s includes).</p>
<p>For example, the includes in
<code>google-awesome-project/src/foo/internal/fooserver.cc</code>
might look like this:</p>
<pre>#include "foo/server/fooserver.h"
#include &lt;sys/types.h&gt;
#include &lt;unistd.h&gt;
#include &lt;hash_map&gt;
#include &lt;vector&gt;
#include "base/basictypes.h"
#include "base/commandlineflags.h"
#include "foo/server/bar.h"
</pre>
<p class="exception">Sometimes, system-specific code needs
conditional includes. Such code can put conditional
includes after other includes. Of course, keep your
system-specific code small and localized. Example:</p>
<pre>#include "foo/public/fooserver.h"
#include "base/port.h" // For LANG_CXX11.
#ifdef LANG_CXX11
#include &lt;initializer_list&gt;
#endif // LANG_CXX11
</pre>
</div>
<h2 id="Scoping">Scoping</h2>
<h3 id="Namespaces">Namespaces</h3>
<div class="summary">
<p>Unnamed namespaces in <code>.cc</code> files are
encouraged. With named namespaces, choose the name based on
the
project, and possibly its
path. Do not use a <i>using-directive</i>.
Do not use inline namespaces.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>Namespaces subdivide the global scope
into distinct, named scopes, and so are useful for preventing
name collisions in the global scope.</p>
</div>
<div class="pros">
<p>Namespaces provide a (hierarchical) axis of naming, in
addition to the (also hierarchical) name axis provided by
classes.</p>
<p>For example, if two different projects have a class
<code>Foo</code> in the global scope, these symbols may
collide at compile time or at runtime. If each project
places their code in a namespace,
<code>project1::Foo</code> and <code>project2::Foo</code>
are now distinct symbols that do not collide.</p>
<p>Inline namespaces automatically place their names in
the enclosing scope. Consider the following snippet, for
example:</p>
<pre>namespace X {
inline namespace Y {
void foo();
}
}
</pre>
<p>The expressions <code>X::Y::foo()</code> and
<code>X::foo()</code> are interchangeable. Inline
namespaces are primarily intended for ABI compatibility
across versions.</p>
</div>
<div class="cons">
<p>Namespaces can be confusing, because they provide an
additional (hierarchical) axis of naming, in addition to
the (also hierarchical) name axis provided by
classes.</p>
<p>Inline namespaces, in particular, can be confusing
because names aren't actually restricted to the namespace
where they are declared. They are only useful as part of
some larger versioning policy.</p>
<p>Use of unnamed namespaces in header files can easily
cause violations of the C++ One Definition Rule
(ODR).</p>
</div>
<div class="decision">
<p>Use namespaces according to the policy described
below. Terminate namespaces with comments as shown in the
given examples.</p>
</div>
<h4 class="stylepoint_subsection">Unnamed Namespaces</h4>
<ul>
<li>
<p>Unnamed namespaces are allowed and even encouraged
in <code>.cc</code> files, to avoid link time naming
conflicts:</p>
<pre>namespace { // This is in a .cc file.
// The content of a namespace is not indented.
//
// This function is guaranteed not to generate a colliding symbol
// with other symbols at link time, and is only visible to
// callers in this .cc file.
bool UpdateInternals(Frobber* f, int newval) {
...
}
} // namespace
</pre>
<p>However, file-scope declarations that are
associated with a particular class may be declared in
that class as types, static data members or static
member functions rather than as members of an unnamed
namespace.</p>
</li>
<li>Do not use unnamed namespaces in <code>.h</code>
files.</li>
</ul>
<h4 class="stylepoint_subsection">Named Namespaces</h4>
<p>Named namespaces should be used as follows:</p>
<ul>
<li>
<p>Namespaces wrap the entire source file after
includes,
<a href="http://google-gflags.googlecode.com/">
gflags</a> definitions/declarations, and
forward declarations of classes from other namespaces:</p>
<pre>// In the .h file
namespace mynamespace {
// All declarations are within the namespace scope.
// Notice the lack of indentation.
class MyClass {
public:
...
void Foo();
};
} // namespace mynamespace
</pre>
<pre>// In the .cc file
namespace mynamespace {
// Definition of functions is within scope of the namespace.
void MyClass::Foo() {
...
}
} // namespace mynamespace
</pre>
<p>The typical <code>.cc</code> file might have more
complex detail, including the need to reference
classes in other namespaces.</p>
<pre>#include "a.h"
DEFINE_bool(someflag, false, "dummy flag");
class C; // Forward declaration of class C in the global namespace.
namespace a { class A; } // Forward declaration of a::A.
namespace b {
...code for b... // Code goes against the left margin.
} // namespace b
</pre>
</li>
<li>Do not declare anything in namespace
<code>std</code>, not even forward declarations of
standard library classes. Declaring entities in
namespace <code>std</code> is undefined behavior, i.e.,
not portable. To declare entities from the standard
library, include the appropriate header file.</li>
<li><p>You may not use a <i>using-directive</i>
to make all names from a namespace available.</p>
<pre class="badcode">// Forbidden -- This pollutes the namespace.
using namespace foo;
</pre>
</li>
<li><p>You may use a <i>using-declaration</i>
anywhere in a <code>.cc</code> file, and in functions,
methods or classes in <code>.h</code> files.</p>
<pre>// OK in .cc files.
// Must be in a function, method or class in .h files.
using ::foo::bar;
</pre>
</li>
<li><p>Namespace aliases are allowed anywhere in a <code>
.cc</code> file, anywhere inside the named namespace
that wraps an entire <code>.h</code> file, and in
functions and methods.</p>
<pre>// Shorten access to some commonly used names in .cc files.
namespace fbz = ::foo::bar::baz;
// Shorten access to some commonly used names (in a .h file).
namespace librarian {
// The following alias is available to all files including
// this header (in namespace librarian):
// alias names should therefore be chosen consistently
// within a project.
namespace pd_s = ::pipeline_diagnostics::sidetable;
inline void my_inline_function() {
// namespace alias local to a function (or method).
namespace fbz = ::foo::bar::baz;
...
}
} // namespace librarian
</pre>
<p>Note that an alias in a .h file is visible to
everyone #including that file, so public headers
(those available outside a project) and headers
transitively #included by them, should avoid defining
aliases, as part of the general goal of keeping
public APIs as small as possible.</p>
</li>
<li>Do not use inline namespaces.</li>
</ul>
</div>
<h3 id="Nested_Classes">Nested Classes</h3>
<div class="summary">
<p>Although you may use public nested classes when they are
part of an interface, consider a <a href="#Namespaces">namespace</a>
to keep declarations out of the global scope.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>A class can define another class within it; this is also
called a <i>member class</i>.</p>
<pre>class Foo {
private:
// Bar is a member class, nested within Foo.
class Bar {
...
};
};
</pre>
</div>
<div class="pros">
<p>This is useful when the nested (or member) class is only
used by the enclosing class; making it a member puts it
in the enclosing class scope rather than polluting the
outer scope with the class name. Nested classes can be
forward declared within the enclosing class and then
defined in the <code>.cc</code> file to avoid including
the nested class definition in the enclosing class
declaration, since the nested class definition is usually
only relevant to the implementation.</p>
</div>
<div class="cons">
<p>Nested classes can be forward-declared only within the
definition of the enclosing class. Thus, any header file
manipulating a <code>Foo::Bar*</code> pointer will have
to include the full class declaration for
<code>Foo</code>.</p>
</div>
<div class="decision">
<p>Do not make nested classes public unless they are
actually part of the interface, e.g., a class that holds a
set of options for some method. </p>
</div>
</div>
<h3 id="Nonmember,_Static_Member,_and_Global_Functions">Nonmember, Static Member, and Global Functions</h3>
<div class="summary">
<p>Prefer nonmember functions within a namespace or static
member functions to global functions; use completely global
functions rarely.</p>
</div>
<div class="stylebody">
<div class="pros">
<p>Nonmember and static member functions can be useful in
some situations. Putting nonmember functions in a
namespace avoids polluting the global namespace.</p>
</div>
<div class="cons">
<p>Nonmember and static member functions may make more sense
as members of a new class, especially if they access
external resources or have significant dependencies.</p>
</div>
<div class="decision">
<p>Sometimes it is useful, or even necessary, to define a
function not bound to a class instance. Such a function
can be either a static member or a nonmember function.
Nonmember functions should not depend on external
variables, and should nearly always exist in a namespace.
Rather than creating classes only to group static member
functions which do not share static data, use
<a href="#Namespaces">namespaces</a> instead.</p>
<p>Functions defined in the same compilation unit as
production classes may introduce unnecessary coupling and
link-time dependencies when directly called from other
compilation units; static member functions are
particularly susceptible to this. Consider extracting a
new class, or placing the functions in a namespace
possibly in a separate library.</p>
<p>If you must define a nonmember function and it is only
needed in its <code>.cc</code> file, use an unnamed
<a href="#Namespaces">namespace</a> or
<code>static</code> linkage (eg <code>static int Foo()
{...}</code>) to limit its scope.</p>
</div>
</div>
<h3 id="Local_Variables">Local Variables</h3>
<div class="summary">
<p>Place a function's variables in the narrowest scope
possible, and initialize variables in the declaration.</p>
</div>
<div class="stylebody">
<p>C++ allows you to declare variables anywhere in a
function. We encourage you to declare them in as local a
scope as possible, and as close to the first use as
possible. This makes it easier for the reader to find the
declaration and see what type the variable is and what it
was initialized to. In particular, initialization should
be used instead of declaration and assignment, e.g.:</p>
<pre class="badcode">int i;
i = f(); // Bad -- initialization separate from declaration.
</pre>
<pre>int j = g(); // Good -- declaration has initialization.
</pre>
<pre class="badcode">vector&lt;int&gt; v;
v.push_back(1); // Prefer initializing using brace initialization.
v.push_back(2);
</pre>
<pre>vector&lt;int&gt; v = {1, 2}; // Good -- v starts initialized.
</pre>
<p>Variables needed for <code>if</code>, <code>while</code>
and <code>for</code> statements should normally be declared
within those statements, so that such variables are confined
to those scopes. E.g.:</p>
<pre>while (const char* p = strchr(str, '/')) str = p + 1;
</pre>
<p>There is one caveat: if the variable is an object, its
constructor is invoked every time it enters scope and is
created, and its destructor is invoked every time it goes
out of scope.</p>
<pre class="badcode">// Inefficient implementation:
for (int i = 0; i &lt; 1000000; ++i) {
Foo f; // My ctor and dtor get called 1000000 times each.
f.DoSomething(i);
}
</pre>
<p>It may be more efficient to declare such a variable
used in a loop outside that loop:</p>
<pre>Foo f; // My ctor and dtor get called once each.
for (int i = 0; i &lt; 1000000; ++i) {
f.DoSomething(i);
}
</pre>
</div>
<h3 id="Static_and_Global_Variables">Static and Global Variables</h3>
<div class="summary">
<p>Static or global variables of class type are forbidden:
they cause hard-to-find bugs due to indeterminate order of
construction and destruction. However, such variables are
allowed if they are <code>constexpr</code>: they have no
dynamic initialization or destruction.</p>
</div>
<div class="stylebody">
<p>Objects with static storage duration, including global
variables, static variables, static class member
variables, and function static variables, must be Plain
Old Data (POD): only ints, chars, floats, or pointers, or
arrays/structs of POD.</p>
<p>The order in which class constructors and initializers
for static variables are called is only partially
specified in C++ and can even change from build to build,
which can cause bugs that are difficult to find.
Therefore in addition to banning globals of class type,
we do not allow static POD variables to be initialized
with the result of a function, unless that function (such
as getenv(), or getpid()) does not itself depend on any
other globals. (This prohibition does not apply to a static
variable within function scope, since its initialization
order is well-defined and does not occur until control
passes through its declaration.)</p>
<p>Likewise, global and static variables are destroyed
when the program terminates, regardless of whether the
termination is by returning from <code>main()</code> or
by calling <code>exit()</code>. The order in which
destructors are called is defined to be the reverse of
the order in which the constructors were called. Since
constructor order is indeterminate, so is destructor
order. For example, at program-end time a static variable
might have been destroyed, but code still running
&#8212; perhaps in another thread
&#8212; tries to access it and fails. Or the
destructor for a static <code>string</code> variable
might be run prior to the destructor for another variable
that contains a reference to that string.</p>
<p>One way to alleviate the destructor problem is to
terminate the program by calling
<code>quick_exit()</code> instead of <code>exit()</code>.
The difference is that <code>quick_exit()</code> does not
invoke destructors and does not invoke any handlers that
were registered by calling <code>atexit()</code>. If you
have a handler that needs to run when a program
terminates via <code>quick_exit()</code> (flushing logs,
for example), you can register it using
<code>at_quick_exit()</code>. (If you have a handler that
needs to run at both <code>exit()</code> and
<code>quick_exit()</code>, you need to register it in
both places.)</p>
<p>As a result we only allow static variables to contain
POD data. This rule completely disallows
<code>vector</code> (use C arrays instead), or
<code>string</code> (use <code>const char []</code>).</p>
<p>If you need a static or global
variable of a class type, consider initializing a pointer
(which will never be freed), from either your main()
function or from pthread_once(). Note that this must be a
raw pointer, not a "smart" pointer, since the smart
pointer's destructor will have the order-of-destructor
issue that we are trying to avoid.</p>
</div>
<h2 id="Classes">Classes</h2>
<p>Classes are the fundamental unit of code in C++. Naturally,
we use them extensively. This section lists the main dos and
don'ts you should follow when writing a class.</p>
<h3 id="Doing_Work_in_Constructors">Doing Work in Constructors</h3>
<div class="summary">
<p>Avoid doing complex initialization in constructors (in
particular, initialization that can fail or that requires
virtual method calls).</p>
</div>
<div class="stylebody">
<div class="definition">
<p>It is possible to perform initialization in the body
of the constructor.</p>
</div>
<div class="pros">
<p>Convenience in typing. No need to worry about whether the
class has been initialized or not.</p>
</div>
<div class="cons">
<p>The problems with doing work in constructors are:</p>
<ul>
<li>There is no easy way for constructors to signal
errors, short of using exceptions (which are
<a href="#Exceptions">forbidden</a>).</li>
<li>If the work fails, we now have an object whose
initialization code failed, so it may be an
indeterminate state.</li>
<li>If the work calls virtual functions, these calls
will not get dispatched to the subclass
implementations. Future modification to your class can
quietly introduce this problem even if your class is
not currently subclassed, causing much confusion.</li>
<li>If someone creates a global variable of this type
(which is against the rules, but still), the
constructor code will be called before
<code>main()</code>, possibly breaking some implicit
assumptions in the constructor code. For instance,
<a href="http://google-gflags.googlecode.com/">gflags</a>
will not yet have been initialized.</li>
</ul>
</div>
<div class="decision">
<p>Constructors should never call virtual functions or
attempt to raise non-fatal failures. If your object requires
non-trivial initialization, consider using
a factory function or <code>Init()</code>
method.</p>
</div>
</div>
<h3 id="Initialization">Initialization</h3>
<div class="summary">
<p>If your class defines member variables, you must provide an
in-class initializer for every member variable or write a
constructor (which can be a default constructor). If you do
not declare any constructors yourself then the compiler
will generate a default constructor for you, which may
leave some fields uninitialized or initialized to
inappropriate values.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>The default constructor is called when we
<code>new</code> a class object with no arguments. It is always
called when calling <code>new[]</code> (for arrays). In-class
member initialization means declaring a member variable using a
construction like <code>int count_ = 17;</code> or
<code>string name_{"abc"};</code>, as opposed to just
<code>int count_;</code> or <code>string name_;</code>.</p>
</div>
<div class="pros">
<p>A user-defined default constructor is used to
initialize an object if no initializer is provided. It
can ensure that an object is always in a valid and usable
state as soon as it's constructed; it can also ensure
that an object is initially created in an obviously
"impossible" state, to aid debugging.</p>
<p>In-class member initialization ensures that a member
variable will be initialized appropriately without having
to duplicate the initialization code in multiple
constructors. This can reduce bugs where you add a new
member variable, initialize it in one constructor, and
forget to put that initialization code in another
constructor.</p>
</div>
<div class="cons">
<p>Explicitly defining a default constructor is extra
work for you, the code writer.</p>
<p>In-class member initialization is potentially
confusing if a member variable is initialized as part of
its declaration and also initialized in a constructor,
since the value in the constructor will override the
value in the declaration.</p>
</div>
<div class="decision">
<p>Use in-class member initialization for simple
initializations, especially when a member variable must
be initialized the same way in more than one
constructor.</p>
<p>If your class defines member variables that aren't
initialized in-class, and if it has no other
constructors, you must define a default constructor (one
that takes no arguments). It should preferably initialize
the object in such a way that its internal state is
consistent and valid.</p>
<p>The reason for this is that if you have no other
constructors and do not define a default constructor, the
compiler will generate one for you. This compiler
generated constructor may not initialize your object
sensibly.</p>
<p>If your class inherits from an existing class but you
add no new member variables, you are not required to have
a default constructor. </p>
</div>
</div>
<h3 id="Explicit_Constructors">Explicit Constructors</h3>
<div class="summary">
<p>Use the C++ keyword <code>explicit</code> for constructors
callable with one argument.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> Normally, if a
constructor can be called with one argument, it can be used as a
conversion. For instance, if you define
<code>Foo::Foo(string name)</code> and then pass a string
to a function that expects a <code>Foo</code>, the
constructor will be called to convert the string into a
<code>Foo</code> and will pass the <code>Foo</code> to
your function for you. This can be convenient but is also
a source of trouble when things get converted and new
objects created without you meaning them to. Declaring a
constructor <code>explicit</code> prevents it from being
invoked implicitly as a conversion.</p>
<p>In addition to single-parameter constructors, this also
applies to constructors where every parameter after the
first has a default value, e.g.,
<code>Foo::Foo(string name, int id = 42)</code>.</p>
</div>
<div class="pros">
<p>Avoids undesirable conversions.</p>
</div>
<div class="cons">
<p>None.</p>
</div>
<div class="decision">
<p>We require all constructors that are callable with
a single argument to be
explicit. Always put <code>explicit</code> in front of
such constructors in the class definition:
<code>explicit Foo(string name);</code></p>
<p>Copy and move constructors are exceptions: they should not be
<code>explicit</code>. Classes that are intended to be transparent
wrappers around other classes are also exceptions.
Such exceptions should be clearly marked with
comments.</p>
<p>Finally, constructors that take only a
<code>std::initializer_list</code> may be non-explicit. This permits
construction of your type from a <a href="#Braced_Initializer_List">braced initializer list</a>, as in an assignment-style initialization,
function argument, or return statement. For example:</p>
<pre> MyType m = {1, 2};
MyType MakeMyType() { return {1, 2}; }
TakeMyType({1, 2});
</pre>
</div>
</div>
<h3 id="Copyable_Movable_Types">Copyable and Movable Types</h3>
<a id="Copy_Constructors"></a>
<div class="summary">
<p>Support copying and/or moving if it makes sense for your type.
Otherwise, disable the implicitly generated special
functions that perform copies and moves.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>A copyable type allows its objects to be initialized or assigned
from any other object of the same type, without changing the value of the source.
For user-defined types, the copy behavior is defined by the copy
constructor and the copy-assignment operator.
<code>string</code> is an example of a copyable type.</p>
<p>A movable type is one that can be initialized and assigned
from temporaries (all copyable types are therefore movable).
<code>std::unique_ptr&lt;int&gt;</code> is an example of a movable but not
copyable type. For user-defined types, the move behavior is defined by the move
constructor and the move-assignment operator.</p>
<p>The copy/move constructors can be implicitly invoked by the compiler
in some situations, e.g. when passing objects by value.</p>
</div>
<div class="pros">
<p>Objects of copyable and movable types can be passed and returned
by value, which makes APIs simpler, safer, and more general.
Unlike when passing pointers or references, there's no risk of
confusion over ownership, lifetime, mutability, and similar
issues, and no need to specify them in the contract. It also
prevents non-local interactions between the client and the
implementation, which makes them easier to understand and
maintain. Such objects can be used with generic
APIs that require pass-by-value, such as most containers.</p>
<p>Copy/move constructors and assignment operators are usually
easier to define correctly than alternatives
like <code>Clone()</code>, <code>CopyFrom()</code> or <code>Swap()</code>,
because they can be generated by the compiler, either implicitly or
with <code>= default</code>. They are concise, and ensure
that all data members are copied. Copy and move
constructors are also generally more efficient, because they don't
require heap allocation or separate initialization and assignment
steps, and they're eligible for optimizations such as
<a href="http://en.cppreference.com/w/cpp/language/copy_elision">
copy elision</a>.</p>
<p>Move operations allow the implicit and efficient transfer of
resources out of rvalue objects. This allows a plainer coding style
in some cases.</p>
</div>
<div class="cons">
<p>Many types do not need to be copyable, and providing copy
operations for them can be confusing, nonsensical, or outright
incorrect. Copy/assigment operations for base class types are
hazardous, because use of them can lead to
<a href="http://en.wikipedia.org/wiki/Object_slicing">object
slicing</a>. Defaulted or carelessly-implemented copy operations
can be incorrect, and the resulting bugs can be confusing and
difficult to diagnose.</p>
<p>Copy constructors are invoked implicitly, which makes the
invocation easy to miss. This may cause confusion, particularly
for programmers used to languages where pass-by-reference is
conventional or mandatory. It may also encourage excessive
copying, which can cause performance problems.</p>
</div>
<div class="decision">
<p>Make your type copyable/movable if it will be useful, and if it
makes sense in the context of the rest of the API.
As a rule of thumb, if the behavior (including computational
complexity) of a copy isn't immediately obvious to users of your type,
your type shouldn't be copyable. If you choose to make it copyable,
define both copy operations (constructor and assignment). If your
type is copyable and a move operation is more efficient than a copy,
define both move operations (constructor and assignment).
If your type is not copyable, but the correctness of a move is obvious
to users of the type and its fields support it, you may make the type
move-only by defining both of the move operations.
</p>
<p>Prefer to define copy and move operations with <code>= default</code>.
Defining non-default move operations currently requires a style
exception. Remember to review the correctness of any defaulted
operations as you would any other code.
</p>
<p>Due to the risk of slicing, avoid providing an assignment
operator or public copy/move constructor for a class that's
intended to be derived from (and avoid deriving from a class
with such members). If your base class needs to be
copyable, provide a public virtual <code>Clone()</code>
method, and a protected copy constructor that derived classes
can use to implement it.</p>
<p>If you do not want to support copy/move operations on
your type, explicitly disable them using <code>= delete</code> or
whatever
other mechanism your project uses.
</p></div>
</div>
<h3 id="Delegating_and_inheriting_constructors">Delegating and Inheriting Constructors</h3>
<div class="summary">
<p> Use delegating and inheriting
constructors when they reduce code duplication.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>Delegating and inheriting constructors are two
different features, both introduced in C++11, for
reducing code duplication in constructors. Delegating
constructors allow one of a class's constructors to
forward work to one of the class's other constructors,
using a special variant of the initialization list
syntax. For example:</p>
<pre>X::X(const string&amp; name) : name_(name) {
...
}
X::X() : X("") { }
</pre>
<p>Inheriting constructors allow a derived class to have
its base class's constructors available directly, just as
with any of the base class's other member functions,
instead of having to redeclare them. This is especially
useful if the base has multiple constructors. For
example:</p>
<pre>class Base {
public:
Base();
Base(int n);
Base(const string&amp; s);
...
};
class Derived : public Base {
public:
using Base::Base; // Base's constructors are redeclared here.
};
</pre>
<p>This is especially useful when <code>Derived</code>'s
constructors don't have to do anything more than calling
<code>Base</code>'s constructors.</p>
</div>
<div class="pros">
<p>Delegating and inheriting constructors reduce
verbosity and boilerplate, which can improve
readability.</p>
<p>Delegating constructors are familiar to Java
programmers.</p>
</div>
<div class="cons">
<p>It's possible to approximate the behavior of
delegating constructors by using a helper function.</p>
<p>Inheriting constructors may be confusing if a derived
class introduces new member variables, since the base
class constructor doesn't know about them.</p>
</div>
<div class="decision">
<p>Use delegating and inheriting constructors when they reduce
boilerplate and improve readability.
Be cautious about inheriting constructors when your derived class has
new member variables. Inheriting constructors may still be appropriate
in that case if you can use in-class member initialization
for the derived class's member variables.</p>
</div>
</div>
<h3 id="Structs_vs._Classes">Structs vs. Classes</h3>
<div class="summary">
<p>Use a <code>struct</code> only for passive objects that
carry data; everything else is a <code>class</code>.</p>
</div>
<div class="stylebody">
<p>The <code>struct</code> and <code>class</code>
keywords behave almost identically in C++. We add our own
semantic meanings to each keyword, so you should use the
appropriate keyword for the data-type you're
defining.</p>
<p><code>structs</code> should be used for passive
objects that carry data, and may have associated
constants, but lack any functionality other than
access/setting the data members. The accessing/setting of
fields is done by directly accessing the fields rather
than through method invocations. Methods should not
provide behavior but should only be used to set up the
data members, e.g., constructor, destructor,
<code>Initialize()</code>, <code>Reset()</code>,
<code>Validate()</code>.</p>
<p>If more functionality is required, a
<code>class</code> is more appropriate. If in doubt, make
it a <code>class</code>.</p>
<p>For consistency with STL, you can use
<code>struct</code> instead of <code>class</code> for
functors and traits.</p>
<p>Note that member variables in structs and classes have
<a href="#Variable_Names">different naming rules</a>.</p>
</div>
<h3 id="Inheritance">Inheritance</h3>
<div class="summary">
<p>Composition is often more appropriate than inheritance.
When using inheritance, make it <code>public</code>.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> When a sub-class
inherits from a base class, it includes the definitions
of all the data and operations that the parent base class
defines. In practice, inheritance is used in two major
ways in C++: implementation inheritance, in which actual
code is inherited by the child, and
<a href="#Interfaces">interface inheritance</a>, in which
only method names are inherited.</p>
</div>
<div class="pros">
<p>Implementation inheritance reduces code size by re-using
the base class code as it specializes an existing type.
Because inheritance is a compile-time declaration, you
and the compiler can understand the operation and detect
errors. Interface inheritance can be used to
programmatically enforce that a class expose a particular
API. Again, the compiler can detect errors, in this case,
when a class does not define a necessary method of the
API.</p>
</div>
<div class="cons">
<p>For implementation inheritance, because the code
implementing a sub-class is spread between the base and
the sub-class, it can be more difficult to understand an
implementation. The sub-class cannot override functions
that are not virtual, so the sub-class cannot change
implementation. The base class may also define some data
members, so that specifies physical layout of the base
class.</p>
</div>
<div class="decision">
<p>All inheritance should be <code>public</code>. If you
want to do private inheritance, you should be including
an instance of the base class as a member instead.</p>
<p>Do not overuse implementation inheritance. Composition
is often more appropriate. Try to restrict use of
inheritance to the "is-a" case: <code>Bar</code>
subclasses <code>Foo</code> if it can reasonably be said
that <code>Bar</code> "is a kind of"
<code>Foo</code>.</p>
<p>Make your destructor <code>virtual</code> if
necessary. If your class has virtual methods, its
destructor should be virtual.</p>
<p>Limit the use of <code>protected</code> to those
member functions that might need to be accessed from
subclasses. Note that <a href="#Access_Control">data
members should be private</a>.</p>
<p>Explicitly annotate overrides of virtual functions
or virtual destructors with an <code>override</code>
or (less frequently) <code>final</code> specifier.
Older (pre-C++11) code will use the
<code>virtual</code> keyword as an inferior
alternative annotation. For clarity, use exactly one of
<code>override</code>, <code>final</code>, or
<code>virtual</code> when declaring an override.
Rationale: A function or destructor marked
<code>override</code> or <code>final</code> that is
not an override of a base class virtual function will
not compile, and this helps catch common errors. The
specifiers serve as documentation; if no specifier is
present, the reader has to check all ancestors of the
class in question to determine if the function or
destructor is virtual or not.</p>
</div>
</div>
<h3 id="Multiple_Inheritance">Multiple Inheritance</h3>
<div class="summary">
<p>Only very rarely is multiple implementation inheritance
actually useful. We allow multiple inheritance only when at
most one of the base classes has an implementation; all
other base classes must be <a href="#Interfaces">pure
interface</a> classes tagged with the
<code>Interface</code> suffix.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>Multiple inheritance allows a sub-class to have more than
one base class. We distinguish between base classes that are
<em>pure interfaces</em> and those that have an
<em>implementation</em>.</p>
</div>
<div class="pros">
<p>Multiple implementation inheritance may let you re-use
even more code than single inheritance (see <a href="#Inheritance">Inheritance</a>).</p>
</div>
<div class="cons">
<p>Only very rarely is multiple <em>implementation</em>
inheritance actually useful. When multiple implementation
inheritance seems like the solution, you can usually find
a different, more explicit, and cleaner solution.</p>
</div>
<div class="decision">
<p> Multiple inheritance is allowed only when all
superclasses, with the possible exception of the first one,
are <a href="#Interfaces">pure interfaces</a>. In order to
ensure that they remain pure interfaces, they must end with
the <code>Interface</code> suffix.</p>
</div>
<div class="note">
<p>There is an <a href="#Windows_Code">exception</a> to
this rule on Windows.</p>
</div>
</div>
<h3 id="Interfaces">Interfaces</h3>
<div class="summary">
<p>Classes that satisfy certain conditions are allowed, but
not required, to end with an <code>Interface</code> suffix.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>A class is a pure interface if it meets the following
requirements:</p>
<ul>
<li>It has only public pure virtual ("<code>=
0</code>") methods and static methods (but see below
for destructor).</li>
<li>It may not have non-static data members.</li>
<li>It need not have any constructors defined. If a
constructor is provided, it must take no arguments and
it must be protected.</li>
<li>If it is a subclass, it may only be derived from
classes that satisfy these conditions and are tagged
with the <code>Interface</code> suffix.</li>
</ul>
<p>An interface class can never be directly instantiated
because of the pure virtual method(s) it declares. To
make sure all implementations of the interface can be
destroyed correctly, the interface must also declare a
virtual destructor (in an exception to the first rule,
this should not be pure). See Stroustrup, <cite>The C++
Programming Language</cite>, 3rd edition, section 12.4
for details.</p>
</div>
<div class="pros">
<p>Tagging a class with the <code>Interface</code> suffix
lets others know that they must not add implemented
methods or non static data members. This is particularly
important in the case of <a href="#Multiple_Inheritance">multiple inheritance</a>.
Additionally, the interface concept is already
well-understood by Java programmers.</p>
</div>
<div class="cons">
<p>The <code>Interface</code> suffix lengthens the class
name, which can make it harder to read and understand.
Also, the interface property may be considered an
implementation detail that shouldn't be exposed to
clients.</p>
</div>
<div class="decision">
<p>A class may end
with <code>Interface</code> only if it meets the above
requirements. We do not require the converse, however:
classes that meet the above requirements are not required
to end with <code>Interface</code>.</p>
</div>
</div>
<h3 id="Operator_Overloading">Operator Overloading</h3>
<div class="summary">
<p> Do not overload operators except in rare, special
circumstances. Do not create user-defined literals.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> A class can
define that operators such as <code>+</code> and
<code>/</code> operate on the class as if it were a
built-in type. An overload of <code>operator""</code>
allows the built-in literal syntax to be used to create
objects of class types.</p>
</div>
<div class="pros">
<p>Operator overloading can make code appear more
intuitive because a class will behave in the same way as
built-in types (such as <code>int</code>). Overloaded
operators are more playful names for functions that are
less-colorfully named, such as <code>Equals()</code> or
<code>Add()</code>.</p>
<p>For some template functions to work correctly, you may
need to define operators.</p>
<p>User-defined literals are a very concise notation for
creating objects of user-defined types.</p>
</div>
<div class="cons">
<p>While operator overloading can make code more intuitive,
it has several drawbacks:</p>
<ul>
<li>It can fool our intuition into thinking that
expensive operations are cheap, built-in
operations.</li>
<li>It is much harder to find the call sites for
overloaded operators. Searching for
<code>Equals()</code> is much easier than searching for
relevant invocations of <code>==</code>.</li>
<li>Some operators work on pointers too, making it easy
to introduce bugs. <code>Foo + 4</code> may do one
thing, while <code>&amp;Foo + 4</code> does something
totally different. The compiler does not complain for
either of these, making this very hard to debug.</li>
<li>User-defined literals allow creating new syntactic
forms that are unfamiliar even to experienced C++
programmers.</li>
</ul>
<p>Overloading also has surprising ramifications. For
instance, if a class overloads unary
<code>operator&amp;</code>, it cannot safely be
forward-declared.</p>
</div>
<div class="decision">
<p>In general, do not overload operators. You can define
ordinary functions like <code>Equals()</code> if
you need them. Likewise, avoid the dangerous unary
<code>operator&amp;</code> at all costs, if there's any
possibility the class might be forward-declared.</p>
<p>Do not overload <code>operator""</code>, i.e. do not
introduce user-defined literals.</p>
<p>However, there may be rare cases where you need to
overload an operator to interoperate with templates or
"standard" C++ classes (such as
<code>operator&lt;&lt;(ostream&amp;, const T&amp;)</code>
for logging). These are acceptable if fully justified, but you should try to avoid these
whenever possible. In particular, do not overload
<code>operator==</code> or <code>operator&lt;</code> just
so that your class can be used as a key in an STL
container; instead, you should create equality and
comparison functor types when declaring the
container.</p>
<p>Some of the STL algorithms do require you to overload
<code>operator==</code>, and you may do so in these
cases, provided you document why.</p>
<p>See also <a href="#Copyable_Movable_Types">Copyable and Movable
Types</a> and <a href="#Function_Overloading">Function Overloading</a>.</p>
</div>
</div>
<h3 id="Access_Control">Access Control</h3>
<div class="summary">
<p> Make data members <code>private</code>, and provide access
to them through accessor functions as needed (for technical
reasons, we allow data members of a test fixture class to
be <code>protected</code> when using
<a href="http://code.google.com/p/googletest/">Google
Test</a>). Typically a variable would be called
<code>foo_</code> and the accessor function
<code>foo()</code>. You may also want a mutator function
<code>set_foo()</code>. Exception: <code>static
const</code> data members (typically called
<code>kFoo</code>) need not be <code>private</code>.</p>
</div>
<div class="stylebody">
<p>The definitions of accessors are usually inlined in
the header file.</p>
<p>See also <a href="#Inheritance">Inheritance</a> and
<a href="#Function_Names">Function Names</a>.</p>
</div>
<h3 id="Declaration_Order">Declaration Order</h3>
<div class="summary">
<p> Use the specified order of declarations within a class:
<code>public:</code> before <code>private:</code>, methods
before data members (variables), etc.</p>
</div>
<div class="stylebody">
<p>Your class definition should start with its
<code>public:</code> section, followed by its
<code>protected:</code> section and then its
<code>private:</code> section. If any of these sections
are empty, omit them.</p>
<p>Within each section, the declarations generally should
be in the following order:</p>
<ul>
<li>Typedefs and Enums</li>
<li>Constants (<code>static const</code> data
members)</li>
<li>Constructors</li>
<li>Destructor</li>
<li>Methods, including static methods</li>
<li>Data Members (except <code>static const</code> data
members)</li>
</ul>
<p>Friend declarations should always be in the private
section. If copying and assignment are disabled with a macro
such as <code>DISALLOW_COPY_AND_ASSIGN</code>, it should be
at the end of the <code>private:</code> section, and should be
the last thing in the class. See
<a href="#Copyable_Movable_Types">Copyable and Movable Types</a>.</p>
<p>Method definitions in the corresponding
<code>.cc</code> file should be the same as the
declaration order, as much as possible.</p>
<p>Do not put large method definitions inline in the
class definition. Usually, only trivial or
performance-critical, and very short, methods may be
defined inline. See <a href="#Inline_Functions">Inline
Functions</a> for more details.</p>
</div>
<h3 id="Write_Short_Functions">Write Short Functions</h3>
<div class="summary">
<p>Prefer small and focused functions.</p>
</div>
<div class="stylebody">
<p>We recognize that long functions are sometimes
appropriate, so no hard limit is placed on functions
length. If a function exceeds about 40 lines, think about
whether it can be broken up without harming the structure
of the program.</p>
<p>Even if your long function works perfectly now,
someone modifying it in a few months may add new
behavior. This could result in bugs that are hard to
find. Keeping your functions short and simple makes it
easier for other people to read and modify your code.</p>
<p>You could find long and complicated functions when
working with
some code. Do not be
intimidated by modifying existing code: if working with
such a function proves to be difficult, you find that
errors are hard to debug, or you want to use a piece of
it in several different contexts, consider breaking up
the function into smaller and more manageable pieces.</p>
</div>
<h2 id="Google-Specific_Magic">Google-Specific Magic</h2>
<p>There are various tricks and utilities that
we use to make C++ code more robust, and various ways we use
C++ that may differ from what you see elsewhere.</p>
<h3 id="Ownership_and_Smart_Pointers">Ownership and Smart Pointers</h3>
<div class="summary">
<p>Prefer to have single, fixed owners for dynamically
allocated objects. Prefer to transfer ownership with smart
pointers.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>"Ownership" is a bookkeeping technique for managing
dynamically allocated memory (and other resources). The
owner of a dynamically allocated object is an object or
function that is responsible for ensuring that it is
deleted when no longer needed. Ownership can sometimes be
shared, in which case the last owner is typically
responsible for deleting it. Even when ownership is not
shared, it can be transferred from one piece of code to
another.</p>
<p>"Smart" pointers are classes that act like pointers,
e.g. by overloading the <code>*</code> and
<code>-&gt;</code> operators. Some smart pointer types
can be used to automate ownership bookkeeping, to ensure
these responsibilities are met.
<a href="http://www.google.com/url?sa=D&amp;q=http://en.cppreference.com/w/cpp/memory/unique_ptr">
<code>std::unique_ptr</code></a> is a smart pointer type
introduced in C++11, which expresses exclusive ownership
of a dynamically allocated object; the object is deleted
when the <code>std::unique_ptr</code> goes out of scope.
It cannot be copied, but can be <em>moved</em> to
represent ownership transfer.
<a href="http://www.google.com/url?sa=D&amp;q=http://en.cppreference.com/w/cpp/memory/shared_ptr">
<code>std::shared_ptr</code></a> is a smart pointer type
that expresses shared ownership of
a dynamically allocated object. <code>std::shared_ptr</code>s
can be copied; ownership of the object is shared among
all copies, and the object is deleted when the last
<code>std::shared_ptr</code> is destroyed. </p>
</div>
<div class="pros">
<ul>
<li>It's virtually impossible to manage dynamically
allocated memory without some sort of ownership
logic.</li>
<li>Transferring ownership of an object can be cheaper
than copying it (if copying it is even possible).</li>
<li>Transferring ownership can be simpler than
'borrowing' a pointer or reference, because it reduces
the need to coordinate the lifetime of the object
between the two users.</li>
<li>Smart pointers can improve readability by making
ownership logic explicit, self-documenting, and
unambiguous.</li>
<li>Smart pointers can eliminate manual ownership
bookkeeping, simplifying the code and ruling out large
classes of errors.</li>
<li>For const objects, shared ownership can be a simple
and efficient alternative to deep copying.</li>
</ul>
</div>
<div class="cons">
<ul>
<li>Ownership must be represented and transferred via
pointers (whether smart or plain). Pointer semantics
are more complicated than value semantics, especially
in APIs: you have to worry not just about ownership,
but also aliasing, lifetime, and mutability, among
other issues.</li>
<li>The performance costs of value semantics are often
overestimated, so the performance benefits of ownership
transfer might not justify the readability and
complexity costs.</li>
<li>APIs that transfer ownership force their clients
into a single memory management model.</li>
<li>Code using smart pointers is less explicit about
where the resource releases take place.</li>
<li><code>std::unique_ptr</code> expresses ownership
transfer using C++11's move semantics, which are
relatively new and may confuse some programmers.</li>
<li>Shared ownership can be a tempting alternative to
careful ownership design, obfuscating the design of a
system.</li>
<li>Shared ownership requires explicit bookkeeping at
run-time, which can be costly.</li>
<li>In some cases (e.g. cyclic references), objects
with shared ownership may never be deleted.</li>
<li>Smart pointers are not perfect substitutes for
plain pointers.</li>
</ul>
</div>
<div class="decision">
<p>If dynamic allocation is necessary, prefer to keep
ownership with the code that allocated it. If other code
needs access to the object, consider passing it a copy,
or passing a pointer or reference without transferring
ownership. Prefer to use <code>std::unique_ptr</code> to
make ownership transfer explicit. For example:</p>
<pre>std::unique_ptr&lt;Foo&gt; FooFactory();
void FooConsumer(std::unique_ptr&lt;Foo&gt; ptr);
</pre>
<p>Do not design your code to use shared ownership
without a very good reason. One such reason is to avoid
expensive copy operations, but you should only do this if
the performance benefits are significant, and the
underlying object is immutable (i.e.
<code>std::shared_ptr&lt;const Foo&gt;</code>). If you
do use shared ownership, prefer to use
<code>std::shared_ptr</code>.</p>
<p>Do not use <code>scoped_ptr</code> in new code unless
you need to be compatible with older versions of C++.
Never use <code>std::auto_ptr</code>. Instead, use
<code>std::unique_ptr</code>.</p>
</div>
</div>
<h3 id="cpplint">cpplint</h3>
<div class="summary">
<p>Use <code>cpplint.py</code>
to detect style errors.</p>
</div>
<div class="stylebody">
<p><code>cpplint.py</code>
is a tool that reads a source file and identifies many
style errors. It is not perfect, and has both false
positives and false negatives, but it is still a valuable
tool. False positives can be ignored by putting <code>//
NOLINT</code> at the end of the line or
<code>// NOLINTNEXTLINE</code> in the previous line.</p>
<p>Some projects have instructions on
how to run <code>cpplint.py</code> from their project
tools. If the project you are contributing to does not,
you can download
<a href="http://google-styleguide.googlecode.com/svn/trunk/cpplint/cpplint.py">
<code>cpplint.py</code></a> separately.</p>
</div>
<h2 id="Other_C++_Features">Other C++ Features</h2>
<h3 id="Reference_Arguments">Reference Arguments</h3>
<div class="summary">
<p>All parameters passed by reference must be labeled
<code>const</code>.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>In C, if a
function needs to modify a variable, the parameter must
use a pointer, eg <code>int foo(int *pval)</code>. In
C++, the function can alternatively declare a reference
parameter: <code>int foo(int &amp;val)</code>.</p>
</div>
<div class="pros">
<p>Defining a parameter as reference avoids ugly code like
<code>(*pval)++</code>. Necessary for some applications
like copy constructors. Makes it clear, unlike with
pointers, that a null pointer is not a possible
value.</p>
</div>
<div class="cons">
<p>References can be confusing, as they have value syntax
but pointer semantics.</p>
</div>
<div class="decision">
<p>Within function parameter lists all references must be
<code>const</code>:</p>
<pre>void Foo(const string &amp;in, string *out);
</pre>
<p>In fact it is a very strong convention in Google code
that input arguments are values or <code>const</code>
references while output arguments are pointers. Input
parameters may be <code>const</code> pointers, but we
never allow non-<code>const</code> reference parameters
except when required by convention, e.g.,
<code>swap()</code>.</p>
<p>However, there are some instances where using
<code>const T*</code> is preferable to <code>const
T&amp;</code> for input parameters. For example:</p>
<ul>
<li>You want to pass in a null pointer.</li>
<li>The function saves a pointer or reference to the
input.</li>
</ul>
<p> Remember that most of the time input
parameters are going to be specified as <code>const
T&amp;</code>. Using <code>const T*</code> instead
communicates to the reader that the input is somehow
treated differently. So if you choose <code>const
T*</code> rather than <code>const T&amp;</code>, do so
for a concrete reason; otherwise it will likely confuse
readers by making them look for an explanation that
doesn't exist.</p>
</div>
</div>
<h3 id="Rvalue_references">Rvalue References</h3>
<div class="summary">
<p>Use rvalue references only to define move constructors and move
assignment operators. Do not
use <code>std::forward</code>.
</p>
</div>
<div class="stylebody">
<div class="definition">
<p> Rvalue references
are a type of reference that can only bind to temporary
objects. The syntax is similar to traditional reference
syntax. For example, <code>void f(string&amp;&amp;
s);</code> declares a function whose argument is an
rvalue reference to a string.</p>
</div>
<div class="pros">
<ul>
<li>Defining a move constructor (a constructor taking
an rvalue reference to the class type) makes it
possible to move a value instead of copying it. If
<code>v1</code> is a <code>vector&lt;string&gt;</code>,
for example, then <code>auto v2(std::move(v1))</code>
will probably just result in some simple pointer
manipulation instead of copying a large amount of data.
In some cases this can result in a major performance
improvement.</li>
<li>Rvalue references make it possible to write a
generic function wrapper that forwards its arguments to
another function, and works whether or not its
arguments are temporary objects.</li>
<li>Rvalue references make it possible to implement
types that are movable but not copyable, which can be
useful for types that have no sensible definition of
copying but where you might still want to pass them as
function arguments, put them in containers, etc.</li>
<li><code>std::move</code> is necessary to make
effective use of some standard-library types, such as
<code>std::unique_ptr</code>.</li>
</ul>
</div>
<div class="cons">
<ul>
<li>Rvalue references are a relatively new feature
(introduced as part of C++11), and not yet widely
understood. Rules like reference collapsing, and
automatic synthesis of move constructors, are
complicated.</li>
</ul>
</div>
<div class="decision">
<p>Use rvalue references only to define move constructors and move
assignment operators, as described in
<a href="#Copyable_Movable_Types">Copyable and Movable Types</a>.
Do not use <code>std::forward</code> utility function. You may
use <code>std::move</code> to express moving a value from one object
to another rather than copying it. </p>
</div>
</div>
<h3 id="Function_Overloading">Function Overloading</h3>
<div class="summary">
<p>Use overloaded functions (including constructors) only if a
reader looking at a call site can get a good idea of what
is happening without having to first figure out exactly
which overload is being called.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>You may write a function that takes a <code>const
string&amp;</code> and overload it with another that
takes <code>const char*</code>.</p>
<pre>class MyClass {
public:
void Analyze(const string &amp;text);
void Analyze(const char *text, size_t textlen);
};
</pre>
</div>
<div class="pros">
<p>Overloading can make code more intuitive by allowing an
identically-named function to take different arguments.
It may be necessary for templatized code, and it can be
convenient for Visitors.</p>
</div>
<div class="cons">
<p>If a function is overloaded by the argument types alone,
a reader may have to understand C++'s complex matching
rules in order to tell what's going on. Also many people
are confused by the semantics of inheritance if a derived
class overrides only some of the variants of a
function.</p>
</div>
<div class="decision">
<p>If you want to overload a function, consider qualifying
the name with some information about the arguments, e.g.,
<code>AppendString()</code>, <code>AppendInt()</code>
rather than just <code>Append()</code>. </p>
</div>
</div>
<h3 id="Default_Arguments">Default Arguments</h3>
<div class="summary">
<p>We do not allow default function parameters, except in
limited situations as explained below. Simulate them with
function overloading instead, if appropriate.</p>
</div>
<div class="stylebody">
<div class="pros">
<p>Often you have a function that uses default values, but
occasionally you want to override the defaults. Default
parameters allow an easy way to do this without having to
define many functions for the rare exceptions. Compared
to overloading the function, default arguments have a
cleaner syntax, with less boilerplate and a clearer
distinction between 'required' and 'optional'
arguments.</p>
</div>
<div class="cons">
<p>Function pointers are confusing in the presence of
default arguments, since the function signature often
doesn't match the call signature. Adding a default
argument to an existing function changes its type, which
can cause problems with code taking its address. Adding
function overloads avoids these problems. In addition,
default parameters may result in bulkier code since they
are replicated at every call-site -- as opposed to
overloaded functions, where "the default" appears only in
the function definition.</p>
</div>
<div class="decision">
<p>While the cons above are not that onerous, they still
outweigh the (small) benefits of default arguments over
function overloading. So except as described below, we
require all arguments to be explicitly specified.</p>
<p>One specific exception is when the function is a
static function (or in an unnamed namespace) in a .cc
file. In this case, the cons don't apply since the
function's use is so localized.</p>
<p>In addition, default function parameters are allowed in
constructors. Most of the cons listed above don't apply to
constructors because it's impossible to take their address.</p>
<p>Another specific exception is when default arguments
are used to simulate variable-length argument lists.</p>
<pre>// Support up to 4 params by using a default empty AlphaNum.
string StrCat(const AlphaNum &amp;a,
const AlphaNum &amp;b = gEmptyAlphaNum,
const AlphaNum &amp;c = gEmptyAlphaNum,
const AlphaNum &amp;d = gEmptyAlphaNum);
</pre>
</div>
</div>
<h3 id="Variable-Length_Arrays_and_alloca__">
Variable-Length Arrays and alloca()</h3>
<div class="summary">
<p>We do not allow variable-length arrays or
<code>alloca()</code>.</p>
</div>
<div class="stylebody">
<div class="pros">
<p>Variable-length arrays have natural-looking syntax. Both
variable-length arrays and <code>alloca()</code> are very
efficient.</p>
</div>
<div class="cons">
<p>Variable-length arrays and alloca are not part of
Standard C++. More importantly, they allocate a
data-dependent amount of stack space that can trigger
difficult-to-find memory overwriting bugs: "It ran fine
on my machine, but dies mysteriously in production".</p>
</div>
<div class="decision">
<p>Use a safe allocator instead, such as
<code>std::vector</code> or
<code>std::unique_ptr&lt;T[]&gt;</code>.</p>
</div>
</div>
<h3 id="Friends">Friends</h3>
<div class="summary">
<p>We allow use of <code>friend</code> classes and functions,
within reason.</p>
</div>
<div class="stylebody">
<p>Friends should usually be defined in the same file so
that the reader does not have to look in another file to
find uses of the private members of a class. A common use
of <code>friend</code> is to have a
<code>FooBuilder</code> class be a friend of
<code>Foo</code> so that it can construct the inner state
of <code>Foo</code> correctly, without exposing this
state to the world. In some cases it may be useful to
make a unittest class a friend of the class it tests.</p>
<p>Friends extend, but do not break, the encapsulation
boundary of a class. In some cases this is better than
making a member public when you want to give only one
other class access to it. However, most classes should
interact with other classes solely through their public
members.</p>
</div>
<h3 id="Exceptions">Exceptions</h3>
<div class="summary">
<p>We do not use C++ exceptions.</p>
</div>
<div class="stylebody">
<div class="pros">
<ul>
<li>Exceptions allow higher levels of an application to
decide how to handle "can't happen" failures in deeply
nested functions, without the obscuring and error-prone
bookkeeping of error codes.</li>
<li>Exceptions are used by most other
modern languages. Using them in C++ would make it more
consistent with Python, Java, and the C++ that others
are familiar with.</li>
<li>Some third-party C++ libraries use exceptions, and
turning them off internally makes it harder to
integrate with those libraries.</li>
<li>Exceptions are the only way for a constructor to
fail. We can simulate this with a factory function or
an <code>Init()</code> method, but these require heap
allocation or a new "invalid" state, respectively.</li>
<li>Exceptions are really handy in testing
frameworks.</li>
</ul>
</div>
<div class="cons">
<ul>
<li>When you add a <code>throw</code> statement to an
existing function, you must examine all of its
transitive callers. Either they must make at least the
basic exception safety guarantee, or they must never
catch the exception and be happy with the program
terminating as a result. For instance, if
<code>f()</code> calls <code>g()</code> calls
<code>h()</code>, and <code>h</code> throws an
exception that <code>f</code> catches, <code>g</code>
has to be careful or it may not clean up properly.</li>
<li>More generally, exceptions make the control flow of
programs difficult to evaluate by looking at code:
functions may return in places you don't expect. This
causes maintainability and debugging difficulties. You
can minimize this cost via some rules on how and where
exceptions can be used, but at the cost of more that a
developer needs to know and understand.</li>
<li>Exception safety requires both RAII and different
coding practices. Lots of supporting machinery is
needed to make writing correct exception-safe code
easy. Further, to avoid requiring readers to understand
the entire call graph, exception-safe code must isolate
logic that writes to persistent state into a "commit"
phase. This will have both benefits and costs (perhaps
where you're forced to obfuscate code to isolate the
commit). Allowing exceptions would force us to always
pay those costs even when they're not worth it.</li>
<li>Turning on exceptions adds data to each binary
produced, increasing compile time (probably slightly)
and possibly increasing address space pressure.
</li>
<li>The availability of exceptions may encourage
developers to throw them when they are not appropriate
or recover from them when it's not safe to do so. For
example, invalid user input should not cause exceptions
to be thrown. We would need to make the style guide
even longer to document these restrictions!</li>
</ul>
</div>
<div class="decision">
<p>On their face, the benefits of using exceptions
outweigh the costs, especially in new projects. However,
for existing code, the introduction of exceptions has
implications on all dependent code. If exceptions can be
propagated beyond a new project, it also becomes
problematic to integrate the new project into existing
exception-free code. Because most existing C++ code at
Google is not prepared to deal with exceptions, it is
comparatively difficult to adopt new code that generates
exceptions.</p>
<p>Given that Google's existing code is not
exception-tolerant, the costs of using exceptions are
somewhat greater than the costs in a new project. The
conversion process would be slow and error-prone. We
don't believe that the available alternatives to
exceptions, such as error codes and assertions, introduce
a significant burden. </p>
<p>Our advice against using exceptions is not predicated
on philosophical or moral grounds, but practical ones.
Because we'd like to use our open-source
projects at Google and it's difficult to do so if those
projects use exceptions, we need to advise against
exceptions in Google open-source projects as well.
Things would probably be different if we had to do it all
over again from scratch.</p>
<p>This prohibition also applies to the exception-related
features added in C++11, such as <code>noexcept</code>,
<code>std::exception_ptr</code>, and
<code>std::nested_exception</code>.</p>
<p>There is an <a href="#Windows_Code">exception</a> to
this rule (no pun intended) for Windows code.</p>
</div>
</div>
<h3 id="Run-Time_Type_Information__RTTI_">Run-Time Type
Information (RTTI)</h3>
<div class="summary">
<p>Avoid using Run Time Type Information (RTTI).</p>
</div>
<div class="stylebody">
<div class="definition">
<p> RTTI allows a
programmer to query the C++ class of an object at run
time. This is done by use of <code>typeid</code> or
<code>dynamic_cast</code>.</p>
</div>
<div class="cons">
<p>Querying the type of an object at run-time frequently
means a design problem. Needing to know the type of an
object at runtime is often an indication that the design
of your class hierarchy is flawed.</p>
<p>Undisciplined use of RTTI makes code hard to maintain.
It can lead to type-based decision trees or switch
statements scattered throughout the code, all of which
must be examined when making further changes.</p>
</div>
<div class="pros">
<p>The standard alternatives to RTTI (described below)
require modification or redesign of the class hierarchy
in question. Sometimes such modifications are infeasible
or undesirable, particularly in widely-used or mature
code.</p>
<p>RTTI can be useful in some unit tests. For example, it
is useful in tests of factory classes where the test has
to verify that a newly created object has the expected
dynamic type. It is also useful in managing the
relationship between objects and their mocks.</p>
<p>RTTI is useful when considering multiple abstract
objects. Consider</p>
<pre>bool Base::Equal(Base* other) = 0;
bool Derived::Equal(Base* other) {
Derived* that = dynamic_cast&lt;Derived*&gt;(other);
if (that == NULL)
return false;
...
}
</pre>
</div>
<div class="decision">
<p>RTTI has legitimate uses but is prone to abuse, so you
must be careful when using it. You may use it freely in
unittests, but avoid it when possible in other code. In
particular, think twice before using RTTI in new code. If
you find yourself needing to write code that behaves
differently based on the class of an object, consider one
of the following alternatives to querying the type:</p>
<ul>
<li>Virtual methods are the preferred way of executing
different code paths depending on a specific subclass
type. This puts the work within the object itself.</li>
<li>If the work belongs outside the object and instead
in some processing code, consider a double-dispatch
solution, such as the Visitor design pattern. This
allows a facility outside the object itself to
determine the type of class using the built-in type
system.</li>
</ul>
<p>When the logic of a program guarantees that a given
instance of a base class is in fact an instance of a
particular derived class, then a
<code>dynamic_cast</code> may be used freely on the
object. Usually one
can use a <code>static_cast</code> as an alternative in
such situations.</p>
<p>Decision trees based on type are a strong indication
that your code is on the wrong track.</p>
<pre class="badcode">if (typeid(*data) == typeid(D1)) {
...
} else if (typeid(*data) == typeid(D2)) {
...
} else if (typeid(*data) == typeid(D3)) {
...
</pre>
<p>Code such as this usually breaks when additional
subclasses are added to the class hierarchy. Moreover,
when properties of a subclass change, it is difficult to
find and modify all the affected code segments.</p>
<p>Do not hand-implement an RTTI-like workaround. The
arguments against RTTI apply just as much to workarounds
like class hierarchies with type tags. Moreover,
workarounds disguise your true intent.</p>
</div>
</div>
<h3 id="Casting">Casting</h3>
<div class="summary">
<p>Use C++ casts like <code>static_cast&lt;&gt;()</code>. Do
not use other cast formats like <code>int y =
(int)x;</code> or <code>int y = int(x);</code>.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> C++ introduced a
different cast system from C that distinguishes the types
of cast operations.</p>
</div>
<div class="pros">
<p>The problem with C casts is the ambiguity of the
operation; sometimes you are doing a <em>conversion</em>
(e.g., <code>(int)3.5</code>) and sometimes you are doing
a <em>cast</em> (e.g., <code>(int)"hello"</code>); C++
casts avoid this. Additionally C++ casts are more visible
when searching for them.</p>
</div>
<div class="cons">
<p>The syntax is nasty.</p>
</div>
<div class="decision">
<p>Do not use C-style casts. Instead, use these C++-style
casts. </p>
<ul>
<li>Use <code>static_cast</code> as the equivalent of a
C-style cast that does value conversion, or when you need to explicitly up-cast a
pointer from a class to its superclass.</li>
<li>Use <code>const_cast</code> to remove the
<code>const</code> qualifier (see <a href="#Use_of_const">const</a>).</li>
<li>Use <code>reinterpret_cast</code> to do unsafe
conversions of pointer types to and from integer and
other pointer types. Use this only if you know what you
are doing and you understand the aliasing issues.
</li>
</ul>
<p>See the <a href="#Run-Time_Type_Information__RTTI_">
RTTI section</a> for guidance on the use of
<code>dynamic_cast</code>.</p>
</div>
</div>
<h3 id="Streams">Streams</h3>
<div class="summary">
<p>Use streams only for logging.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> Streams are a replacement for <code>printf()</code>
and <code>scanf()</code>.</p>
</div>
<div class="pros">
<p>With streams, you do not need to know the type of the
object you are printing. You do not have problems with
format strings not matching the argument list. (Though
with gcc, you do not have that problem with
<code>printf</code> either.) Streams have automatic
constructors and destructors that open and close the
relevant files.</p>
</div>
<div class="cons">
<p>Streams make it difficult to do functionality like
<code>pread()</code>. Some formatting (particularly the
common format string idiom <code>%.*s</code>) is
difficult if not impossible to do efficiently using
streams without using <code>printf</code>-like hacks.
Streams do not support operator reordering (the
<code>%1$s</code> directive), which is helpful for
internationalization.</p>
</div>
<div class="decision">
<p>Do not use streams, except where
required by a logging interface. Use
<code>printf</code>-like routines instead.</p>
<p>There are various pros and cons to using streams, but
in this case, as in many other cases, consistency trumps
the debate. Do not use streams in your code.</p>
</div>
<div class="stylepoint_subsection">
<h4>Extended Discussion</h4>
<p>There has been debate on this issue, so this explains
the reasoning in greater depth. Recall the Only One Way
guiding principle: we want to make sure that whenever we
do a certain type of I/O, the code looks the same in all
those places. Because of this, we do not want to allow
users to decide between using streams or using
<code>printf</code> plus Read/Write/etc. Instead, we
should settle on one or the other. We made an exception
for logging because it is a pretty specialized
application, and for historical reasons.</p>
<p>Proponents of streams have argued that streams are the
obvious choice of the two, but the issue is not actually
so clear. For every advantage of streams they point out,
there is an equivalent disadvantage. The biggest
advantage is that you do not need to know the type of the
object to be printing. This is a fair point. But, there
is a downside: you can easily use the wrong type, and the
compiler will not warn you. It is easy to make this kind
of mistake without knowing when using streams.</p>
<pre>cout &lt;&lt; this; // Prints the address
cout &lt;&lt; *this; // Prints the contents
</pre>
<p>The compiler does not generate an error because
<code>&lt;&lt;</code> has been overloaded. We discourage
overloading for just this reason.</p>
<p>Some say <code>printf</code> formatting is ugly and
hard to read, but streams are often no better. Consider
the following two fragments, both with the same typo.
Which is easier to discover?</p>
<pre>cerr &lt;&lt; "Error connecting to '" &lt;&lt; foo-&gt;bar()-&gt;hostname.first
&lt;&lt; ":" &lt;&lt; foo-&gt;bar()-&gt;hostname.second &lt;&lt; ": " &lt;&lt; strerror(errno);
fprintf(stderr, "Error connecting to '%s:%u: %s",
foo-&gt;bar()-&gt;hostname.first, foo-&gt;bar()-&gt;hostname.second,
strerror(errno));
</pre>
<p>And so on and so forth for any issue you might bring
up. (You could argue, "Things would be better with the
right wrappers," but if it is true for one scheme, is it
not also true for the other? Also, remember the goal is
to make the language smaller, not add yet more machinery
that someone has to learn.)</p>
<p>Either path would yield different advantages and
disadvantages, and there is not a clearly superior
solution. The simplicity doctrine mandates we settle on
one of them though, and the majority decision was on
<code>printf</code> +
<code>read</code>/<code>write</code>.</p>
</div>
</div>
<h3 id="Preincrement_and_Predecrement">Preincrement and Predecrement</h3>
<div class="summary">
<p>Use prefix form (<code>++i</code>) of the increment and
decrement operators with iterators and other template
objects.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> When a variable
is incremented (<code>++i</code> or <code>i++</code>) or
decremented (<code>--i</code> or <code>i--</code>) and
the value of the expression is not used, one must decide
whether to preincrement (decrement) or postincrement
(decrement).</p>
</div>
<div class="pros">
<p>When the return value is ignored, the "pre" form
(<code>++i</code>) is never less efficient than the
"post" form (<code>i++</code>), and is often more
efficient. This is because post-increment (or decrement)
requires a copy of <code>i</code> to be made, which is
the value of the expression. If <code>i</code> is an
iterator or other non-scalar type, copying <code>i</code>
could be expensive. Since the two types of increment
behave the same when the value is ignored, why not just
always pre-increment?</p>
</div>
<div class="cons">
<p>The tradition developed, in C, of using post-increment
when the expression value is not used, especially in
<code>for</code> loops. Some find post-increment easier
to read, since the "subject" (<code>i</code>) precedes
the "verb" (<code>++</code>), just like in English.</p>
</div>
<div class="decision">
<p> For simple scalar
(non-object) values there is no reason to prefer one form
and we allow either. For iterators and other template
types, use pre-increment.</p>
</div>
</div>
<h3 id="Use_of_const">Use of const</h3>
<div class="summary">
<p>Use <code>const</code> whenever it makes sense. With C++11,
<code>constexpr</code> is a better choice for some uses of
const.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> Declared variables and parameters can be preceded
by the keyword <code>const</code> to indicate the variables
are not changed (e.g., <code>const int foo</code>). Class
functions can have the <code>const</code> qualifier to
indicate the function does not change the state of the
class member variables (e.g., <code>class Foo { int
Bar(char c) const; };</code>).</p>
</div>
<div class="pros">
<p>Easier for people to understand how variables are being
used. Allows the compiler to do better type checking,
and, conceivably, generate better code. Helps people
convince themselves of program correctness because they
know the functions they call are limited in how they can
modify your variables. Helps people know what functions
are safe to use without locks in multi-threaded
programs.</p>
</div>
<div class="cons">
<p><code>const</code> is viral: if you pass a
<code>const</code> variable to a function, that function
must have <code>const</code> in its prototype (or the
variable will need a <code>const_cast</code>). This can
be a particular problem when calling library
functions.</p>
</div>
<div class="decision">
<p><code>const</code> variables, data members, methods
and arguments add a level of compile-time type checking;
it is better to detect errors as soon as possible.
Therefore we strongly recommend that you use
<code>const</code> whenever it makes sense to do so:</p>
<ul>
<li>If a function does not modify an argument passed by
reference or by pointer, that argument should be
<code>const</code>.</li>
<li>Declare methods to be <code>const</code> whenever
possible. Accessors should almost always be
<code>const</code>. Other methods should be const if
they do not modify any data members, do not call any
non-<code>const</code> methods, and do not return a
non-<code>const</code> pointer or
non-<code>const</code> reference to a data member.</li>
<li>Consider making data members <code>const</code>
whenever they do not need to be modified after
construction.</li>
</ul>
<p>The <code>mutable</code> keyword is allowed but is
unsafe when used with threads, so thread safety should be
carefully considered first.</p>
</div>
<div class="stylepoint_subsection">
<h4>Where to put the const</h4>
<p>Some people favor the form <code>int const *foo</code>
to <code>const int* foo</code>. They argue that this is
more readable because it's more consistent: it keeps the
rule that <code>const</code> always follows the object
it's describing. However, this consistency argument
doesn't apply in codebases with few deeply-nested pointer
expressions since most <code>const</code> expressions
have only one <code>const</code>, and it applies to the
underlying value. In such cases, there's no consistency
to maintain. Putting the <code>const</code> first is
arguably more readable, since it follows English in
putting the "adjective" (<code>const</code>) before the
"noun" (<code>int</code>).</p>
<p>That said, while we encourage putting
<code>const</code> first, we do not require it. But be
consistent with the code around you!</p>
</div>
</div>
<h3 id="Use_of_constexpr">Use of constexpr</h3>
<div class="summary">
<p>In C++11, use <code>constexpr</code> to define true
constants or to ensure constant initialization.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> Some variables can be declared <code>constexpr</code>
to indicate the variables are true constants, i.e. fixed at
compilation/link time. Some functions and constructors
can be declared <code>constexpr</code> which enables them
to be used in defining a <code>constexpr</code>
variable.</p>
</div>
<div class="pros">
<p>Use of <code>constexpr</code> enables definition of
constants with floating-point expressions rather than
just literals; definition of constants of user-defined
types; and definition of constants with function
calls.</p>
</div>
<div class="cons">
<p>Prematurely marking something as constexpr may cause
migration problems if later on it has to be downgraded.
Current restrictions on what is allowed in constexpr
functions and constructors may invite obscure workarounds
in these definitions.</p>
</div>
<div class="decision">
<p><code>constexpr</code> definitions enable a more
robust specification of the constant parts of an
interface. Use <code>constexpr</code> to specify true
constants and the functions that support their
definitions. Avoid complexifying function definitions to
enable their use with <code>constexpr</code>. Do not use
<code>constexpr</code> to force inlining.</p>
</div>
</div>
<h3 id="Integer_Types">Integer Types</h3>
<div class="summary">
<p>Of the built-in C++ integer types, the only one used
is
<code>int</code>. If a program needs a variable of a
different size, use
a precise-width integer type from
<code>&lt;stdint.h&gt;</code>, such as
<code>int16_t</code>. If your variable represents a
value that could ever be greater than or equal to 2^31
(2GiB), use a 64-bit type such as
<code>int64_t</code>.
Keep in mind that even if your value won't ever be too large
for an <code>int</code>, it may be used in intermediate
calculations which may require a larger type. When in doubt,
choose a larger type.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> C++ does not specify the sizes of its integer types.
Typically people assume that <code>short</code> is 16 bits,
<code>int</code> is 32 bits, <code>long</code> is 32 bits
and <code>long long</code> is 64 bits.</p>
</div>
<div class="pros">
<p>Uniformity of declaration.</p>
</div>
<div class="cons">
<p>The sizes of integral types in C++ can vary based on
compiler and architecture.</p>
</div>
<div class="decision">
<p>
<code>&lt;stdint.h&gt;</code> defines types
like <code>int16_t</code>, <code>uint32_t</code>,
<code>int64_t</code>, etc. You should always use
those in preference to <code>short</code>, <code>unsigned
long long</code> and the like, when you need a guarantee
on the size of an integer. Of the C integer types, only
<code>int</code> should be used. When appropriate, you
are welcome to use standard types like
<code>size_t</code> and <code>ptrdiff_t</code>.</p>
<p>We use <code>int</code> very often, for integers we
know are not going to be too big, e.g., loop counters.
Use plain old <code>int</code> for such things. You
should assume that an <code>int</code> is
at least 32 bits, but don't
assume that it has more than 32 bits. If you need a 64-bit
integer type, use
<code>int64_t</code>
or
<code>uint64_t</code>.</p>
<p>For integers we know can be "big",
use
<code>int64_t</code>.
</p>
<p>You should not use the unsigned integer types such as
<code>uint32_t</code>, unless there is a valid
reason such as representing a bit pattern rather than a
number, or you need defined overflow modulo 2^N. In
particular, do not use unsigned types to say a number
will never be negative. Instead, use
assertions for this.</p>
<p>If your code is a container that returns a size, be
sure to use a type that will accommodate any possible
usage of your container. When in doubt, use a larger type
rather than a smaller type.</p>
<p>Use care when converting integer types. Integer
conversions and promotions can cause non-intuitive
behavior. </p>
</div>
<div class="stylepoint_subsection">
<h4>On Unsigned Integers</h4>
<p>Some people, including some textbook authors,
recommend using unsigned types to represent numbers that
are never negative. This is intended as a form of
self-documentation. However, in C, the advantages of such
documentation are outweighed by the real bugs it can
introduce. Consider:</p>
<pre>for (unsigned int i = foo.Length()-1; i &gt;= 0; --i) ...
</pre>
<p>This code will never terminate! Sometimes gcc will
notice this bug and warn you, but often it will not.
Equally bad bugs can occur when comparing signed and
unsigned variables. Basically, C's type-promotion scheme
causes unsigned types to behave differently than one
might expect.</p>
<p>So, document that a variable is non-negative using
assertions. Don't use an unsigned
type.</p>
</div>
</div>
<h3 id="64-bit_Portability">64-bit Portability</h3>
<div class="summary">
<p>Code should be 64-bit and 32-bit friendly. Bear in mind
problems of printing, comparisons, and structure alignment.</p>
</div>
<div class="stylebody">
<ul>
<li>
<p><code>printf()</code> specifiers for some types
are not cleanly portable between 32-bit and 64-bit
systems. C99 defines some portable format specifiers.
Unfortunately, MSVC 7.1 does not understand some of
these specifiers and the standard is missing a few,
so we have to define our own ugly versions in some
cases (in the style of the standard include file
<code>inttypes.h</code>):</p>
<div>
<pre>// printf macros for size_t, in the style of inttypes.h
#ifdef _LP64
#define __PRIS_PREFIX "z"
#else
#define __PRIS_PREFIX
#endif
// Use these macros after a % in a printf format string
// to get correct 32/64 bit behavior, like this:
// size_t size = records.size();
// printf("%"PRIuS"\n", size);
#define PRIdS __PRIS_PREFIX "d"
#define PRIxS __PRIS_PREFIX "x"
#define PRIuS __PRIS_PREFIX "u"
#define PRIXS __PRIS_PREFIX "X"
#define PRIoS __PRIS_PREFIX "o"
</pre>
</div>
<table border="1" summary="portable printf specifiers">
<tbody><tr align="center">
<th>Type</th>
<th>DO NOT use</th>
<th>DO use</th>
<th>Notes</th>
</tr>
<tr align="center">
<td><code>void *</code> (or any pointer)</td>
<td><code>%lx</code></td>
<td><code>%p</code></td>
<td></td>
</tr>
<tr align="center">
<td><code>int64_t</code></td>
<td><code>%qd</code>, <code>%lld</code></td>
<td><code>%"PRId64"</code></td>
<td></td>
</tr>
<tr align="center">
<td><code>uint64_t</code></td>
<td><code>%qu</code>, <code>%llu</code>,
<code>%llx</code></td>
<td><code>%"PRIu64"</code>,
<code>%"PRIx64"</code></td>
<td></td>
</tr>
<tr align="center">
<td><code>size_t</code></td>
<td><code>%u</code></td>
<td><code>%"PRIuS"</code>, <code>%"PRIxS"</code></td>
<td>
C99 specifies <code>%zu</code></td>
</tr>
<tr align="center">
<td><code>ptrdiff_t</code></td>
<td><code>%d</code></td>
<td><code>%"PRIdS"</code></td>
<td>
C99 specifies <code>%td</code></td>
</tr>
</tbody></table>
<p>Note that the <code>PRI*</code> macros expand to
independent strings which are concatenated by the
compiler. Hence if you are using a non-constant
format string, you need to insert the value of the
macro into the format, rather than the name. It is
still possible, as usual, to include length
specifiers, etc., after the <code>%</code> when using
the <code>PRI*</code> macros. So, e.g.
<code>printf("x = %30"PRIuS"\n", x)</code> would
expand on 32-bit Linux to <code>printf("x = %30" "u"
"\n", x)</code>, which the compiler will treat as
<code>printf("x = %30u\n", x)</code>.</p>
</li>
<li>Remember that <code>sizeof(void *)</code> !=
<code>sizeof(int)</code>. Use <code>intptr_t</code> if
you want a pointer-sized integer.</li>
<li>You may need to be careful with structure
alignments, particularly for structures being stored on
disk. Any class/structure with a
<code>int64_t</code>/<code>uint64_t</code>
member will by default end up being 8-byte aligned on a
64-bit system. If you have such structures being shared
on disk between 32-bit and 64-bit code, you will need
to ensure that they are packed the same on both
architectures.
Most compilers offer a way to
alter structure alignment. For gcc, you can use
<code>__attribute__((packed))</code>. MSVC offers
<code>#pragma pack()</code> and
<code>__declspec(align())</code>.</li>
<li>
<p>Use the <code>LL</code> or <code>ULL</code>
suffixes as needed to create 64-bit constants. For
example:</p>
<pre>int64_t my_value = 0x123456789LL;
uint64_t my_mask = 3ULL &lt;&lt; 48;
</pre>
</li>
<li>If you really need different code on 32-bit and
64-bit systems, use <code>#ifdef _LP64</code> to choose
between the code variants. (But please avoid this if
possible, and keep any such changes localized.)</li>
</ul>
</div>
<h3 id="Preprocessor_Macros">Preprocessor Macros</h3>
<div class="summary">
<p>Be very cautious with macros. Prefer inline functions,
enums, and <code>const</code> variables to macros.</p>
</div>
<div class="stylebody">
<p>Macros mean that the code you see is not the same as
the code the compiler sees. This can introduce unexpected
behavior, especially since macros have global scope.</p>
<p>Luckily, macros are not nearly as necessary in C++ as
they are in C. Instead of using a macro to inline
performance-critical code, use an inline function.
Instead of using a macro to store a constant, use a
<code>const</code> variable. Instead of using a macro to
"abbreviate" a long variable name, use a reference.
Instead of using a macro to conditionally compile code
... well, don't do that at all (except, of course, for
the <code>#define</code> guards to prevent double
inclusion of header files). It makes testing much more
difficult.</p>
<p>Macros can do things these other techniques cannot,
and you do see them in the codebase, especially in the
lower-level libraries. And some of their special features
(like stringifying, concatenation, and so forth) are not
available through the language proper. But before using a
macro, consider carefully whether there's a non-macro way
to achieve the same result.</p>
<p>The following usage pattern will avoid many problems
with macros; if you use macros, follow it whenever
possible:</p>
<ul>
<li>Don't define macros in a <code>.h</code> file.</li>
<li><code>#define</code> macros right before you use
them, and <code>#undef</code> them right after.</li>
<li>Do not just <code>#undef</code> an existing macro
before replacing it with your own; instead, pick a name
that's likely to be unique.</li>
<li>Try not to use macros that expand to unbalanced C++
constructs, or at least document that behavior
well.</li>
<li>Prefer not using <code>##</code> to generate
function/class/variable names.</li>
</ul>
</div>
<h3 id="0_and_nullptr/NULL">0 and nullptr/NULL</h3>
<div class="summary">
<p>Use <code>0</code> for integers, <code>0.0</code> for
reals, <code>nullptr</code> (or <code>NULL</code>) for
pointers, and <code>'\0'</code> for chars.</p>
</div>
<div class="stylebody">
<p>Use <code>0</code> for integers and <code>0.0</code>
for reals. This is not controversial.</p>
<p> For
pointers (address values), there is a choice between
<code>0</code>, <code>NULL</code>, and
<code>nullptr</code>. For projects that allow C++11
features, use <code>nullptr</code>. For C++03 projects,
we prefer <code>NULL</code> because it looks like a
pointer. In fact, some C++ compilers provide special
definitions of <code>NULL</code> which enable them to
give useful warnings, particularly in situations where
<code>sizeof(NULL)</code> is not equal to
<code>sizeof(0)</code>.</p>
<p>Use <code>'\0'</code> for chars. This is the correct
type and also makes code more readable.</p>
</div>
<h3 id="sizeof">sizeof</h3>
<div class="summary">
<p>Prefer <code>sizeof(<var>varname</var>)</code> to
<code>sizeof(<var>type</var>)</code>.</p>
</div>
<div class="stylebody">
<p>Use <code>sizeof(<var>varname</var>)</code> when you
take the size of a particular variable.
<code>sizeof(<var>varname</var>)</code> will update
appropriately if someone changes the variable type either
now or later. You may use
<code>sizeof(<var>type</var>)</code> for code unrelated
to any particular variable, such as code that manages an
external or internal data format where a variable of an
appropriate C++ type is not convenient.</p>
<pre>Struct data;
memset(&amp;data, 0, sizeof(data));
</pre>
<pre class="badcode">memset(&amp;data, 0, sizeof(Struct));
</pre>
<pre>if (raw_size &lt; sizeof(int)) {
LOG(ERROR) &lt;&lt; "compressed record not big enough for count: " &lt;&lt; raw_size;
return false;
}
</pre>
</div>
<h3 id="auto">auto</h3>
<div class="summary">
<p>Use <code>auto</code> to avoid type names that are just
clutter. Continue to use manifest type declarations when it
helps readability, and never use <code>auto</code> for
anything but local variables. </p>
</div>
<div class="stylebody">
<div class="definition">
<p> In C++11, a variable whose type is given as <code>auto</code>
will be given a type that matches that of the expression used to
initialize it. You can use <code>auto</code> either to
initialize a variable by copying, or to bind a
reference.</p>
<pre>vector&lt;string&gt; v;
...
auto s1 = v[0]; // Makes a copy of v[0].
const auto&amp; s2 = v[0]; // s2 is a reference to v[0].
</pre>
</div>
<div class="pros">
<p>C++ type names can sometimes be long and cumbersome,
especially when they involve templates or namespaces. In
a statement like:</p>
<pre>sparse_hash_map&lt;string, int&gt;::iterator iter = m.find(val);
</pre>
</div>
<p>the return type is hard to read, and obscures the
primary purpose of the statement. Changing it to:</p>
<pre>auto iter = m.find(val);
</pre>
<p>makes it more readable.</p>
<p>Without <code>auto</code> we are sometimes forced to
write a type name twice in the same expression, adding no
value for the reader, as in:</p>
<pre>diagnostics::ErrorStatus* status = new diagnostics::ErrorStatus("xyz");
</pre>
<p>Using <code>auto</code> makes it easier to use
intermediate variables when appropriate, by reducing the
burden of writing their types explicitly.</p>
<div class="cons">
<p>Sometimes code is clearer when types are manifest,
especially when a variable's initialization depends on
things that were declared far away. In an expression
like:</p>
<pre>auto i = x.Lookup(key);
</pre>
<p>it may not be obvious what <code>i</code>'s type is,
if <code>x</code> was declared hundreds of lines earlier.</p>
<p>Programmers have to understand the difference between
<code>auto</code> and <code>const auto&amp;</code> or
they'll get copies when they didn't mean to.</p>
<p>The interaction between <code>auto</code> and C++11
brace-initialization can be confusing. The
declarations:</p>
<pre>auto x(3); // Note: parentheses.
auto y{3}; // Note: curly braces.
</pre>
<p>mean different things &#8212;
<code>x</code> is an <code>int</code>, while
<code>y</code> is a <code>std::initializer_list&lt;int&gt;</code>.
The same applies to other normally-invisible proxy types.
</p>
<p>If an <code>auto</code> variable is used as part of an
interface, e.g. as a constant in a header, then a
programmer might change its type while only intending to
change its value, leading to a more radical API change
than intended.</p>
</div>
<div class="decision">
<p><code>auto</code> is permitted, for local variables
only. Do not use <code>auto</code> for file-scope or
namespace-scope variables, or for class members. Never
initialize an <code>auto</code>-typed variable with
a braced initializer list.
</p><p>The <code>auto</code> keyword is also used in an
unrelated C++11 feature: it's part of the syntax for a
new kind of function declaration with a trailing return
type. Trailing return types are permitted only in lambda
expressions.</p>
</div>
</div>
<h3 id="Braced_Initializer_List">Braced Initializer List</h3>
<div class="summary">
<p>You may use braced initializer lists.</p>
</div>
<div class="stylebody">
<p>In C++03, aggregate types (arrays and structs with no
constructor) could be initialized with braced initializer lists.
</p>
<pre>struct Point { int x; int y; };
Point p = {1, 2};
</pre>
<p>In C++11, this syntax was generalized, and any object type can now
be created with a braced initializer list, known as a
<i>braced-init-list</i> in the C++ grammar. Here are a few examples
of its use.</p>
<pre>// Vector takes a braced-init-list of elements.
vector&lt;string&gt; v{"foo", "bar"};
// Basically the same, ignoring some small technicalities.
// You may choose to use either form.
vector&lt;string&gt; v = {"foo", "bar"};
// Usable with 'new' expressions.
auto p = new vector&lt;string&gt;{"foo", "bar"};
// A map can take a list of pairs. Nested braced-init-lists work.
map&lt;int, string&gt; m = {{1, "one"}, {2, "2"}};
// A braced-init-list can be implicitly converted to a return type.
vector&lt;int&gt; test_function() { return {1, 2, 3}; }
// Iterate over a braced-init-list.
for (int i : {-1, -2, -3}) {}
// Call a function using a braced-init-list.
void TestFunction2(vector&lt;int&gt; v) {}
TestFunction2({1, 2, 3});
</pre>
<p>A user-defined type can also define a constructor and/or assignment operator
that take <code>std::initializer_list&lt;T&gt;</code>, which is automatically
created from <i>braced-init-list</i>:</p>
<pre>class MyType {
public:
// std::initializer_list references the underlying init list.
// It should be passed by value.
MyType(std::initializer_list&lt;int&gt; init_list) {
for (int i : init_list) append(i);
}
MyType&amp; operator=(std::initializer_list&lt;int&gt; init_list) {
clear();
for (int i : init_list) append(i);
}
};
MyType m{2, 3, 5, 7};
</pre>
<p>Finally, brace initialization can also call ordinary
constructors of data types, even if they do not have
<code>std::initializer_list&lt;T&gt;</code> constructors.</p>
<pre>double d{1.23};
// Calls ordinary constructor as long as MyOtherType has no
// std::initializer_list constructor.
class MyOtherType {
public:
explicit MyOtherType(string);
MyOtherType(int, string);
};
MyOtherType m = {1, "b"};
// If the constructor is explicit, you can't use the "= {}" form.
MyOtherType m{"b"};
</pre>
<p>Never assign a <i>braced-init-list</i> to an auto
local variable. In the single element case, what this
means can be confusing.</p>
<pre class="badcode">auto d = {1.23}; // d is a std::initializer_list&lt;double&gt;
</pre>
<pre>auto d = double{1.23}; // Good -- d is a double, not a std::initializer_list.
</pre>
<p>See <a href="#Braced_Initializer_List_Format">Braced_Initializer_List_Format</a> for formatting.</p>
</div>
<h3 id="Lambda_expressions">Lambda expressions</h3>
<div class="summary">
<p>Use lambda expressions where appropriate. Do not use
default lambda captures; write all captures explicitly.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> Lambda expressions are a concise way of creating anonymous
function objects. They're often useful when passing
functions as arguments. For example:</p>
<pre>std::sort(v.begin(), v.end(), [](int x, int y) {
return Weight(x) &lt; Weight(y);
});
</pre>
<p>Lambdas were introduced in C++11 along with a set of utilities
for working with function objects, such as the polymorphic
wrapper <code>std::function</code>.
</p>
</div>
<div class="pros">
<ul>
<li>Lambdas are much more concise than other ways of
defining function objects to be passed to STL
algorithms, which can be a readability
improvement.</li>
<li>Lambdas, <code>std::function</code>, and
<code>std::bind</code> can be used in combination as a
general purpose callback mechanism; they make it easy
to write functions that take bound functions as
arguments.</li>
</ul>
</div>
<div class="cons">
<ul>
<li>Variable capture in lambdas can be tricky, and
might be a new source of dangling-pointer bugs.</li>
<li>It's possible for use of lambdas to get out of
hand; very long nested anonymous functions can make
code harder to understand.</li>
</ul>
</div>
<div class="decision">
<ul>
<li>Use lambda expressions where appropriate, with formatting as
described <a href="#Formatting_Lambda_Expressions">below</a>.</li>
<li>Do not use default captures; write all lambda captures explicitly.
For example, instead of <code>[=](int x) { return x + n; }</code>
you should write <code>[n](int x) { return x + n; }</code> so that
readers can see immediately that <code>n</code> is being captured
(by value).</li>
<li>Keep unnamed lambdas short. If a lambda body is more than
maybe five lines long, prefer to give the lambda a name, or to
use a named function instead of a lambda.</li>
<li>Specify the return type of the lambda explicitly if that will
make it more obvious to readers, as with
<a href="#auto"><code>auto</code></a>.</li>
</ul>
</div>
</div>
<h3 id="Template_metaprogramming">Template metaprogramming</h3>
<div class="summary">
<p>Avoid complicated template programming.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>Template metaprogramming refers to a family of techniques that
exploit the fact that the C++ template instantiation mechanism is
Turing complete and can be used to perform arbitrary compile-time
computation in the type domain.</p>
</div>
<div class="pros">
<p>Template metaprogramming allows extremely flexible interfaces that
are type safe and high performance. Facilities like
<a href="https://code.google.com/p/googletest/">Google Test</a>,
<code>std::tuple</code>, <code>std::function</code>, and
Boost.Spirit would be impossible without it.</p>
</div>
<div class="cons">
<p>The techniques used in template metaprogramming are often obscure
to anyone but language experts. Code that uses templates in
complicated ways is often unreadable, and is hard to debug or
maintain.</p>
<p>Template metaprogramming often leads to extremely poor compiler
time error messages: even if an interface is simple, the complicated
implementation details become visible when the user does something
wrong.</p>
<p>Template metaprogramming interferes with large scale refactoring by
making the job of refactoring tools harder. First, the template code
is expanded in multiple contexts, and it's hard to verify that the
transformation makes sense in all of them. Second, some refactoring
tools work with an AST that only represents the structure of the code
after template expansion. It can be difficult to automatically work
back to the original source construct that needs to be
rewritten.</p>
</div>
<div class="decision">
<p>Template metaprogramming sometimes allows cleaner and easier-to-use
interfaces than would be possible without it, but it's also often a
temptation to be overly clever. It's best used in a small number of
low level components where the extra maintenance burden is spread out
over a large number of uses.</p>
<p>Think twice before using template metaprogramming or other
complicated template techniques; think about whether the average
member of your team will be able to understand your code well enough
to maintain it after you switch to another project, or whether a
non-C++ programmer or someone casually browsing the code base will be
able to understand the error messages or trace the flow of a function
they want to call. If you're using recursive template instantiations
or type lists or metafunctions or expression templates, or relying on
SFINAE or on the <code>sizeof</code> trick for detecting function
overload resolution, then there's a good chance you've gone too
far.</p>
<p>If you use template metaprogramming, you should expect to put
considerable effort into minimizing and isolating the complexity. You
should hide metaprogramming as an implementation detail whenever
possible, so that user-facing headers are readable, and you should
make sure that tricky code is especially well commented. You should
carefully document how the code is used, and you should say something
about what the "generated" code looks like. Pay extra attention to the
error messages that the compiler emits when users make mistakes. The
error messages are part of your user interface, and your code should
be tweaked as necessary so that the error messages are understandable
and actionable from a user point of view.</p>
</div>
</div>
<h3 id="Boost">Boost</h3>
<div class="summary">
<p>Use only approved libraries from the Boost library
collection.</p>
</div>
<div class="stylebody">
<div class="definition">
<p> The
<a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/">
Boost library collection</a> is a popular collection of
peer-reviewed, free, open-source C++ libraries.</p>
</div>
<div class="pros">
<p>Boost code is generally very high-quality, is widely
portable, and fills many important gaps in the C++
standard library, such as type traits and better binders.</p>
</div>
<div class="cons">
<p>Some Boost libraries encourage coding practices which can
hamper readability, such as metaprogramming and other
advanced template techniques, and an excessively
"functional" style of programming. </p>
</div>
<div class="decision">
<div>
<p>In order to maintain a high level of readability for
all contributors who might read and maintain code, we
only allow an approved subset of Boost features.
Currently, the following libraries are permitted:</p>
<ul>
<li>
<a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/utility/call_traits.htm">
Call Traits</a> from <code>boost/call_traits.hpp</code></li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/utility/compressed_pair.htm">
Compressed Pair</a> from <code>boost/compressed_pair.hpp</code></li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/graph/">
The Boost Graph Library (BGL)</a> from <code>boost/graph</code>,
except serialization (<code>adj_list_serialize.hpp</code>) and
parallel/distributed algorithms and data structures
(<code>boost/graph/parallel/*</code> and
<code>boost/graph/distributed/*</code>).</li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/property_map/">
Property Map</a> from <code>boost/property_map</code>, except
parallel/distributed property maps (<code>boost/property_map/parallel/*</code>).</li>
<li>The part of <a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/iterator/">
Iterator</a> that deals with defining iterators:
<code>boost/iterator/iterator_adaptor.hpp</code>,
<code>boost/iterator/iterator_facade.hpp</code>, and
<code>boost/function_output_iterator.hpp</code></li>
<li>The part of <a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/polygon/">
Polygon</a> that deals with Voronoi diagram
construction and doesn't depend on the rest of
Polygon:
<code>boost/polygon/voronoi_builder.hpp</code>,
<code>boost/polygon/voronoi_diagram.hpp</code>, and
<code>boost/polygon/voronoi_geometry_type.hpp</code></li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/bimap/">
Bimap</a> from <code>boost/bimap</code></li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/math/doc/html/dist.html">
Statistical Distributions and Functions</a> from
<code>boost/math/distributions</code></li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/multi_index/">
Multi-index</a> from <code>boost/multi_index</code></li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/heap/">
Heap</a> from <code>boost/heap</code></li>
<li>The flat containers from <a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/container/">
Container</a>:
<code>boost/container/flat_map</code>, and
<code>boost/container/flat_set</code></li>
</ul>
<p>We are actively considering adding other Boost
features to the list, so this list may be expanded in
the future.</p>
</div>
<p>The following libraries are permitted, but their use
is discouraged because they've been superseded by
standard libraries in C++11:</p>
<ul>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/array/">
Array</a> from <code>boost/array.hpp</code>: use
<a href="http://www.google.com/url?sa=D&amp;q=http://en.cppreference.com/w/cpp/container/array">
<code>std::array</code></a> instead.</li>
<li><a href="http://www.google.com/url?sa=D&amp;q=http://www.boost.org/libs/ptr_container/">
Pointer Container</a> from <code>boost/ptr_container</code>: use containers of
<a href="http://www.google.com/url?sa=D&amp;q=http://en.cppreference.com/w/cpp/memory/unique_ptr">
<code>std::unique_ptr</code></a> instead.</li>
</ul>
</div>
</div>
<h3 id="C++11">C++11</h3>
<div class="summary">
<p>Use libraries and language extensions from C++11 (formerly
known as C++0x) when appropriate.
Consider portability to other environments
before using C++11 features in your
project. </p>
</div>
<div class="stylebody">
<div class="definition">
<p> C++11 contains <a href="http://www.google.com/url?sa=D&amp;q=http://en.wikipedia.org/wiki/C%2B%2B11">
significant changes</a> both to the language and
libraries. </p>
</div>
<div class="pros">
<p>C++11 was the official standard until august 2014, and
is supported by most C++ compilers. It standardizes
some common C++ extensions that we use already, allows
shorthands for some operations, and has some performance
and safety improvements.</p>
</div>
<div class="cons">
<p>The C++11 standard is substantially more complex than
its predecessor (1,300 pages versus 800 pages), and is
unfamiliar to many developers. The long-term effects of
some features on code readability and maintenance are
unknown. We cannot predict when its various features will
be implemented uniformly by tools that may be of
interest, particularly in the case of projects that are
forced to use older versions of tools.</p>
<p>As with <a href="#Boost">Boost</a>, some C++11
extensions encourage coding practices that hamper
readability&#8212;for example by removing
checked redundancy (such as type names) that may be
helpful to readers, or by encouraging template
metaprogramming. Other extensions duplicate functionality
available through existing mechanisms, which may lead to confusion
and conversion costs.</p>
</div>
<div class="decision">
<p>C++11 features may be used unless specified otherwise.
In addition to what's described in the rest of the style
guide, the following C++11 features may not be used:</p>
<ul>
<li>Functions (other than lambda functions)
with trailing return types, e.g. writing
<code>auto foo() -&gt; int;</code> instead of <code>int
foo();</code>, because of a desire to preserve
stylistic consistency with the many existing function
declarations.</li>
<li>Compile-time rational numbers
(<code>&lt;ratio&gt;</code>), because of concerns that
it's tied to a more template-heavy interface
style.</li>
<li>The <code>&lt;cfenv&gt;</code> and
<code>&lt;fenv.h&gt;</code> headers, because many
compilers do not support those features reliably.</li>
<li>Default lambda captures.</li>
</ul>
</div>
</div>
<h2 id="Naming">Naming</h2>
<p>The most important consistency rules are those that govern
naming. The style of a name immediately informs us what sort of
thing the named entity is: a type, a variable, a function, a
constant, a macro, etc., without requiring us to search for the
declaration of that entity. The pattern-matching engine in our
brains relies a great deal on these naming rules.
</p>
<p>Naming rules are pretty arbitrary, but
we feel that
consistency is more important than individual preferences in this
area, so regardless of whether you find them sensible or not,
the rules are the rules.</p>
<h3 id="General_Naming_Rules">General Naming Rules</h3>
<div class="summary">
<p>Function names, variable names, and filenames should be
descriptive; eschew abbreviation.</p>
</div>
<div class="stylebody">
<p>Give as descriptive a name as possible, within reason.
Do not worry about saving horizontal space as it is far
more important to make your code immediately
understandable by a new reader. Do not use abbreviations
that are ambiguous or unfamiliar to readers outside your
project, and do not abbreviate by deleting letters within
a word.</p>
<pre>int price_count_reader; // No abbreviation.
int num_errors; // "num" is a widespread convention.
int num_dns_connections; // Most people know what "DNS" stands for.
</pre>
<pre class="badcode">int n; // Meaningless.
int nerr; // Ambiguous abbreviation.
int n_comp_conns; // Ambiguous abbreviation.
int wgc_connections; // Only your group knows what this stands for.
int pc_reader; // Lots of things can be abbreviated "pc".
int cstmr_id; // Deletes internal letters.
</pre>
</div>
<h3 id="File_Names">File Names</h3>
<div class="summary">
<p>Filenames should be all lowercase and can include
underscores (<code>_</code>) or dashes (<code>-</code>).
Follow the convention that your
project uses. If there is no consistent
local pattern to follow, prefer "_".</p>
</div>
<div class="stylebody">
<p>Examples of acceptable file names:</p>
<ul>
<li><code>my_useful_class.cc</code></li>
<li><code>my-useful-class.cc</code></li>
<li><code>myusefulclass.cc</code></li>
<li><code>myusefulclass_test.cc // _unittest and _regtest are deprecated.</code></li>
</ul>
<p>C++ files should end in <code>.cc</code> and header files should end in
<code>.h</code>. Files that rely on being textually included at specific points
should end in <code>.inc</code> (see also the section on
<a href="#Self_contained_Headers">self-contained headers</a>).</p>
<p>Do not use filenames that already exist in
<code>/usr/include</code>, such as <code>db.h</code>.</p>
<p>In general, make your filenames very specific. For
example, use <code>http_server_logs.h</code> rather than
<code>logs.h</code>. A very common case is to have a pair
of files called, e.g., <code>foo_bar.h</code> and
<code>foo_bar.cc</code>, defining a class called
<code>FooBar</code>.</p>
<p>Inline functions must be in a <code>.h</code> file. If
your inline functions are very short, they should go
directly into your <code>.h</code> file. </p>
</div>
<h3 id="Type_Names">Type Names</h3>
<div class="summary">
<p>Type names start with a capital letter and have a capital
letter for each new word, with no underscores:
<code>MyExcitingClass</code>, <code>MyExcitingEnum</code>.</p>
</div>
<div class="stylebody">
<p>The names of all types &#8212; classes, structs, typedefs,
and enums &#8212; have the same naming convention. Type names
should start with a capital letter and have a capital letter
for each new word. No underscores. For example:</p>
<pre>// classes and structs
class UrlTable { ...
class UrlTableTester { ...
struct UrlTableProperties { ...
// typedefs
typedef hash_map&lt;UrlTableProperties *, string&gt; PropertiesMap;
// enums
enum UrlTableErrors { ...
</pre>
</div>
<h3 id="Variable_Names">Variable Names</h3>
<div class="summary">
<p>The names of variables and data members are all lowercase, with
underscores between words. Data members of classes (but not structs)
additionally have trailing underscores. For instance:
<code>a_local_variable</code>, <code>a_struct_data_member</code>,
<code>a_class_data_member_</code>.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">Common Variable names</h4>
<p>For example:</p>
<pre>string table_name; // OK - uses underscore.
string tablename; // OK - all lowercase.
</pre>
<pre class="badcode">string tableName; // Bad - mixed case.
</pre>
<h4 class="stylepoint_subsection">Class Data Members</h4>
<p>Data members of classes, both static and non-static, are
named like ordinary nonmember variables, but with a
trailing underscore.</p>
<pre>class TableInfo {
...
private:
string table_name_; // OK - underscore at end.
string tablename_; // OK.
static Pool&lt;TableInfo&gt;* pool_; // OK.
};
</pre>
<h4 class="stylepoint_subsection">Struct Data Members</h4>
<p>Data members of structs, both static and non-static,
are named like ordinary nonmember variables. They do not have
the trailing underscores that data members in classes have.</p>
<pre>struct UrlTableProperties {
string name;
int num_entries;
static Pool&lt;UrlTableProperties&gt;* pool;
};
</pre>
<p>See <a href="#Structs_vs._Classes">Structs vs.
Classes</a> for a discussion of when to use a struct
versus a class.</p>
<h4 class="stylepoint_subsection">Global Variables</h4>
<p>There are no special requirements for global
variables, which should be rare in any case, but if you
use one, consider prefixing it with <code>g_</code> or
some other marker to easily distinguish it from local
variables.</p>
</div>
<h3 id="Constant_Names">Constant Names</h3>
<div class="summary">
<p>Use a <code>k</code> followed by mixed case, e.g.,
<code>kDaysInAWeek</code>, for constants defined globally or within a class.</p>
</div>
<div class="stylebody">
<p>As a convenience to the reader, compile-time constants of global or class scope
follow a different naming convention from other variables.
Use a <code>k</code> followed by words with uppercase first letters:</p>
<pre>const int kDaysInAWeek = 7;
</pre>
<p>This convention may optionally be used for compile-time constants of local scope;
otherwise the usual variable naming rules apply.
</p></div>
<h3 id="Function_Names">Function Names</h3>
<div class="summary">
<p>Regular functions have mixed case; accessors and mutators
match the name of the variable:
<code>MyExcitingFunction()</code>,
<code>MyExcitingMethod()</code>,
<code>my_exciting_member_variable()</code>,
<code>set_my_exciting_member_variable()</code>.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">Regular Functions</h4>
<p>Functions should start with a capital letter and have
a capital letter for each new word. No underscores.</p>
<p>If your function crashes upon an error, you should
append OrDie to the function name. This only applies to
functions which could be used by production code and to
errors that are reasonably likely to occur during normal
operation.</p>
<pre>AddTableEntry()
DeleteUrl()
OpenFileOrDie()
</pre>
<h4 class="stylepoint_subsection">Accessors and Mutators</h4>
<p>Accessors and mutators (get and set functions) should
match the name of the variable they are getting and
setting. This shows an excerpt of a class whose instance
variable is <code>num_entries_</code>.</p>
<pre>class MyClass {
public:
...
int num_entries() const { return num_entries_; }
void set_num_entries(int num_entries) { num_entries_ = num_entries; }
private:
int num_entries_;
};
</pre>
<p>You may also use lowercase letters for other very
short inlined functions. For example if a function were
so cheap you would not cache the value if you were
calling it in a loop, then lowercase naming would be
acceptable.</p>
</div>
<h3 id="Namespace_Names">Namespace Names</h3>
<div class="summary">
<p>Namespace names are all lower-case,
and based on project names and possibly their directory
structure: <code>google_awesome_project</code>.</p>
</div>
<div class="stylebody">
<p>See <a href="#Namespaces">Namespaces</a> for a
discussion of namespaces and how to name them.</p>
</div>
<h3 id="Enumerator_Names">Enumerator Names</h3>
<div class="summary">
<p>Enumerators should be named <i>either</i> like
<a href="#Constant_Names">constants</a> or like
<a href="#Macro_Names">macros</a>: either <code>kEnumName</code> or
<code>ENUM_NAME</code>.</p>
</div>
<div class="stylebody">
<p>Preferably, the individual enumerators should be named
like <a href="#Constant_Names">constants</a>. However, it
is also acceptable to name them like
<a href="Macro_Names">macros</a>. The enumeration name,
<code>UrlTableErrors</code> (and
<code>AlternateUrlTableErrors</code>), is a type, and
therefore mixed case.</p>
<pre>enum UrlTableErrors {
kOK = 0,
kErrorOutOfMemory,
kErrorMalformedInput,
};
enum AlternateUrlTableErrors {
OK = 0,
OUT_OF_MEMORY = 1,
MALFORMED_INPUT = 2,
};
</pre>
<p>Until January 2009, the style was to name enum values
like <a href="#Macro_Names">macros</a>. This caused
problems with name collisions between enum values and
macros. Hence, the change to prefer constant-style naming
was put in place. New code should prefer constant-style
naming if possible. However, there is no reason to change
old code to use constant-style names, unless the old
names are actually causing a compile-time problem.</p>
</div>
<h3 id="Macro_Names">Macro Names</h3>
<div class="summary">
<p>You're not really going to <a href="#Preprocessor_Macros">
define a macro</a>, are you? If you do, they're like this:
<code>MY_MACRO_THAT_SCARES_SMALL_CHILDREN</code>.</p>
</div>
<div class="stylebody">
<p>Please see the <a href="#Preprocessor_Macros">description
of macros</a>; in general macros should <em>not</em> be used.
However, if they are absolutely needed, then they should be
named with all capitals and underscores.</p>
<pre>#define ROUND(x) ...
#define PI_ROUNDED 3.0
</pre>
</div>
<h3 id="Exceptions_to_Naming_Rules">Exceptions to Naming Rules</h3>
<div class="summary">
<p>If you are naming something that is analogous to an
existing C or C++ entity then you can follow the existing
naming convention scheme.</p>
</div>
<div class="stylebody">
<dl>
<dt><code>bigopen()</code></dt>
<dd>function name, follows form of <code>open()</code></dd>
<dt><code>uint</code></dt>
<dd><code>typedef</code></dd>
<dt><code>bigpos</code></dt>
<dd><code>struct</code> or <code>class</code>, follows
form of <code>pos</code></dd>
<dt><code>sparse_hash_map</code></dt>
<dd>STL-like entity; follows STL naming conventions</dd>
<dt><code>LONGLONG_MAX</code></dt>
<dd>a constant, as in <code>INT_MAX</code></dd>
</dl>
</div>
<h2 id="Comments">Comments</h2>
<p>Though a pain to write, comments are absolutely vital to
keeping our code readable. The following rules describe what
you should comment and where. But remember: while comments are
very important, the best code is self-documenting. Giving
sensible names to types and variables is much better than using
obscure names that you must then explain through comments.</p>
<p>When writing your comments, write for your audience: the
next
contributor who will need to
understand your code. Be generous &#8212; the next
one may be you!</p>
<h3 id="Comment_Style">Comment Style</h3>
<div class="summary">
<p>Use either the <code>//</code> or <code>/* */</code>
syntax, as long as you are consistent.</p>
</div>
<div class="stylebody">
<p>You can use either the <code>//</code> or the <code>/*
*/</code> syntax; however, <code>//</code> is
<em>much</em> more common. Be consistent with how you
comment and what style you use where.</p>
</div>
<h3 id="File_Comments">File Comments</h3>
<div class="summary">
<p> Start each file with license
boilerplate, followed by a description of its
contents.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">Legal Notice and Author
Line</h4>
<p>Every file should contain license
boilerplate. Choose the appropriate boilerplate for the
license used by the project (for example, Apache 2.0,
BSD, LGPL, GPL).</p>
<p>If you make significant changes to a file with an
author line, consider deleting the author line.</p>
<h4 class="stylepoint_subsection">File Contents</h4>
<p>Every file should have a comment at the top describing
its contents.</p>
<p>Generally a <code>.h</code> file will describe the
classes that are declared in the file with an overview of
what they are for and how they are used. A
<code>.cc</code> file should contain more information
about implementation details or discussions of tricky
algorithms. If you feel the implementation details or a
discussion of the algorithms would be useful for someone
reading the <code>.h</code>, feel free to put it there
instead, but mention in the <code>.cc</code> that the
documentation is in the <code>.h</code> file.</p>
<p>Do not duplicate comments in both the <code>.h</code>
and the <code>.cc</code>. Duplicated comments
diverge.</p>
</div>
<h3 id="Class_Comments">Class Comments</h3>
<div class="summary">
<p>Every class definition should have an accompanying comment
that describes what it is for and how it should be used.</p>
</div>
<div class="stylebody">
<pre>// Iterates over the contents of a GargantuanTable. Sample usage:
// GargantuanTableIterator* iter = table-&gt;NewIterator();
// for (iter-&gt;Seek("foo"); !iter-&gt;done(); iter-&gt;Next()) {
// process(iter-&gt;key(), iter-&gt;value());
// }
// delete iter;
class GargantuanTableIterator {
...
};
</pre>
<p>If you have already described a class in detail in the
comments at the top of your file feel free to simply
state "See comment at top of file for a complete
description", but be sure to have some sort of
comment.</p>
<p>Document the synchronization assumptions the class
makes, if any. If an instance of the class can be
accessed by multiple threads, take extra care to document
the rules and invariants surrounding multithreaded
use.</p>
</div>
<h3 id="Function_Comments">Function Comments</h3>
<div class="summary">
<p>Declaration comments describe use of the function; comments
at the definition of a function describe operation.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">Function Declarations</h4>
<p>Every function declaration should have comments
immediately preceding it that describe what the function
does and how to use it. These comments should be
descriptive ("Opens the file") rather than imperative
("Open the file"); the comment describes the function, it
does not tell the function what to do. In general, these
comments do not describe how the function performs its
task. Instead, that should be left to comments in the
function definition.</p>
<p>Types of things to mention in comments at the function
declaration:</p>
<ul>
<li>What the inputs and outputs are.</li>
<li>For class member functions: whether the object
remembers reference arguments beyond the duration of
the method call, and whether it will free them or
not.</li>
<li>If the function allocates memory that the caller
must free.</li>
<li>Whether any of the arguments can be a null
pointer.</li>
<li>If there are any performance implications of how a
function is used.</li>
<li>If the function is re-entrant. What are its
synchronization assumptions?</li>
</ul>
<p>Here is an example:</p>
<pre>// Returns an iterator for this table. It is the client's
// responsibility to delete the iterator when it is done with it,
// and it must not use the iterator once the GargantuanTable object
// on which the iterator was created has been deleted.
//
// The iterator is initially positioned at the beginning of the table.
//
// This method is equivalent to:
// Iterator* iter = table-&gt;NewIterator();
// iter-&gt;Seek("");
// return iter;
// If you are going to immediately seek to another place in the
// returned iterator, it will be faster to use NewIterator()
// and avoid the extra seek.
Iterator* GetIterator() const;
</pre>
<p>However, do not be unnecessarily verbose or state the
completely obvious. Notice below that it is not necessary
to say "returns false otherwise" because this is
implied.</p>
<pre>// Returns true if the table cannot hold any more entries.
bool IsTableFull();
</pre>
<p>When commenting constructors and destructors, remember
that the person reading your code knows what constructors
and destructors are for, so comments that just say
something like "destroys this object" are not useful.
Document what constructors do with their arguments (for
example, if they take ownership of pointers), and what
cleanup the destructor does. If this is trivial, just
skip the comment. It is quite common for destructors not
to have a header comment.</p>
<h4 class="stylepoint_subsection">Function Definitions</h4>
<p>If there is anything tricky about how a function does
its job, the function definition should have an
explanatory comment. For example, in the definition
comment you might describe any coding tricks you use,
give an overview of the steps you go through, or explain
why you chose to implement the function in the way you
did rather than using a viable alternative. For instance,
you might mention why it must acquire a lock for the
first half of the function but why it is not needed for
the second half.</p>
<p>Note you should <em>not</em> just repeat the comments
given with the function declaration, in the
<code>.h</code> file or wherever. It's okay to
recapitulate briefly what the function does, but the
focus of the comments should be on how it does it.</p>
</div>
<h3 id="Variable_Comments">Variable Comments</h3>
<div class="summary">
<p>In general the actual name of the variable should be
descriptive enough to give a good idea of what the variable
is used for. In certain cases, more comments are required.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">Class Data Members</h4>
<p>Each class data member (also called an instance
variable or member variable) should have a comment
describing what it is used for. If the variable can take
sentinel values with special meanings, such as a null
pointer or -1, document this. For example:</p>
<pre>private:
// Keeps track of the total number of entries in the table.
// Used to ensure we do not go over the limit. -1 means
// that we don't yet know how many entries the table has.
int num_total_entries_;
</pre>
<h4 class="stylepoint_subsection">Global Variables</h4>
<p>As with data members, all global variables should have
a comment describing what they are and what they are used
for. For example:</p>
<pre>// The total number of tests cases that we run through in this regression test.
const int kNumTestCases = 6;
</pre>
</div>
<h3 id="Implementation_Comments">Implementation Comments</h3>
<div class="summary">
<p>In your implementation you should have comments in tricky,
non-obvious, interesting, or important parts of your code.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">Explanatory Comments</h4>
<p>Tricky or complicated code blocks should have comments
before them. Example:</p>
<pre>// Divide result by two, taking into account that x
// contains the carry from the add.
for (int i = 0; i &lt; result-&gt;size(); i++) {
x = (x &lt;&lt; 8) + (*result)[i];
(*result)[i] = x &gt;&gt; 1;
x &amp;= 1;
}
</pre>
<h4 class="stylepoint_subsection">Line Comments</h4>
<p>Also, lines that are non-obvious should get a comment
at the end of the line. These end-of-line comments should
be separated from the code by 2 spaces. Example:</p>
<pre>// If we have enough memory, mmap the data portion too.
mmap_budget = max&lt;int64&gt;(0, mmap_budget - index_-&gt;length());
if (mmap_budget &gt;= data_size_ &amp;&amp; !MmapData(mmap_chunk_bytes, mlock))
return; // Error already logged.
</pre>
<p>Note that there are both comments that describe what
the code is doing, and comments that mention that an
error has already been logged when the function
returns.</p>
<p>If you have several comments on subsequent lines, it
can often be more readable to line them up:</p>
<pre>DoSomething(); // Comment here so the comments line up.
DoSomethingElseThatIsLonger(); // Two spaces between the code and the comment.
{ // One space before comment when opening a new scope is allowed,
// thus the comment lines up with the following comments and code.
DoSomethingElse(); // Two spaces before line comments normally.
}
vector&lt;string&gt; list{// Comments in braced lists describe the next element ..
"First item",
// .. and should be aligned appropriately.
"Second item"};
DoSomething(); /* For trailing block comments, one space is fine. */
</pre>
<h4 class="stylepoint_subsection">nullptr/NULL, true/false, 1, 2, 3...</h4>
<p>When you pass in a null pointer, boolean, or literal
integer values to functions, you should consider adding a
comment about what they are, or make your code
self-documenting by using constants. For example,
compare:</p>
<pre class="badcode">bool success = CalculateSomething(interesting_value,
10,
false,
NULL); // What are these arguments??
</pre>
<p>versus:</p>
<pre>bool success = CalculateSomething(interesting_value,
10, // Default base value.
false, // Not the first time we're calling this.
NULL); // No callback.
</pre>
<p>Or alternatively, constants or self-describing variables:</p>
<pre>const int kDefaultBaseValue = 10;
const bool kFirstTimeCalling = false;
Callback *null_callback = NULL;
bool success = CalculateSomething(interesting_value,
kDefaultBaseValue,
kFirstTimeCalling,
null_callback);
</pre>
<h4 class="stylepoint_subsection">Don'ts</h4>
<p>Note that you should <em>never</em> describe the code
itself. Assume that the person reading the code knows C++
better than you do, even though he or she does not know
what you are trying to do:</p>
<pre class="badcode">// Now go through the b array and make sure that if i occurs,
// the next element is i+1.
... // Geez. What a useless comment.
</pre>
</div>
<h3 id="Punctuation,_Spelling_and_Grammar">Punctuation, Spelling and Grammar</h3>
<div class="summary">
<p>Pay attention to punctuation, spelling, and grammar; it is
easier to read well-written comments than badly written
ones.</p>
</div>
<div class="stylebody">
<p>Comments should be as readable as narrative text, with
proper capitalization and punctuation. In many cases,
complete sentences are more readable than sentence
fragments. Shorter comments, such as comments at the end
of a line of code, can sometimes be less formal, but you
should be consistent with your style.</p>
<p>Although it can be frustrating to have a code reviewer
point out that you are using a comma when you should be
using a semicolon, it is very important that source code
maintain a high level of clarity and readability. Proper
punctuation, spelling, and grammar help with that
goal.</p>
</div>
<h3 id="TODO_Comments">TODO Comments</h3>
<div class="summary">
<p>Use <code>TODO</code> comments for code that is temporary,
a short-term solution, or good-enough but not perfect.</p>
</div>
<div class="stylebody">
<p><code>TODO</code>s should include the string
<code>TODO</code> in all caps, followed by the
name, e-mail address, or other
identifier of the person
with the best context
about the problem referenced by the <code>TODO</code>. The
main purpose is to have a consistent <code>TODO</code> that
can be searched to find out how to get more details upon
request. A <code>TODO</code> is not a commitment that the
person referenced will fix the problem. Thus when you create
a <code>TODO</code>, it is almost always your
name
that is given.</p>
<div>
<pre>// TODO(kl@gmail.com): Use a "*" here for concatenation operator.
// TODO(Zeke) change this to use relations.
</pre>
</div>
<p>If your <code>TODO</code> is of the form "At a future
date do something" make sure that you either include a
very specific date ("Fix by November 2005") or a very
specific event ("Remove this code when all clients can
handle XML responses.").</p>
</div>
<h3 id="Deprecation_Comments">Deprecation Comments</h3>
<div class="summary">
<p>Mark deprecated interface points with <code>DEPRECATED</code>
comments.</p>
</div>
<div class="stylebody">
<p>You can mark an interface as deprecated by writing a
comment containing the word <code>DEPRECATED</code> in
all caps. The comment goes either before the declaration
of the interface or on the same line as the
declaration.</p>
<p>After the word
<code>DEPRECATED</code>, write your name, e-mail address,
or other identifier in parentheses.</p>
<p>A deprecation comment must include simple, clear
directions for people to fix their callsites. In C++, you
can implement a deprecated function as an inline function
that calls the new interface point.</p>
<p>Marking an interface point <code>DEPRECATED</code>
will not magically cause any callsites to change. If you
want people to actually stop using the deprecated
facility, you will have to fix the callsites yourself or
recruit a crew to help you.</p>
<p>New code should not contain calls to deprecated
interface points. Use the new interface point instead. If
you cannot understand the directions, find the person who
created the deprecation and ask them for help using the
new interface point.</p>
</div>
<h2 id="Formatting">Formatting</h2>
<p>Coding style and formatting are pretty arbitrary, but a
project is much easier to follow
if everyone uses the same style. Individuals may not agree with every
aspect of the formatting rules, and some of the rules may take
some getting used to, but it is important that all
project contributors follow the
style rules so that
they can all read and understand
everyone's code easily.</p>
<p>To help you format code correctly, we've
created a
<a href="http://google-styleguide.googlecode.com/svn/trunk/google-c-style.el">
settings file for emacs</a>.</p>
<h3 id="Line_Length">Line Length</h3>
<div class="summary">
<p>Each line of text in your code should be at most 80
characters long.</p>
</div>
<div class="stylebody">
<p>We recognize that this rule is
controversial, but so much existing code already adheres
to it, and we feel that consistency is important.</p>
<div class="pros">
<p>Those who favor this rule
argue that it is rude to force them to resize
their windows and there is no need for anything longer.
Some folks are used to having several code windows
side-by-side, and thus don't have room to widen their
windows in any case. People set up their work environment
assuming a particular maximum window width, and 80
columns has been the traditional standard. Why change
it?</p>
</div>
<div class="cons">
<p>Proponents of change argue that a wider line can make
code more readable. The 80-column limit is an hidebound
throwback to 1960s mainframes; modern equipment has wide screens that
can easily show longer lines.</p>
</div>
<div class="decision">
<p> 80 characters is the maximum.</p>
<p class="exception">If a comment line contains an example
command or a literal URL longer than 80 characters, that
line may be longer than 80 characters for ease of cut and
paste.</p>
<p class="exception">A raw-string literal may have content
that exceeds 80 characters. Except for test code, such literals
should appear near top of a file.</p>
<p class="exception">An <code>#include</code> statement with a
long path may exceed 80 columns.</p>
<p class="exception">You needn't be concerned about
<a href="#The__define_Guard">header guards</a> that exceed
the maximum length. </p>
</div>
</div>
<h3 id="Non-ASCII_Characters">Non-ASCII Characters</h3>
<div class="summary">
<p>Non-ASCII characters should be rare, and must use UTF-8
formatting.</p>
</div>
<div class="stylebody">
<p>You shouldn't hard-code user-facing text in source,
even English, so use of non-ASCII characters should be
rare. However, in certain cases it is appropriate to
include such words in your code. For example, if your
code parses data files from foreign sources, it may be
appropriate to hard-code the non-ASCII string(s) used in
those data files as delimiters. More commonly, unittest
code (which does not need to be localized) might
contain non-ASCII strings. In such cases, you should use
UTF-8, since that is an encoding
understood by most tools able to handle more than just
ASCII.</p>
<p>Hex encoding is also OK, and encouraged where it
enhances readability &#8212; for example,
<code>"\xEF\xBB\xBF"</code>, or, even more simply,
<code>u8"\uFEFF"</code>, is the Unicode zero-width
no-break space character, which would be invisible if
included in the source as straight UTF-8.</p>
<p>Use the <code>u8</code> prefix
to guarantee that a string literal containing
<code>\uXXXX</code> escape sequences is encoded as UTF-8.
Do not use it for strings containing non-ASCII characters
encoded as UTF-8, because that will produce incorrect
output if the compiler does not interpret the source file
as UTF-8. </p>
<p>You shouldn't use the C++11 <code>char16_t</code> and
<code>char32_t</code> character types, since they're for
non-UTF-8 text. For similar reasons you also shouldn't
use <code>wchar_t</code> (unless you're writing code that
interacts with the Windows API, which uses
<code>wchar_t</code> extensively).</p>
</div>
<h3 id="Spaces_vs._Tabs">Spaces vs. Tabs</h3>
<div class="summary">
<p>Use only spaces, and indent 2 spaces at a time.</p>
</div>
<div class="stylebody">
<p>We use spaces for indentation. Do not use tabs in your
code. You should set your editor to emit spaces when you
hit the tab key.</p>
</div>
<h3 id="Function_Declarations_and_Definitions">Function Declarations and Definitions</h3>
<div class="summary">
<p>Return type on the same line as function name, parameters
on the same line if they fit. Wrap parameter lists which do
not fit on a single line as you would wrap arguments in a
function call.</p>
</div>
<div class="stylebody">
<p>Functions look like this:</p>
<pre>ReturnType ClassName::FunctionName(Type par_name1, Type par_name2) {
DoSomething();
...
}
</pre>
<p>If you have too much text to fit on one line:</p>
<pre>ReturnType ClassName::ReallyLongFunctionName(Type par_name1, Type par_name2,
Type par_name3) {
DoSomething();
...
}
</pre>
<p>or if you cannot fit even the first parameter:</p>
<pre>ReturnType LongClassName::ReallyReallyReallyLongFunctionName(
Type par_name1, // 4 space indent
Type par_name2,
Type par_name3) {
DoSomething(); // 2 space indent
...
}
</pre>
<p>Some points to note:</p>
<ul>
<li>If you cannot fit the return type and the function
name on a single line, break between them.</li>
<li>If you break after the return type of a function
declaration or definition, do not indent.</li>
<li>The open parenthesis is always on the same line as
the function name.</li>
<li>There is never a space between the function name
and the open parenthesis.</li>
<li>There is never a space between the parentheses and
the parameters.</li>
<li>The open curly brace is always at the end of the
same line as the last parameter.</li>
<li>The close curly brace is either on the last line by
itself or (if other style rules permit) on the same
line as the open curly brace.</li>
<li>There should be a space between the close
parenthesis and the open curly brace.</li>
<li>All parameters should be named, with identical
names in the declaration and implementation.</li>
<li>All parameters should be aligned if possible.</li>
<li>Default indentation is 2 spaces.</li>
<li>Wrapped parameters have a 4 space indent.</li>
</ul>
<p>If some parameters are unused, comment out the
variable name in the function definition:</p>
<pre>// Always have named parameters in interfaces.
class Shape {
public:
virtual void Rotate(double radians) = 0;
};
// Always have named parameters in the declaration.
class Circle : public Shape {
public:
virtual void Rotate(double radians);
};
// Comment out unused named parameters in definitions.
void Circle::Rotate(double /*radians*/) {}
</pre>
<pre class="badcode">// Bad - if someone wants to implement later, it's not clear what the
// variable means.
void Circle::Rotate(double) {}
</pre>
</div>
<h3 id="Formatting_Lambda_Expressions">Lambda Expressions</h3>
<div class="summary">
<p>Format parameters and bodies as for any other function, and capture
lists like other comma-separated lists.</p>
</div>
<div class="stylebody">
<p>For by-reference captures, do not leave a space between the
ampersand (&amp;) and the variable name.</p>
<pre>int x = 0;
auto add_to_x = [&amp;x](int n) { x += n; };
</pre>
<p>Short lambdas may be written inline as function arguments.</p>
<pre>std::set&lt;int&gt; blacklist = {7, 8, 9};
std::vector&lt;int&gt; digits = {3, 9, 1, 8, 4, 7, 1};
digits.erase(std::remove_if(digits.begin(), digits.end(), [&amp;blacklist](int i) {
return blacklist.find(i) != blacklist.end();
}),
digits.end());
</pre>
</div>
<h3 id="Function_Calls">Function Calls</h3>
<div class="summary">
<p>Either write the call all on a single line, wrap the
arguments at the parenthesis, or start the arguments on a new
line indented by four spaces and continue at that 4 space
indent. In the absence of other considerations, use the
minimum number of lines, including placing multiple arguments
on each line where appropriate.</p>
</div>
<div class="stylebody">
<p>Function calls have the following format:</p>
<pre>bool retval = DoSomething(argument1, argument2, argument3);
</pre>
<p>If the arguments do not all fit on one line, they
should be broken up onto multiple lines, with each
subsequent line aligned with the first argument. Do not
add spaces after the open paren or before the close
paren:</p>
<pre>bool retval = DoSomething(averyveryveryverylongargument1,
argument2, argument3);
</pre>
<p>Arguments may optionally all be placed on subsequent
lines with a four space indent:</p>
<pre>if (...) {
...
...
if (...) {
DoSomething(
argument1, argument2, // 4 space indent
argument3, argument4);
}
</pre>
<p>Put multiple arguments on a single line to reduce the
number of lines necessary for calling a function unless
there is a specific readability problem. Some find that
formatting with strictly one argument on each line is
more readable and simplifies editing of the arguments.
However, we prioritize for the reader over the ease of
editing arguments, and most readability problems are
better addressed with the following techniques.</p>
<p>If having multiple arguments in a single line decreases
readability due to the complexity or confusing nature of the
expressions that make up some arguments, try creating
variables that capture those arguments in a descriptive name:</p>
<pre>int my_heuristic = scores[x] * y + bases[x];
bool retval = DoSomething(my_heuristic, x, y, z);
</pre>
<p>Or put the confusing argument on its own line with
an explanatory comment:</p>
<pre>bool retval = DoSomething(scores[x] * y + bases[x], // Score heuristic.
x, y, z);
</pre>
<p>If there is still a case where one argument is
significantly more readable on its own line, then put it on
its own line. The decision should be specific to the argument
which is made more readable rather than a general policy.</p>
<p>Sometimes arguments form a structure that is important
for readability. In those cases, feel free to format the
arguments according to that structure:</p>
<pre>// Transform the widget by a 3x3 matrix.
my_widget.Transform(x1, x2, x3,
y1, y2, y3,
z1, z2, z3);
</pre>
</div>
<h3 id="Braced_Initializer_List_Format">Braced Initializer List Format</h3>
<div class="summary">
<p>Format a <a href="#Braced_Initializer_List">braced initializer list</a>
exactly like you would format a function call in its place.</p>
</div>
<div class="stylebody">
<p>If the braced list follows a name (e.g. a type or
variable name), format as if the <code>{}</code> were the
parentheses of a function call with that name. If there
is no name, assume a zero-length name.</p>
<pre>// Examples of braced init list on a single line.
return {foo, bar};
functioncall({foo, bar});
pair&lt;int, int&gt; p{foo, bar};
// When you have to wrap.
SomeFunction(
{"assume a zero-length name before {"},
some_other_function_parameter);
SomeType variable{
some, other, values,
{"assume a zero-length name before {"},
SomeOtherType{
"Very long string requiring the surrounding breaks.",
some, other values},
SomeOtherType{"Slightly shorter string",
some, other, values}};
SomeType variable{
"This is too long to fit all in one line"};
MyType m = { // Here, you could also break before {.
superlongvariablename1,
superlongvariablename2,
{short, interior, list},
{interiorwrappinglist,
interiorwrappinglist2}};
</pre>
</div>
<h3 id="Conditionals">Conditionals</h3>
<div class="summary">
<p>Prefer no spaces inside parentheses. The <code>if</code>
and <code>else</code> keywords belong on separate lines.</p>
</div>
<div class="stylebody">
<p>There are two acceptable formats for a basic
conditional statement. One includes spaces between the
parentheses and the condition, and one does not.</p>
<p>The most common form is without spaces. Either is
fine, but <em>be consistent</em>. If you are modifying a
file, use the format that is already present. If you are
writing new code, use the format that the other files in
that directory or project use. If in doubt and you have
no personal preference, do not add the spaces.</p>
<pre>if (condition) { // no spaces inside parentheses
... // 2 space indent.
} else if (...) { // The else goes on the same line as the closing brace.
...
} else {
...
}
</pre>
<p>If you prefer you may add spaces inside the
parentheses:</p>
<pre>if ( condition ) { // spaces inside parentheses - rare
... // 2 space indent.
} else { // The else goes on the same line as the closing brace.
...
}
</pre>
<p>Note that in all cases you must have a space between
the <code>if</code> and the open parenthesis. You must
also have a space between the close parenthesis and the
curly brace, if you're using one.</p>
<pre class="badcode">if(condition) { // Bad - space missing after IF.
if (condition){ // Bad - space missing before {.
if(condition){ // Doubly bad.
</pre>
<pre>if (condition) { // Good - proper space after IF and before {.
</pre>
<p>Short conditional statements may be written on one
line if this enhances readability. You may use this only
when the line is brief and the statement does not use the
<code>else</code> clause.</p>
<pre>if (x == kFoo) return new Foo();
if (x == kBar) return new Bar();
</pre>
<p>This is not allowed when the if statement has an
<code>else</code>:</p>
<pre class="badcode">// Not allowed - IF statement on one line when there is an ELSE clause
if (x) DoThis();
else DoThat();
</pre>
<p>In general, curly braces are not required for
single-line statements, but they are allowed if you like
them; conditional or loop statements with complex
conditions or statements may be more readable with curly
braces. Some
projects require that an
<code>if</code> must always always have an accompanying
brace.</p>
<pre>if (condition)
DoSomething(); // 2 space indent.
if (condition) {
DoSomething(); // 2 space indent.
}
</pre>
<p>However, if one part of an
<code>if</code>-<code>else</code> statement uses curly
braces, the other part must too:</p>
<pre class="badcode">// Not allowed - curly on IF but not ELSE
if (condition) {
foo;
} else
bar;
// Not allowed - curly on ELSE but not IF
if (condition)
foo;
else {
bar;
}
</pre>
<pre>// Curly braces around both IF and ELSE required because
// one of the clauses used braces.
if (condition) {
foo;
} else {
bar;
}
</pre>
</div>
<h3 id="Loops_and_Switch_Statements">Loops and Switch Statements</h3>
<div class="summary">
<p>Switch statements may use braces for blocks. Annotate
non-trivial fall-through between cases.
Braces are optional for single-statement loops.
Empty loop bodies should use <code>{}</code> or <code>continue</code>.</p>
</div>
<div class="stylebody">
<p><code>case</code> blocks in <code>switch</code>
statements can have curly braces or not, depending on
your preference. If you do include curly braces they
should be placed as shown below.</p>
<p>If not conditional on an enumerated value, switch
statements should always have a <code>default</code> case
(in the case of an enumerated value, the compiler will
warn you if any values are not handled). If the default
case should never execute, simply
<code>assert</code>:</p>
<div>
<pre>switch (var) {
case 0: { // 2 space indent
... // 4 space indent
break;
}
case 1: {
...
break;
}
default: {
assert(false);
}
}
</pre>
</div>
<p> Braces are optional for single-statement loops.</p>
<pre>for (int i = 0; i &lt; kSomeNumber; ++i)
printf("I love you\n");
for (int i = 0; i &lt; kSomeNumber; ++i) {
printf("I take it back\n");
}
</pre>
<p>Empty loop bodies should use <code>{}</code> or
<code>continue</code>, but not a single semicolon.</p>
<pre>while (condition) {
// Repeat test until it returns false.
}
for (int i = 0; i &lt; kSomeNumber; ++i) {} // Good - empty body.
while (condition) continue; // Good - continue indicates no logic.
</pre>
<pre class="badcode">while (condition); // Bad - looks like part of do/while loop.
</pre>
</div>
<h3 id="Pointer_and_Reference_Expressions">Pointer and Reference Expressions</h3>
<div class="summary">
<p>No spaces around period or arrow. Pointer operators do not
have trailing spaces.</p>
</div>
<div class="stylebody">
<p>The following are examples of correctly-formatted
pointer and reference expressions:</p>
<pre>x = *p;
p = &amp;x;
x = r.y;
x = r-&gt;y;
</pre>
<p>Note that:</p>
<ul>
<li>There are no spaces around the period or arrow when
accessing a member.</li>
<li>Pointer operators have no space after the
<code>*</code> or <code>&amp;</code>.</li>
</ul>
<p>When declaring a pointer variable or argument, you may
place the asterisk adjacent to either the type or to the
variable name:</p>
<pre>// These are fine, space preceding.
char *c;
const string &amp;str;
// These are fine, space following.
char* c; // but remember to do "char* c, *d, *e, ...;"!
const string&amp; str;
</pre>
<pre class="badcode">char * c; // Bad - spaces on both sides of *
const string &amp; str; // Bad - spaces on both sides of &amp;
</pre>
<p>You should do this consistently within a single
file,
so, when modifying an existing file, use the style in
that file.</p>
</div>
<h3 id="Boolean_Expressions">Boolean Expressions</h3>
<div class="summary">
<p>When you have a boolean expression that is longer than the
<a href="#Line_Length">standard line length</a>, be
consistent in how you break up the lines.</p>
</div>
<div class="stylebody">
<p>In this example, the logical AND operator is always at
the end of the lines:</p>
<pre>if (this_one_thing &gt; this_other_thing &amp;&amp;
a_third_thing == a_fourth_thing &amp;&amp;
yet_another &amp;&amp; last_one) {
...
}
</pre>
<p>Note that when the code wraps in this example, both of
the <code>&amp;&amp;</code> logical AND operators are at
the end of the line. This is more common in Google code,
though wrapping all operators at the beginning of the
line is also allowed. Feel free to insert extra
parentheses judiciously because they can be very helpful
in increasing readability when used
appropriately. Also note that you should always use
the punctuation operators, such as
<code>&amp;&amp;</code> and <code>~</code>, rather than
the word operators, such as <code>and</code> and
<code>compl</code>.</p>
</div>
<h3 id="Return_Values">Return Values</h3>
<div class="summary">
<p>Do not needlessly surround the <code>return</code>
expression with parentheses.</p>
</div>
<div class="stylebody">
<p>Use parentheses in <code>return expr;</code> only
where you would use them in <code>x = expr;</code>.</p>
<pre>return result; // No parentheses in the simple case.
// Parentheses OK to make a complex expression more readable.
return (some_long_condition &amp;&amp;
another_condition);
</pre>
<pre class="badcode">return (value); // You wouldn't write var = (value);
return(result); // return is not a function!
</pre>
</div>
<h3 id="Variable_and_Array_Initialization">Variable and Array Initialization</h3>
<div class="summary">
<p>Your choice of <code>=</code>, <code>()</code>, or
<code>{}</code>.</p>
</div>
<div class="stylebody">
<p>You may choose between <code>=</code>,
<code>()</code>, and <code>{}</code>; the following are
all correct:</p>
<pre>int x = 3;
int x(3);
int x{3};
string name = "Some Name";
string name("Some Name");
string name{"Some Name"};
</pre>
<p>Be careful when using a braced initialization list <code>{...}</code>
on a type with an <code>std::initializer_list</code> constructor.
A nonempty <i>braced-init-list</i> prefers the
<code>std::initializer_list</code> constructor whenever
possible. Note that empty braces <code>{}</code> are special, and
will call a default constructor if available. To force the
non-<code>std::initializer_list</code> constructor, use parentheses
instead of braces.</p>
<pre>vector&lt;int&gt; v(100, 1); // A vector of 100 1s.
vector&lt;int&gt; v{100, 1}; // A vector of 100, 1.
</pre>
<p>Also, the brace form prevents narrowing of integral
types. This can prevent some types of programming
errors.</p>
<pre>int pi(3.14); // OK -- pi == 3.
int pi{3.14}; // Compile error: narrowing conversion.
</pre>
</div>
<h3 id="Preprocessor_Directives">Preprocessor Directives</h3>
<div class="summary">
<p>The hash mark that starts a preprocessor directive should
always be at the beginning of the line.</p>
</div>
<div class="stylebody">
<p>Even when preprocessor directives are within the body
of indented code, the directives should start at the
beginning of the line.</p>
<pre>// Good - directives at beginning of line
if (lopsided_score) {
#if DISASTER_PENDING // Correct -- Starts at beginning of line
DropEverything();
# if NOTIFY // OK but not required -- Spaces after #
NotifyClient();
# endif
#endif
BackToNormal();
}
</pre>
<pre class="badcode">// Bad - indented directives
if (lopsided_score) {
#if DISASTER_PENDING // Wrong! The "#if" should be at beginning of line
DropEverything();
#endif // Wrong! Do not indent "#endif"
BackToNormal();
}
</pre>
</div>
<h3 id="Class_Format">Class Format</h3>
<div class="summary">
<p>Sections in <code>public</code>, <code>protected</code> and
<code>private</code> order, each indented one space.</p>
</div>
<div class="stylebody">
<p>The basic format for a class declaration (lacking the
comments, see <a href="#Class_Comments">Class
Comments</a> for a discussion of what comments are
needed) is:</p>
<pre>class MyClass : public OtherClass {
public: // Note the 1 space indent!
MyClass(); // Regular 2 space indent.
explicit MyClass(int var);
~MyClass() {}
void SomeFunction();
void SomeFunctionThatDoesNothing() {
}
void set_some_var(int var) { some_var_ = var; }
int some_var() const { return some_var_; }
private:
bool SomeInternalFunction();
int some_var_;
int some_other_var_;
};
</pre>
<p>Things to note:</p>
<ul>
<li>Any base class name should be on the same line as
the subclass name, subject to the 80-column limit.</li>
<li>The <code>public:</code>, <code>protected:</code>,
and <code>private:</code> keywords should be indented
one space.</li>
<li>Except for the first instance, these keywords
should be preceded by a blank line. This rule is
optional in small classes.</li>
<li>Do not leave a blank line after these
keywords.</li>
<li>The <code>public</code> section should be first,
followed by the <code>protected</code> and finally the
<code>private</code> section.</li>
<li>See <a href="#Declaration_Order">Declaration
Order</a> for rules on ordering declarations within
each of these sections.</li>
</ul>
</div>
<h3 id="Constructor_Initializer_Lists">Constructor Initializer Lists</h3>
<div class="summary">
<p>Constructor initializer lists can be all on one line or
with subsequent lines indented four spaces.</p>
</div>
<div class="stylebody">
<p>There are two acceptable formats for initializer
lists:</p>
<pre>// When it all fits on one line:
MyClass::MyClass(int var) : some_var_(var), some_other_var_(var + 1) {}
</pre>
<p>or</p>
<pre>// When it requires multiple lines, indent 4 spaces, putting the colon on
// the first initializer line:
MyClass::MyClass(int var)
: some_var_(var), // 4 space indent
some_other_var_(var + 1) { // lined up
...
DoSomething();
...
}
</pre>
</div>
<h3 id="Namespace_Formatting">Namespace Formatting</h3>
<div class="summary">
<p>The contents of namespaces are not indented.</p>
</div>
<div class="stylebody">
<p><a href="#Namespaces">Namespaces</a> do not add an
extra level of indentation. For example, use:</p>
<pre>namespace {
void foo() { // Correct. No extra indentation within namespace.
...
}
} // namespace
</pre>
<p>Do not indent within a namespace:</p>
<pre class="badcode">namespace {
// Wrong. Indented when it should not be.
void foo() {
...
}
} // namespace
</pre>
<p>When declaring nested namespaces, put each namespace
on its own line.</p>
<pre>namespace foo {
namespace bar {
</pre>
</div>
<h3 id="Horizontal_Whitespace">Horizontal Whitespace</h3>
<div class="summary">
<p>Use of horizontal whitespace depends on location. Never put
trailing whitespace at the end of a line.</p>
</div>
<div class="stylebody">
<h4 class="stylepoint_subsection">General</h4>
<pre>void f(bool b) { // Open braces should always have a space before them.
...
int i = 0; // Semicolons usually have no space before them.
// Spaces inside braces for braced-init-list are optional. If you use them,
// put them on both sides!
int x[] = { 0 };
int x[] = {0};
// Spaces around the colon in inheritance and initializer lists.
class Foo : public Bar {
public:
// For inline function implementations, put spaces between the braces
// and the implementation itself.
Foo(int b) : Bar(), baz_(b) {} // No spaces inside empty braces.
void Reset() { baz_ = 0; } // Spaces separating braces from implementation.
...
</pre>
<p>Adding trailing whitespace can cause extra work for
others editing the same file, when they merge, as can
removing existing trailing whitespace. So: Don't
introduce trailing whitespace. Remove it if you're
already changing that line, or do it in a separate
clean-up
operation (preferably when no-one
else is working on the file).</p>
<h4 class="stylepoint_subsection">Loops and Conditionals</h4>
<pre>if (b) { // Space after the keyword in conditions and loops.
} else { // Spaces around else.
}
while (test) {} // There is usually no space inside parentheses.
switch (i) {
for (int i = 0; i &lt; 5; ++i) {
// Loops and conditions may have spaces inside parentheses, but this
// is rare. Be consistent.
switch ( i ) {
if ( test ) {
for ( int i = 0; i &lt; 5; ++i ) {
// For loops always have a space after the semicolon. They may have a space
// before the semicolon, but this is rare.
for ( ; i &lt; 5 ; ++i) {
...
// Range-based for loops always have a space before and after the colon.
for (auto x : counts) {
...
}
switch (i) {
case 1: // No space before colon in a switch case.
...
case 2: break; // Use a space after a colon if there's code after it.
</pre>
<h4 class="stylepoint_subsection">Operators</h4>
<pre>// Assignment operators always have spaces around them.
x = 0;
// Other binary operators usually have spaces around them, but it's
// OK to remove spaces around factors. Parentheses should have no
// internal padding.
v = w * x + y / z;
v = w*x + y/z;
v = w * (x + z);
// No spaces separating unary operators and their arguments.
x = -5;
++x;
if (x &amp;&amp; !y)
...
</pre>
<h4 class="stylepoint_subsection">Templates and Casts</h4>
<pre>// No spaces inside the angle brackets (&lt; and &gt;), before
// &lt;, or between &gt;( in a cast
vector&lt;string&gt; x;
y = static_cast&lt;char*&gt;(x);
// Spaces between type and pointer are OK, but be consistent.
vector&lt;char *&gt; x;
set&lt;list&lt;string&gt;&gt; x; // Permitted in C++11 code.
set&lt;list&lt;string&gt; &gt; x; // C++03 required a space in &gt; &gt;.
// You may optionally use symmetric spacing in &lt; &lt;.
set&lt; list&lt;string&gt; &gt; x;
</pre>
</div>
<h3 id="Vertical_Whitespace">Vertical Whitespace</h3>
<div class="summary">
<p>Minimize use of vertical whitespace.</p>
</div>
<div class="stylebody">
<p>This is more a principle than a rule: don't use blank
lines when you don't have to. In particular, don't put
more than one or two blank lines between functions,
resist starting functions with a blank line, don't end
functions with a blank line, and be discriminating with
your use of blank lines inside functions.</p>
<p>The basic principle is: The more code that fits on one
screen, the easier it is to follow and understand the
control flow of the program. Of course, readability can
suffer from code being too dense as well as too spread
out, so use your judgement. But in general, minimize use
of vertical whitespace.</p>
<p>Some rules of thumb to help when blank lines may be
useful:</p>
<ul>
<li>Blank lines at the beginning or end of a function
very rarely help readability.</li>
<li>Blank lines inside a chain of if-else blocks may
well help readability.</li>
</ul>
</div>
<h2 id="Exceptions_to_the_Rules">Exceptions to the Rules</h2>
<p>The coding conventions described above are mandatory.
However, like all good rules, these sometimes have exceptions,
which we discuss here.</p>
<div>
<h3 id="Existing_Non-conformant_Code">Existing Non-conformant Code</h3>
<div class="summary">
<p>You may diverge from the rules when dealing with code that
does not conform to this style guide.</p>
</div>
<div class="stylebody">
<p>If you find yourself modifying code that was written
to specifications other than those presented by this
guide, you may have to diverge from these rules in order
to stay consistent with the local conventions in that
code. If you are in doubt about how to do this, ask the
original author or the person currently responsible for
the code. Remember that <em>consistency</em> includes
local consistency, too.</p>
</div>
</div>
<h3 id="Windows_Code">Windows Code</h3>
<div class="summary">
<p> Windows
programmers have developed their own set of coding
conventions, mainly derived from the conventions in Windows
headers and other Microsoft code. We want to make it easy
for anyone to understand your code, so we have a single set
of guidelines for everyone writing C++ on any platform.</p>
</div>
<div class="stylebody">
<p>It is worth reiterating a few of the guidelines that
you might forget if you are used to the prevalent Windows
style:</p>
<ul>
<li>Do not use Hungarian notation (for example, naming
an integer <code>iNum</code>). Use the Google naming
conventions, including the <code>.cc</code> extension
for source files.</li>
<li>Windows defines many of its own synonyms for
primitive types, such as <code>DWORD</code>,
<code>HANDLE</code>, etc. It is perfectly acceptable,
and encouraged, that you use these types when calling
Windows API functions. Even so, keep as close as you
can to the underlying C++ types. For example, use
<code>const TCHAR *</code> instead of
<code>LPCTSTR</code>.</li>
<li>When compiling with Microsoft Visual C++, set the
compiler to warning level 3 or higher, and treat all
warnings as errors.</li>
<li>Do not use <code>#pragma once</code>; instead use
the standard Google include guards. The path in the
include guards should be relative to the top of your
project tree.</li>
<li>In fact, do not use any nonstandard extensions,
like <code>#pragma</code> and <code>__declspec</code>,
unless you absolutely must. Using
<code>__declspec(dllimport)</code> and
<code>__declspec(dllexport)</code> is allowed; however,
you must use them through macros such as
<code>DLLIMPORT</code> and <code>DLLEXPORT</code>, so
that someone can easily disable the extensions if they
share the code.</li>
</ul>
<p>However, there are just a few rules that we
occasionally need to break on Windows:</p>
<ul>
<li>Normally we <a href="#Multiple_Inheritance">forbid
the use of multiple implementation inheritance</a>;
however, it is required when using COM and some ATL/WTL
classes. You may use multiple implementation
inheritance to implement COM or ATL/WTL classes and
interfaces.</li>
<li>Although you should not use exceptions in your own
code, they are used extensively in the ATL and some
STLs, including the one that comes with Visual C++.
When using the ATL, you should define
<code>_ATL_NO_EXCEPTIONS</code> to disable exceptions.
You should investigate whether you can also disable
exceptions in your STL, but if not, it is OK to turn on
exceptions in the compiler. (Note that this is only to
get the STL to compile. You should still not write
exception handling code yourself.)</li>
<li>The usual way of working with precompiled headers
is to include a header file at the top of each source
file, typically with a name like <code>StdAfx.h</code>
or <code>precompile.h</code>. To make your code easier
to share with other projects, avoid including this file
explicitly (except in <code>precompile.cc</code>), and
use the <code>/FI</code> compiler option to include the
file automatically.</li>
<li>Resource headers, which are usually named
<code>resource.h</code> and contain only macros, do not
need to conform to these style guidelines.</li>
</ul>
</div>
<h2 class="ignoreLink">Parting Words</h2>
<p>Use common sense and <em>BE CONSISTENT</em>.</p>
<p>If you are editing code, take a few minutes to look at the
code around you and determine its style. If they use spaces
around their <code>if</code> clauses, you should, too. If their
comments have little boxes of stars around them, make your
comments have little boxes of stars around them too.</p>
<p>The point of having style guidelines is to have a common
vocabulary of coding so people can concentrate on what you are
saying, rather than on how you are saying it. We present global
style rules here so people know the vocabulary. But local style
is also important. If code you add to a file looks drastically
different from the existing code around it, the discontinuity
throws readers out of their rhythm when they go to read it. Try
to avoid this.</p>
<p>OK, enough writing about writing code; the code itself is much
more interesting. Have fun!</p>
<hr>
<p style="text-align:right; font-style:italic;">Revision 4.45</p>
</div>
</body></html>