mirror of
https://github.com/google/styleguide.git
synced 2024-03-22 13:11:43 +08:00
a4413633ec
Minor formatting and wording fixes.
5912 lines
223 KiB
HTML
5912 lines
223 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<title>Google C++ Style Guide</title>
|
||
<link rel="stylesheet" href="include/styleguide.css">
|
||
<script src="include/styleguide.js"></script>
|
||
<link rel="shortcut icon" href="https://www.google.com/favicon.ico">
|
||
</head>
|
||
<body onload="initStyleGuide();">
|
||
<div id="content">
|
||
<h1>Google C++ Style Guide</h1>
|
||
<div class="horizontal_toc" id="tocDiv"></div>
|
||
|
||
<h2 id="Background" class="ignoreLink">Background</h2>
|
||
|
||
<p>C++ is one of the main development languages used by
|
||
many of Google's open-source projects. As every C++
|
||
programmer knows, the language has many powerful features, but
|
||
this power brings with it complexity, which in turn can make
|
||
code more bug-prone and harder to read and maintain.</p>
|
||
|
||
<p>The goal of this guide is to manage this complexity by
|
||
describing in detail the dos and don'ts of writing C++ code
|
||
. These rules exist to
|
||
keep the code base manageable while still allowing
|
||
coders to use C++ language features productively.</p>
|
||
|
||
<p><em>Style</em>, also known as readability, is what we call
|
||
the conventions that govern our C++ code. The term Style is a
|
||
bit of a misnomer, since these conventions cover far more than
|
||
just source file formatting.</p>
|
||
|
||
<p>
|
||
Most open-source projects developed by
|
||
Google conform to the requirements in this guide.
|
||
</p>
|
||
|
||
|
||
|
||
<p>Note that this guide is not a C++ tutorial: we assume that
|
||
the reader is familiar with the language. </p>
|
||
|
||
<h3 id="Goals">Goals of the Style Guide</h3>
|
||
|
||
<p>Why do we have this document?</p>
|
||
|
||
<p>There are a few core goals that we believe this guide should
|
||
serve. These are the fundamental <b>why</b>s that
|
||
underlie all of the individual rules. By bringing these ideas to
|
||
the fore, we hope to ground discussions and make it clearer to our
|
||
broader community why the rules are in place and why particular
|
||
decisions have been made. If you understand what goals each rule is
|
||
serving, it should be clearer to everyone when a rule may be waived
|
||
(some can be), and what sort of argument or alternative would be
|
||
necessary to change a rule in the guide.</p>
|
||
|
||
<p>The goals of the style guide as we currently see them are as follows:</p>
|
||
<dl>
|
||
<dt>Style rules should pull their weight</dt>
|
||
<dd>The benefit of a style rule
|
||
must be large enough to justify asking all of our engineers to
|
||
remember it. The benefit is measured relative to the codebase we would
|
||
get without the rule, so a rule against a very harmful practice may
|
||
still have a small benefit if people are unlikely to do it
|
||
anyway. This principle mostly explains the rules we don’t have, rather
|
||
than the rules we do: for example, <code>goto</code> contravenes many
|
||
of the following principles, but is already vanishingly rare, so the Style
|
||
Guide doesn’t discuss it.</dd>
|
||
|
||
<dt>Optimize for the reader, not the writer</dt>
|
||
<dd>Our codebase (and most individual components submitted to it) is
|
||
expected to continue for quite some time. As a result, more time will
|
||
be spent reading most of our code than writing it. We explicitly
|
||
choose to optimize for the experience of our average software engineer
|
||
reading, maintaining, and debugging code in our codebase rather than
|
||
ease when writing said code. "Leave a trace for the reader" is a
|
||
particularly common sub-point of this principle: When something
|
||
surprising or unusual is happening in a snippet of code (for example,
|
||
transfer of pointer ownership), leaving textual hints for the reader
|
||
at the point of use is valuable (<code>std::unique_ptr</code>
|
||
demonstrates the ownership transfer unambiguously at the call
|
||
site). </dd>
|
||
|
||
<dt>Be consistent with existing code</dt>
|
||
<dd>Using one style consistently through our codebase lets us focus on
|
||
other (more important) issues. Consistency also allows for
|
||
automation: tools that format your code or adjust
|
||
your <code>#include</code>s only work properly when your code is
|
||
consistent with the expectations of the tooling. In many cases, rules
|
||
that are attributed to "Be Consistent" boil down to "Just pick one and
|
||
stop worrying about it"; the potential value of allowing flexibility
|
||
on these points is outweighed by the cost of having people argue over
|
||
them. </dd>
|
||
|
||
<dt>Be consistent with the broader C++ community when appropriate</dt>
|
||
<dd>Consistency with the way other organizations use C++ has value for
|
||
the same reasons as consistency within our code base. If a feature in
|
||
the C++ standard solves a problem, or if some idiom is widely known
|
||
and accepted, that's an argument for using it. However, sometimes
|
||
standard features and idioms are flawed, or were just designed without
|
||
our codebase's needs in mind. In those cases (as described below) it's
|
||
appropriate to constrain or ban standard features. In some cases we
|
||
prefer a homegrown or third-party library over a library defined in
|
||
the C++ Standard, either out of perceived superiority or insufficient
|
||
value to transition the codebase to the standard interface.</dd>
|
||
|
||
<dt>Avoid surprising or dangerous constructs</dt>
|
||
<dd>C++ has features that are more surprising or dangerous than one
|
||
might think at a glance. Some style guide restrictions are in place to
|
||
prevent falling into these pitfalls. There is a high bar for style
|
||
guide waivers on such restrictions, because waiving such rules often
|
||
directly risks compromising program correctness.
|
||
</dd>
|
||
|
||
<dt>Avoid constructs that our average C++ programmer would find tricky
|
||
or hard to maintain</dt>
|
||
<dd>C++ has features that may not be generally appropriate because of
|
||
the complexity they introduce to the code. In widely used
|
||
code, it may be more acceptable to use
|
||
trickier language constructs, because any benefits of more complex
|
||
implementation are multiplied widely by usage, and the cost in understanding
|
||
the complexity does not need to be paid again when working with new
|
||
portions of the codebase. When in doubt, waivers to rules of this type
|
||
can be sought by asking
|
||
your project leads. This is specifically
|
||
important for our codebase because code ownership and team membership
|
||
changes over time: even if everyone that works with some piece of code
|
||
currently understands it, such understanding is not guaranteed to hold a
|
||
few years from now.</dd>
|
||
|
||
<dt>Be mindful of our scale</dt>
|
||
<dd>With a codebase of 100+ million lines and thousands of engineers,
|
||
some mistakes and simplifications for one engineer can become costly
|
||
for many. For instance it's particularly important to
|
||
avoid polluting the global namespace: name collisions across a
|
||
codebase of hundreds of millions of lines are difficult to work with
|
||
and hard to avoid if everyone puts things into the global
|
||
namespace.</dd>
|
||
|
||
<dt>Concede to optimization when necessary</dt>
|
||
<dd>Performance optimizations can sometimes be necessary and
|
||
appropriate, even when they conflict with the other principles of this
|
||
document.</dd>
|
||
</dl>
|
||
|
||
<p>The intent of this document is to provide maximal guidance with
|
||
reasonable restriction. As always, common sense and good taste should
|
||
prevail. By this we specifically refer to the established conventions
|
||
of the entire Google C++ community, not just your personal preferences
|
||
or those of your team. Be skeptical about and reluctant to use
|
||
clever or unusual constructs: the absence of a prohibition is not the
|
||
same as a license to proceed. Use your judgment, and if you are
|
||
unsure, please don't hesitate to ask your project leads to get additional
|
||
input.</p>
|
||
|
||
|
||
|
||
<h2 id="C++_Version">C++ Version</h2>
|
||
|
||
<p>Currently, code should target C++17, i.e., should not use C++2x
|
||
features. The C++ version targeted by this guide will advance
|
||
(aggressively) over time.</p>
|
||
|
||
|
||
|
||
<p>Do not use
|
||
<a href="#Nonstandard_Extensions">non-standard extensions</a>.</p>
|
||
|
||
<div>Consider portability to other environments
|
||
before using features from C++14 and C++17 in your project.
|
||
</div>
|
||
|
||
<h2 id="Header_Files">Header Files</h2>
|
||
|
||
<p>In general, every <code>.cc</code> file should have an
|
||
associated <code>.h</code> file. There are some common
|
||
exceptions, such as unit tests and small <code>.cc</code> files containing
|
||
just a <code>main()</code> function.</p>
|
||
|
||
<p>Correct use of header files can make a huge difference to
|
||
the readability, size and performance of your code.</p>
|
||
|
||
<p>The following rules will guide you through the various
|
||
pitfalls of using header files.</p>
|
||
|
||
<a id="The_-inl.h_Files"></a>
|
||
<h3 id="Self_contained_Headers">Self-contained Headers</h3>
|
||
|
||
<p>Header files should be self-contained (compile on their own) and
|
||
end in <code>.h</code>. Non-header files that are meant for inclusion
|
||
should end in <code>.inc</code> and be used sparingly.</p>
|
||
|
||
<p>All header files should be self-contained. Users and refactoring
|
||
tools should not have to adhere to special conditions to include the
|
||
header. Specifically, a header should
|
||
have <a href="#The__define_Guard">header guards</a> and include all
|
||
other headers it needs.</p>
|
||
|
||
<p>Prefer placing the definitions for template and inline functions in
|
||
the same file as their declarations. The definitions of these
|
||
constructs must be included into every <code>.cc</code> file that uses
|
||
them, or the program may fail to link in some build configurations. If
|
||
declarations and definitions are in different files, including the
|
||
former should transitively include the latter. Do not move these
|
||
definitions to separately included header files (<code>-inl.h</code>);
|
||
this practice was common in the past, but is no longer allowed.</p>
|
||
|
||
<p>As an exception, a template that is explicitly instantiated for
|
||
all relevant sets of template arguments, or that is a private
|
||
implementation detail of a class, is allowed to be defined in the one
|
||
and only <code>.cc</code> file that instantiates the template.</p>
|
||
|
||
<p>There are rare cases where a file designed to be included is not
|
||
self-contained. These are typically intended to be included at unusual
|
||
locations, such as the middle of another file. They might not
|
||
use <a href="#The__define_Guard">header guards</a>, and might not include
|
||
their prerequisites. Name such files with the <code>.inc</code>
|
||
extension. Use sparingly, and prefer self-contained headers when
|
||
possible.</p>
|
||
|
||
<h3 id="The__define_Guard">The #define Guard</h3>
|
||
|
||
<p>All header files should have <code>#define</code> guards to
|
||
prevent multiple inclusion. The format of the symbol name
|
||
should be
|
||
|
||
<code><i><PROJECT></i>_<i><PATH></i>_<i><FILE></i>_H_</code>.</p>
|
||
|
||
|
||
|
||
<div>
|
||
<p>To guarantee uniqueness, they should
|
||
be based on the full path in a project's source tree. For
|
||
example, the file <code>foo/src/bar/baz.h</code> in
|
||
project <code>foo</code> should have the following
|
||
guard:</p>
|
||
</div>
|
||
|
||
<pre>#ifndef FOO_BAR_BAZ_H_
|
||
#define FOO_BAR_BAZ_H_
|
||
|
||
...
|
||
|
||
#endif // FOO_BAR_BAZ_H_
|
||
</pre>
|
||
|
||
|
||
|
||
<h3 id="Include_What_You_Use">Include What You Use</h3>
|
||
|
||
<p>If a source or header file refers to a symbol defined elsewhere,
|
||
the file should directly include a header file which properly intends
|
||
to provide a declaration or definition of that symbol. It should not
|
||
include header files for any other reason.
|
||
</p>
|
||
|
||
<p>Do not rely on transitive inclusions. This allows people to remove
|
||
no-longer-needed <code>#include</code> statements from their headers without
|
||
breaking clients. This also applies to related headers
|
||
- <code>foo.cc</code> should include <code>bar.h</code> if it uses a
|
||
symbol from it even if <code>foo.h</code>
|
||
includes <code>bar.h</code>.</p>
|
||
|
||
<h3 id="Forward_Declarations">Forward Declarations</h3>
|
||
|
||
<p>Avoid using forward declarations where possible.
|
||
Instead, <a href="#Include_What_You_Use">include the headers you need</a>.
|
||
</p>
|
||
|
||
|
||
<p class="definition"></p>
|
||
<p>A "forward declaration" is a declaration of an entity
|
||
without an associated definition.</p>
|
||
<pre>// In a C++ source file:
|
||
class B;
|
||
void FuncInB();
|
||
extern int variable_in_b;
|
||
ABSL_DECLARE_FLAG(flag_in_b);
|
||
</pre>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Forward declarations can save compile time, as
|
||
<code>#include</code>s force the compiler to open
|
||
more files and process more input.</li>
|
||
|
||
<li>Forward declarations can save on unnecessary
|
||
recompilation. <code>#include</code>s can force
|
||
your code to be recompiled more often, due to unrelated
|
||
changes in the header.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Forward declarations can hide a dependency, allowing
|
||
user code to skip necessary recompilation when headers
|
||
change.</li>
|
||
|
||
<li>A forward declaration as opposed to an #include statement
|
||
makes it difficult for automatic tooling to discover the module
|
||
defining the symbol.</li>
|
||
|
||
<li>A forward declaration may be broken by subsequent
|
||
changes to the library. Forward declarations of functions
|
||
and templates can prevent the header owners from making
|
||
otherwise-compatible changes to their APIs, such as
|
||
widening a parameter type, adding a template parameter
|
||
with a default value, or migrating to a new namespace.</li>
|
||
|
||
<li>Forward declaring symbols from namespace
|
||
<code>std::</code> yields undefined behavior.</li>
|
||
|
||
<li>It can be difficult to determine whether a forward
|
||
declaration or a full <code>#include</code> is needed.
|
||
Replacing an <code>#include</code> with a forward
|
||
declaration can silently change the meaning of
|
||
code:
|
||
<pre>// b.h:
|
||
struct B {};
|
||
struct D : B {};
|
||
|
||
// good_user.cc:
|
||
#include "b.h"
|
||
void f(B*);
|
||
void f(void*);
|
||
void test(D* x) { f(x); } // calls f(B*)
|
||
</pre>
|
||
If the <code>#include</code> was replaced with forward
|
||
decls for <code>B</code> and <code>D</code>,
|
||
<code>test()</code> would call <code>f(void*)</code>.
|
||
</li>
|
||
|
||
<li>Forward declaring multiple symbols from a header
|
||
can be more verbose than simply
|
||
<code>#include</code>ing the header.</li>
|
||
|
||
<li>Structuring code to enable forward declarations
|
||
(e.g., using pointer members instead of object members)
|
||
can make the code slower and more complex.</li>
|
||
|
||
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Try to avoid forward declarations of entities
|
||
defined in another project.</p>
|
||
|
||
<h3 id="Inline_Functions">Inline Functions</h3>
|
||
|
||
<p>Define functions inline only when they are small, say, 10
|
||
lines or fewer.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>You can declare functions in a way that allows the compiler to expand
|
||
them inline rather than calling them through the usual
|
||
function call mechanism.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Inlining a function can generate more efficient object
|
||
code, as long as the inlined function is small. Feel free
|
||
to inline accessors and mutators, and other short,
|
||
performance-critical functions.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Overuse of inlining can actually make programs slower.
|
||
Depending on a function's size, inlining it can cause the
|
||
code size to increase or decrease. Inlining a very small
|
||
accessor function will usually decrease code size while
|
||
inlining a very large function can dramatically increase
|
||
code size. On modern processors smaller code usually runs
|
||
faster due to better use of the instruction cache.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>A decent rule of thumb is to not inline a function if
|
||
it is more than 10 lines long. Beware of destructors,
|
||
which are often longer than they appear because of
|
||
implicit member- and base-destructor calls!</p>
|
||
|
||
<p>Another useful rule of thumb: it's typically not cost
|
||
effective to inline functions with loops or switch
|
||
statements (unless, in the common case, the loop or
|
||
switch statement is never executed).</p>
|
||
|
||
<p>It is important to know that functions are not always
|
||
inlined even if they are declared as such; for example,
|
||
virtual and recursive functions are not normally inlined.
|
||
Usually recursive functions should not be inline. The
|
||
main reason for making a virtual function inline is to
|
||
place its definition in the class, either for convenience
|
||
or to document its behavior, e.g., for accessors and
|
||
mutators.</p>
|
||
|
||
<h3 id="Names_and_Order_of_Includes">Names and Order of Includes</h3>
|
||
|
||
<p>Include headers in the following order: Related header, C system headers,
|
||
C++ standard library headers,
|
||
other libraries' headers, your project's
|
||
headers.</p>
|
||
|
||
<p>
|
||
All of a project's header files should be
|
||
listed as descendants of the project's source
|
||
directory without use of UNIX directory aliases
|
||
<code>.</code> (the current directory) or <code>..</code>
|
||
(the parent directory). For example,
|
||
|
||
<code>google-awesome-project/src/base/logging.h</code>
|
||
should be included as:</p>
|
||
|
||
<pre>#include "base/logging.h"
|
||
</pre>
|
||
|
||
<p>In <code><var>dir/foo</var>.cc</code> or
|
||
<code><var>dir/foo_test</var>.cc</code>, whose main
|
||
purpose is to implement or test the stuff in
|
||
<code><var>dir2/foo2</var>.h</code>, order your includes
|
||
as follows:</p>
|
||
|
||
<ol>
|
||
<li><code><var>dir2/foo2</var>.h</code>.</li>
|
||
|
||
<li>A blank line</li>
|
||
|
||
<li>C system headers (more precisely: headers in angle brackets with the
|
||
<code>.h</code> extension), e.g., <code><unistd.h></code>,
|
||
<code><stdlib.h></code>.</li>
|
||
|
||
<li>A blank line</li>
|
||
|
||
<li>C++ standard library headers (without file extension), e.g.,
|
||
<code><algorithm></code>, <code><cstddef></code>.</li>
|
||
|
||
<li>A blank line</li>
|
||
|
||
<div>
|
||
<li>Other libraries' <code>.h</code> files.</li>
|
||
</div>
|
||
|
||
<li>
|
||
Your project's <code>.h</code>
|
||
files.</li>
|
||
</ol>
|
||
|
||
<p>Separate each non-empty group with one blank line.</p>
|
||
|
||
<p>With the preferred ordering, if the related header
|
||
<code><var>dir2/foo2</var>.h</code> omits any necessary
|
||
includes, the build of <code><var>dir/foo</var>.cc</code>
|
||
or <code><var>dir/foo</var>_test.cc</code> will break.
|
||
Thus, this rule ensures that build breaks show up first
|
||
for the people working on these files, not for innocent
|
||
people in other packages.</p>
|
||
|
||
<p><code><var>dir/foo</var>.cc</code> and
|
||
<code><var>dir2/foo2</var>.h</code> are usually in the same
|
||
directory (e.g., <code>base/basictypes_test.cc</code> and
|
||
<code>base/basictypes.h</code>), but may sometimes be in different
|
||
directories too.</p>
|
||
|
||
|
||
|
||
<p>Note that the C headers such as <code>stddef.h</code>
|
||
are essentially interchangeable with their C++ counterparts
|
||
(<code>cstddef</code>).
|
||
Either style is acceptable, but prefer consistency with existing code.</p>
|
||
|
||
<p>Within each section the includes should be ordered
|
||
alphabetically. Note that older code might not conform to
|
||
this rule and should be fixed when convenient.</p>
|
||
|
||
<p>For example, the includes in
|
||
|
||
<code>google-awesome-project/src/foo/internal/fooserver.cc</code>
|
||
might look like this:</p>
|
||
|
||
<pre>#include "foo/server/fooserver.h"
|
||
|
||
#include <sys/types.h>
|
||
#include <unistd.h>
|
||
|
||
#include <string>
|
||
#include <vector>
|
||
|
||
#include "base/basictypes.h"
|
||
#include "base/commandlineflags.h"
|
||
#include "foo/server/bar.h"
|
||
</pre>
|
||
|
||
<p><b>Exception:</b></p>
|
||
|
||
<p>Sometimes, system-specific code needs
|
||
conditional includes. Such code can put conditional
|
||
includes after other includes. Of course, keep your
|
||
system-specific code small and localized. Example:</p>
|
||
|
||
<pre>#include "foo/public/fooserver.h"
|
||
|
||
#include "base/port.h" // For LANG_CXX11.
|
||
|
||
#ifdef LANG_CXX11
|
||
#include <initializer_list>
|
||
#endif // LANG_CXX11
|
||
</pre>
|
||
|
||
<h2 id="Scoping">Scoping</h2>
|
||
|
||
<h3 id="Namespaces">Namespaces</h3>
|
||
|
||
<p>With few exceptions, place code in a namespace. Namespaces
|
||
should have unique names based on the project name, and possibly
|
||
its path. Do not use <i>using-directives</i> (e.g.,
|
||
<code>using namespace foo</code>). Do not use
|
||
inline namespaces. For unnamed namespaces, see
|
||
<a href="#Internal_Linkage">Internal Linkage</a>.
|
||
|
||
</p><p class="definition"></p>
|
||
<p>Namespaces subdivide the global scope
|
||
into distinct, named scopes, and so are useful for preventing
|
||
name collisions in the global scope.</p>
|
||
|
||
<p class="pros"></p>
|
||
|
||
<p>Namespaces provide a method for preventing name conflicts
|
||
in large programs while allowing most code to use reasonably
|
||
short names.</p>
|
||
|
||
<p>For example, if two different projects have a class
|
||
<code>Foo</code> in the global scope, these symbols may
|
||
collide at compile time or at runtime. If each project
|
||
places their code in a namespace, <code>project1::Foo</code>
|
||
and <code>project2::Foo</code> are now distinct symbols that
|
||
do not collide, and code within each project's namespace
|
||
can continue to refer to <code>Foo</code> without the prefix.</p>
|
||
|
||
<p>Inline namespaces automatically place their names in
|
||
the enclosing scope. Consider the following snippet, for
|
||
example:</p>
|
||
|
||
<pre class="neutralcode">namespace outer {
|
||
inline namespace inner {
|
||
void foo();
|
||
} // namespace inner
|
||
} // namespace outer
|
||
</pre>
|
||
|
||
<p>The expressions <code>outer::inner::foo()</code> and
|
||
<code>outer::foo()</code> are interchangeable. Inline
|
||
namespaces are primarily intended for ABI compatibility
|
||
across versions.</p>
|
||
|
||
<p class="cons"></p>
|
||
|
||
<p>Namespaces can be confusing, because they complicate
|
||
the mechanics of figuring out what definition a name refers
|
||
to.</p>
|
||
|
||
<p>Inline namespaces, in particular, can be confusing
|
||
because names aren't actually restricted to the namespace
|
||
where they are declared. They are only useful as part of
|
||
some larger versioning policy.</p>
|
||
|
||
<p>In some contexts, it's necessary to repeatedly refer to
|
||
symbols by their fully-qualified names. For deeply-nested
|
||
namespaces, this can add a lot of clutter.</p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
<p>Namespaces should be used as follows:</p>
|
||
|
||
<ul>
|
||
<li>Follow the rules on <a href="#Namespace_Names">Namespace Names</a>.
|
||
</li><li>Terminate multi-line namespaces with comments as shown in the given examples.
|
||
</li><li>
|
||
|
||
<p>Namespaces wrap the entire source file after
|
||
includes,
|
||
<a href="https://gflags.github.io/gflags/">
|
||
gflags</a> definitions/declarations
|
||
and forward declarations of classes from other namespaces.</p>
|
||
|
||
<pre>// In the .h file
|
||
namespace mynamespace {
|
||
|
||
// All declarations are within the namespace scope.
|
||
// Notice the lack of indentation.
|
||
class MyClass {
|
||
public:
|
||
...
|
||
void Foo();
|
||
};
|
||
|
||
} // namespace mynamespace
|
||
</pre>
|
||
|
||
<pre>// In the .cc file
|
||
namespace mynamespace {
|
||
|
||
// Definition of functions is within scope of the namespace.
|
||
void MyClass::Foo() {
|
||
...
|
||
}
|
||
|
||
} // namespace mynamespace
|
||
</pre>
|
||
|
||
<p>More complex <code>.cc</code> files might have additional details,
|
||
like flags or using-declarations.</p>
|
||
|
||
<pre>#include "a.h"
|
||
|
||
ABSL_FLAG(bool, someflag, false, "dummy flag");
|
||
|
||
namespace mynamespace {
|
||
|
||
using ::foo::Bar;
|
||
|
||
...code for mynamespace... // Code goes against the left margin.
|
||
|
||
} // namespace mynamespace
|
||
</pre>
|
||
</li>
|
||
|
||
<li>To place generated protocol
|
||
message code in a namespace, use the
|
||
<code>package</code> specifier in the
|
||
<code>.proto</code> file. See
|
||
|
||
|
||
<a href="https://developers.google.com/protocol-buffers/docs/reference/cpp-generated#package">
|
||
Protocol Buffer Packages</a>
|
||
for details.</li>
|
||
|
||
<li>Do not declare anything in namespace
|
||
<code>std</code>, including forward declarations of
|
||
standard library classes. Declaring entities in
|
||
namespace <code>std</code> is undefined behavior, i.e.,
|
||
not portable. To declare entities from the standard
|
||
library, include the appropriate header file.</li>
|
||
|
||
<li><p>You may not use a <i>using-directive</i>
|
||
to make all names from a namespace available.</p>
|
||
|
||
<pre class="badcode">// Forbidden -- This pollutes the namespace.
|
||
using namespace foo;
|
||
</pre>
|
||
</li>
|
||
|
||
<li><p>Do not use <i>Namespace aliases</i> at namespace scope
|
||
in header files except in explicitly marked
|
||
internal-only namespaces, because anything imported into a namespace
|
||
in a header file becomes part of the public
|
||
API exported by that file.</p>
|
||
|
||
<pre>// Shorten access to some commonly used names in .cc files.
|
||
namespace baz = ::foo::bar::baz;
|
||
</pre>
|
||
|
||
<pre>// Shorten access to some commonly used names (in a .h file).
|
||
namespace librarian {
|
||
namespace impl { // Internal, not part of the API.
|
||
namespace sidetable = ::pipeline_diagnostics::sidetable;
|
||
} // namespace impl
|
||
|
||
inline void my_inline_function() {
|
||
// namespace alias local to a function (or method).
|
||
namespace baz = ::foo::bar::baz;
|
||
...
|
||
}
|
||
} // namespace librarian
|
||
</pre>
|
||
|
||
</li><li>Do not use inline namespaces.</li>
|
||
</ul>
|
||
|
||
<a id="Unnamed_Namespaces_and_Static_Variables"></a>
|
||
<h3 id="Internal_Linkage">Internal Linkage</h3>
|
||
|
||
<p>When definitions in a <code>.cc</code> file do not need to be
|
||
referenced outside that file, give them internal linkage by placing
|
||
them in an unnamed namespace or declaring them <code>static</code>.
|
||
Do not use either of these constructs in <code>.h</code> files.
|
||
|
||
</p><p class="definition"></p>
|
||
<p>All declarations can be given internal linkage by placing them in unnamed
|
||
namespaces. Functions and variables can also be given internal linkage by
|
||
declaring them <code>static</code>. This means that anything you're declaring
|
||
can't be accessed from another file. If a different file declares something with
|
||
the same name, then the two entities are completely independent.</p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
<p>Use of internal linkage in <code>.cc</code> files is encouraged
|
||
for all code that does not need to be referenced elsewhere.
|
||
Do not use internal linkage in <code>.h</code> files.</p>
|
||
|
||
<p>Format unnamed namespaces like named namespaces. In the
|
||
terminating comment, leave the namespace name empty:</p>
|
||
|
||
<pre>namespace {
|
||
...
|
||
} // namespace
|
||
</pre>
|
||
|
||
<h3 id="Nonmember,_Static_Member,_and_Global_Functions">Nonmember, Static Member, and Global Functions</h3>
|
||
|
||
<p>Prefer placing nonmember functions in a namespace; use completely global
|
||
functions rarely. Do not use a class simply to group static members. Static
|
||
methods of a class should generally be closely related to instances of the
|
||
class or the class's static data.</p>
|
||
|
||
|
||
<p class="pros"></p>
|
||
<p>Nonmember and static member functions can be useful in
|
||
some situations. Putting nonmember functions in a
|
||
namespace avoids polluting the global namespace.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Nonmember and static member functions may make more sense
|
||
as members of a new class, especially if they access
|
||
external resources or have significant dependencies.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>Sometimes it is useful to define a
|
||
function not bound to a class instance. Such a function
|
||
can be either a static member or a nonmember function.
|
||
Nonmember functions should not depend on external
|
||
variables, and should nearly always exist in a namespace.
|
||
Do not create classes only to group static members;
|
||
this is no different than just giving the names a
|
||
common prefix, and such grouping is usually unnecessary anyway.</p>
|
||
|
||
<p>If you define a nonmember function and it is only
|
||
needed in its <code>.cc</code> file, use
|
||
<a href="#Internal_Linkage">internal linkage</a> to limit
|
||
its scope.</p>
|
||
|
||
<h3 id="Local_Variables">Local Variables</h3>
|
||
|
||
<p>Place a function's variables in the narrowest scope
|
||
possible, and initialize variables in the declaration.</p>
|
||
|
||
<p>C++ allows you to declare variables anywhere in a
|
||
function. We encourage you to declare them in as local a
|
||
scope as possible, and as close to the first use as
|
||
possible. This makes it easier for the reader to find the
|
||
declaration and see what type the variable is and what it
|
||
was initialized to. In particular, initialization should
|
||
be used instead of declaration and assignment, e.g.,:</p>
|
||
|
||
<pre class="badcode">int i;
|
||
i = f(); // Bad -- initialization separate from declaration.
|
||
</pre>
|
||
|
||
<pre>int j = g(); // Good -- declaration has initialization.
|
||
</pre>
|
||
|
||
<pre class="badcode">std::vector<int> v;
|
||
v.push_back(1); // Prefer initializing using brace initialization.
|
||
v.push_back(2);
|
||
</pre>
|
||
|
||
<pre>std::vector<int> v = {1, 2}; // Good -- v starts initialized.
|
||
</pre>
|
||
|
||
<p>Variables needed for <code>if</code>, <code>while</code>
|
||
and <code>for</code> statements should normally be declared
|
||
within those statements, so that such variables are confined
|
||
to those scopes. E.g.:</p>
|
||
|
||
<pre>while (const char* p = strchr(str, '/')) str = p + 1;
|
||
</pre>
|
||
|
||
<p>There is one caveat: if the variable is an object, its
|
||
constructor is invoked every time it enters scope and is
|
||
created, and its destructor is invoked every time it goes
|
||
out of scope.</p>
|
||
|
||
<pre class="badcode">// Inefficient implementation:
|
||
for (int i = 0; i < 1000000; ++i) {
|
||
Foo f; // My ctor and dtor get called 1000000 times each.
|
||
f.DoSomething(i);
|
||
}
|
||
</pre>
|
||
|
||
<p>It may be more efficient to declare such a variable
|
||
used in a loop outside that loop:</p>
|
||
|
||
<pre>Foo f; // My ctor and dtor get called once each.
|
||
for (int i = 0; i < 1000000; ++i) {
|
||
f.DoSomething(i);
|
||
}
|
||
</pre>
|
||
|
||
<h3 id="Static_and_Global_Variables">Static and Global Variables</h3>
|
||
|
||
<p>Objects with
|
||
<a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration">
|
||
static storage duration</a> are forbidden unless they are
|
||
<a href="http://en.cppreference.com/w/cpp/types/is_destructible">trivially
|
||
destructible</a>. Informally this means that the destructor does not do
|
||
anything, even taking member and base destructors into account. More formally it
|
||
means that the type has no user-defined or virtual destructor and that all bases
|
||
and non-static members are trivially destructible.
|
||
Static function-local variables may use dynamic initialization.
|
||
Use of dynamic initialization for static class member variables or variables at
|
||
namespace scope is discouraged, but allowed in limited circumstances; see below
|
||
for details.</p>
|
||
|
||
<p>As a rule of thumb: a global variable satisfies these requirements if its
|
||
declaration, considered in isolation, could be <code>constexpr</code>.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>Every object has a <dfn>storage duration</dfn>, which correlates with its
|
||
lifetime. Objects with static storage duration live from the point of their
|
||
initialization until the end of the program. Such objects appear as variables at
|
||
namespace scope ("global variables"), as static data members of classes, or as
|
||
function-local variables that are declared with the <code>static</code>
|
||
specifier. Function-local static variables are initialized when control first
|
||
passes through their declaration; all other objects with static storage duration
|
||
are initialized as part of program start-up. All objects with static storage
|
||
duration are destroyed at program exit (which happens before unjoined threads
|
||
are terminated).</p>
|
||
|
||
<p>Initialization may be <dfn>dynamic</dfn>, which means that something
|
||
non-trivial happens during initialization. (For example, consider a constructor
|
||
that allocates memory, or a variable that is initialized with the current
|
||
process ID.) The other kind of initialization is <dfn>static</dfn>
|
||
initialization. The two aren't quite opposites, though: static
|
||
initialization <em>always</em> happens to objects with static storage duration
|
||
(initializing the object either to a given constant or to a representation
|
||
consisting of all bytes set to zero), whereas dynamic initialization happens
|
||
after that, if required.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Global and static variables are very useful for a large number of
|
||
applications: named constants, auxiliary data structures internal to some
|
||
translation unit, command-line flags, logging, registration mechanisms,
|
||
background infrastructure, etc.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Global and static variables that use dynamic initialization or have
|
||
non-trivial destructors create complexity that can easily lead to hard-to-find
|
||
bugs. Dynamic initialization is not ordered across translation units, and
|
||
neither is destruction (except that destruction
|
||
happens in reverse order of initialization). When one initialization refers to
|
||
another variable with static storage duration, it is possible that this causes
|
||
an object to be accessed before its lifetime has begun (or after its lifetime
|
||
has ended). Moreover, when a program starts threads that are not joined at exit,
|
||
those threads may attempt to access objects after their lifetime has ended if
|
||
their destructor has already run.</p>
|
||
|
||
<p class="decision"></p>
|
||
<h4>Decision on destruction</h4>
|
||
|
||
<p>When destructors are trivial, their execution is not subject to ordering at
|
||
all (they are effectively not "run"); otherwise we are exposed to the risk of
|
||
accessing objects after the end of their lifetime. Therefore, we only allow
|
||
objects with static storage duration if they are trivially destructible.
|
||
Fundamental types (like pointers and <code>int</code>) are trivially
|
||
destructible, as are arrays of trivially destructible types. Note that
|
||
variables marked with <code>constexpr</code> are trivially destructible.</p>
|
||
<pre>const int kNum = 10; // allowed
|
||
|
||
struct X { int n; };
|
||
const X kX[] = {{1}, {2}, {3}}; // allowed
|
||
|
||
void foo() {
|
||
static const char* const kMessages[] = {"hello", "world"}; // allowed
|
||
}
|
||
|
||
// allowed: constexpr guarantees trivial destructor
|
||
constexpr std::array<int, 3> kArray = {{1, 2, 3}};</pre>
|
||
<pre class="badcode">// bad: non-trivial destructor
|
||
const std::string kFoo = "foo";
|
||
|
||
// bad for the same reason, even though kBar is a reference (the
|
||
// rule also applies to lifetime-extended temporary objects)
|
||
const std::string& kBar = StrCat("a", "b", "c");
|
||
|
||
void bar() {
|
||
// bad: non-trivial destructor
|
||
static std::map<int, int> kData = {{1, 0}, {2, 0}, {3, 0}};
|
||
}</pre>
|
||
|
||
<p>Note that references are not objects, and thus they are not subject to the
|
||
constraints on destructibility. The constraint on dynamic initialization still
|
||
applies, though. In particular, a function-local static reference of the form
|
||
<code>static T& t = *new T;</code> is allowed.</p>
|
||
|
||
<h4>Decision on initialization</h4>
|
||
|
||
<p>Initialization is a more complex topic. This is because we must not only
|
||
consider whether class constructors execute, but we must also consider the
|
||
evaluation of the initializer:</p>
|
||
<pre class="neutralcode">int n = 5; // fine
|
||
int m = f(); // ? (depends on f)
|
||
Foo x; // ? (depends on Foo::Foo)
|
||
Bar y = g(); // ? (depends on g and on Bar::Bar)
|
||
</pre>
|
||
|
||
<p>All but the first statement expose us to indeterminate initialization
|
||
ordering.</p>
|
||
|
||
<p>The concept we are looking for is called <em>constant initialization</em> in
|
||
the formal language of the C++ standard. It means that the initializing
|
||
expression is a constant expression, and if the object is initialized by a
|
||
constructor call, then the constructor must be specified as
|
||
<code>constexpr</code>, too:</p>
|
||
<pre>struct Foo { constexpr Foo(int) {} };
|
||
|
||
int n = 5; // fine, 5 is a constant expression
|
||
Foo x(2); // fine, 2 is a constant expression and the chosen constructor is constexpr
|
||
Foo a[] = { Foo(1), Foo(2), Foo(3) }; // fine</pre>
|
||
|
||
<p>Constant initialization is always allowed. Constant initialization of
|
||
static storage duration variables should be marked with <code>constexpr</code>
|
||
or where possible the
|
||
|
||
|
||
<a href="https://github.com/abseil/abseil-cpp/blob/03c1513538584f4a04d666be5eb469e3979febba/absl/base/attributes.h#L540">
|
||
<code>ABSL_CONST_INIT</code></a>
|
||
attribute. Any non-local static storage
|
||
duration variable that is not so marked should be presumed to have
|
||
dynamic initialization, and reviewed very carefully.</p>
|
||
|
||
<p>By contrast, the following initializations are problematic:</p>
|
||
|
||
<pre class="badcode">// Some declarations used below.
|
||
time_t time(time_t*); // not constexpr!
|
||
int f(); // not constexpr!
|
||
struct Bar { Bar() {} };
|
||
|
||
// Problematic initializations.
|
||
time_t m = time(nullptr); // initializing expression not a constant expression
|
||
Foo y(f()); // ditto
|
||
Bar b; // chosen constructor Bar::Bar() not constexpr</pre>
|
||
|
||
<p>Dynamic initialization of nonlocal variables is discouraged, and in general
|
||
it is forbidden. However, we do permit it if no aspect of the program depends
|
||
on the sequencing of this initialization with respect to all other
|
||
initializations. Under those restrictions, the ordering of the initialization
|
||
does not make an observable difference. For example:</p>
|
||
<pre>int p = getpid(); // allowed, as long as no other static variable
|
||
// uses p in its own initialization</pre>
|
||
|
||
<p>Dynamic initialization of static local variables is allowed (and common).</p>
|
||
|
||
|
||
|
||
<h4>Common patterns</h4>
|
||
|
||
<ul>
|
||
<li>Global strings: if you require a global or static string constant,
|
||
consider using a simple character array, or a char pointer to the first
|
||
element of a string literal. String literals have static storage duration
|
||
already and are usually sufficient.</li>
|
||
<li>Maps, sets, and other dynamic containers: if you require a static, fixed
|
||
collection, such as a set to search against or a lookup table, you cannot
|
||
use the dynamic containers from the standard library as a static variable,
|
||
since they have non-trivial destructors. Instead, consider a simple array of
|
||
trivial types, e.g., an array of arrays of ints (for a "map from int to
|
||
int"), or an array of pairs (e.g., pairs of <code>int</code> and <code>const
|
||
char*</code>). For small collections, linear search is entirely sufficient
|
||
(and efficient, due to memory locality); consider using the facilities from
|
||
|
||
<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/algorithm/container.h">absl/algorithm/container.h</a>
|
||
|
||
|
||
for the standard operations. If necessary, keep the collection in sorted
|
||
order and use a binary search algorithm. If you do really prefer a dynamic
|
||
container from the standard library, consider using a function-local static
|
||
pointer, as described below.</li>
|
||
<li>Smart pointers (<code>unique_ptr</code>, <code>shared_ptr</code>): smart
|
||
pointers execute cleanup during destruction and are therefore forbidden.
|
||
Consider whether your use case fits into one of the other patterns described
|
||
in this section. One simple solution is to use a plain pointer to a
|
||
dynamically allocated object and never delete it (see last item).</li>
|
||
<li>Static variables of custom types: if you require static, constant data of
|
||
a type that you need to define yourself, give the type a trivial destructor
|
||
and a <code>constexpr</code> constructor.</li>
|
||
<li>If all else fails, you can create an object dynamically and never delete
|
||
it by using a function-local static pointer or reference (e.g., <code>static
|
||
const auto& impl = *new T(args...);</code>).</li>
|
||
</ul>
|
||
|
||
<h3 id="thread_local">thread_local Variables</h3>
|
||
|
||
<p><code>thread_local</code> variables that aren't declared inside a function
|
||
must be initialized with a true compile-time constant,
|
||
and this must be enforced by using the
|
||
|
||
|
||
<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h">
|
||
<code>ABSL_CONST_INIT</code></a>
|
||
attribute. Prefer
|
||
<code>thread_local</code> over other ways of defining thread-local data.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>Starting with C++11, variables can be declared with the
|
||
<code>thread_local</code> specifier:</p>
|
||
<pre>thread_local Foo foo = ...;
|
||
</pre>
|
||
<p>Such a variable is actually a collection of objects, so that when different
|
||
threads access it, they are actually accessing different objects.
|
||
<code>thread_local</code> variables are much like
|
||
<a href="#Static_and_Global_Variables">static storage duration variables</a>
|
||
in many respects. For instance, they can be declared at namespace scope,
|
||
inside functions, or as static class members, but not as ordinary class
|
||
members.</p>
|
||
|
||
<p><code>thread_local</code> variable instances are initialized much like
|
||
static variables, except that they must be initialized separately for each
|
||
thread, rather than once at program startup. This means that
|
||
<code>thread_local</code> variables declared within a function are safe, but
|
||
other <code>thread_local</code> variables are subject to the same
|
||
initialization-order issues as static variables (and more besides).</p>
|
||
|
||
<p><code>thread_local</code> variable instances are destroyed when their thread
|
||
terminates, so they do not have the destruction-order issues of static
|
||
variables.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Thread-local data is inherently safe from races (because only one thread
|
||
can ordinarily access it), which makes <code>thread_local</code> useful for
|
||
concurrent programming.</li>
|
||
<li><code>thread_local</code> is the only standard-supported way of creating
|
||
thread-local data.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Accessing a <code>thread_local</code> variable may trigger execution of
|
||
an unpredictable and uncontrollable amount of other code.</li>
|
||
<li><code>thread_local</code> variables are effectively global variables,
|
||
and have all the drawbacks of global variables other than lack of
|
||
thread-safety.</li>
|
||
<li>The memory consumed by a <code>thread_local</code> variable scales with
|
||
the number of running threads (in the worst case), which can be quite large
|
||
in a program.</li>
|
||
<li>An ordinary class member cannot be <code>thread_local</code>.</li>
|
||
<li><code>thread_local</code> may not be as efficient as certain compiler
|
||
intrinsics.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p><code>thread_local</code> variables inside a function have no safety
|
||
concerns, so they can be used without restriction. Note that you can use
|
||
a function-scope <code>thread_local</code> to simulate a class- or
|
||
namespace-scope <code>thread_local</code> by defining a function or
|
||
static method that exposes it:</p>
|
||
|
||
<pre>Foo& MyThreadLocalFoo() {
|
||
thread_local Foo result = ComplicatedInitialization();
|
||
return result;
|
||
}
|
||
</pre>
|
||
|
||
<p><code>thread_local</code> variables at class or namespace scope must be
|
||
initialized with a true compile-time constant (i.e., they must have no
|
||
dynamic initialization). To enforce this, <code>thread_local</code> variables
|
||
at class or namespace scope must be annotated with
|
||
|
||
|
||
<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h">
|
||
<code>ABSL_CONST_INIT</code></a>
|
||
(or <code>constexpr</code>, but that should be rare):</p>
|
||
|
||
<pre>ABSL_CONST_INIT thread_local Foo foo = ...;
|
||
</pre>
|
||
|
||
<p><code>thread_local</code> should be preferred over other mechanisms for
|
||
defining thread-local data.</p>
|
||
|
||
<h2 id="Classes">Classes</h2>
|
||
|
||
<p>Classes are the fundamental unit of code in C++. Naturally,
|
||
we use them extensively. This section lists the main dos and
|
||
don'ts you should follow when writing a class.</p>
|
||
|
||
<h3 id="Doing_Work_in_Constructors">Doing Work in Constructors</h3>
|
||
|
||
<p>Avoid virtual method calls in constructors, and avoid
|
||
initialization that can fail if you can't signal an error.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>It is possible to perform arbitrary initialization in the body
|
||
of the constructor.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>No need to worry about whether the class has been initialized or
|
||
not.</li>
|
||
|
||
<li>Objects that are fully initialized by constructor call can
|
||
be <code>const</code> and may also be easier to use with standard containers
|
||
or algorithms.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>If the work calls virtual functions, these calls
|
||
will not get dispatched to the subclass
|
||
implementations. Future modification to your class can
|
||
quietly introduce this problem even if your class is
|
||
not currently subclassed, causing much confusion.</li>
|
||
|
||
<li>There is no easy way for constructors to signal errors, short of
|
||
crashing the program (not always appropriate) or using exceptions
|
||
(which are <a href="#Exceptions">forbidden</a>).</li>
|
||
|
||
<li>If the work fails, we now have an object whose initialization
|
||
code failed, so it may be an unusual state requiring a <code>bool
|
||
IsValid()</code> state checking mechanism (or similar) which is easy
|
||
to forget to call.</li>
|
||
|
||
<li>You cannot take the address of a constructor, so whatever work
|
||
is done in the constructor cannot easily be handed off to, for
|
||
example, another thread.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Constructors should never call virtual functions. If appropriate
|
||
for your code ,
|
||
terminating the program may be an appropriate error handling
|
||
response. Otherwise, consider a factory function
|
||
or <code>Init()</code> method as described in
|
||
<a href="https://abseil.io/tips/42">TotW #42</a>
|
||
.
|
||
Avoid <code>Init()</code> methods on objects with
|
||
no other states that affect which public methods may be called
|
||
(semi-constructed objects of this form are particularly hard to work
|
||
with correctly).</p>
|
||
|
||
<a id="Explicit_Constructors"></a>
|
||
<h3 id="Implicit_Conversions">Implicit Conversions</h3>
|
||
|
||
<p>Do not define implicit conversions. Use the <code>explicit</code>
|
||
keyword for conversion operators and single-argument
|
||
constructors.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>Implicit conversions allow an
|
||
object of one type (called the <dfn>source type</dfn>) to
|
||
be used where a different type (called the <dfn>destination
|
||
type</dfn>) is expected, such as when passing an
|
||
<code>int</code> argument to a function that takes a
|
||
<code>double</code> parameter.</p>
|
||
|
||
<p>In addition to the implicit conversions defined by the language,
|
||
users can define their own, by adding appropriate members to the
|
||
class definition of the source or destination type. An implicit
|
||
conversion in the source type is defined by a type conversion operator
|
||
named after the destination type (e.g., <code>operator
|
||
bool()</code>). An implicit conversion in the destination
|
||
type is defined by a constructor that can take the source type as
|
||
its only argument (or only argument with no default value).</p>
|
||
|
||
<p>The <code>explicit</code> keyword can be applied to a constructor
|
||
or (since C++11) a conversion operator, to ensure that it can only be
|
||
used when the destination type is explicit at the point of use,
|
||
e.g., with a cast. This applies not only to implicit conversions, but to
|
||
C++11's list initialization syntax:</p>
|
||
<pre>class Foo {
|
||
explicit Foo(int x, double y);
|
||
...
|
||
};
|
||
|
||
void Func(Foo f);
|
||
</pre>
|
||
<pre class="badcode">Func({42, 3.14}); // Error
|
||
</pre>
|
||
This kind of code isn't technically an implicit conversion, but the
|
||
language treats it as one as far as <code>explicit</code> is concerned.
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Implicit conversions can make a type more usable and
|
||
expressive by eliminating the need to explicitly name a type
|
||
when it's obvious.</li>
|
||
<li>Implicit conversions can be a simpler alternative to
|
||
overloading, such as when a single
|
||
function with a <code>string_view</code> parameter takes the
|
||
place of separate overloads for <code>std::string</code> and
|
||
<code>const char*</code>.</li>
|
||
<li>List initialization syntax is a concise and expressive
|
||
way of initializing objects.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Implicit conversions can hide type-mismatch bugs, where the
|
||
destination type does not match the user's expectation, or
|
||
the user is unaware that any conversion will take place.</li>
|
||
|
||
<li>Implicit conversions can make code harder to read, particularly
|
||
in the presence of overloading, by making it less obvious what
|
||
code is actually getting called.</li>
|
||
|
||
<li>Constructors that take a single argument may accidentally
|
||
be usable as implicit type conversions, even if they are not
|
||
intended to do so.</li>
|
||
|
||
<li>When a single-argument constructor is not marked
|
||
<code>explicit</code>, there's no reliable way to tell whether
|
||
it's intended to define an implicit conversion, or the author
|
||
simply forgot to mark it.</li>
|
||
|
||
<li>Implicit conversions can lead to call-site ambiguities, especially
|
||
when there are bidirectional implicit conversions. This can be caused
|
||
either by having two types that both provide an implicit conversion,
|
||
or by a single type that has both an implicit constructor and an
|
||
implicit type conversion operator.</li>
|
||
|
||
<li>List initialization can suffer from the same problems if
|
||
the destination type is implicit, particularly if the
|
||
list has only a single element.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Type conversion operators, and constructors that are
|
||
callable with a single argument, must be marked
|
||
<code>explicit</code> in the class definition. As an
|
||
exception, copy and move constructors should not be
|
||
<code>explicit</code>, since they do not perform type
|
||
conversion.</p>
|
||
|
||
<p>Implicit conversions can sometimes be necessary and appropriate for
|
||
types that are designed to be interchangeable, for example when objects
|
||
of two types are just different representations of the same underlying
|
||
value. In that case, contact
|
||
your project leads to request a waiver
|
||
of this rule.
|
||
</p>
|
||
|
||
<p>Constructors that cannot be called with a single argument
|
||
may omit <code>explicit</code>. Constructors that
|
||
take a single <code>std::initializer_list</code> parameter should
|
||
also omit <code>explicit</code>, in order to support copy-initialization
|
||
(e.g., <code>MyType m = {1, 2};</code>).</p>
|
||
|
||
<h3 id="Copyable_Movable_Types">Copyable and Movable Types</h3>
|
||
<a id="Copy_Constructors"></a>
|
||
|
||
<p>A class's public API must make clear whether the class is copyable,
|
||
move-only, or neither copyable nor movable. Support copying and/or
|
||
moving if these operations are clear and meaningful for your type.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>A movable type is one that can be initialized and assigned
|
||
from temporaries.</p>
|
||
|
||
<p>A copyable type is one that can be initialized or assigned from
|
||
any other object of the same type (so is also movable by definition), with the
|
||
stipulation that the value of the source does not change.
|
||
<code>std::unique_ptr<int></code> is an example of a movable but not
|
||
copyable type (since the value of the source
|
||
<code>std::unique_ptr<int></code> must be modified during assignment to
|
||
the destination). <code>int</code> and <code>std::string</code> are examples of
|
||
movable types that are also copyable. (For <code>int</code>, the move and copy
|
||
operations are the same; for <code>std::string</code>, there exists a move operation
|
||
that is less expensive than a copy.)</p>
|
||
|
||
<p>For user-defined types, the copy behavior is defined by the copy
|
||
constructor and the copy-assignment operator. Move behavior is defined by the
|
||
move constructor and the move-assignment operator, if they exist, or by the
|
||
copy constructor and the copy-assignment operator otherwise.</p>
|
||
|
||
<p>The copy/move constructors can be implicitly invoked by the compiler
|
||
in some situations, e.g., when passing objects by value.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Objects of copyable and movable types can be passed and returned by value,
|
||
which makes APIs simpler, safer, and more general. Unlike when passing objects
|
||
by pointer or reference, there's no risk of confusion over ownership,
|
||
lifetime, mutability, and similar issues, and no need to specify them in the
|
||
contract. It also prevents non-local interactions between the client and the
|
||
implementation, which makes them easier to understand, maintain, and optimize by
|
||
the compiler. Further, such objects can be used with generic APIs that
|
||
require pass-by-value, such as most containers, and they allow for additional
|
||
flexibility in e.g., type composition.</p>
|
||
|
||
<p>Copy/move constructors and assignment operators are usually
|
||
easier to define correctly than alternatives
|
||
like <code>Clone()</code>, <code>CopyFrom()</code> or <code>Swap()</code>,
|
||
because they can be generated by the compiler, either implicitly or
|
||
with <code>= default</code>. They are concise, and ensure
|
||
that all data members are copied. Copy and move
|
||
constructors are also generally more efficient, because they don't
|
||
require heap allocation or separate initialization and assignment
|
||
steps, and they're eligible for optimizations such as
|
||
|
||
<a href="http://en.cppreference.com/w/cpp/language/copy_elision">
|
||
copy elision</a>.</p>
|
||
|
||
<p>Move operations allow the implicit and efficient transfer of
|
||
resources out of rvalue objects. This allows a plainer coding style
|
||
in some cases.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Some types do not need to be copyable, and providing copy
|
||
operations for such types can be confusing, nonsensical, or outright
|
||
incorrect. Types representing singleton objects (<code>Registerer</code>),
|
||
objects tied to a specific scope (<code>Cleanup</code>), or closely coupled to
|
||
object identity (<code>Mutex</code>) cannot be copied meaningfully.
|
||
Copy operations for base class types that are to be used
|
||
polymorphically are hazardous, because use of them can lead to
|
||
<a href="https://en.wikipedia.org/wiki/Object_slicing">object slicing</a>.
|
||
Defaulted or carelessly-implemented copy operations can be incorrect, and the
|
||
resulting bugs can be confusing and difficult to diagnose.</p>
|
||
|
||
<p>Copy constructors are invoked implicitly, which makes the
|
||
invocation easy to miss. This may cause confusion for programmers used to
|
||
languages where pass-by-reference is conventional or mandatory. It may also
|
||
encourage excessive copying, which can cause performance problems.</p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
<p>Every class's public interface must make clear which copy and move
|
||
operations the class supports. This should usually take the form of explicitly
|
||
declaring and/or deleting the appropriate operations in the <code>public</code>
|
||
section of the declaration.</p>
|
||
|
||
<p>Specifically, a copyable class should explicitly declare the copy
|
||
operations, a move-only class should explicitly declare the move operations, and
|
||
a non-copyable/movable class should explicitly delete the copy operations. A
|
||
copyable class may also declare move operations in order to support efficient
|
||
moves. Explicitly declaring or deleting all four copy/move operations is
|
||
permitted, but not required. If you provide a copy or move assignment operator,
|
||
you must also provide the corresponding constructor.</p>
|
||
|
||
<pre>class Copyable {
|
||
public:
|
||
Copyable(const Copyable& other) = default;
|
||
Copyable& operator=(const Copyable& other) = default;
|
||
|
||
// The implicit move operations are suppressed by the declarations above.
|
||
// You may explicitly declare move operations to support efficient moves.
|
||
};
|
||
|
||
class MoveOnly {
|
||
public:
|
||
MoveOnly(MoveOnly&& other) = default;
|
||
MoveOnly& operator=(MoveOnly&& other) = default;
|
||
|
||
// The copy operations are implicitly deleted, but you can
|
||
// spell that out explicitly if you want:
|
||
MoveOnly(const MoveOnly&) = delete;
|
||
MoveOnly& operator=(const MoveOnly&) = delete;
|
||
};
|
||
|
||
class NotCopyableOrMovable {
|
||
public:
|
||
// Not copyable or movable
|
||
NotCopyableOrMovable(const NotCopyableOrMovable&) = delete;
|
||
NotCopyableOrMovable& operator=(const NotCopyableOrMovable&)
|
||
= delete;
|
||
|
||
// The move operations are implicitly disabled, but you can
|
||
// spell that out explicitly if you want:
|
||
NotCopyableOrMovable(NotCopyableOrMovable&&) = delete;
|
||
NotCopyableOrMovable& operator=(NotCopyableOrMovable&&)
|
||
= delete;
|
||
};
|
||
</pre>
|
||
|
||
<p>These declarations/deletions can be omitted only if they are obvious:</p>
|
||
<ul>
|
||
<li>If the class has no <code>private</code> section, like a
|
||
<a href="#Structs_vs._Classes">struct</a> or an interface-only base class,
|
||
then the copyability/movability can be determined by the
|
||
copyability/movability of any public data members.
|
||
</li><li>If a base class clearly isn't copyable or movable, derived classes
|
||
naturally won't be either. An interface-only base class that leaves these
|
||
operations implicit is not sufficient to make concrete subclasses clear.
|
||
</li><li>Note that if you explicitly declare or delete either the constructor or
|
||
assignment operation for copy, the other copy operation is not obvious and
|
||
must be declared or deleted. Likewise for move operations.
|
||
</li></ul>
|
||
|
||
<p>A type should not be copyable/movable if the meaning of
|
||
copying/moving is unclear to a casual user, or if it incurs unexpected
|
||
costs. Move operations for copyable types are strictly a performance
|
||
optimization and are a potential source of bugs and complexity, so
|
||
avoid defining them unless they are significantly more efficient than
|
||
the corresponding copy operations. If your type provides copy operations, it is
|
||
recommended that you design your class so that the default implementation of
|
||
those operations is correct. Remember to review the correctness of any
|
||
defaulted operations as you would any other code.</p>
|
||
|
||
<p>Due to the risk of slicing, prefer to avoid providing a public assignment
|
||
operator or copy/move constructor for a class that's
|
||
intended to be derived from (and prefer to avoid deriving from a class
|
||
with such members). If your base class needs to be
|
||
copyable, provide a public virtual <code>Clone()</code>
|
||
method, and a protected copy constructor that derived classes
|
||
can use to implement it.</p>
|
||
|
||
|
||
|
||
<h3 id="Structs_vs._Classes">Structs vs. Classes</h3>
|
||
|
||
<p>Use a <code>struct</code> only for passive objects that
|
||
carry data; everything else is a <code>class</code>.</p>
|
||
|
||
<p>The <code>struct</code> and <code>class</code>
|
||
keywords behave almost identically in C++. We add our own
|
||
semantic meanings to each keyword, so you should use the
|
||
appropriate keyword for the data-type you're
|
||
defining.</p>
|
||
|
||
<p><code>structs</code> should be used for passive objects that carry
|
||
data, and may have associated constants. All fields must be public. The
|
||
struct must not have invariants that imply relationships between
|
||
different fields, since direct user access to those fields may
|
||
break those invariants. Constructors, destructors, and helper methods may
|
||
be present; however, these methods must not require or enforce any
|
||
invariants.</p>
|
||
|
||
<p>If more functionality or invariants are required, a
|
||
<code>class</code> is more appropriate. If in doubt, make
|
||
it a <code>class</code>.</p>
|
||
|
||
<p>For consistency with STL, you can use
|
||
<code>struct</code> instead of <code>class</code> for
|
||
stateless types, such as traits,
|
||
<a href="#Template_metaprogramming">template metafunctions</a>,
|
||
and some functors.</p>
|
||
|
||
<p>Note that member variables in structs and classes have
|
||
<a href="#Variable_Names">different naming rules</a>.</p>
|
||
|
||
<h3 id="Structs_vs._Tuples">Structs vs. Pairs and Tuples</h3>
|
||
|
||
<p>Prefer to use a <code>struct</code> instead of a pair or a
|
||
tuple whenever the elements can have meaningful names.</p>
|
||
|
||
<p>
|
||
While using pairs and tuples can avoid the need to define a custom type,
|
||
potentially saving work when <em>writing</em> code, a meaningful field
|
||
name will almost always be much clearer when <em>reading</em> code than
|
||
<code>.first</code>, <code>.second</code>, or <code>std::get<X></code>.
|
||
While C++14's introduction of <code>std::get<Type></code> to access a
|
||
tuple element by type rather than index (when the type is unique) can
|
||
sometimes partially mitigate this, a field name is usually substantially
|
||
clearer and more informative than a type.
|
||
</p>
|
||
|
||
<p>
|
||
Pairs and tuples may be appropriate in generic code where there are not
|
||
specific meanings for the elements of the pair or tuple. Their use may
|
||
also be required in order to interoperate with existing code or APIs.
|
||
</p>
|
||
|
||
<a id="Multiple_Inheritance"></a>
|
||
<h3 id="Inheritance">Inheritance</h3>
|
||
|
||
<p>Composition is often more appropriate than inheritance.
|
||
When using inheritance, make it <code>public</code>.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> When a sub-class
|
||
inherits from a base class, it includes the definitions
|
||
of all the data and operations that the base class
|
||
defines. "Interface inheritance" is inheritance from a
|
||
pure abstract base class (one with no state or defined
|
||
methods); all other inheritance is "implementation
|
||
inheritance".</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Implementation inheritance reduces code size by re-using
|
||
the base class code as it specializes an existing type.
|
||
Because inheritance is a compile-time declaration, you
|
||
and the compiler can understand the operation and detect
|
||
errors. Interface inheritance can be used to
|
||
programmatically enforce that a class expose a particular
|
||
API. Again, the compiler can detect errors, in this case,
|
||
when a class does not define a necessary method of the
|
||
API.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>For implementation inheritance, because the code
|
||
implementing a sub-class is spread between the base and
|
||
the sub-class, it can be more difficult to understand an
|
||
implementation. The sub-class cannot override functions
|
||
that are not virtual, so the sub-class cannot change
|
||
implementation.</p>
|
||
|
||
<p>Multiple inheritance is especially problematic, because
|
||
it often imposes a higher performance overhead (in fact,
|
||
the performance drop from single inheritance to multiple
|
||
inheritance can often be greater than the performance
|
||
drop from ordinary to virtual dispatch), and because
|
||
it risks leading to "diamond" inheritance patterns,
|
||
which are prone to ambiguity, confusion, and outright bugs.</p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
<p>All inheritance should be <code>public</code>. If you
|
||
want to do private inheritance, you should be including
|
||
an instance of the base class as a member instead.</p>
|
||
|
||
<p>Do not overuse implementation inheritance. Composition
|
||
is often more appropriate. Try to restrict use of
|
||
inheritance to the "is-a" case: <code>Bar</code>
|
||
subclasses <code>Foo</code> if it can reasonably be said
|
||
that <code>Bar</code> "is a kind of"
|
||
<code>Foo</code>.</p>
|
||
|
||
<p>Limit the use of <code>protected</code> to those
|
||
member functions that might need to be accessed from
|
||
subclasses. Note that <a href="#Access_Control">data
|
||
members should be private</a>.</p>
|
||
|
||
<p>Explicitly annotate overrides of virtual functions or virtual
|
||
destructors with exactly one of an <code>override</code> or (less
|
||
frequently) <code>final</code> specifier. Do not
|
||
use <code>virtual</code> when declaring an override.
|
||
Rationale: A function or destructor marked
|
||
<code>override</code> or <code>final</code> that is
|
||
not an override of a base class virtual function will
|
||
not compile, and this helps catch common errors. The
|
||
specifiers serve as documentation; if no specifier is
|
||
present, the reader has to check all ancestors of the
|
||
class in question to determine if the function or
|
||
destructor is virtual or not.</p>
|
||
|
||
<p>Multiple inheritance is permitted, but multiple <em>implementation</em>
|
||
inheritance is strongly discouraged.</p>
|
||
|
||
<h3 id="Operator_Overloading">Operator Overloading</h3>
|
||
|
||
<p>Overload operators judiciously. Do not use user-defined literals.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>C++ permits user code to
|
||
<a href="http://en.cppreference.com/w/cpp/language/operators">declare
|
||
overloaded versions of the built-in operators</a> using the
|
||
<code>operator</code> keyword, so long as one of the parameters
|
||
is a user-defined type. The <code>operator</code> keyword also
|
||
permits user code to define new kinds of literals using
|
||
<code>operator""</code>, and to define type-conversion functions
|
||
such as <code>operator bool()</code>.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Operator overloading can make code more concise and
|
||
intuitive by enabling user-defined types to behave the same
|
||
as built-in types. Overloaded operators are the idiomatic names
|
||
for certain operations (e.g., <code>==</code>, <code><</code>,
|
||
<code>=</code>, and <code><<</code>), and adhering to
|
||
those conventions can make user-defined types more readable
|
||
and enable them to interoperate with libraries that expect
|
||
those names.</p>
|
||
|
||
<p>User-defined literals are a very concise notation for
|
||
creating objects of user-defined types.</p>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Providing a correct, consistent, and unsurprising
|
||
set of operator overloads requires some care, and failure
|
||
to do so can lead to confusion and bugs.</li>
|
||
|
||
<li>Overuse of operators can lead to obfuscated code,
|
||
particularly if the overloaded operator's semantics
|
||
don't follow convention.</li>
|
||
|
||
<li>The hazards of function overloading apply just as
|
||
much to operator overloading, if not more so.</li>
|
||
|
||
<li>Operator overloads can fool our intuition into
|
||
thinking that expensive operations are cheap, built-in
|
||
operations.</li>
|
||
|
||
<li>Finding the call sites for overloaded operators may
|
||
require a search tool that's aware of C++ syntax, rather
|
||
than e.g., grep.</li>
|
||
|
||
<li>If you get the argument type of an overloaded operator
|
||
wrong, you may get a different overload rather than a
|
||
compiler error. For example, <code>foo < bar</code>
|
||
may do one thing, while <code>&foo < &bar</code>
|
||
does something totally different.</li>
|
||
|
||
<li>Certain operator overloads are inherently hazardous.
|
||
Overloading unary <code>&</code> can cause the same
|
||
code to have different meanings depending on whether
|
||
the overload declaration is visible. Overloads of
|
||
<code>&&</code>, <code>||</code>, and <code>,</code>
|
||
(comma) cannot match the evaluation-order semantics of the
|
||
built-in operators.</li>
|
||
|
||
<li>Operators are often defined outside the class,
|
||
so there's a risk of different files introducing
|
||
different definitions of the same operator. If both
|
||
definitions are linked into the same binary, this results
|
||
in undefined behavior, which can manifest as subtle
|
||
run-time bugs.</li>
|
||
|
||
<li>User-defined literals (UDLs) allow the creation of new
|
||
syntactic forms that are unfamiliar even to experienced C++
|
||
programmers, such as <code>"Hello World"sv</code> as a
|
||
shorthand for <code>std::string_view("Hello World")</code>.
|
||
Existing notations are clearer, though less terse.</li>
|
||
|
||
<li>Because they can't be namespace-qualified, uses of UDLs also require
|
||
use of either using-directives (which <a href="#Namespaces">we ban</a>) or
|
||
using-declarations (which <a href="#Aliases">we ban in header files</a> except
|
||
when the imported names are part of the interface exposed by the header
|
||
file in question). Given that header files would have to avoid UDL
|
||
suffixes, we prefer to avoid having conventions for literals differ
|
||
between header files and source files.
|
||
</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Define overloaded operators only if their meaning is
|
||
obvious, unsurprising, and consistent with the corresponding
|
||
built-in operators. For example, use <code>|</code> as a
|
||
bitwise- or logical-or, not as a shell-style pipe.</p>
|
||
|
||
<p>Define operators only on your own types. More precisely,
|
||
define them in the same headers, .cc files, and namespaces
|
||
as the types they operate on. That way, the operators are available
|
||
wherever the type is, minimizing the risk of multiple
|
||
definitions. If possible, avoid defining operators as templates,
|
||
because they must satisfy this rule for any possible template
|
||
arguments. If you define an operator, also define
|
||
any related operators that make sense, and make sure they
|
||
are defined consistently. For example, if you overload
|
||
<code><</code>, overload all the comparison operators,
|
||
and make sure <code><</code> and <code>></code> never
|
||
return true for the same arguments.</p>
|
||
|
||
<p>Prefer to define non-modifying binary operators as
|
||
non-member functions. If a binary operator is defined as a
|
||
class member, implicit conversions will apply to the
|
||
right-hand argument, but not the left-hand one. It will
|
||
confuse your users if <code>a < b</code> compiles but
|
||
<code>b < a</code> doesn't.</p>
|
||
|
||
<p>Don't go out of your way to avoid defining operator
|
||
overloads. For example, prefer to define <code>==</code>,
|
||
<code>=</code>, and <code><<</code>, rather than
|
||
<code>Equals()</code>, <code>CopyFrom()</code>, and
|
||
<code>PrintTo()</code>. Conversely, don't define
|
||
operator overloads just because other libraries expect
|
||
them. For example, if your type doesn't have a natural
|
||
ordering, but you want to store it in a <code>std::set</code>,
|
||
use a custom comparator rather than overloading
|
||
<code><</code>.</p>
|
||
|
||
<p>Do not overload <code>&&</code>, <code>||</code>,
|
||
<code>,</code> (comma), or unary <code>&</code>. Do not overload
|
||
<code>operator""</code>, i.e., do not introduce user-defined
|
||
literals. Do not use any such literals provided by others
|
||
(including the standard library).</p>
|
||
|
||
<p>Type conversion operators are covered in the section on
|
||
<a href="#Implicit_Conversions">implicit conversions</a>.
|
||
The <code>=</code> operator is covered in the section on
|
||
<a href="#Copy_Constructors">copy constructors</a>. Overloading
|
||
<code><<</code> for use with streams is covered in the
|
||
section on <a href="#Streams">streams</a>. See also the rules on
|
||
<a href="#Function_Overloading">function overloading</a>, which
|
||
apply to operator overloading as well.</p>
|
||
|
||
<h3 id="Access_Control">Access Control</h3>
|
||
|
||
<p>Make classes' data members <code>private</code>, unless they are
|
||
<a href="#Constant_Names">constants</a>. This simplifies reasoning about invariants, at the cost
|
||
of some easy boilerplate in the form of accessors (usually <code>const</code>) if necessary.</p>
|
||
|
||
<p>For technical
|
||
reasons, we allow data members of a test fixture class defined in a .cc file to
|
||
be <code>protected</code> when using
|
||
|
||
|
||
<a href="https://github.com/google/googletest">Google
|
||
Test</a>).
|
||
If a test fixture class is defined outside of the .cc file it is used in, for example in a .h file,
|
||
make data members <code>private</code>.</p>
|
||
|
||
<h3 id="Declaration_Order">Declaration Order</h3>
|
||
|
||
<p>Group similar declarations together, placing public parts
|
||
earlier.</p>
|
||
|
||
<p>A class definition should usually start with a
|
||
<code>public:</code> section, followed by
|
||
<code>protected:</code>, then <code>private:</code>. Omit
|
||
sections that would be empty.</p>
|
||
|
||
<p>Within each section, prefer grouping similar
|
||
kinds of declarations together, and prefer the
|
||
following order: types (including <code>typedef</code>,
|
||
<code>using</code>, and nested structs and classes),
|
||
constants, factory functions, constructors and assignment
|
||
operators, destructor, all other methods, data members.</p>
|
||
|
||
<p>Do not put large method definitions inline in the
|
||
class definition. Usually, only trivial or
|
||
performance-critical, and very short, methods may be
|
||
defined inline. See <a href="#Inline_Functions">Inline
|
||
Functions</a> for more details.</p>
|
||
|
||
<h2 id="Functions">Functions</h2>
|
||
|
||
<a id="Function_Parameter_Ordering"></a>
|
||
<a id="Output_Parameters"></a>
|
||
<h3 id="Inputs_and_Outputs">Inputs and Outputs</h3>
|
||
|
||
<p>The output of a C++ function is naturally provided via
|
||
a return value and sometimes via output parameters (or in/out parameters).</p>
|
||
|
||
<p>Prefer using return values over output parameters: they
|
||
improve readability, and often provide the same or better
|
||
performance.</p>
|
||
|
||
<p>Prefer to return by value or, failing that, return by reference.
|
||
Avoid returning a pointer unless it can be null.</p>
|
||
|
||
<p>Parameters are either inputs to the function, outputs from the
|
||
function, or both. Non-optional input parameters should usually be values
|
||
or <code>const</code> references, while non-optional output and
|
||
input/output parameters should usually be references (which cannot be null).
|
||
Generally, use <code>absl::optional</code> to represent optional by-value
|
||
inputs, and use a <code>const</code> pointer when the non-optional form would
|
||
have used a reference. Use non-<code>const</code> pointers to represent
|
||
optional outputs and optional input/output parameters.</p>
|
||
|
||
<p>
|
||
Avoid defining functions that require a <code>const</code> reference parameter
|
||
to outlive the call, because <code>const</code> reference parameters bind
|
||
to temporaries. Instead, find a way to eliminate the lifetime requirement
|
||
(for example, by copying the parameter), or pass it by <code>const</code>
|
||
pointer and document the lifetime and non-null requirements.
|
||
|
||
</p>
|
||
|
||
<p>When ordering function parameters, put all input-only
|
||
parameters before any output parameters. In particular,
|
||
do not add new parameters to the end of the function just
|
||
because they are new; place new input-only parameters before
|
||
the output parameters. This is not a hard-and-fast rule. Parameters that
|
||
are both input and output muddy the waters, and, as always,
|
||
consistency with related functions may require you to bend the rule.
|
||
Variadic functions may also require unusual parameter ordering.</p>
|
||
|
||
<h3 id="Write_Short_Functions">Write Short Functions</h3>
|
||
|
||
<p>Prefer small and focused functions.</p>
|
||
|
||
<p>We recognize that long functions are sometimes
|
||
appropriate, so no hard limit is placed on functions
|
||
length. If a function exceeds about 40 lines, think about
|
||
whether it can be broken up without harming the structure
|
||
of the program.</p>
|
||
|
||
<p>Even if your long function works perfectly now,
|
||
someone modifying it in a few months may add new
|
||
behavior. This could result in bugs that are hard to
|
||
find. Keeping your functions short and simple makes it
|
||
easier for other people to read and modify your code.
|
||
Small functions are also easier to test.</p>
|
||
|
||
<p>You could find long and complicated functions when
|
||
working with
|
||
some code. Do not be
|
||
intimidated by modifying existing code: if working with
|
||
such a function proves to be difficult, you find that
|
||
errors are hard to debug, or you want to use a piece of
|
||
it in several different contexts, consider breaking up
|
||
the function into smaller and more manageable pieces.</p>
|
||
|
||
<h3 id="Function_Overloading">Function Overloading</h3>
|
||
|
||
<p>Use overloaded functions (including constructors) only if a
|
||
reader looking at a call site can get a good idea of what
|
||
is happening without having to first figure out exactly
|
||
which overload is being called.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>You may write a function that takes a <code>const
|
||
std::string&</code> and overload it with another that
|
||
takes <code>const char*</code>. However, in this case consider
|
||
std::string_view
|
||
instead.</p>
|
||
|
||
<pre>class MyClass {
|
||
public:
|
||
void Analyze(const std::string &text);
|
||
void Analyze(const char *text, size_t textlen);
|
||
};
|
||
</pre>
|
||
|
||
<p class="pros"></p>
|
||
<p>Overloading can make code more intuitive by allowing an
|
||
identically-named function to take different arguments.
|
||
It may be necessary for templatized code, and it can be
|
||
convenient for Visitors.</p>
|
||
<p>Overloading based on const or ref qualification may make utility
|
||
code more usable, more efficient, or both.
|
||
(See <a href="http://abseil.io/tips/148">TotW 148</a> for more.)
|
||
</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>If a function is overloaded by the argument types alone,
|
||
a reader may have to understand C++'s complex matching
|
||
rules in order to tell what's going on. Also many people
|
||
are confused by the semantics of inheritance if a derived
|
||
class overrides only some of the variants of a
|
||
function.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>You may overload a function when there are no semantic differences
|
||
between variants. These overloads may vary in types, qualifiers, or
|
||
argument count. However, a reader of such a call must not need to know
|
||
which member of the overload set is chosen, only that <b>something</b>
|
||
from the set is being called. If you can document all entries in the
|
||
overload set with a single comment in the header, that is a good sign
|
||
that it is a well-designed overload set.</p>
|
||
|
||
<h3 id="Default_Arguments">Default Arguments</h3>
|
||
|
||
<p>Default arguments are allowed on non-virtual functions
|
||
when the default is guaranteed to always have the same
|
||
value. Follow the same restrictions as for <a href="#Function_Overloading">function overloading</a>, and
|
||
prefer overloaded functions if the readability gained with
|
||
default arguments doesn't outweigh the downsides below.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Often you have a function that uses default values, but
|
||
occasionally you want to override the defaults. Default
|
||
parameters allow an easy way to do this without having to
|
||
define many functions for the rare exceptions. Compared
|
||
to overloading the function, default arguments have a
|
||
cleaner syntax, with less boilerplate and a clearer
|
||
distinction between 'required' and 'optional'
|
||
arguments.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Defaulted arguments are another way to achieve the
|
||
semantics of overloaded functions, so all the <a href="#Function_Overloading">reasons not to overload
|
||
functions</a> apply.</p>
|
||
|
||
<p>The defaults for arguments in a virtual function call are
|
||
determined by the static type of the target object, and
|
||
there's no guarantee that all overrides of a given function
|
||
declare the same defaults.</p>
|
||
|
||
<p>Default parameters are re-evaluated at each call site,
|
||
which can bloat the generated code. Readers may also expect
|
||
the default's value to be fixed at the declaration instead
|
||
of varying at each call.</p>
|
||
|
||
<p>Function pointers are confusing in the presence of
|
||
default arguments, since the function signature often
|
||
doesn't match the call signature. Adding
|
||
function overloads avoids these problems.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>Default arguments are banned on virtual functions, where
|
||
they don't work properly, and in cases where the specified
|
||
default might not evaluate to the same value depending on
|
||
when it was evaluated. (For example, don't write <code>void
|
||
f(int n = counter++);</code>.)</p>
|
||
|
||
<p>In some other cases, default arguments can improve the
|
||
readability of their function declarations enough to
|
||
overcome the downsides above, so they are allowed. When in
|
||
doubt, use overloads.</p>
|
||
|
||
<h3 id="trailing_return">Trailing Return Type Syntax</h3>
|
||
|
||
<p>Use trailing return types only where using the ordinary syntax (leading
|
||
return types) is impractical or much less readable.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>C++ allows two different forms of function declarations. In the older
|
||
form, the return type appears before the function name. For example:</p>
|
||
<pre>int foo(int x);
|
||
</pre>
|
||
<p>The newer form, introduced in C++11, uses the <code>auto</code>
|
||
keyword before the function name and a trailing return type after
|
||
the argument list. For example, the declaration above could
|
||
equivalently be written:</p>
|
||
<pre>auto foo(int x) -> int;
|
||
</pre>
|
||
<p>The trailing return type is in the function's scope. This doesn't
|
||
make a difference for a simple case like <code>int</code> but it matters
|
||
for more complicated cases, like types declared in class scope or
|
||
types written in terms of the function parameters.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Trailing return types are the only way to explicitly specify the
|
||
return type of a <a href="#Lambda_expressions">lambda expression</a>.
|
||
In some cases the compiler is able to deduce a lambda's return type,
|
||
but not in all cases. Even when the compiler can deduce it automatically,
|
||
sometimes specifying it explicitly would be clearer for readers.
|
||
</p>
|
||
<p>Sometimes it's easier and more readable to specify a return type
|
||
after the function's parameter list has already appeared. This is
|
||
particularly true when the return type depends on template parameters.
|
||
For example:</p>
|
||
<pre> template <typename T, typename U>
|
||
auto add(T t, U u) -> decltype(t + u);
|
||
</pre>
|
||
versus
|
||
<pre> template <typename T, typename U>
|
||
decltype(declval<T&>() + declval<U&>()) add(T t, U u);
|
||
</pre>
|
||
|
||
<p class="cons"></p>
|
||
<p>Trailing return type syntax is relatively new and it has no
|
||
analogue in C++-like languages such as C and Java, so some readers may
|
||
find it unfamiliar.</p>
|
||
<p>Existing code bases have an enormous number of function
|
||
declarations that aren't going to get changed to use the new syntax,
|
||
so the realistic choices are using the old syntax only or using a mixture
|
||
of the two. Using a single version is better for uniformity of style.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>In most cases, continue to use the older style of function
|
||
declaration where the return type goes before the function name.
|
||
Use the new trailing-return-type form only in cases where it's
|
||
required (such as lambdas) or where, by putting the type after the
|
||
function's parameter list, it allows you to write the type in a much
|
||
more readable way. The latter case should be rare; it's mostly an
|
||
issue in fairly complicated template code, which is
|
||
<a href="#Template_metaprogramming">discouraged in most cases</a>.</p>
|
||
|
||
|
||
<h2 id="Google-Specific_Magic">Google-Specific Magic</h2>
|
||
|
||
|
||
|
||
<div>
|
||
<p>There are various tricks and utilities that
|
||
we use to make C++ code more robust, and various ways we use
|
||
C++ that may differ from what you see elsewhere.</p>
|
||
</div>
|
||
|
||
|
||
|
||
<h3 id="Ownership_and_Smart_Pointers">Ownership and Smart Pointers</h3>
|
||
|
||
<p>Prefer to have single, fixed owners for dynamically
|
||
allocated objects. Prefer to transfer ownership with smart
|
||
pointers.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>"Ownership" is a bookkeeping technique for managing
|
||
dynamically allocated memory (and other resources). The
|
||
owner of a dynamically allocated object is an object or
|
||
function that is responsible for ensuring that it is
|
||
deleted when no longer needed. Ownership can sometimes be
|
||
shared, in which case the last owner is typically
|
||
responsible for deleting it. Even when ownership is not
|
||
shared, it can be transferred from one piece of code to
|
||
another.</p>
|
||
|
||
<p>"Smart" pointers are classes that act like pointers,
|
||
e.g., by overloading the <code>*</code> and
|
||
<code>-></code> operators. Some smart pointer types
|
||
can be used to automate ownership bookkeeping, to ensure
|
||
these responsibilities are met.
|
||
<a href="http://en.cppreference.com/w/cpp/memory/unique_ptr">
|
||
<code>std::unique_ptr</code></a> is a smart pointer type
|
||
introduced in C++11, which expresses exclusive ownership
|
||
of a dynamically allocated object; the object is deleted
|
||
when the <code>std::unique_ptr</code> goes out of scope.
|
||
It cannot be copied, but can be <em>moved</em> to
|
||
represent ownership transfer.
|
||
<a href="http://en.cppreference.com/w/cpp/memory/shared_ptr">
|
||
<code>std::shared_ptr</code></a> is a smart pointer type
|
||
that expresses shared ownership of
|
||
a dynamically allocated object. <code>std::shared_ptr</code>s
|
||
can be copied; ownership of the object is shared among
|
||
all copies, and the object is deleted when the last
|
||
<code>std::shared_ptr</code> is destroyed. </p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>It's virtually impossible to manage dynamically
|
||
allocated memory without some sort of ownership
|
||
logic.</li>
|
||
|
||
<li>Transferring ownership of an object can be cheaper
|
||
than copying it (if copying it is even possible).</li>
|
||
|
||
<li>Transferring ownership can be simpler than
|
||
'borrowing' a pointer or reference, because it reduces
|
||
the need to coordinate the lifetime of the object
|
||
between the two users.</li>
|
||
|
||
<li>Smart pointers can improve readability by making
|
||
ownership logic explicit, self-documenting, and
|
||
unambiguous.</li>
|
||
|
||
<li>Smart pointers can eliminate manual ownership
|
||
bookkeeping, simplifying the code and ruling out large
|
||
classes of errors.</li>
|
||
|
||
<li>For const objects, shared ownership can be a simple
|
||
and efficient alternative to deep copying.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Ownership must be represented and transferred via
|
||
pointers (whether smart or plain). Pointer semantics
|
||
are more complicated than value semantics, especially
|
||
in APIs: you have to worry not just about ownership,
|
||
but also aliasing, lifetime, and mutability, among
|
||
other issues.</li>
|
||
|
||
<li>The performance costs of value semantics are often
|
||
overestimated, so the performance benefits of ownership
|
||
transfer might not justify the readability and
|
||
complexity costs.</li>
|
||
|
||
<li>APIs that transfer ownership force their clients
|
||
into a single memory management model.</li>
|
||
|
||
<li>Code using smart pointers is less explicit about
|
||
where the resource releases take place.</li>
|
||
|
||
<li><code>std::unique_ptr</code> expresses ownership
|
||
transfer using C++11's move semantics, which are
|
||
relatively new and may confuse some programmers.</li>
|
||
|
||
<li>Shared ownership can be a tempting alternative to
|
||
careful ownership design, obfuscating the design of a
|
||
system.</li>
|
||
|
||
<li>Shared ownership requires explicit bookkeeping at
|
||
run-time, which can be costly.</li>
|
||
|
||
<li>In some cases (e.g., cyclic references), objects
|
||
with shared ownership may never be deleted.</li>
|
||
|
||
<li>Smart pointers are not perfect substitutes for
|
||
plain pointers.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>If dynamic allocation is necessary, prefer to keep
|
||
ownership with the code that allocated it. If other code
|
||
needs access to the object, consider passing it a copy,
|
||
or passing a pointer or reference without transferring
|
||
ownership. Prefer to use <code>std::unique_ptr</code> to
|
||
make ownership transfer explicit. For example:</p>
|
||
|
||
<pre>std::unique_ptr<Foo> FooFactory();
|
||
void FooConsumer(std::unique_ptr<Foo> ptr);
|
||
</pre>
|
||
|
||
|
||
|
||
<p>Do not design your code to use shared ownership
|
||
without a very good reason. One such reason is to avoid
|
||
expensive copy operations, but you should only do this if
|
||
the performance benefits are significant, and the
|
||
underlying object is immutable (i.e.,
|
||
<code>std::shared_ptr<const Foo></code>). If you
|
||
do use shared ownership, prefer to use
|
||
<code>std::shared_ptr</code>.</p>
|
||
|
||
<p>Never use <code>std::auto_ptr</code>. Instead, use
|
||
<code>std::unique_ptr</code>.</p>
|
||
|
||
<h3 id="cpplint">cpplint</h3>
|
||
|
||
<p>Use <code>cpplint.py</code> to detect style errors.</p>
|
||
|
||
<p><code>cpplint.py</code>
|
||
is a tool that reads a source file and identifies many
|
||
style errors. It is not perfect, and has both false
|
||
positives and false negatives, but it is still a valuable
|
||
tool. </p>
|
||
|
||
|
||
|
||
<div>
|
||
<p>Some projects have instructions on
|
||
how to run <code>cpplint.py</code> from their project
|
||
tools. If the project you are contributing to does not,
|
||
you can download
|
||
<a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/cpplint/cpplint.py">
|
||
<code>cpplint.py</code></a> separately.</p>
|
||
</div>
|
||
|
||
|
||
|
||
<h2 id="Other_C++_Features">Other C++ Features</h2>
|
||
|
||
<h3 id="Rvalue_references">Rvalue References</h3>
|
||
|
||
<p>Use rvalue references only in certain special cases listed below.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> Rvalue references
|
||
are a type of reference that can only bind to temporary
|
||
objects. The syntax is similar to traditional reference
|
||
syntax. For example, <code>void f(std::string&&
|
||
s);</code> declares a function whose argument is an
|
||
rvalue reference to a std::string.</p>
|
||
|
||
<p id="Forwarding_references"> When the token '&&' is applied to
|
||
an unqualified template argument in a function
|
||
parameter, special template argument deduction
|
||
rules apply. Such a reference is called forwarding reference.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Defining a move constructor (a constructor taking
|
||
an rvalue reference to the class type) makes it
|
||
possible to move a value instead of copying it. If
|
||
<code>v1</code> is a <code>std::vector<std::string></code>,
|
||
for example, then <code>auto v2(std::move(v1))</code>
|
||
will probably just result in some simple pointer
|
||
manipulation instead of copying a large amount of data.
|
||
In many cases this can result in a major performance
|
||
improvement.</li>
|
||
|
||
<li>Rvalue references make it possible to implement
|
||
types that are movable but not copyable, which can be
|
||
useful for types that have no sensible definition of
|
||
copying but where you might still want to pass them as
|
||
function arguments, put them in containers, etc.</li>
|
||
|
||
<li><code>std::move</code> is necessary to make
|
||
effective use of some standard-library types, such as
|
||
<code>std::unique_ptr</code>.</li>
|
||
|
||
<li><a href="#Forwarding_references">Forwarding references</a> which
|
||
use the rvalue reference token, make it possible to write a
|
||
generic function wrapper that forwards its arguments to
|
||
another function, and works whether or not its
|
||
arguments are temporary objects and/or const.
|
||
This is called 'perfect forwarding'.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Rvalue references are not yet widely understood. Rules like reference
|
||
collapsing and the special deduction rule for forwarding references
|
||
are somewhat obscure.</li>
|
||
|
||
<li>Rvalue references are often misused. Using rvalue
|
||
references is counter-intuitive in signatures where the argument is expected
|
||
to have a valid specified state after the function call, or where no move
|
||
operation is performed.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Do not use rvalue references (or apply the <code>&&</code>
|
||
qualifier to methods), except as follows:</p>
|
||
<ul>
|
||
<li>You may use them to define move constructors and move assignment
|
||
operators (as described in
|
||
<a href="#Copyable_Movable_Types">Copyable and Movable Types</a>).
|
||
</li>
|
||
|
||
<li>You may use them to define <code>&&</code>-qualified methods that
|
||
logically "consume" <code>*this</code>, leaving it in an unusable
|
||
or empty state. Note that this applies only to method qualifiers (which come
|
||
after the closing parenthesis of the function signature); if you want to
|
||
"consume" an ordinary function parameter, prefer to pass it by value.</li>
|
||
|
||
<li>You may use forwarding references in conjunction with <code>
|
||
<a href="http://en.cppreference.com/w/cpp/utility/forward">std::forward</a></code>,
|
||
to support perfect forwarding.</li>
|
||
|
||
<li>You may use them to define pairs of overloads, such as one taking
|
||
<code>Foo&&</code> and the other taking <code>const Foo&</code>.
|
||
Usually the preferred solution is just to pass by value, but an overloaded
|
||
pair of functions sometimes yields better performance and is sometimes
|
||
necessary in generic code that needs to support a wide variety of types.
|
||
As always: if you're writing more complicated code for the sake of
|
||
performance, make sure you have evidence that it actually helps.</li>
|
||
</ul>
|
||
|
||
<h3 id="Friends">Friends</h3>
|
||
|
||
<p>We allow use of <code>friend</code> classes and functions,
|
||
within reason.</p>
|
||
|
||
<p>Friends should usually be defined in the same file so
|
||
that the reader does not have to look in another file to
|
||
find uses of the private members of a class. A common use
|
||
of <code>friend</code> is to have a
|
||
<code>FooBuilder</code> class be a friend of
|
||
<code>Foo</code> so that it can construct the inner state
|
||
of <code>Foo</code> correctly, without exposing this
|
||
state to the world. In some cases it may be useful to
|
||
make a unittest class a friend of the class it tests.</p>
|
||
|
||
<p>Friends extend, but do not break, the encapsulation
|
||
boundary of a class. In some cases this is better than
|
||
making a member public when you want to give only one
|
||
other class access to it. However, most classes should
|
||
interact with other classes solely through their public
|
||
members.</p>
|
||
|
||
<h3 id="Exceptions">Exceptions</h3>
|
||
|
||
<p>We do not use C++ exceptions.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Exceptions allow higher levels of an application to
|
||
decide how to handle "can't happen" failures in deeply
|
||
nested functions, without the obscuring and error-prone
|
||
bookkeeping of error codes.</li>
|
||
|
||
|
||
|
||
<div>
|
||
<li>Exceptions are used by most other
|
||
modern languages. Using them in C++ would make it more
|
||
consistent with Python, Java, and the C++ that others
|
||
are familiar with.</li>
|
||
</div>
|
||
|
||
<li>Some third-party C++ libraries use exceptions, and
|
||
turning them off internally makes it harder to
|
||
integrate with those libraries.</li>
|
||
|
||
<li>Exceptions are the only way for a constructor to
|
||
fail. We can simulate this with a factory function or
|
||
an <code>Init()</code> method, but these require heap
|
||
allocation or a new "invalid" state, respectively.</li>
|
||
|
||
<li>Exceptions are really handy in testing
|
||
frameworks.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>When you add a <code>throw</code> statement to an
|
||
existing function, you must examine all of its
|
||
transitive callers. Either they must make at least the
|
||
basic exception safety guarantee, or they must never
|
||
catch the exception and be happy with the program
|
||
terminating as a result. For instance, if
|
||
<code>f()</code> calls <code>g()</code> calls
|
||
<code>h()</code>, and <code>h</code> throws an
|
||
exception that <code>f</code> catches, <code>g</code>
|
||
has to be careful or it may not clean up properly.</li>
|
||
|
||
<li>More generally, exceptions make the control flow of
|
||
programs difficult to evaluate by looking at code:
|
||
functions may return in places you don't expect. This
|
||
causes maintainability and debugging difficulties. You
|
||
can minimize this cost via some rules on how and where
|
||
exceptions can be used, but at the cost of more that a
|
||
developer needs to know and understand.</li>
|
||
|
||
<li>Exception safety requires both RAII and different
|
||
coding practices. Lots of supporting machinery is
|
||
needed to make writing correct exception-safe code
|
||
easy. Further, to avoid requiring readers to understand
|
||
the entire call graph, exception-safe code must isolate
|
||
logic that writes to persistent state into a "commit"
|
||
phase. This will have both benefits and costs (perhaps
|
||
where you're forced to obfuscate code to isolate the
|
||
commit). Allowing exceptions would force us to always
|
||
pay those costs even when they're not worth it.</li>
|
||
|
||
<li>Turning on exceptions adds data to each binary
|
||
produced, increasing compile time (probably slightly)
|
||
and possibly increasing address space pressure.
|
||
</li>
|
||
|
||
<li>The availability of exceptions may encourage
|
||
developers to throw them when they are not appropriate
|
||
or recover from them when it's not safe to do so. For
|
||
example, invalid user input should not cause exceptions
|
||
to be thrown. We would need to make the style guide
|
||
even longer to document these restrictions!</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>On their face, the benefits of using exceptions
|
||
outweigh the costs, especially in new projects. However,
|
||
for existing code, the introduction of exceptions has
|
||
implications on all dependent code. If exceptions can be
|
||
propagated beyond a new project, it also becomes
|
||
problematic to integrate the new project into existing
|
||
exception-free code. Because most existing C++ code at
|
||
Google is not prepared to deal with exceptions, it is
|
||
comparatively difficult to adopt new code that generates
|
||
exceptions.</p>
|
||
|
||
<p>Given that Google's existing code is not
|
||
exception-tolerant, the costs of using exceptions are
|
||
somewhat greater than the costs in a new project. The
|
||
conversion process would be slow and error-prone. We
|
||
don't believe that the available alternatives to
|
||
exceptions, such as error codes and assertions, introduce
|
||
a significant burden. </p>
|
||
|
||
<p>Our advice against using exceptions is not predicated
|
||
on philosophical or moral grounds, but practical ones.
|
||
Because we'd like to use our open-source
|
||
projects at Google and it's difficult to do so if those
|
||
projects use exceptions, we need to advise against
|
||
exceptions in Google open-source projects as well.
|
||
Things would probably be different if we had to do it all
|
||
over again from scratch.</p>
|
||
|
||
<p>This prohibition also applies to the exception handling related
|
||
features added in C++11, such as
|
||
<code>std::exception_ptr</code> and
|
||
<code>std::nested_exception</code>.</p>
|
||
|
||
<p>There is an <a href="#Windows_Code">exception</a> to
|
||
this rule (no pun intended) for Windows code.</p>
|
||
|
||
<h3 id="noexcept"><code>noexcept</code></h3>
|
||
|
||
<p>Specify <code>noexcept</code> when it is useful and correct.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>The <code>noexcept</code> specifier is used to specify whether
|
||
a function will throw exceptions or not. If an exception
|
||
escapes from a function marked <code>noexcept</code>, the program
|
||
crashes via <code>std::terminate</code>.</p>
|
||
|
||
<p>The <code>noexcept</code> operator performs a compile-time
|
||
check that returns true if an expression is declared to not
|
||
throw any exceptions.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Specifying move constructors as <code>noexcept</code>
|
||
improves performance in some cases, e.g.,
|
||
<code>std::vector<T>::resize()</code> moves rather than
|
||
copies the objects if T's move constructor is
|
||
<code>noexcept</code>.</li>
|
||
|
||
<li>Specifying <code>noexcept</code> on a function can
|
||
trigger compiler optimizations in environments where
|
||
exceptions are enabled, e.g., compiler does not have to
|
||
generate extra code for stack-unwinding, if it knows
|
||
that no exceptions can be thrown due to a
|
||
<code>noexcept</code> specifier.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>
|
||
|
||
In projects following this guide
|
||
that have exceptions disabled it is hard
|
||
to ensure that <code>noexcept</code>
|
||
specifiers are correct, and hard to define what
|
||
correctness even means.</li>
|
||
|
||
<li>It's hard, if not impossible, to undo <code>noexcept</code>
|
||
because it eliminates a guarantee that callers may be relying
|
||
on, in ways that are hard to detect.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>You may use <code>noexcept</code> when it is useful for
|
||
performance if it accurately reflects the intended semantics
|
||
of your function, i.e., that if an exception is somehow thrown
|
||
from within the function body then it represents a fatal error.
|
||
You can assume that <code>noexcept</code> on move constructors
|
||
has a meaningful performance benefit. If you think
|
||
there is significant performance benefit from specifying
|
||
<code>noexcept</code> on some other function, please discuss it
|
||
with
|
||
your project leads.</p>
|
||
|
||
<p>Prefer unconditional <code>noexcept</code> if exceptions are
|
||
completely disabled (i.e., most Google C++ environments).
|
||
Otherwise, use conditional <code>noexcept</code> specifiers
|
||
with simple conditions, in ways that evaluate false only in
|
||
the few cases where the function could potentially throw.
|
||
The tests might include type traits check on whether the
|
||
involved operation might throw (e.g.,
|
||
<code>std::is_nothrow_move_constructible</code> for
|
||
move-constructing objects), or on whether allocation can throw
|
||
(e.g., <code>absl::default_allocator_is_nothrow</code> for
|
||
standard default allocation). Note in many cases the only
|
||
possible cause for an exception is allocation failure (we
|
||
believe move constructors should not throw except due to
|
||
allocation failure), and there are many applications where it’s
|
||
appropriate to treat memory exhaustion as a fatal error rather
|
||
than an exceptional condition that your program should attempt
|
||
to recover from. Even for other
|
||
potential failures you should prioritize interface simplicity
|
||
over supporting all possible exception throwing scenarios:
|
||
instead of writing a complicated <code>noexcept</code> clause
|
||
that depends on whether a hash function can throw, for example,
|
||
simply document that your component doesn’t support hash
|
||
functions throwing and make it unconditionally
|
||
<code>noexcept</code>.</p>
|
||
|
||
<h3 id="Run-Time_Type_Information__RTTI_">Run-Time Type
|
||
Information (RTTI)</h3>
|
||
|
||
<p>Avoid using run-time type information (RTTI).</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> RTTI allows a
|
||
programmer to query the C++ class of an object at
|
||
run-time. This is done by use of <code>typeid</code> or
|
||
<code>dynamic_cast</code>.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>The standard alternatives to RTTI (described below)
|
||
require modification or redesign of the class hierarchy
|
||
in question. Sometimes such modifications are infeasible
|
||
or undesirable, particularly in widely-used or mature
|
||
code.</p>
|
||
|
||
<p>RTTI can be useful in some unit tests. For example, it
|
||
is useful in tests of factory classes where the test has
|
||
to verify that a newly created object has the expected
|
||
dynamic type. It is also useful in managing the
|
||
relationship between objects and their mocks.</p>
|
||
|
||
<p>RTTI is useful when considering multiple abstract
|
||
objects. Consider</p>
|
||
|
||
<pre>bool Base::Equal(Base* other) = 0;
|
||
bool Derived::Equal(Base* other) {
|
||
Derived* that = dynamic_cast<Derived*>(other);
|
||
if (that == nullptr)
|
||
return false;
|
||
...
|
||
}
|
||
</pre>
|
||
|
||
<p class="cons"></p>
|
||
<p>Querying the type of an object at run-time frequently
|
||
means a design problem. Needing to know the type of an
|
||
object at runtime is often an indication that the design
|
||
of your class hierarchy is flawed.</p>
|
||
|
||
<p>Undisciplined use of RTTI makes code hard to maintain.
|
||
It can lead to type-based decision trees or switch
|
||
statements scattered throughout the code, all of which
|
||
must be examined when making further changes.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>RTTI has legitimate uses but is prone to abuse, so you
|
||
must be careful when using it. You may use it freely in
|
||
unittests, but avoid it when possible in other code. In
|
||
particular, think twice before using RTTI in new code. If
|
||
you find yourself needing to write code that behaves
|
||
differently based on the class of an object, consider one
|
||
of the following alternatives to querying the type:</p>
|
||
|
||
<ul>
|
||
<li>Virtual methods are the preferred way of executing
|
||
different code paths depending on a specific subclass
|
||
type. This puts the work within the object itself.</li>
|
||
|
||
<li>If the work belongs outside the object and instead
|
||
in some processing code, consider a double-dispatch
|
||
solution, such as the Visitor design pattern. This
|
||
allows a facility outside the object itself to
|
||
determine the type of class using the built-in type
|
||
system.</li>
|
||
</ul>
|
||
|
||
<p>When the logic of a program guarantees that a given
|
||
instance of a base class is in fact an instance of a
|
||
particular derived class, then a
|
||
<code>dynamic_cast</code> may be used freely on the
|
||
object. Usually one
|
||
can use a <code>static_cast</code> as an alternative in
|
||
such situations.</p>
|
||
|
||
<p>Decision trees based on type are a strong indication
|
||
that your code is on the wrong track.</p>
|
||
|
||
<pre class="badcode">if (typeid(*data) == typeid(D1)) {
|
||
...
|
||
} else if (typeid(*data) == typeid(D2)) {
|
||
...
|
||
} else if (typeid(*data) == typeid(D3)) {
|
||
...
|
||
</pre>
|
||
|
||
<p>Code such as this usually breaks when additional
|
||
subclasses are added to the class hierarchy. Moreover,
|
||
when properties of a subclass change, it is difficult to
|
||
find and modify all the affected code segments.</p>
|
||
|
||
<p>Do not hand-implement an RTTI-like workaround. The
|
||
arguments against RTTI apply just as much to workarounds
|
||
like class hierarchies with type tags. Moreover,
|
||
workarounds disguise your true intent.</p>
|
||
|
||
<h3 id="Casting">Casting</h3>
|
||
|
||
<p>Use C++-style casts
|
||
like <code>static_cast<float>(double_value)</code>, or brace
|
||
initialization for conversion of arithmetic types like
|
||
<code>int64 y = int64{1} << 42</code>. Do not use
|
||
cast formats like <code>(int)x</code> unless the cast is to
|
||
<code>void</code>. You may use cast formats like `T(x)` only when
|
||
`T` is a class type.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> C++ introduced a
|
||
different cast system from C that distinguishes the types
|
||
of cast operations.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>The problem with C casts is the ambiguity of the operation;
|
||
sometimes you are doing a <em>conversion</em>
|
||
(e.g., <code>(int)3.5</code>) and sometimes you are doing
|
||
a <em>cast</em> (e.g., <code>(int)"hello"</code>). Brace
|
||
initialization and C++ casts can often help avoid this
|
||
ambiguity. Additionally, C++ casts are more visible when searching for
|
||
them.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>The C++-style cast syntax is verbose and cumbersome.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>In general, do not use C-style casts. Instead, use these C++-style
|
||
casts when explicit type conversion is necessary.
|
||
</p>
|
||
|
||
<ul>
|
||
<li>Use brace initialization to convert arithmetic types
|
||
(e.g., <code>int64{x}</code>). This is the safest approach because code
|
||
will not compile if conversion can result in information loss. The
|
||
syntax is also concise.</li>
|
||
|
||
|
||
|
||
<li>Use <code>static_cast</code> as the equivalent of a C-style cast
|
||
that does value conversion, when you need to
|
||
explicitly up-cast a pointer from a class to its superclass, or when
|
||
you need to explicitly cast a pointer from a superclass to a
|
||
subclass. In this last case, you must be sure your object is
|
||
actually an instance of the subclass.</li>
|
||
|
||
|
||
|
||
<li>Use <code>const_cast</code> to remove the
|
||
<code>const</code> qualifier (see <a href="#Use_of_const">const</a>).</li>
|
||
|
||
<li>Use <code>reinterpret_cast</code> to do unsafe conversions of
|
||
pointer types to and from integer and other pointer
|
||
types,
|
||
including <code>void*</code>. Use this
|
||
only if you know what you are doing and you understand the aliasing
|
||
issues. Also, consider the alternative
|
||
<code>absl::bit_cast</code>.</li>
|
||
|
||
<li>Use <code>absl::bit_cast</code> to interpret the raw bits of a
|
||
value using a different type of the same size (a type pun), such as
|
||
interpreting the bits of a <code>double</code> as
|
||
<code>int64</code>.</li>
|
||
</ul>
|
||
|
||
<p>See the <a href="#Run-Time_Type_Information__RTTI_">
|
||
RTTI section</a> for guidance on the use of
|
||
<code>dynamic_cast</code>.</p>
|
||
|
||
<h3 id="Streams">Streams</h3>
|
||
|
||
<p>Use streams where appropriate, and stick to "simple"
|
||
usages. Overload <code><<</code> for streaming only for types
|
||
representing values, and write only the user-visible value, not any
|
||
implementation details.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>Streams are the standard I/O abstraction in C++, as
|
||
exemplified by the standard header <code><iostream></code>.
|
||
They are widely used in Google code, mostly for debug logging
|
||
and test diagnostics.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>The <code><<</code> and <code>>></code>
|
||
stream operators provide an API for formatted I/O that
|
||
is easily learned, portable, reusable, and extensible.
|
||
<code>printf</code>, by contrast, doesn't even support
|
||
<code>std::string</code>, to say nothing of user-defined types,
|
||
and is very difficult to use portably.
|
||
<code>printf</code> also obliges you to choose among the
|
||
numerous slightly different versions of that function,
|
||
and navigate the dozens of conversion specifiers.</p>
|
||
|
||
<p>Streams provide first-class support for console I/O
|
||
via <code>std::cin</code>, <code>std::cout</code>,
|
||
<code>std::cerr</code>, and <code>std::clog</code>.
|
||
The C APIs do as well, but are hampered by the need to
|
||
manually buffer the input. </p>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Stream formatting can be configured by mutating the
|
||
state of the stream. Such mutations are persistent, so
|
||
the behavior of your code can be affected by the entire
|
||
previous history of the stream, unless you go out of your
|
||
way to restore it to a known state every time other code
|
||
might have touched it. User code can not only modify the
|
||
built-in state, it can add new state variables and behaviors
|
||
through a registration system.</li>
|
||
|
||
<li>It is difficult to precisely control stream output, due
|
||
to the above issues, the way code and data are mixed in
|
||
streaming code, and the use of operator overloading (which
|
||
may select a different overload than you expect).</li>
|
||
|
||
<li>The practice of building up output through chains
|
||
of <code><<</code> operators interferes with
|
||
internationalization, because it bakes word order into the
|
||
code, and streams' support for localization is <a href="http://www.boost.org/doc/libs/1_48_0/libs/locale/doc/html/rationale.html#rationale_why">
|
||
flawed</a>.</li>
|
||
|
||
|
||
|
||
|
||
|
||
<li>The streams API is subtle and complex, so programmers must
|
||
develop experience with it in order to use it effectively.</li>
|
||
|
||
<li>Resolving the many overloads of <code><<</code> is
|
||
extremely costly for the compiler. When used pervasively in a
|
||
large code base, it can consume as much as 20% of the parsing
|
||
and semantic analysis time.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Use streams only when they are the best tool for the job.
|
||
This is typically the case when the I/O is ad-hoc, local,
|
||
human-readable, and targeted at other developers rather than
|
||
end-users. Be consistent with the code around you, and with the
|
||
codebase as a whole; if there's an established tool for
|
||
your problem, use that tool instead.
|
||
In particular,
|
||
|
||
logging libraries are usually a better
|
||
choice than <code>std::cerr</code> or <code>std::clog</code>
|
||
for diagnostic output, and the libraries in
|
||
|
||
<code>absl/strings</code>
|
||
or the equivalent are usually a
|
||
better choice than <code>std::stringstream</code>.</p>
|
||
|
||
<p>Avoid using streams for I/O that faces external users or
|
||
handles untrusted data. Instead, find and use the appropriate
|
||
templating libraries to handle issues like internationalization,
|
||
localization, and security hardening.</p>
|
||
|
||
<p>If you do use streams, avoid the stateful parts of the
|
||
streams API (other than error state), such as <code>imbue()</code>,
|
||
<code>xalloc()</code>, and <code>register_callback()</code>.
|
||
Use explicit formatting functions (see e.g.,
|
||
|
||
<code>absl/strings</code>)
|
||
rather than
|
||
stream manipulators or formatting flags to control formatting
|
||
details such as number base, precision, or padding.</p>
|
||
|
||
<p>Overload <code><<</code> as a streaming operator
|
||
for your type only if your type represents a value, and
|
||
<code><<</code> writes out a human-readable string
|
||
representation of that value. Avoid exposing implementation
|
||
details in the output of <code><<</code>; if you need to print
|
||
object internals for debugging, use named functions instead
|
||
(a method named <code>DebugString()</code> is the most common
|
||
convention).</p>
|
||
|
||
<h3 id="Preincrement_and_Predecrement">Preincrement and Predecrement</h3>
|
||
|
||
<p>Use the prefix form (<code>++i</code>) of the increment
|
||
and decrement operators unless you need postfix semantics.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> When a variable
|
||
is incremented (<code>++i</code> or <code>i++</code>) or
|
||
decremented (<code>--i</code> or <code>i--</code>) and
|
||
the value of the expression is not used, one must decide
|
||
whether to preincrement (decrement) or postincrement
|
||
(decrement).</p>
|
||
|
||
<p class="pros"></p>
|
||
|
||
<p>A postfix increment/decrement expression evaluates to the value
|
||
<i>as it was before it was modified</i>. This can result in code that is more
|
||
compact but harder to read. The prefix form is generally more readable, is
|
||
never less efficient, and can be more efficient because it doesn't need to
|
||
make a copy of the value as it was before the operation.
|
||
</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>The tradition developed, in C, of using post-increment, even
|
||
when the expression value is not used, especially in
|
||
<code>for</code> loops.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>Use prefix increment/decrement, unless the code explicitly
|
||
needs the result of the postfix increment/decrement expression.</p>
|
||
|
||
<h3 id="Use_of_const">Use of const</h3>
|
||
|
||
<p>In APIs, use <code>const</code> whenever it makes sense.
|
||
<code>constexpr</code> is a better choice for some uses of
|
||
const.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> Declared variables and parameters can be preceded
|
||
by the keyword <code>const</code> to indicate the variables
|
||
are not changed (e.g., <code>const int foo</code>). Class
|
||
functions can have the <code>const</code> qualifier to
|
||
indicate the function does not change the state of the
|
||
class member variables (e.g., <code>class Foo { int
|
||
Bar(char c) const; };</code>).</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Easier for people to understand how variables are being
|
||
used. Allows the compiler to do better type checking,
|
||
and, conceivably, generate better code. Helps people
|
||
convince themselves of program correctness because they
|
||
know the functions they call are limited in how they can
|
||
modify your variables. Helps people know what functions
|
||
are safe to use without locks in multi-threaded
|
||
programs.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p><code>const</code> is viral: if you pass a
|
||
<code>const</code> variable to a function, that function
|
||
must have <code>const</code> in its prototype (or the
|
||
variable will need a <code>const_cast</code>). This can
|
||
be a particular problem when calling library
|
||
functions.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>We strongly recommend using <code>const</code>
|
||
in APIs (i.e., on function parameters, methods, and
|
||
non-local variables) wherever it is meaningful and accurate. This
|
||
provides consistent, mostly compiler-verified documentation
|
||
of what objects an operation can mutate. Having
|
||
a consistent and reliable way to distinguish reads from writes
|
||
is critical to writing thread-safe code, and is useful in
|
||
many other contexts as well. In particular:</p>
|
||
|
||
<ul>
|
||
<li>If a function guarantees that it will not modify an argument
|
||
passed by reference or by pointer, the corresponding function parameter
|
||
should be a reference-to-const (<code>const T&</code>) or
|
||
pointer-to-const (<code>const T*</code>), respectively.</li>
|
||
|
||
<li>For a function parameter passed by value, <code>const</code> has
|
||
no effect on the caller, thus is not recommended in function
|
||
declarations. See
|
||
|
||
|
||
<a href="https://abseil.io/tips/109">TotW #109</a>.
|
||
|
||
|
||
</li><li>Declare methods to be <code>const</code> unless they
|
||
alter the logical state of the object (or enable the user to modify
|
||
that state, e.g., by returning a non-const reference, but that's
|
||
rare), or they can't safely be invoked concurrently.</li>
|
||
</ul>
|
||
|
||
<p>Using <code>const</code> on local variables is neither encouraged
|
||
nor discouraged.</p>
|
||
|
||
<p>All of a class's <code>const</code> operations should be safe
|
||
to invoke concurrently with each other. If that's not feasible, the class must
|
||
be clearly documented as "thread-unsafe".</p>
|
||
|
||
|
||
<h4>Where to put the const</h4>
|
||
|
||
<p>Some people favor the form <code>int const *foo</code>
|
||
to <code>const int* foo</code>. They argue that this is
|
||
more readable because it's more consistent: it keeps the
|
||
rule that <code>const</code> always follows the object
|
||
it's describing. However, this consistency argument
|
||
doesn't apply in codebases with few deeply-nested pointer
|
||
expressions since most <code>const</code> expressions
|
||
have only one <code>const</code>, and it applies to the
|
||
underlying value. In such cases, there's no consistency
|
||
to maintain. Putting the <code>const</code> first is
|
||
arguably more readable, since it follows English in
|
||
putting the "adjective" (<code>const</code>) before the
|
||
"noun" (<code>int</code>).</p>
|
||
|
||
<p>That said, while we encourage putting
|
||
<code>const</code> first, we do not require it. But be
|
||
consistent with the code around you!</p>
|
||
|
||
<h3 id="Use_of_constexpr">Use of constexpr</h3>
|
||
|
||
<p>Use <code>constexpr</code> to define true
|
||
constants or to ensure constant initialization.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> Some variables can be declared <code>constexpr</code>
|
||
to indicate the variables are true constants, i.e., fixed at
|
||
compilation/link time. Some functions and constructors
|
||
can be declared <code>constexpr</code> which enables them
|
||
to be used in defining a <code>constexpr</code>
|
||
variable.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Use of <code>constexpr</code> enables definition of
|
||
constants with floating-point expressions rather than
|
||
just literals; definition of constants of user-defined
|
||
types; and definition of constants with function
|
||
calls.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Prematurely marking something as constexpr may cause
|
||
migration problems if later on it has to be downgraded.
|
||
Current restrictions on what is allowed in constexpr
|
||
functions and constructors may invite obscure workarounds
|
||
in these definitions.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p><code>constexpr</code> definitions enable a more
|
||
robust specification of the constant parts of an
|
||
interface. Use <code>constexpr</code> to specify true
|
||
constants and the functions that support their
|
||
definitions. Avoid complexifying function definitions to
|
||
enable their use with <code>constexpr</code>. Do not use
|
||
<code>constexpr</code> to force inlining.</p>
|
||
|
||
<h3 id="Integer_Types">Integer Types</h3>
|
||
|
||
<p>Of the built-in C++ integer types, the only one used
|
||
is
|
||
<code>int</code>. If a program needs a variable of a
|
||
different size, use
|
||
a precise-width integer type from
|
||
<code><stdint.h></code>, such as
|
||
<code>int16_t</code>. If your variable represents a
|
||
value that could ever be greater than or equal to 2^31
|
||
(2GiB), use a 64-bit type such as
|
||
<code>int64_t</code>.
|
||
Keep in mind that even if your value won't ever be too large
|
||
for an <code>int</code>, it may be used in intermediate
|
||
calculations which may require a larger type. When in doubt,
|
||
choose a larger type.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> C++ does not specify the sizes of integer types
|
||
like <code>int</code>. Typically people assume
|
||
that <code>short</code> is 16 bits,
|
||
<code>int</code> is 32 bits, <code>long</code> is 32 bits
|
||
and <code>long long</code> is 64 bits.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Uniformity of declaration.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>The sizes of integral types in C++ can vary based on
|
||
compiler and architecture.</p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
<p>
|
||
<code><cstdint></code> defines types
|
||
like <code>int16_t</code>, <code>uint32_t</code>,
|
||
<code>int64_t</code>, etc. You should always use
|
||
those in preference to <code>short</code>, <code>unsigned
|
||
long long</code> and the like, when you need a guarantee
|
||
on the size of an integer. Of the C integer types, only
|
||
<code>int</code> should be used. When appropriate, you
|
||
are welcome to use standard types like
|
||
<code>size_t</code> and <code>ptrdiff_t</code>.</p>
|
||
|
||
<p>We use <code>int</code> very often, for integers we
|
||
know are not going to be too big, e.g., loop counters.
|
||
Use plain old <code>int</code> for such things. You
|
||
should assume that an <code>int</code> is
|
||
|
||
at least 32 bits, but don't
|
||
assume that it has more than 32 bits. If you need a 64-bit
|
||
integer type, use
|
||
<code>int64_t</code>
|
||
or
|
||
<code>uint64_t</code>.</p>
|
||
|
||
<p>For integers we know can be "big",
|
||
use
|
||
<code>int64_t</code>.
|
||
</p>
|
||
|
||
<p>You should not use the unsigned integer types such as
|
||
|
||
<code>uint32_t</code>, unless there is a valid
|
||
reason such as representing a bit pattern rather than a
|
||
number, or you need defined overflow modulo 2^N. In
|
||
particular, do not use unsigned types to say a number
|
||
will never be negative. Instead, use
|
||
|
||
assertions for this.</p>
|
||
|
||
|
||
|
||
<p>If your code is a container that returns a size, be
|
||
sure to use a type that will accommodate any possible
|
||
usage of your container. When in doubt, use a larger type
|
||
rather than a smaller type.</p>
|
||
|
||
<p>Use care when converting integer types. Integer conversions and
|
||
promotions can cause undefined behavior, leading to security bugs and
|
||
other problems.</p>
|
||
|
||
<h4>On Unsigned Integers</h4>
|
||
|
||
<p>Unsigned integers are good for representing bitfields and modular
|
||
arithmetic. Because of historical accident, the C++ standard also uses
|
||
unsigned integers to represent the size of containers - many members
|
||
of the standards body believe this to be a mistake, but it is
|
||
effectively impossible to fix at this point. The fact that unsigned
|
||
arithmetic doesn't model the behavior of a simple integer, but is
|
||
instead defined by the standard to model modular arithmetic (wrapping
|
||
around on overflow/underflow), means that a significant class of bugs
|
||
cannot be diagnosed by the compiler. In other cases, the defined
|
||
behavior impedes optimization.</p>
|
||
|
||
<p>That said, mixing signedness of integer types is responsible for an
|
||
equally large class of problems. The best advice we can provide: try
|
||
to use iterators and containers rather than pointers and sizes, try
|
||
not to mix signedness, and try to avoid unsigned types (except for
|
||
representing bitfields or modular arithmetic). Do not use an unsigned
|
||
type merely to assert that a variable is non-negative.</p>
|
||
|
||
<h3 id="64-bit_Portability">64-bit Portability</h3>
|
||
|
||
<p>Code should be 64-bit and 32-bit friendly. Bear in mind
|
||
problems of printing, comparisons, and structure alignment.</p>
|
||
|
||
<ul>
|
||
<li>
|
||
<p>Correct portable <code>printf()</code> conversion specifiers for
|
||
some integral typedefs rely on macro expansions that we find unpleasant to
|
||
use and impractical to require (the <code>PRI</code> macros from
|
||
<code><cinttypes></code>). Unless there is no reasonable alternative
|
||
for your particular case, try to avoid or even upgrade APIs that rely on the
|
||
<code>printf</code> family. Instead use a library supporting typesafe numeric
|
||
formatting, such as
|
||
|
||
|
||
<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/str_cat.h"><code>StrCat</code></a>
|
||
|
||
or
|
||
|
||
|
||
<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/substitute.h"><code>Substitute</code></a>
|
||
|
||
for fast simple conversions,
|
||
|
||
or <a href="#Streams"><code>std::ostream</code></a>.</p>
|
||
|
||
<p>Unfortunately, the <code>PRI</code> macros are the only portable way to
|
||
specify a conversion for the standard bitwidth typedefs (e.g.,
|
||
<code>int64_t</code>, <code>uint64_t</code>, <code>int32_t</code>,
|
||
<code>uint32_t</code>, etc).
|
||
|
||
Where possible, avoid passing arguments of types specified by bitwidth
|
||
typedefs to <code>printf</code>-based APIs. Note that it is acceptable
|
||
to use typedefs for which printf has dedicated length modifiers, such as
|
||
<code>size_t</code> (<code>z</code>),
|
||
<code>ptrdiff_t</code> (<code>t</code>), and
|
||
<code>maxint_t</code> (<code>j</code>).</p>
|
||
</li>
|
||
|
||
<li>Remember that <code>sizeof(void *)</code> !=
|
||
<code>sizeof(int)</code>. Use <code>intptr_t</code> if
|
||
you want a pointer-sized integer.</li>
|
||
|
||
<li>You may need to be careful with structure
|
||
alignments, particularly for structures being stored on
|
||
disk. Any class/structure with a
|
||
<code>int64_t</code>/<code>uint64_t</code>
|
||
member will by default end up being 8-byte aligned on a
|
||
64-bit system. If you have such structures being shared
|
||
on disk between 32-bit and 64-bit code, you will need
|
||
to ensure that they are packed the same on both
|
||
architectures.
|
||
Most compilers offer a way to
|
||
alter structure alignment. For gcc, you can use
|
||
<code>__attribute__((packed))</code>. MSVC offers
|
||
<code>#pragma pack()</code> and
|
||
<code>__declspec(align())</code>.</li>
|
||
|
||
<li>
|
||
<p>Use <a href="#Casting">braced-initialization</a> as needed to create
|
||
64-bit constants. For example:</p>
|
||
|
||
|
||
<div>
|
||
<pre>int64_t my_value{0x123456789};
|
||
uint64_t my_mask{3ULL << 48};
|
||
</pre>
|
||
</div>
|
||
</li>
|
||
</ul>
|
||
|
||
<h3 id="Preprocessor_Macros">Preprocessor Macros</h3>
|
||
|
||
<p>Avoid defining macros, especially in headers; prefer
|
||
inline functions, enums, and <code>const</code> variables.
|
||
Name macros with a project-specific prefix. Do not use
|
||
macros to define pieces of a C++ API.</p>
|
||
|
||
<p>Macros mean that the code you see is not the same as
|
||
the code the compiler sees. This can introduce unexpected
|
||
behavior, especially since macros have global scope.</p>
|
||
|
||
<p>The problems introduced by macros are especially severe
|
||
when they are used to define pieces of a C++ API,
|
||
and still more so for public APIs. Every error message from
|
||
the compiler when developers incorrectly use that interface
|
||
now must explain how the macros formed the interface.
|
||
Refactoring and analysis tools have a dramatically harder
|
||
time updating the interface. As a consequence, we
|
||
specifically disallow using macros in this way.
|
||
For example, avoid patterns like:</p>
|
||
|
||
<pre class="badcode">class WOMBAT_TYPE(Foo) {
|
||
// ...
|
||
|
||
public:
|
||
EXPAND_PUBLIC_WOMBAT_API(Foo)
|
||
|
||
EXPAND_WOMBAT_COMPARISONS(Foo, ==, <)
|
||
};
|
||
</pre>
|
||
|
||
<p>Luckily, macros are not nearly as necessary in C++ as
|
||
they are in C. Instead of using a macro to inline
|
||
performance-critical code, use an inline function.
|
||
Instead of using a macro to store a constant, use a
|
||
<code>const</code> variable. Instead of using a macro to
|
||
"abbreviate" a long variable name, use a reference.
|
||
Instead of using a macro to conditionally compile code
|
||
... well, don't do that at all (except, of course, for
|
||
the <code>#define</code> guards to prevent double
|
||
inclusion of header files). It makes testing much more
|
||
difficult.</p>
|
||
|
||
<p>Macros can do things these other techniques cannot,
|
||
and you do see them in the codebase, especially in the
|
||
lower-level libraries. And some of their special features
|
||
(like stringifying, concatenation, and so forth) are not
|
||
available through the language proper. But before using a
|
||
macro, consider carefully whether there's a non-macro way
|
||
to achieve the same result. If you need to use a macro to
|
||
define an interface, contact
|
||
your project leads to request
|
||
a waiver of this rule.</p>
|
||
|
||
<p>The following usage pattern will avoid many problems
|
||
with macros; if you use macros, follow it whenever
|
||
possible:</p>
|
||
|
||
<ul>
|
||
<li>Don't define macros in a <code>.h</code> file.</li>
|
||
|
||
<li><code>#define</code> macros right before you use
|
||
them, and <code>#undef</code> them right after.</li>
|
||
|
||
<li>Do not just <code>#undef</code> an existing macro
|
||
before replacing it with your own; instead, pick a name
|
||
that's likely to be unique.</li>
|
||
|
||
<li>Try not to use macros that expand to unbalanced C++
|
||
constructs, or at least document that behavior
|
||
well.</li>
|
||
|
||
<li>Prefer not using <code>##</code> to generate
|
||
function/class/variable names.</li>
|
||
</ul>
|
||
|
||
<p>Exporting macros from headers (i.e., defining them in a header
|
||
without <code>#undef</code>ing them before the end of the header)
|
||
is extremely strongly discouraged. If you do export a macro from a
|
||
header, it must have a globally unique name. To achieve this, it
|
||
must be named with a prefix consisting of your project's namespace
|
||
name (but upper case). </p>
|
||
|
||
<h3 id="0_and_nullptr/NULL">0 and nullptr/NULL</h3>
|
||
|
||
<p>Use <code>nullptr</code> for pointers, and <code>'\0'</code> for chars (and
|
||
not the <code>0</code> literal).</p>
|
||
|
||
<p>For pointers (address values), use <code>nullptr</code>, as this
|
||
provides type-safety.</p>
|
||
|
||
<p>For C++03 projects, prefer <code>NULL</code> to <code>0</code>. While the
|
||
values are equivalent, <code>NULL</code> looks more like a pointer to the
|
||
reader, and some C++ compilers provide special definitions of <code>NULL</code>
|
||
which enable them to give useful warnings. Never use <code>NULL</code> for
|
||
numeric (integer or floating-point) values.</p>
|
||
|
||
<p>Use <code>'\0'</code> for the null character. Using the correct type makes
|
||
the code more readable.</p>
|
||
|
||
<h3 id="sizeof">sizeof</h3>
|
||
|
||
<p>Prefer <code>sizeof(<var>varname</var>)</code> to
|
||
<code>sizeof(<var>type</var>)</code>.</p>
|
||
|
||
<p>Use <code>sizeof(<var>varname</var>)</code> when you
|
||
take the size of a particular variable.
|
||
<code>sizeof(<var>varname</var>)</code> will update
|
||
appropriately if someone changes the variable type either
|
||
now or later. You may use
|
||
<code>sizeof(<var>type</var>)</code> for code unrelated
|
||
to any particular variable, such as code that manages an
|
||
external or internal data format where a variable of an
|
||
appropriate C++ type is not convenient.</p>
|
||
|
||
<pre>MyStruct data;
|
||
memset(&data, 0, sizeof(data));
|
||
</pre>
|
||
|
||
<pre class="badcode">memset(&data, 0, sizeof(MyStruct));
|
||
</pre>
|
||
|
||
<pre>if (raw_size < sizeof(int)) {
|
||
LOG(ERROR) << "compressed record not big enough for count: " << raw_size;
|
||
return false;
|
||
}
|
||
</pre>
|
||
|
||
<a id="auto"></a>
|
||
<h3 id="Type_deduction">Type Deduction (including auto)</h3>
|
||
|
||
<p>Use type deduction only if it makes the code clearer to readers who aren't
|
||
familiar with the project, or if it makes the code safer. Do not use it
|
||
merely to avoid the inconvenience of writing an explicit type.</p>
|
||
|
||
<p class="definition"></p>
|
||
|
||
<p>There are several contexts in which C++ allows (or even requires) types to
|
||
be deduced by the compiler, rather than spelled out explicitly in the code:</p>
|
||
<dl>
|
||
<dt><a href="https://en.cppreference.com/w/cpp/language/template_argument_deduction">Function template argument deduction</a></dt>
|
||
<dd>A function template can be invoked without explicit template arguments.
|
||
The compiler deduces those arguments from the types of the function
|
||
arguments:
|
||
<pre class="neutralcode">template <typename T>
|
||
void f(T t);
|
||
|
||
f(0); // Invokes f<int>(0)</pre>
|
||
</dd>
|
||
<dt><a href="https://en.cppreference.com/w/cpp/language/auto"><code>auto</code> variable declarations</a></dt>
|
||
<dd>A variable declaration can use the <code>auto</code> keyword in place
|
||
of the type. The compiler deduces the type from the variable's
|
||
initializer, following the same rules as function template argument
|
||
deduction with the same initializer (so long as you don't use curly braces
|
||
instead of parentheses).
|
||
<pre class="neutralcode">auto a = 42; // a is an int
|
||
auto& b = a; // b is an int&
|
||
auto c = b; // c is an int
|
||
auto d{42}; // d is an int, not a std::initializer_list<int>
|
||
</pre>
|
||
<code>auto</code> can be qualified with <code>const</code>, and can be
|
||
used as part of a pointer or reference type, but it can't be used as a
|
||
template argument. A rare variant of this syntax uses
|
||
<code>decltype(auto)</code> instead of <code>auto</code>, in which case
|
||
the deduced type is the result of applying
|
||
<a href="https://en.cppreference.com/w/cpp/language/decltype"><code>decltype</code></a>
|
||
to the initializer.
|
||
</dd>
|
||
<dt><a href="https://en.cppreference.com/w/cpp/language/function#Return_type_deduction">Function return type deduction</a></dt>
|
||
<dd><code>auto</code> (and <code>decltype(auto)</code>) can also be used in
|
||
place of a function return type. The compiler deduces the return type from
|
||
the <code>return</code> statements in the function body, following the same
|
||
rules as for variable declarations:
|
||
<pre class="neutralcode">auto f() { return 0; } // The return type of f is int</pre>
|
||
<a href="#Lambda_expressions">Lambda expression</a> return types can be
|
||
deduced in the same way, but this is triggered by omitting the return type,
|
||
rather than by an explicit <code>auto</code>. Confusingly,
|
||
<a href="#trailing_return">trailing return type</a> syntax for functions
|
||
also uses <code>auto</code> in the return-type position, but that doesn't
|
||
rely on type deduction; it's just an alternate syntax for an explicit
|
||
return type.
|
||
</dd>
|
||
<dt><a href="https://isocpp.org/wiki/faq/cpp14-language#generic-lambdas">Generic lambdas</a></dt>
|
||
<dd>A lambda expression can use the <code>auto</code> keyword in place of
|
||
one or more of its parameter types. This causes the lambda's call operator
|
||
to be a function template instead of an ordinary function, with a separate
|
||
template parameter for each <code>auto</code> function parameter:
|
||
<pre class="neutralcode">// Sort `vec` in decreasing order
|
||
std::sort(vec.begin(), vec.end(), [](auto lhs, auto rhs) { return lhs > rhs; });</pre>
|
||
</dd>
|
||
<dt><a href="https://isocpp.org/wiki/faq/cpp14-language#lambda-captures">Lambda init captures</a></dt>
|
||
<dd>Lambda captures can have explicit initializers, which can be used to
|
||
declare wholly new variables rather than only capturing existing ones:
|
||
<pre class="neutralcode">[x = 42, y = "foo"] { ... } // x is an int, and y is a const char*</pre>
|
||
This syntax doesn't allow the type to be specified; instead, it's deduced
|
||
using the rules for <code>auto</code> variables.
|
||
</dd>
|
||
<dt><a href="https://en.cppreference.com/w/cpp/language/class_template_argument_deduction">Class template argument deduction</a></dt>
|
||
<dd>See <a href="#CTAD">below</a>.</dd>
|
||
<dt><a href="https://en.cppreference.com/w/cpp/language/structured_binding">Structured bindings</a></dt>
|
||
<dd>When declaring a tuple, struct, or array using <code>auto</code>, you can
|
||
specify names for the individual elements instead of a name for the whole
|
||
object; these names are called "structured bindings", and the whole
|
||
declaration is called a "structured binding declaration". This syntax
|
||
provides no way of specifying the type of either the enclosing object
|
||
or the individual names:
|
||
<pre class="neutralcode">auto [iter, success] = my_map.insert({key, value});
|
||
if (!success) {
|
||
iter->second = value;
|
||
}</pre>
|
||
The <code>auto</code> can also be qualified with <code>const</code>,
|
||
<code>&</code>, and <code>&&</code>, but note that these qualifiers
|
||
technically apply to the anonymous tuple/struct/array, rather than the
|
||
individual bindings. The rules that determine the types of the bindings
|
||
are quite complex; the results tend to be unsurprising, except that
|
||
the binding types typically won't be references even if the declaration
|
||
declares a reference (but they will usually behave like references anyway).
|
||
</dd>
|
||
</dl>
|
||
|
||
<p>(These summaries omit many details and caveats; see the links for further
|
||
information.)</p>
|
||
|
||
<p class="pros"></p>
|
||
|
||
<ul>
|
||
<li>C++ type names can be long and cumbersome, especially when they
|
||
involve templates or namespaces.</li>
|
||
<li>When a C++ type name is repeated within a single declaration or a
|
||
small code region, the repetition may not be aiding readability.</li>
|
||
<li>It is sometimes safer to let the type be deduced, since that avoids
|
||
the possibility of unintended copies or type conversions.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<p>C++ code is usually clearer when types are explicit,
|
||
especially when type deduction would depend on information from
|
||
distant parts of the code. In expressions like:</p>
|
||
|
||
<pre class="badcode">auto foo = x.add_foo();
|
||
auto i = y.Find(key);
|
||
</pre>
|
||
|
||
<p>it may not be obvious what the resulting types are if the type
|
||
of <code>y</code> isn't very well known, or if <code>y</code> was
|
||
declared many lines earlier.</p>
|
||
|
||
<p>Programmers have to understand when type deduction will or won't
|
||
produce a reference type, or they'll get copies when they didn't
|
||
mean to.</p>
|
||
|
||
<p>If a deduced type is used as part of an interface, then a
|
||
programmer might change its type while only intending to
|
||
change its value, leading to a more radical API change
|
||
than intended.</p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
<p>The fundamental rule is: use type deduction only to make the code
|
||
clearer or safer, and do not use it merely to avoid the
|
||
inconvenience of writing an explicit type. When judging whether the
|
||
code is clearer, keep in mind that your readers are not necessarily
|
||
on your team, or familiar with your project, so types that you and
|
||
your reviewer experience as unnecessary clutter will very often
|
||
provide useful information to others. For example, you can assume that
|
||
the return type of <code>make_unique<Foo>()</code> is obvious,
|
||
but the return type of <code>MyWidgetFactory()</code> probably isn't.</p>
|
||
|
||
<p>These principles apply to all forms of type deduction, but the
|
||
details vary, as described in the following sections.</p>
|
||
|
||
<h4>Function template argument deduction</h4>
|
||
|
||
<p>Function template argument deduction is almost always OK. Type deduction
|
||
is the expected default way of interacting with function templates,
|
||
because it allows function templates to act like infinite sets of ordinary
|
||
function overloads. Consequently, function templates are almost always
|
||
designed so that template argument deduction is clear and safe, or
|
||
doesn't compile.</p>
|
||
|
||
<h4>Local variable type deduction</h4>
|
||
|
||
<p>For local variables, you can use type deduction to make the code clearer
|
||
by eliminating type information that is obvious or irrelevant, so that
|
||
the reader can focus on the meaningful parts of the code:</p>
|
||
<pre class="neutralcode">std::unique_ptr<WidgetWithBellsAndWhistles> widget_ptr =
|
||
absl::make_unique<WidgetWithBellsAndWhistles>(arg1, arg2);
|
||
absl::flat_hash_map<std::string,
|
||
std::unique_ptr<WidgetWithBellsAndWhistles>>::const_iterator
|
||
it = my_map_.find(key);
|
||
std::array<int, 6> numbers = {4, 8, 15, 16, 23, 42};</pre>
|
||
|
||
<pre class="goodcode">auto widget_ptr = absl::make_unique<WidgetWithBellsAndWhistles>(arg1, arg2);
|
||
auto it = my_map_.find(key);
|
||
std::array numbers = {4, 8, 15, 16, 23, 42};</pre>
|
||
|
||
<p>Types sometimes contain a mixture of useful information and boilerplate,
|
||
such as <code>it</code> in the example above: it's obvious that the
|
||
type is an iterator, and in many contexts the container type and even the
|
||
key type aren't relevant, but the type of the values is probably useful.
|
||
In such situations, it's often possible to define local variables with
|
||
explicit types that convey the relevant information:</p>
|
||
<pre class="goodcode">if (auto it = my_map_.find(key); it != my_map_.end()) {
|
||
WidgetWithBellsAndWhistles& widget = *it->second;
|
||
// Do stuff with `widget`
|
||
}</pre>
|
||
<p>If the type is a template instance, and the parameters are
|
||
boilerplate but the template itself is informative, you can use
|
||
class template argument deduction to suppress the boilerplate. However,
|
||
cases where this actually provides a meaningful benefit are quite rare.
|
||
Note that class template argument deduction is also subject to a
|
||
<a href="#CTAD">separate style rule</a>.</p>
|
||
|
||
<p>Do not use <code>decltype(auto)</code> if a simpler option will work,
|
||
because it's a fairly obscure feature, so it has a high cost in code
|
||
clarity.</p>
|
||
|
||
<h4>Return type deduction</h4>
|
||
|
||
<p>Use return type deduction (for both functions and lambdas) only if the
|
||
function body has a very small number of <code>return</code> statements,
|
||
and very little other code, because otherwise the reader may not be able
|
||
to tell at a glance what the return type is. Furthermore, use it only
|
||
if the function or lambda has a very narrow scope, because functions with
|
||
deduced return types don't define abstraction boundaries: the implementation
|
||
<em>is</em> the interface. In particular, public functions in header files
|
||
should almost never have deduced return types.</p>
|
||
|
||
<h4>Parameter type deduction</h4>
|
||
|
||
<p><code>auto</code> parameter types for lambdas should be used with caution,
|
||
because the actual type is determined by the code that calls the lambda,
|
||
rather than by the definition of the lambda. Consequently, an explicit
|
||
type will almost always be clearer unless the lambda is explicitly called
|
||
very close to where it's defined (so that the reader can easily see both),
|
||
or the lambda is passed to an interface so well-known that it's
|
||
obvious what arguments it will eventually be called with (e.g.,
|
||
the <code>std::sort</code> example above).</p>
|
||
|
||
<h4>Lambda init captures</h4>
|
||
|
||
<p>Init captures are covered by a <a href="#Lambda_expressions">more specific
|
||
style rule</a>, which largely supersedes the general rules for
|
||
type deduction.</p>
|
||
|
||
<h4>Structured bindings</h4>
|
||
|
||
<p>Unlike other forms of type deduction, structured bindings can actually
|
||
give the reader additional information, by giving meaningful names to the
|
||
elements of a larger object. This means that a structured binding declaration
|
||
may provide a net readability improvement over an explicit type, even in cases
|
||
where <code>auto</code> would not. Structured bindings are especially
|
||
beneficial when the object is a pair or tuple (as in the <code>insert</code>
|
||
example above), because they don't have meaningful field names to begin with,
|
||
but note that you generally <a href="#Structs_vs._Tuples">shouldn't use
|
||
pairs or tuples</a> unless a pre-existing API like <code>insert</code>
|
||
forces you to.</p>
|
||
|
||
<p>If the object being bound is a struct, it may sometimes be helpful to
|
||
provide names that are more specific to your usage, but keep in mind that
|
||
this may also mean the names are less recognizable to your reader than the
|
||
field names. We recommend using a comment to indicate the name of the
|
||
underlying field, if it doesn't match the name of the binding, using the
|
||
same syntax as for function parameter comments:</p>
|
||
<pre>auto [/*field_name1=*/ bound_name1, /*field_name2=*/ bound_name2] = ...</pre>
|
||
<p>As with function parameter comments, this can enable tools to detect if
|
||
you get the order of the fields wrong.</p>
|
||
|
||
<h3 id="CTAD">Class Template Argument Deduction</h3>
|
||
|
||
<p>Use class template argument deduction only with templates that have
|
||
explicitly opted into supporting it.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p><a href="https://en.cppreference.com/w/cpp/language/class_template_argument_deduction">Class
|
||
template argument deduction</a> (often abbreviated "CTAD") occurs when
|
||
a variable is declared with a type that names a template, and the template
|
||
argument list is not provided (not even empty angle brackets):</p>
|
||
<pre class="neutralcode">std::array a = {1, 2, 3}; // `a` is a std::array<int, 3></pre>
|
||
<p>The compiler deduces the arguments from the initializer using the
|
||
template's "deduction guides", which can be explicit or implicit.</p>
|
||
|
||
<p>Explicit deduction guides look like function declarations with trailing
|
||
return types, except that there's no leading <code>auto</code>, and the
|
||
function name is the name of the template. For example, the above example
|
||
relies on this deduction guide for <code>std::array</code>:</p>
|
||
<pre class="neutralcode">namespace std {
|
||
template <class T, class... U>
|
||
array(T, U...) -> std::array<T, 1 + sizeof...(U)>;
|
||
}</pre>
|
||
<p>Constructors in a primary template (as opposed to a template specialization)
|
||
also implicitly define deduction guides.</p>
|
||
|
||
<p>When you declare a variable that relies on CTAD, the compiler selects
|
||
a deduction guide using the rules of constructor overload resolution,
|
||
and that guide's return type becomes the type of the variable.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>CTAD can sometimes allow you to omit boilerplate from your code.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>The implicit deduction guides that are generated from constructors
|
||
may have undesirable behavior, or be outright incorrect. This is
|
||
particularly problematic for constructors written before CTAD was
|
||
introduced in C++17, because the authors of those constructors had no
|
||
way of knowing about (much less fixing) any problems that their
|
||
constructors would cause for CTAD. Furthermore, adding explicit deduction
|
||
guides to fix those problems might break any existing code that relies on
|
||
the implicit deduction guides.</p>
|
||
|
||
<p>CTAD also suffers from many of the same drawbacks as <code>auto</code>,
|
||
because they are both mechanisms for deducing all or part of a variable's
|
||
type from its initializer. CTAD does give the reader more information
|
||
than <code>auto</code>, but it also doesn't give the reader an obvious
|
||
cue that information has been omitted.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>Do not use CTAD with a given template unless the template's maintainers
|
||
have opted into supporting use of CTAD by providing at least one explicit
|
||
deduction guide (all templates in the <code>std</code> namespace are
|
||
also presumed to have opted in). This should be enforced with a compiler
|
||
warning if available.</p>
|
||
|
||
<p>Uses of CTAD must also follow the general rules on
|
||
<a href="#Type_deduction">Type deduction</a>.</p>
|
||
|
||
<h3 id="Designated_initializers">Designated Initializers</h3>
|
||
|
||
<p>Use designated initializers only in their C++20-compliant form.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p><a href="https://en.cppreference.com/w/cpp/language/aggregate_initialization#Designated_initializers">
|
||
Designated initializers</a> are a syntax that allows for initializing an
|
||
aggregate ("plain old struct") by naming its fields explicitly:</p>
|
||
<pre class="neutralcode"> struct Point {
|
||
float x = 0.0;
|
||
float y = 0.0;
|
||
float z = 0.0;
|
||
};
|
||
|
||
Point p = {
|
||
.x = 1.0,
|
||
.y = 2.0,
|
||
// z will be 0.0
|
||
};</pre>
|
||
<p>The explicitly listed fields will be initialized as specified, and others
|
||
will be initialized in the same way they would be in a traditional aggregate
|
||
initialization expression like <code>Point{1.0, 2.0}</code>.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Designated initializers can make for convenient and highly readable
|
||
aggregate expressions, especially for structs with less straightforward
|
||
ordering of fields than the <code>Point</code> example above.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>While designated initializers have long been part of the C standard and
|
||
supported by C++ compilers as an extension, only recently have they made it
|
||
into the draft C++ standard. They are on track for publishing in C++20.</p>
|
||
|
||
<p>The rules in the draft C++ standard are stricter than in C and compiler
|
||
extensions, requiring that the designated initializers appear in the same order
|
||
as the fields appear in the struct definition. So in the example above it is
|
||
legal according to draft C++20 to initialize <code>x</code> and then
|
||
<code>z</code>, but not <code>y</code> and then <code>x</code>.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>Use designated initializers only in the form that is compatible with the
|
||
draft C++20 standard: with initializers in the same order as the corresponding
|
||
fields appear in the struct definition.</p>
|
||
|
||
|
||
|
||
<h3 id="Lambda_expressions">Lambda Expressions</h3>
|
||
|
||
<p>Use lambda expressions where appropriate. Prefer explicit captures
|
||
when the lambda will escape the current scope.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> Lambda expressions are a concise way of creating anonymous
|
||
function objects. They're often useful when passing
|
||
functions as arguments. For example:</p>
|
||
|
||
<pre>std::sort(v.begin(), v.end(), [](int x, int y) {
|
||
return Weight(x) < Weight(y);
|
||
});
|
||
</pre>
|
||
|
||
<p> They further allow capturing variables from the enclosing scope either
|
||
explicitly by name, or implicitly using a default capture. Explicit captures
|
||
require each variable to be listed, as
|
||
either a value or reference capture:</p>
|
||
|
||
<pre>int weight = 3;
|
||
int sum = 0;
|
||
// Captures `weight` by value and `sum` by reference.
|
||
std::for_each(v.begin(), v.end(), [weight, &sum](int x) {
|
||
sum += weight * x;
|
||
});
|
||
</pre>
|
||
|
||
|
||
<p>Default captures implicitly capture any variable referenced in the
|
||
lambda body, including <code>this</code> if any members are used:</p>
|
||
|
||
<pre>const std::vector<int> lookup_table = ...;
|
||
std::vector<int> indices = ...;
|
||
// Captures `lookup_table` by reference, sorts `indices` by the value
|
||
// of the associated element in `lookup_table`.
|
||
std::sort(indices.begin(), indices.end(), [&](int a, int b) {
|
||
return lookup_table[a] < lookup_table[b];
|
||
});
|
||
</pre>
|
||
|
||
<p>A variable capture can also have an explicit initializer, which can
|
||
be used for capturing move-only variables by value, or for other situations
|
||
not handled by ordinary reference or value captures:</p>
|
||
<pre>std::unique_ptr<Foo> foo = ...;
|
||
[foo = std::move(foo)] () {
|
||
...
|
||
}</pre>
|
||
<p>Such captures (often called "init captures" or "generalized lambda captures")
|
||
need not actually "capture" anything from the enclosing scope, or even have
|
||
a name from the enclosing scope; this syntax is a fully general way to define
|
||
members of a lambda object:</p>
|
||
<pre class="neutralcode">[foo = std::vector<int>({1, 2, 3})] () {
|
||
...
|
||
}</pre>
|
||
<p>The type of a capture with an initializer is deduced using the same rules
|
||
as <code>auto</code>.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Lambdas are much more concise than other ways of
|
||
defining function objects to be passed to STL
|
||
algorithms, which can be a readability
|
||
improvement.</li>
|
||
|
||
<li>Appropriate use of default captures can remove
|
||
redundancy and highlight important exceptions from
|
||
the default.</li>
|
||
|
||
<li>Lambdas, <code>std::function</code>, and
|
||
<code>std::bind</code> can be used in combination as a
|
||
general purpose callback mechanism; they make it easy
|
||
to write functions that take bound functions as
|
||
arguments.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Variable capture in lambdas can be a source of dangling-pointer
|
||
bugs, particularly if a lambda escapes the current scope.</li>
|
||
|
||
<li>Default captures by value can be misleading because they do not prevent
|
||
dangling-pointer bugs. Capturing a pointer by value doesn't cause a deep
|
||
copy, so it often has the same lifetime issues as capture by reference.
|
||
This is especially confusing when capturing 'this' by value, since the use
|
||
of 'this' is often implicit.</li>
|
||
|
||
<li>Captures actually declare new variables (whether or not the captures have
|
||
initializers), but they look nothing like any other variable declaration
|
||
syntax in C++. In particular, there's no place for the variable's type,
|
||
or even an <code>auto</code> placeholder (although init captures can
|
||
indicate it indirectly, e.g., with a cast). This can make it difficult to
|
||
even recognize them as declarations.</li>
|
||
|
||
<li>Init captures inherently rely on <a href="#Type_deduction">type
|
||
deduction</a>, and suffer from many of the same drawbacks as
|
||
<code>auto</code>, with the additional problem that the syntax doesn't
|
||
even cue the reader that deduction is taking place.</li>
|
||
|
||
<li>It's possible for use of lambdas to get out of
|
||
hand; very long nested anonymous functions can make
|
||
code harder to understand.</li>
|
||
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<ul>
|
||
<li>Use lambda expressions where appropriate, with formatting as
|
||
described <a href="#Formatting_Lambda_Expressions">below</a>.</li>
|
||
<li>Prefer explicit captures if the lambda may escape the current scope.
|
||
For example, instead of:
|
||
<pre class="badcode">{
|
||
Foo foo;
|
||
...
|
||
executor->Schedule([&] { Frobnicate(foo); })
|
||
...
|
||
}
|
||
// BAD! The fact that the lambda makes use of a reference to `foo` and
|
||
// possibly `this` (if `Frobnicate` is a member function) may not be
|
||
// apparent on a cursory inspection. If the lambda is invoked after
|
||
// the function returns, that would be bad, because both `foo`
|
||
// and the enclosing object could have been destroyed.
|
||
</pre>
|
||
prefer to write:
|
||
<pre>{
|
||
Foo foo;
|
||
...
|
||
executor->Schedule([&foo] { Frobnicate(foo); })
|
||
...
|
||
}
|
||
// BETTER - The compile will fail if `Frobnicate` is a member
|
||
// function, and it's clearer that `foo` is dangerously captured by
|
||
// reference.
|
||
</pre>
|
||
</li>
|
||
<li>Use default capture by reference ([&]) only when the
|
||
lifetime of the lambda is obviously shorter than any potential
|
||
captures.
|
||
</li>
|
||
<li>Use default capture by value ([=]) only as a means of binding a
|
||
few variables for a short lambda, where the set of captured
|
||
variables is obvious at a glance. Prefer not to write long or
|
||
complex lambdas with default capture by value.
|
||
</li>
|
||
<li>Use captures only to actually capture variables from the enclosing scope.
|
||
Do not use captures with initializers to introduce new names, or
|
||
to substantially change the meaning of an existing name. Instead,
|
||
declare a new variable in the conventional way and then capture it,
|
||
or avoid the lambda shorthand and define a function object explicitly.</li>
|
||
<li>See the section on <a href="#Type_deduction">type deduction</a>
|
||
for guidance on specifying the parameter and return types.</li>
|
||
|
||
</ul>
|
||
|
||
<h3 id="Template_metaprogramming">Template Metaprogramming</h3>
|
||
|
||
<p>Avoid complicated template programming.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>Template metaprogramming refers to a family of techniques that
|
||
exploit the fact that the C++ template instantiation mechanism is
|
||
Turing complete and can be used to perform arbitrary compile-time
|
||
computation in the type domain.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Template metaprogramming allows extremely flexible interfaces that
|
||
are type safe and high performance. Facilities like
|
||
|
||
<a href="https://github.com/google/googletest">Google Test</a>,
|
||
<code>std::tuple</code>, <code>std::function</code>, and
|
||
Boost.Spirit would be impossible without it.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>The techniques used in template metaprogramming are often obscure
|
||
to anyone but language experts. Code that uses templates in
|
||
complicated ways is often unreadable, and is hard to debug or
|
||
maintain.</p>
|
||
|
||
<p>Template metaprogramming often leads to extremely poor compile
|
||
time error messages: even if an interface is simple, the complicated
|
||
implementation details become visible when the user does something
|
||
wrong.</p>
|
||
|
||
<p>Template metaprogramming interferes with large scale refactoring by
|
||
making the job of refactoring tools harder. First, the template code
|
||
is expanded in multiple contexts, and it's hard to verify that the
|
||
transformation makes sense in all of them. Second, some refactoring
|
||
tools work with an AST that only represents the structure of the code
|
||
after template expansion. It can be difficult to automatically work
|
||
back to the original source construct that needs to be
|
||
rewritten.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>Template metaprogramming sometimes allows cleaner and easier-to-use
|
||
interfaces than would be possible without it, but it's also often a
|
||
temptation to be overly clever. It's best used in a small number of
|
||
low level components where the extra maintenance burden is spread out
|
||
over a large number of uses.</p>
|
||
|
||
<p>Think twice before using template metaprogramming or other
|
||
complicated template techniques; think about whether the average
|
||
member of your team will be able to understand your code well enough
|
||
to maintain it after you switch to another project, or whether a
|
||
non-C++ programmer or someone casually browsing the code base will be
|
||
able to understand the error messages or trace the flow of a function
|
||
they want to call. If you're using recursive template instantiations
|
||
or type lists or metafunctions or expression templates, or relying on
|
||
SFINAE or on the <code>sizeof</code> trick for detecting function
|
||
overload resolution, then there's a good chance you've gone too
|
||
far.</p>
|
||
|
||
<p>If you use template metaprogramming, you should expect to put
|
||
considerable effort into minimizing and isolating the complexity. You
|
||
should hide metaprogramming as an implementation detail whenever
|
||
possible, so that user-facing headers are readable, and you should
|
||
make sure that tricky code is especially well commented. You should
|
||
carefully document how the code is used, and you should say something
|
||
about what the "generated" code looks like. Pay extra attention to the
|
||
error messages that the compiler emits when users make mistakes. The
|
||
error messages are part of your user interface, and your code should
|
||
be tweaked as necessary so that the error messages are understandable
|
||
and actionable from a user point of view.</p>
|
||
|
||
<h3 id="Boost">Boost</h3>
|
||
|
||
<p>Use only approved libraries from the Boost library
|
||
collection.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p> The
|
||
<a href="https://www.boost.org/">
|
||
Boost library collection</a> is a popular collection of
|
||
peer-reviewed, free, open-source C++ libraries.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p>Boost code is generally very high-quality, is widely
|
||
portable, and fills many important gaps in the C++
|
||
standard library, such as type traits and better binders.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Some Boost libraries encourage coding practices which can
|
||
hamper readability, such as metaprogramming and other
|
||
advanced template techniques, and an excessively
|
||
"functional" style of programming. </p>
|
||
|
||
<p class="decision"></p>
|
||
|
||
|
||
|
||
<div>
|
||
<p>In order to maintain a high level of readability for
|
||
all contributors who might read and maintain code, we
|
||
only allow an approved subset of Boost features.
|
||
Currently, the following libraries are permitted:</p>
|
||
|
||
<ul>
|
||
<li>
|
||
<a href="https://www.boost.org/libs/utility/call_traits.htm">
|
||
Call Traits</a> from <code>boost/call_traits.hpp</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/utility/compressed_pair.htm">
|
||
Compressed Pair</a> from <code>boost/compressed_pair.hpp</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/graph/">
|
||
The Boost Graph Library (BGL)</a> from <code>boost/graph</code>,
|
||
except serialization (<code>adj_list_serialize.hpp</code>) and
|
||
parallel/distributed algorithms and data structures
|
||
(<code>boost/graph/parallel/*</code> and
|
||
<code>boost/graph/distributed/*</code>).</li>
|
||
|
||
<li><a href="https://www.boost.org/libs/property_map/">
|
||
Property Map</a> from <code>boost/property_map</code>, except
|
||
parallel/distributed property maps (<code>boost/property_map/parallel/*</code>).</li>
|
||
|
||
<li><a href="https://www.boost.org/libs/iterator/">
|
||
Iterator</a> from <code>boost/iterator</code></li>
|
||
|
||
<li>The part of <a href="https://www.boost.org/libs/polygon/">
|
||
Polygon</a> that deals with Voronoi diagram
|
||
construction and doesn't depend on the rest of
|
||
Polygon:
|
||
<code>boost/polygon/voronoi_builder.hpp</code>,
|
||
<code>boost/polygon/voronoi_diagram.hpp</code>, and
|
||
<code>boost/polygon/voronoi_geometry_type.hpp</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/bimap/">
|
||
Bimap</a> from <code>boost/bimap</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/math/doc/html/dist.html">
|
||
Statistical Distributions and Functions</a> from
|
||
<code>boost/math/distributions</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/math/doc/html/special.html">
|
||
Special Functions</a> from <code>boost/math/special_functions</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/math/doc/html/root_finding.html">
|
||
Root Finding Functions</a> from <code>boost/math/tools</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/multi_index/">
|
||
Multi-index</a> from <code>boost/multi_index</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/heap/">
|
||
Heap</a> from <code>boost/heap</code></li>
|
||
|
||
<li>The flat containers from
|
||
<a href="https://www.boost.org/libs/container/">Container</a>:
|
||
<code>boost/container/flat_map</code>, and
|
||
<code>boost/container/flat_set</code></li>
|
||
|
||
<li><a href="https://www.boost.org/libs/intrusive/">Intrusive</a>
|
||
from <code>boost/intrusive</code>.</li>
|
||
|
||
<li><a href="https://www.boost.org/libs/sort/">The
|
||
<code>boost/sort</code> library</a>.</li>
|
||
|
||
<li><a href="https://www.boost.org/libs/preprocessor/">Preprocessor</a>
|
||
from <code>boost/preprocessor</code>.</li>
|
||
</ul>
|
||
|
||
<p>We are actively considering adding other Boost
|
||
features to the list, so this list may be expanded in
|
||
the future.</p>
|
||
</div>
|
||
|
||
<h3 id="std_hash">std::hash</h3>
|
||
|
||
<p>Do not define specializations of <code>std::hash</code>.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p><code>std::hash<T></code> is the function object that the
|
||
C++11 hash containers use to hash keys of type <code>T</code>,
|
||
unless the user explicitly specifies a different hash function. For
|
||
example, <code>std::unordered_map<int, std::string></code> is a hash
|
||
map that uses <code>std::hash<int></code> to hash its keys,
|
||
whereas <code>std::unordered_map<int, std::string, MyIntHash></code>
|
||
uses <code>MyIntHash</code>.</p>
|
||
|
||
<p><code>std::hash</code> is defined for all integral, floating-point,
|
||
pointer, and <code>enum</code> types, as well as some standard library
|
||
types such as <code>string</code> and <code>unique_ptr</code>. Users
|
||
can enable it to work for their own types by defining specializations
|
||
of it for those types.</p>
|
||
|
||
<p class="pros"></p>
|
||
<p><code>std::hash</code> is easy to use, and simplifies the code
|
||
since you don't have to name it explicitly. Specializing
|
||
<code>std::hash</code> is the standard way of specifying how to
|
||
hash a type, so it's what outside resources will teach, and what
|
||
new engineers will expect.</p>
|
||
|
||
<p class="cons"></p>
|
||
<p><code>std::hash</code> is hard to specialize. It requires a lot
|
||
of boilerplate code, and more importantly, it combines responsibility
|
||
for identifying the hash inputs with responsibility for executing the
|
||
hashing algorithm itself. The type author has to be responsible for
|
||
the former, but the latter requires expertise that a type author
|
||
usually doesn't have, and shouldn't need. The stakes here are high
|
||
because low-quality hash functions can be security vulnerabilities,
|
||
due to the emergence of
|
||
<a href="https://emboss.github.io/blog/2012/12/14/breaking-murmur-hash-flooding-dos-reloaded/">
|
||
hash flooding attacks</a>.</p>
|
||
|
||
<p>Even for experts, <code>std::hash</code> specializations are
|
||
inordinately difficult to implement correctly for compound types,
|
||
because the implementation cannot recursively call <code>std::hash</code>
|
||
on data members. High-quality hash algorithms maintain large
|
||
amounts of internal state, and reducing that state to the
|
||
<code>size_t</code> bytes that <code>std::hash</code>
|
||
returns is usually the slowest part of the computation, so it
|
||
should not be done more than once.</p>
|
||
|
||
<p>Due to exactly that issue, <code>std::hash</code> does not work
|
||
with <code>std::pair</code> or <code>std::tuple</code>, and the
|
||
language does not allow us to extend it to support them.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>You can use <code>std::hash</code> with the types that it supports
|
||
"out of the box", but do not specialize it to support additional types.
|
||
If you need a hash table with a key type that <code>std::hash</code>
|
||
does not support, consider using legacy hash containers (e.g.,
|
||
<code>hash_map</code>) for now; they use a different default hasher,
|
||
which is unaffected by this prohibition.</p>
|
||
|
||
<p>If you want to use the standard hash containers anyway, you will
|
||
need to specify a custom hasher for the key type, e.g.,</p>
|
||
<pre>std::unordered_map<MyKeyType, Value, MyKeyTypeHasher> my_map;
|
||
</pre><p>
|
||
Consult with the type's owners to see if there is an existing hasher
|
||
that you can use; otherwise work with them to provide one,
|
||
or roll your own.</p>
|
||
|
||
<p>We are planning to provide a hash function that can work with any type,
|
||
using a new customization mechanism that doesn't have the drawbacks of
|
||
<code>std::hash</code>.</p>
|
||
|
||
|
||
|
||
<h3 id="Other_Features"><a id="C++11">Other C++ Features</a></h3>
|
||
|
||
|
||
<p>As with <a href="#Boost">Boost</a>, some modern C++
|
||
extensions encourage coding practices that hamper
|
||
readability—for example by removing
|
||
checked redundancy (such as type names) that may be
|
||
helpful to readers, or by encouraging template
|
||
metaprogramming. Other extensions duplicate functionality
|
||
available through existing mechanisms, which may lead to confusion
|
||
and conversion costs.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p>In addition to what's described in the rest of the style
|
||
guide, the following C++ features may not be used:</p>
|
||
|
||
<ul>
|
||
|
||
|
||
<li>Compile-time rational numbers
|
||
(<code><ratio></code>), because of concerns that
|
||
it's tied to a more template-heavy interface
|
||
style.</li>
|
||
|
||
<li>The <code><cfenv></code> and
|
||
<code><fenv.h></code> headers, because many
|
||
compilers do not support those features reliably.</li>
|
||
|
||
<li>The <code><filesystem></code> header, which
|
||
|
||
does not have sufficient support for testing, and suffers
|
||
from inherent security vulnerabilities.</li>
|
||
|
||
|
||
</ul>
|
||
|
||
<h3 id="Nonstandard_Extensions">Nonstandard Extensions</h3>
|
||
|
||
<p>Nonstandard extensions to C++ may not be used unless otherwise specified.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>Compilers support various extensions that are not part of standard C++. Such
|
||
extensions include GCC's <code>__attribute__</code>, intrinsic functions such
|
||
as <code>__builtin_prefetch</code>, inline assembly, <code>__COUNTER__</code>,
|
||
<code>__PRETTY_FUNCTION__</code>, compound statement expressions (e.g.,
|
||
<code>foo = ({ int x; Bar(&x); x })</code>, variable-length arrays and
|
||
<code>alloca()</code>, and the "<a href="https://en.wikipedia.org/wiki/Elvis_operator">Elvis Operator</a>"
|
||
<code>a?:b</code>.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Nonstandard extensions may provide useful features that do not exist
|
||
in standard C++.</li>
|
||
<li>Important performance guidance to the compiler can only be specified
|
||
using extensions.</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>Nonstandard extensions do not work in all compilers. Use of nonstandard
|
||
extensions reduces portability of code.</li>
|
||
<li>Even if they are supported in all targeted compilers, the extensions
|
||
are often not well-specified, and there may be subtle behavior differences
|
||
between compilers.</li>
|
||
<li>Nonstandard extensions add to the language features that a reader must
|
||
know to understand the code.</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Do not use nonstandard extensions. You may use portability wrappers that
|
||
are implemented using nonstandard extensions, so long as those wrappers
|
||
|
||
are provided by a designated project-wide
|
||
portability header.</p>
|
||
|
||
<h3 id="Aliases">Aliases</h3>
|
||
|
||
<p>Public aliases are for the benefit of an API's user, and should be clearly documented.</p>
|
||
|
||
<p class="definition"></p>
|
||
<p>There are several ways to create names that are aliases of other entities:</p>
|
||
<pre>typedef Foo Bar;
|
||
using Bar = Foo;
|
||
using other_namespace::Foo;
|
||
</pre>
|
||
|
||
<p>In new code, <code>using</code> is preferable to <code>typedef</code>,
|
||
because it provides a more consistent syntax with the rest of C++ and works
|
||
with templates.</p>
|
||
|
||
<p>Like other declarations, aliases declared in a header file are part of that
|
||
header's public API unless they're in a function definition, in the private portion of a class,
|
||
or in an explicitly-marked internal namespace. Aliases in such areas or in .cc files are
|
||
implementation details (because client code can't refer to them), and are not restricted by this
|
||
rule.</p>
|
||
|
||
<p class="pros"></p>
|
||
<ul>
|
||
<li>Aliases can improve readability by simplifying a long or complicated name.</li>
|
||
<li>Aliases can reduce duplication by naming in one place a type used repeatedly in an API,
|
||
which <em>might</em> make it easier to change the type later.
|
||
</li>
|
||
</ul>
|
||
|
||
<p class="cons"></p>
|
||
<ul>
|
||
<li>When placed in a header where client code can refer to them, aliases increase the
|
||
number of entities in that header's API, increasing its complexity.</li>
|
||
<li>Clients can easily rely on unintended details of public aliases, making
|
||
changes difficult.</li>
|
||
<li>It can be tempting to create a public alias that is only intended for use
|
||
in the implementation, without considering its impact on the API, or on maintainability.</li>
|
||
<li>Aliases can create risk of name collisions</li>
|
||
<li>Aliases can reduce readability by giving a familiar construct an unfamiliar name</li>
|
||
<li>Type aliases can create an unclear API contract:
|
||
it is unclear whether the alias is guaranteed to be identical to the type it aliases,
|
||
to have the same API, or only to be usable in specified narrow ways</li>
|
||
</ul>
|
||
|
||
<p class="decision"></p>
|
||
<p>Don't put an alias in your public API just to save typing in the implementation;
|
||
do so only if you intend it to be used by your clients.</p>
|
||
<p>When defining a public alias, document the intent of
|
||
the new name, including whether it is guaranteed to always be the same as the type
|
||
it's currently aliased to, or whether a more limited compatibility is
|
||
intended. This lets the user know whether they can treat the types as
|
||
substitutable or whether more specific rules must be followed, and can help the
|
||
implementation retain some degree of freedom to change the alias.</p>
|
||
<p>Don't put namespace aliases in your public API. (See also <a href="#Namespaces">Namespaces</a>).
|
||
</p>
|
||
|
||
<p>For example, these aliases document how they are intended to be used in client code:</p>
|
||
<pre>namespace mynamespace {
|
||
// Used to store field measurements. DataPoint may change from Bar* to some internal type.
|
||
// Client code should treat it as an opaque pointer.
|
||
using DataPoint = ::foo::Bar*;
|
||
|
||
// A set of measurements. Just an alias for user convenience.
|
||
using TimeSeries = std::unordered_set<DataPoint, std::hash<DataPoint>, DataPointComparator>;
|
||
} // namespace mynamespace
|
||
</pre>
|
||
|
||
<p>These aliases don't document intended use, and half of them aren't meant for client use:</p>
|
||
|
||
<pre class="badcode">namespace mynamespace {
|
||
// Bad: none of these say how they should be used.
|
||
using DataPoint = ::foo::Bar*;
|
||
using ::std::unordered_set; // Bad: just for local convenience
|
||
using ::std::hash; // Bad: just for local convenience
|
||
typedef unordered_set<DataPoint, hash<DataPoint>, DataPointComparator> TimeSeries;
|
||
} // namespace mynamespace
|
||
</pre>
|
||
|
||
<p>However, local convenience aliases are fine in function definitions, private sections of
|
||
classes, explicitly marked internal namespaces, and in .cc files:</p>
|
||
|
||
<pre>// In a .cc file
|
||
using ::foo::Bar;
|
||
</pre>
|
||
|
||
<h2 id="Inclusive_Language">Inclusive Language</h2>
|
||
|
||
<p>In all code, including naming and comments, use inclusive language
|
||
and avoid terms that other programmers might find disrespectful or offensive
|
||
(such as "master" and "slave", "blacklist" and "whitelist", or "redline"),
|
||
even if the terms also have an ostensibly neutral meaning.
|
||
Similarly, use gender-neutral language unless you're referring
|
||
to a specific person (and using their pronouns). For example,
|
||
use "they"/"them"/"their" for people of unspecified gender
|
||
(<a href="https://apastyle.apa.org/style-grammar-guidelines/grammar/singular-they">even
|
||
when singular</a>), and "it"/"its" for software, computers, and other
|
||
things that aren't people.</p>
|
||
|
||
|
||
|
||
<h2 id="Naming">Naming</h2>
|
||
|
||
<p>The most important consistency rules are those that govern
|
||
naming. The style of a name immediately informs us what sort of
|
||
thing the named entity is: a type, a variable, a function, a
|
||
constant, a macro, etc., without requiring us to search for the
|
||
declaration of that entity. The pattern-matching engine in our
|
||
brains relies a great deal on these naming rules.
|
||
</p>
|
||
|
||
<p>Naming rules are pretty arbitrary, but
|
||
we feel that
|
||
consistency is more important than individual preferences in this
|
||
area, so regardless of whether you find them sensible or not,
|
||
the rules are the rules.</p>
|
||
|
||
<h3 id="General_Naming_Rules">General Naming Rules</h3>
|
||
|
||
<p>Optimize for readability using names that would be clear
|
||
even to people on a different team.</p>
|
||
|
||
<p>Use names that describe the purpose or intent of the object.
|
||
Do not worry about saving horizontal space as it is far
|
||
more important to make your code immediately
|
||
understandable by a new reader. Minimize the use of
|
||
abbreviations that would likely be unknown to someone outside
|
||
your project (especially acronyms and initialisms). Do not
|
||
abbreviate by deleting letters within a word. As a rule of thumb,
|
||
an abbreviation is probably OK if it's listed in
|
||
Wikipedia. Generally speaking, descriptiveness should be
|
||
proportional to the name's scope of visibility. For example,
|
||
<code>n</code> may be a fine name within a 5-line function,
|
||
but within the scope of a class, it's likely too vague.</p>
|
||
|
||
<pre>class MyClass {
|
||
public:
|
||
int CountFooErrors(const std::vector<Foo>& foos) {
|
||
int n = 0; // Clear meaning given limited scope and context
|
||
for (const auto& foo : foos) {
|
||
...
|
||
++n;
|
||
}
|
||
return n;
|
||
}
|
||
void DoSomethingImportant() {
|
||
std::string fqdn = ...; // Well-known abbreviation for Fully Qualified Domain Name
|
||
}
|
||
private:
|
||
const int kMaxAllowedConnections = ...; // Clear meaning within context
|
||
};
|
||
</pre>
|
||
|
||
<pre class="badcode">class MyClass {
|
||
public:
|
||
int CountFooErrors(const std::vector<Foo>& foos) {
|
||
int total_number_of_foo_errors = 0; // Overly verbose given limited scope and context
|
||
for (int foo_index = 0; foo_index < foos.size(); ++foo_index) { // Use idiomatic `i`
|
||
...
|
||
++total_number_of_foo_errors;
|
||
}
|
||
return total_number_of_foo_errors;
|
||
}
|
||
void DoSomethingImportant() {
|
||
int cstmr_id = ...; // Deletes internal letters
|
||
}
|
||
private:
|
||
const int kNum = ...; // Unclear meaning within broad scope
|
||
};
|
||
</pre>
|
||
|
||
<p>Note that certain universally-known abbreviations are OK, such as
|
||
<code>i</code> for an iteration variable and <code>T</code> for a
|
||
template parameter.</p>
|
||
|
||
<p>For the purposes of the naming rules below, a "word" is anything that you
|
||
would write in English without internal spaces. This includes abbreviations,
|
||
such as acronyms and initialisms. For names written in mixed case (also
|
||
sometimes referred to as
|
||
"<a href="https://en.wikipedia.org/wiki/Camel_case">camel case</a>" or
|
||
"<a href="https://en.wiktionary.org/wiki/Pascal_case">Pascal case</a>"), in
|
||
which the first letter of each word is capitalized, prefer to capitalize
|
||
abbreviations as single words, e.g., <code>StartRpc()</code> rather than
|
||
<code>StartRPC()</code>.</p>
|
||
|
||
<p>Template parameters should follow the naming style for their
|
||
category: type template parameters should follow the rules for
|
||
<a href="#Type_Names">type names</a>, and non-type template
|
||
parameters should follow the rules for <a href="#Variable_Names">
|
||
variable names</a>.
|
||
|
||
</p><h3 id="File_Names">File Names</h3>
|
||
|
||
<p>Filenames should be all lowercase and can include
|
||
underscores (<code>_</code>) or dashes (<code>-</code>).
|
||
Follow the convention that your
|
||
|
||
project uses. If there is no consistent
|
||
local pattern to follow, prefer "_".</p>
|
||
|
||
<p>Examples of acceptable file names:</p>
|
||
|
||
<ul>
|
||
<li><code>my_useful_class.cc</code></li>
|
||
<li><code>my-useful-class.cc</code></li>
|
||
<li><code>myusefulclass.cc</code></li>
|
||
<li><code>myusefulclass_test.cc // _unittest and _regtest are deprecated.</code></li>
|
||
</ul>
|
||
|
||
<p>C++ files should end in <code>.cc</code> and header files should end in
|
||
<code>.h</code>. Files that rely on being textually included at specific points
|
||
should end in <code>.inc</code> (see also the section on
|
||
<a href="#Self_contained_Headers">self-contained headers</a>).</p>
|
||
|
||
<p>Do not use filenames that already exist in
|
||
<code>/usr/include</code>, such as <code>db.h</code>.</p>
|
||
|
||
<p>In general, make your filenames very specific. For
|
||
example, use <code>http_server_logs.h</code> rather than
|
||
<code>logs.h</code>. A very common case is to have a pair
|
||
of files called, e.g., <code>foo_bar.h</code> and
|
||
<code>foo_bar.cc</code>, defining a class called
|
||
<code>FooBar</code>.</p>
|
||
|
||
<h3 id="Type_Names">Type Names</h3>
|
||
|
||
<p>Type names start with a capital letter and have a capital
|
||
letter for each new word, with no underscores:
|
||
<code>MyExcitingClass</code>, <code>MyExcitingEnum</code>.</p>
|
||
|
||
<p>The names of all types — classes, structs, type aliases,
|
||
enums, and type template parameters — have the same naming convention.
|
||
Type names should start with a capital letter and have a capital letter
|
||
for each new word. No underscores. For example:</p>
|
||
|
||
<pre>// classes and structs
|
||
class UrlTable { ...
|
||
class UrlTableTester { ...
|
||
struct UrlTableProperties { ...
|
||
|
||
// typedefs
|
||
typedef hash_map<UrlTableProperties *, std::string> PropertiesMap;
|
||
|
||
// using aliases
|
||
using PropertiesMap = hash_map<UrlTableProperties *, std::string>;
|
||
|
||
// enums
|
||
enum class UrlTableError { ...
|
||
</pre>
|
||
|
||
<h3 id="Variable_Names">Variable Names</h3>
|
||
|
||
<p>The names of variables (including function parameters) and data members are
|
||
all lowercase, with underscores between words. Data members of classes (but not
|
||
structs) additionally have trailing underscores. For instance:
|
||
<code>a_local_variable</code>, <code>a_struct_data_member</code>,
|
||
<code>a_class_data_member_</code>.</p>
|
||
|
||
<h4>Common Variable names</h4>
|
||
|
||
<p>For example:</p>
|
||
|
||
<pre>std::string table_name; // OK - lowercase with underscore.
|
||
</pre>
|
||
|
||
<pre class="badcode">std::string tableName; // Bad - mixed case.
|
||
</pre>
|
||
|
||
<h4>Class Data Members</h4>
|
||
|
||
<p>Data members of classes, both static and non-static, are
|
||
named like ordinary nonmember variables, but with a
|
||
trailing underscore.</p>
|
||
|
||
<pre>class TableInfo {
|
||
...
|
||
private:
|
||
std::string table_name_; // OK - underscore at end.
|
||
static Pool<TableInfo>* pool_; // OK.
|
||
};
|
||
</pre>
|
||
|
||
<h4>Struct Data Members</h4>
|
||
|
||
<p>Data members of structs, both static and non-static,
|
||
are named like ordinary nonmember variables. They do not have
|
||
the trailing underscores that data members in classes have.</p>
|
||
|
||
<pre>struct UrlTableProperties {
|
||
std::string name;
|
||
int num_entries;
|
||
static Pool<UrlTableProperties>* pool;
|
||
};
|
||
</pre>
|
||
|
||
|
||
<p>See <a href="#Structs_vs._Classes">Structs vs.
|
||
Classes</a> for a discussion of when to use a struct
|
||
versus a class.</p>
|
||
|
||
<h3 id="Constant_Names">Constant Names</h3>
|
||
|
||
<p>Variables declared constexpr or const, and whose value is fixed for
|
||
the duration of the program, are named with a leading "k" followed
|
||
by mixed case. Underscores can be used as separators in the rare cases
|
||
where capitalization cannot be used for separation. For example:</p>
|
||
|
||
<pre>const int kDaysInAWeek = 7;
|
||
const int kAndroid8_0_0 = 24; // Android 8.0.0
|
||
</pre>
|
||
|
||
<p>All such variables with static storage duration (i.e., statics and globals,
|
||
see <a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration">
|
||
Storage Duration</a> for details) should be named this way. This
|
||
convention is optional for variables of other storage classes, e.g., automatic
|
||
variables, otherwise the usual variable naming rules apply.</p>
|
||
|
||
<h3 id="Function_Names">Function Names</h3>
|
||
|
||
<p>Regular functions have mixed case; accessors and mutators may be named
|
||
like variables.</p>
|
||
|
||
<p>Ordinarily, functions should start with a capital letter and have a
|
||
capital letter for each new word.</p>
|
||
|
||
<pre>AddTableEntry()
|
||
DeleteUrl()
|
||
OpenFileOrDie()
|
||
</pre>
|
||
|
||
<p>(The same naming rule applies to class- and namespace-scope
|
||
constants that are exposed as part of an API and that are intended to look
|
||
like functions, because the fact that they're objects rather than functions
|
||
is an unimportant implementation detail.)</p>
|
||
|
||
<p>Accessors and mutators (get and set functions) may be named like
|
||
variables. These often correspond to actual member variables, but this is
|
||
not required. For example, <code>int count()</code> and <code>void
|
||
set_count(int count)</code>.</p>
|
||
|
||
<h3 id="Namespace_Names">Namespace Names</h3>
|
||
|
||
Namespace names are all lower-case, with words separated by underscores.
|
||
Top-level namespace names are based on the project name
|
||
. Avoid collisions
|
||
between nested namespaces and well-known top-level namespaces.
|
||
|
||
<p>The name of a top-level namespace should usually be the
|
||
name of the project or team whose code is contained in that
|
||
namespace. The code in that namespace should usually be in
|
||
a directory whose basename matches the namespace name (or in
|
||
subdirectories thereof).</p>
|
||
|
||
|
||
|
||
<p>Keep in mind that the <a href="#General_Naming_Rules">rule
|
||
against abbreviated names</a> applies to namespaces just as much
|
||
as variable names. Code inside the namespace seldom needs to
|
||
mention the namespace name, so there's usually no particular need
|
||
for abbreviation anyway.</p>
|
||
|
||
<p>Avoid nested namespaces that match well-known top-level
|
||
namespaces. Collisions between namespace names can lead to surprising
|
||
build breaks because of name lookup rules. In particular, do not
|
||
create any nested <code>std</code> namespaces. Prefer unique project
|
||
identifiers
|
||
(<code>websearch::index</code>, <code>websearch::index_util</code>)
|
||
over collision-prone names like <code>websearch::util</code>. Also avoid overly deep nesting
|
||
namespaces (<a href="https://abseil.io/tips/130">TotW #130</a>).</p>
|
||
|
||
<p>For <code>internal</code> namespaces, be wary of other code being
|
||
added to the same <code>internal</code> namespace causing a collision
|
||
(internal helpers within a team tend to be related and may lead to
|
||
collisions). In such a situation, using the filename to make a unique
|
||
internal name is helpful
|
||
(<code>websearch::index::frobber_internal</code> for use
|
||
in <code>frobber.h</code>).</p>
|
||
|
||
<h3 id="Enumerator_Names">Enumerator Names</h3>
|
||
|
||
<p>Enumerators (for both scoped and unscoped enums) should be named like
|
||
<a href="#Constant_Names">constants</a>, not like
|
||
<a href="#Macro_Names">macros</a>. That is, use <code>kEnumName</code> not
|
||
<code>ENUM_NAME</code>.</p>
|
||
|
||
|
||
|
||
<pre>enum class UrlTableError {
|
||
kOk = 0,
|
||
kOutOfMemory,
|
||
kMalformedInput,
|
||
};
|
||
</pre>
|
||
<pre class="badcode">enum class AlternateUrlTableError {
|
||
OK = 0,
|
||
OUT_OF_MEMORY = 1,
|
||
MALFORMED_INPUT = 2,
|
||
};
|
||
</pre>
|
||
|
||
<p>Until January 2009, the style was to name enum values
|
||
like <a href="#Macro_Names">macros</a>. This caused
|
||
problems with name collisions between enum values and
|
||
macros. Hence, the change to prefer constant-style naming
|
||
was put in place. New code should use constant-style
|
||
naming.</p>
|
||
|
||
|
||
|
||
<h3 id="Macro_Names">Macro Names</h3>
|
||
|
||
<p>You're not really going to <a href="#Preprocessor_Macros">
|
||
define a macro</a>, are you? If you do, they're like this:
|
||
<code>MY_MACRO_THAT_SCARES_SMALL_CHILDREN_AND_ADULTS_ALIKE</code>.
|
||
</p>
|
||
|
||
<p>Please see the <a href="#Preprocessor_Macros">description
|
||
of macros</a>; in general macros should <em>not</em> be used.
|
||
However, if they are absolutely needed, then they should be
|
||
named with all capitals and underscores.</p>
|
||
|
||
<pre>#define ROUND(x) ...
|
||
#define PI_ROUNDED 3.0
|
||
</pre>
|
||
|
||
<h3 id="Exceptions_to_Naming_Rules">Exceptions to Naming Rules</h3>
|
||
|
||
<p>If you are naming something that is analogous to an
|
||
existing C or C++ entity then you can follow the existing
|
||
naming convention scheme.</p>
|
||
|
||
<dl>
|
||
<dt><code>bigopen()</code></dt>
|
||
<dd>function name, follows form of <code>open()</code></dd>
|
||
|
||
<dt><code>uint</code></dt>
|
||
<dd><code>typedef</code></dd>
|
||
|
||
<dt><code>bigpos</code></dt>
|
||
<dd><code>struct</code> or <code>class</code>, follows
|
||
form of <code>pos</code></dd>
|
||
|
||
<dt><code>sparse_hash_map</code></dt>
|
||
<dd>STL-like entity; follows STL naming conventions</dd>
|
||
|
||
<dt><code>LONGLONG_MAX</code></dt>
|
||
<dd>a constant, as in <code>INT_MAX</code></dd>
|
||
</dl>
|
||
|
||
<h2 id="Comments">Comments</h2>
|
||
|
||
<p>Comments are absolutely vital to keeping our code readable. The following rules describe what you
|
||
should comment and where. But remember: while comments are very important, the best code is
|
||
self-documenting. Giving sensible names to types and variables is much better than using obscure
|
||
names that you must then explain through comments.</p>
|
||
|
||
<p>When writing your comments, write for your audience: the
|
||
next
|
||
contributor who will need to
|
||
understand your code. Be generous — the next
|
||
one may be you!</p>
|
||
|
||
<h3 id="Comment_Style">Comment Style</h3>
|
||
|
||
<p>Use either the <code>//</code> or <code>/* */</code>
|
||
syntax, as long as you are consistent.</p>
|
||
|
||
<p>You can use either the <code>//</code> or the <code>/*
|
||
*/</code> syntax; however, <code>//</code> is
|
||
<em>much</em> more common. Be consistent with how you
|
||
comment and what style you use where.</p>
|
||
|
||
<h3 id="File_Comments">File Comments</h3>
|
||
|
||
<div>
|
||
<p>Start each file with license boilerplate.</p>
|
||
</div>
|
||
|
||
<p>File comments describe the contents of a file. If a file declares,
|
||
implements, or tests exactly one abstraction that is documented by a comment
|
||
at the point of declaration, file comments are not required. All other files
|
||
must have file comments.</p>
|
||
|
||
<h4>Legal Notice and Author
|
||
Line</h4>
|
||
|
||
|
||
|
||
<div>
|
||
<p>Every file should contain license
|
||
boilerplate. Choose the appropriate boilerplate for the
|
||
license used by the project (for example, Apache 2.0,
|
||
BSD, LGPL, GPL).</p>
|
||
</div>
|
||
|
||
<p>If you make significant changes to a file with an
|
||
author line, consider deleting the author line.
|
||
New files should usually not contain copyright notice or
|
||
author line.</p>
|
||
|
||
<h4>File Contents</h4>
|
||
|
||
<p>If a <code>.h</code> declares multiple abstractions, the file-level comment
|
||
should broadly describe the contents of the file, and how the abstractions are
|
||
related. A 1 or 2 sentence file-level comment may be sufficient. The detailed
|
||
documentation about individual abstractions belongs with those abstractions,
|
||
not at the file level.</p>
|
||
|
||
<p>Do not duplicate comments in both the <code>.h</code> and the
|
||
<code>.cc</code>. Duplicated comments diverge.</p>
|
||
|
||
<h3 id="Class_Comments">Class Comments</h3>
|
||
|
||
<p>Every non-obvious class or struct declaration should have an
|
||
accompanying comment that describes what it is for and how it should
|
||
be used.</p>
|
||
|
||
<pre>// Iterates over the contents of a GargantuanTable.
|
||
// Example:
|
||
// std::unique_ptr<GargantuanTableIterator> iter = table->NewIterator();
|
||
// for (iter->Seek("foo"); !iter->done(); iter->Next()) {
|
||
// process(iter->key(), iter->value());
|
||
// }
|
||
class GargantuanTableIterator {
|
||
...
|
||
};
|
||
</pre>
|
||
|
||
<p>The class comment should provide the reader with enough information to know
|
||
how and when to use the class, as well as any additional considerations
|
||
necessary to correctly use the class. Document the synchronization assumptions
|
||
the class makes, if any. If an instance of the class can be accessed by
|
||
multiple threads, take extra care to document the rules and invariants
|
||
surrounding multithreaded use.</p>
|
||
|
||
<p>The class comment is often a good place for a small example code snippet
|
||
demonstrating a simple and focused usage of the class.</p>
|
||
|
||
<p>When sufficiently separated (e.g., <code>.h</code> and <code>.cc</code>
|
||
files), comments describing the use of the class should go together with its
|
||
interface definition; comments about the class operation and implementation
|
||
should accompany the implementation of the class's methods.</p>
|
||
|
||
<h3 id="Function_Comments">Function Comments</h3>
|
||
|
||
<p>Declaration comments describe use of the function (when it is
|
||
non-obvious); comments at the definition of a function describe
|
||
operation.</p>
|
||
|
||
<h4>Function Declarations</h4>
|
||
|
||
<p>Almost every function declaration should have comments immediately
|
||
preceding it that describe what the function does and how to use
|
||
it. These comments may be omitted only if the function is simple and
|
||
obvious (e.g., simple accessors for obvious properties of the class).
|
||
Function comments should be written with an implied subject of
|
||
<i>This function</i> and should start with the verb phrase; for example,
|
||
"Opens the file", rather than "Open the file". In general, these comments do not
|
||
describe how the function performs its task. Instead, that should be
|
||
left to comments in the function definition.</p>
|
||
|
||
<p>Types of things to mention in comments at the function
|
||
declaration:</p>
|
||
|
||
<ul>
|
||
<li>What the inputs and outputs are. If function argument names
|
||
are provided in `backticks`, then code-indexing
|
||
tools may be able to present the documentation better.</li>
|
||
|
||
<li>For class member functions: whether the object
|
||
remembers reference arguments beyond the duration of
|
||
the method call, and whether it will free them or
|
||
not.</li>
|
||
|
||
<li>If the function allocates memory that the caller
|
||
must free.</li>
|
||
|
||
<li>Whether any of the arguments can be a null
|
||
pointer.</li>
|
||
|
||
<li>If there are any performance implications of how a
|
||
function is used.</li>
|
||
|
||
<li>If the function is re-entrant. What are its
|
||
synchronization assumptions?</li>
|
||
</ul>
|
||
|
||
<p>Here is an example:</p>
|
||
|
||
<pre>// Returns an iterator for this table, positioned at the first entry
|
||
// lexically greater than or equal to `start_word`. If there is no
|
||
// such entry, returns a null pointer. The client must not use the
|
||
// iterator after the underlying GargantuanTable has been destroyed.
|
||
//
|
||
// This method is equivalent to:
|
||
// std::unique_ptr<Iterator> iter = table->NewIterator();
|
||
// iter->Seek(start_word);
|
||
// return iter;
|
||
std::unique_ptr<Iterator> GetIterator(absl::string_view start_word) const;
|
||
</pre>
|
||
|
||
<p>However, do not be unnecessarily verbose or state the
|
||
completely obvious.</p>
|
||
|
||
<p>When documenting function overrides, focus on the
|
||
specifics of the override itself, rather than repeating
|
||
the comment from the overridden function. In many of these
|
||
cases, the override needs no additional documentation and
|
||
thus no comment is required.</p>
|
||
|
||
<p>When commenting constructors and destructors, remember
|
||
that the person reading your code knows what constructors
|
||
and destructors are for, so comments that just say
|
||
something like "destroys this object" are not useful.
|
||
Document what constructors do with their arguments (for
|
||
example, if they take ownership of pointers), and what
|
||
cleanup the destructor does. If this is trivial, just
|
||
skip the comment. It is quite common for destructors not
|
||
to have a header comment.</p>
|
||
|
||
<h4>Function Definitions</h4>
|
||
|
||
<p>If there is anything tricky about how a function does
|
||
its job, the function definition should have an
|
||
explanatory comment. For example, in the definition
|
||
comment you might describe any coding tricks you use,
|
||
give an overview of the steps you go through, or explain
|
||
why you chose to implement the function in the way you
|
||
did rather than using a viable alternative. For instance,
|
||
you might mention why it must acquire a lock for the
|
||
first half of the function but why it is not needed for
|
||
the second half.</p>
|
||
|
||
<p>Note you should <em>not</em> just repeat the comments
|
||
given with the function declaration, in the
|
||
<code>.h</code> file or wherever. It's okay to
|
||
recapitulate briefly what the function does, but the
|
||
focus of the comments should be on how it does it.</p>
|
||
|
||
<h3 id="Variable_Comments">Variable Comments</h3>
|
||
|
||
<p>In general the actual name of the variable should be
|
||
descriptive enough to give a good idea of what the variable
|
||
is used for. In certain cases, more comments are required.</p>
|
||
|
||
<h4>Class Data Members</h4>
|
||
|
||
<p>The purpose of each class data member (also called an instance
|
||
variable or member variable) must be clear. If there are any
|
||
invariants (special values, relationships between members, lifetime
|
||
requirements) not clearly expressed by the type and name, they must be
|
||
commented. However, if the type and name suffice (<code>int
|
||
num_events_;</code>), no comment is needed.</p>
|
||
|
||
<p>In particular, add comments to describe the existence and meaning
|
||
of sentinel values, such as nullptr or -1, when they are not
|
||
obvious. For example:</p>
|
||
|
||
<pre>private:
|
||
// Used to bounds-check table accesses. -1 means
|
||
// that we don't yet know how many entries the table has.
|
||
int num_total_entries_;
|
||
</pre>
|
||
|
||
<h4>Global Variables</h4>
|
||
|
||
<p>All global variables should have a comment describing what they
|
||
are, what they are used for, and (if unclear) why it needs to be
|
||
global. For example:</p>
|
||
|
||
<pre>// The total number of test cases that we run through in this regression test.
|
||
const int kNumTestCases = 6;
|
||
</pre>
|
||
|
||
<h3 id="Implementation_Comments">Implementation Comments</h3>
|
||
|
||
<p>In your implementation you should have comments in tricky,
|
||
non-obvious, interesting, or important parts of your code.</p>
|
||
|
||
<h4>Explanatory Comments</h4>
|
||
|
||
<p>Tricky or complicated code blocks should have comments
|
||
before them. Example:</p>
|
||
|
||
<pre>// Divide result by two, taking into account that x
|
||
// contains the carry from the add.
|
||
for (int i = 0; i < result->size(); ++i) {
|
||
x = (x << 8) + (*result)[i];
|
||
(*result)[i] = x >> 1;
|
||
x &= 1;
|
||
}
|
||
</pre>
|
||
|
||
<h4>Line-end Comments</h4>
|
||
|
||
<p>Also, lines that are non-obvious should get a comment
|
||
at the end of the line. These end-of-line comments should
|
||
be separated from the code by 2 spaces. Example:</p>
|
||
|
||
<pre>// If we have enough memory, mmap the data portion too.
|
||
mmap_budget = max<int64>(0, mmap_budget - index_->length());
|
||
if (mmap_budget >= data_size_ && !MmapData(mmap_chunk_bytes, mlock))
|
||
return; // Error already logged.
|
||
</pre>
|
||
|
||
<p>Note that there are both comments that describe what
|
||
the code is doing, and comments that mention that an
|
||
error has already been logged when the function
|
||
returns.</p>
|
||
|
||
<h4 class="stylepoint_subsection" id="Function_Argument_Comments">Function Argument Comments</h4>
|
||
|
||
<p>When the meaning of a function argument is nonobvious, consider
|
||
one of the following remedies:</p>
|
||
|
||
<ul>
|
||
<li>If the argument is a literal constant, and the same constant is
|
||
used in multiple function calls in a way that tacitly assumes they're
|
||
the same, you should use a named constant to make that constraint
|
||
explicit, and to guarantee that it holds.</li>
|
||
|
||
<li>Consider changing the function signature to replace a <code>bool</code>
|
||
argument with an <code>enum</code> argument. This will make the argument
|
||
values self-describing.</li>
|
||
|
||
<li>For functions that have several configuration options, consider
|
||
defining a single class or struct to hold all the options
|
||
,
|
||
and pass an instance of that.
|
||
This approach has several advantages. Options are referenced by name
|
||
at the call site, which clarifies their meaning. It also reduces
|
||
function argument count, which makes function calls easier to read and
|
||
write. As an added benefit, you don't have to change call sites when
|
||
you add another option.
|
||
</li>
|
||
|
||
<li>Replace large or complex nested expressions with named variables.</li>
|
||
|
||
<li>As a last resort, use comments to clarify argument meanings at the
|
||
call site. </li>
|
||
</ul>
|
||
|
||
Consider the following example:
|
||
|
||
<pre class="badcode">// What are these arguments?
|
||
const DecimalNumber product = CalculateProduct(values, 7, false, nullptr);
|
||
</pre>
|
||
|
||
<p>versus:</p>
|
||
|
||
<pre>ProductOptions options;
|
||
options.set_precision_decimals(7);
|
||
options.set_use_cache(ProductOptions::kDontUseCache);
|
||
const DecimalNumber product =
|
||
CalculateProduct(values, options, /*completion_callback=*/nullptr);
|
||
</pre>
|
||
|
||
<h4 id="Implementation_Comment_Donts">Don'ts</h4>
|
||
|
||
<p>Do not state the obvious. In particular, don't literally describe what
|
||
code does, unless the behavior is nonobvious to a reader who understands
|
||
C++ well. Instead, provide higher level comments that describe <i>why</i>
|
||
the code does what it does, or make the code self describing.</p>
|
||
|
||
Compare this:
|
||
|
||
<pre class="badcode">// Find the element in the vector. <-- Bad: obvious!
|
||
if (std::find(v.begin(), v.end(), element) != v.end()) {
|
||
Process(element);
|
||
}
|
||
</pre>
|
||
|
||
To this:
|
||
|
||
<pre>// Process "element" unless it was already processed.
|
||
if (std::find(v.begin(), v.end(), element) != v.end()) {
|
||
Process(element);
|
||
}
|
||
</pre>
|
||
|
||
Self-describing code doesn't need a comment. The comment from
|
||
the example above would be obvious:
|
||
|
||
<pre>if (!IsAlreadyProcessed(element)) {
|
||
Process(element);
|
||
}
|
||
</pre>
|
||
|
||
<h3 id="Punctuation,_Spelling_and_Grammar">Punctuation, Spelling, and Grammar</h3>
|
||
|
||
<p>Pay attention to punctuation, spelling, and grammar; it is
|
||
easier to read well-written comments than badly written
|
||
ones.</p>
|
||
|
||
<p>Comments should be as readable as narrative text, with
|
||
proper capitalization and punctuation. In many cases,
|
||
complete sentences are more readable than sentence
|
||
fragments. Shorter comments, such as comments at the end
|
||
of a line of code, can sometimes be less formal, but you
|
||
should be consistent with your style.</p>
|
||
|
||
<p>Although it can be frustrating to have a code reviewer
|
||
point out that you are using a comma when you should be
|
||
using a semicolon, it is very important that source code
|
||
maintain a high level of clarity and readability. Proper
|
||
punctuation, spelling, and grammar help with that
|
||
goal.</p>
|
||
|
||
<h3 id="TODO_Comments">TODO Comments</h3>
|
||
|
||
<p>Use <code>TODO</code> comments for code that is temporary,
|
||
a short-term solution, or good-enough but not perfect.</p>
|
||
|
||
<p><code>TODO</code>s should include the string
|
||
<code>TODO</code> in all caps, followed by the
|
||
|
||
name, e-mail address, bug ID, or other
|
||
identifier
|
||
of the person or issue with the best context
|
||
about the problem referenced by the <code>TODO</code>. The
|
||
main purpose is to have a consistent <code>TODO</code> that
|
||
can be searched to find out how to get more details upon
|
||
request. A <code>TODO</code> is not a commitment that the
|
||
person referenced will fix the problem. Thus when you create
|
||
a <code>TODO</code> with a name, it is almost always your
|
||
name that is given.</p>
|
||
|
||
|
||
|
||
<div>
|
||
<pre>// TODO(kl@gmail.com): Use a "*" here for concatenation operator.
|
||
// TODO(Zeke) change this to use relations.
|
||
// TODO(bug 12345): remove the "Last visitors" feature.
|
||
</pre>
|
||
</div>
|
||
|
||
<p>If your <code>TODO</code> is of the form "At a future
|
||
date do something" make sure that you either include a
|
||
very specific date ("Fix by November 2005") or a very
|
||
specific event ("Remove this code when all clients can
|
||
handle XML responses.").</p>
|
||
|
||
<h2 id="Formatting">Formatting</h2>
|
||
|
||
<p>Coding style and formatting are pretty arbitrary, but a
|
||
|
||
project is much easier to follow
|
||
if everyone uses the same style. Individuals may not agree with every
|
||
aspect of the formatting rules, and some of the rules may take
|
||
some getting used to, but it is important that all
|
||
|
||
project contributors follow the
|
||
style rules so that
|
||
they can all read and understand
|
||
everyone's code easily.</p>
|
||
|
||
|
||
|
||
<div>
|
||
<p>To help you format code correctly, we've created a
|
||
<a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/google-c-style.el">
|
||
settings file for emacs</a>.</p>
|
||
</div>
|
||
|
||
<h3 id="Line_Length">Line Length</h3>
|
||
|
||
<p>Each line of text in your code should be at most 80
|
||
characters long.</p>
|
||
|
||
|
||
|
||
<div>
|
||
<p>We recognize that this rule is
|
||
controversial, but so much existing code already adheres
|
||
to it, and we feel that consistency is important.</p>
|
||
</div>
|
||
|
||
<p class="pros"></p>
|
||
<p>Those who favor this rule
|
||
argue that it is rude to force them to resize
|
||
their windows and there is no need for anything longer.
|
||
Some folks are used to having several code windows
|
||
side-by-side, and thus don't have room to widen their
|
||
windows in any case. People set up their work environment
|
||
assuming a particular maximum window width, and 80
|
||
columns has been the traditional standard. Why change
|
||
it?</p>
|
||
|
||
<p class="cons"></p>
|
||
<p>Proponents of change argue that a wider line can make
|
||
code more readable. The 80-column limit is an hidebound
|
||
throwback to 1960s mainframes; modern equipment has wide screens that
|
||
can easily show longer lines.</p>
|
||
|
||
<p class="decision"></p>
|
||
<p> 80 characters is the maximum.</p>
|
||
|
||
<p>A line may exceed 80 characters if it is</p>
|
||
|
||
<ul>
|
||
<li>a comment line which is not feasible to split without harming
|
||
readability, ease of cut and paste or auto-linking -- e.g., if a line
|
||
contains an example command or a literal URL longer than 80 characters.</li>
|
||
|
||
<li>a raw-string literal with content that exceeds 80 characters. Except for
|
||
test code, such literals should appear near the top of a file.</li>
|
||
|
||
<li>an include statement.</li>
|
||
|
||
<li>a <a href="#The__define_Guard">header guard</a></li>
|
||
|
||
<li>a using-declaration</li>
|
||
</ul>
|
||
|
||
<h3 id="Non-ASCII_Characters">Non-ASCII Characters</h3>
|
||
|
||
<p>Non-ASCII characters should be rare, and must use UTF-8
|
||
formatting.</p>
|
||
|
||
<p>You shouldn't hard-code user-facing text in source,
|
||
even English, so use of non-ASCII characters should be
|
||
rare. However, in certain cases it is appropriate to
|
||
include such words in your code. For example, if your
|
||
code parses data files from foreign sources, it may be
|
||
appropriate to hard-code the non-ASCII string(s) used in
|
||
those data files as delimiters. More commonly, unittest
|
||
code (which does not need to be localized) might
|
||
contain non-ASCII strings. In such cases, you should use
|
||
UTF-8, since that is an encoding
|
||
understood by most tools able to handle more than just
|
||
ASCII.</p>
|
||
|
||
<p>Hex encoding is also OK, and encouraged where it
|
||
enhances readability — for example,
|
||
<code>"\xEF\xBB\xBF"</code>, or, even more simply,
|
||
<code>u8"\uFEFF"</code>, is the Unicode zero-width
|
||
no-break space character, which would be invisible if
|
||
included in the source as straight UTF-8.</p>
|
||
|
||
<p>Use the <code>u8</code> prefix
|
||
to guarantee that a string literal containing
|
||
<code>\uXXXX</code> escape sequences is encoded as UTF-8.
|
||
Do not use it for strings containing non-ASCII characters
|
||
encoded as UTF-8, because that will produce incorrect
|
||
output if the compiler does not interpret the source file
|
||
as UTF-8. </p>
|
||
|
||
<p>You shouldn't use the C++11 <code>char16_t</code> and
|
||
<code>char32_t</code> character types, since they're for
|
||
non-UTF-8 text. For similar reasons you also shouldn't
|
||
use <code>wchar_t</code> (unless you're writing code that
|
||
interacts with the Windows API, which uses
|
||
<code>wchar_t</code> extensively).</p>
|
||
|
||
<h3 id="Spaces_vs._Tabs">Spaces vs. Tabs</h3>
|
||
|
||
<p>Use only spaces, and indent 2 spaces at a time.</p>
|
||
|
||
<p>We use spaces for indentation. Do not use tabs in your
|
||
code. You should set your editor to emit spaces when you
|
||
hit the tab key.</p>
|
||
|
||
<h3 id="Function_Declarations_and_Definitions">Function Declarations and Definitions</h3>
|
||
|
||
<p>Return type on the same line as function name, parameters
|
||
on the same line if they fit. Wrap parameter lists which do
|
||
not fit on a single line as you would wrap arguments in a
|
||
<a href="#Function_Calls">function call</a>.</p>
|
||
|
||
<p>Functions look like this:</p>
|
||
|
||
|
||
<pre>ReturnType ClassName::FunctionName(Type par_name1, Type par_name2) {
|
||
DoSomething();
|
||
...
|
||
}
|
||
</pre>
|
||
|
||
<p>If you have too much text to fit on one line:</p>
|
||
|
||
<pre>ReturnType ClassName::ReallyLongFunctionName(Type par_name1, Type par_name2,
|
||
Type par_name3) {
|
||
DoSomething();
|
||
...
|
||
}
|
||
</pre>
|
||
|
||
<p>or if you cannot fit even the first parameter:</p>
|
||
|
||
<pre>ReturnType LongClassName::ReallyReallyReallyLongFunctionName(
|
||
Type par_name1, // 4 space indent
|
||
Type par_name2,
|
||
Type par_name3) {
|
||
DoSomething(); // 2 space indent
|
||
...
|
||
}
|
||
</pre>
|
||
|
||
<p>Some points to note:</p>
|
||
|
||
<ul>
|
||
<li>Choose good parameter names.</li>
|
||
|
||
<li>A parameter name may be omitted only if the parameter is not used in the
|
||
function's definition.</li>
|
||
|
||
<li>If you cannot fit the return type and the function
|
||
name on a single line, break between them.</li>
|
||
|
||
<li>If you break after the return type of a function
|
||
declaration or definition, do not indent.</li>
|
||
|
||
<li>The open parenthesis is always on the same line as
|
||
the function name.</li>
|
||
|
||
<li>There is never a space between the function name
|
||
and the open parenthesis.</li>
|
||
|
||
<li>There is never a space between the parentheses and
|
||
the parameters.</li>
|
||
|
||
<li>The open curly brace is always on the end of the last line of the function
|
||
declaration, not the start of the next line.</li>
|
||
|
||
<li>The close curly brace is either on the last line by
|
||
itself or on the same line as the open curly brace.</li>
|
||
|
||
<li>There should be a space between the close
|
||
parenthesis and the open curly brace.</li>
|
||
|
||
<li>All parameters should be aligned if possible.</li>
|
||
|
||
<li>Default indentation is 2 spaces.</li>
|
||
|
||
<li>Wrapped parameters have a 4 space indent.</li>
|
||
</ul>
|
||
|
||
<p>Unused parameters that are obvious from context may be omitted:</p>
|
||
|
||
<pre>class Foo {
|
||
public:
|
||
Foo(const Foo&) = delete;
|
||
Foo& operator=(const Foo&) = delete;
|
||
};
|
||
</pre>
|
||
|
||
<p>Unused parameters that might not be obvious should comment out the variable
|
||
name in the function definition:</p>
|
||
|
||
<pre>class Shape {
|
||
public:
|
||
virtual void Rotate(double radians) = 0;
|
||
};
|
||
|
||
class Circle : public Shape {
|
||
public:
|
||
void Rotate(double radians) override;
|
||
};
|
||
|
||
void Circle::Rotate(double /*radians*/) {}
|
||
</pre>
|
||
|
||
<pre class="badcode">// Bad - if someone wants to implement later, it's not clear what the
|
||
// variable means.
|
||
void Circle::Rotate(double) {}
|
||
</pre>
|
||
|
||
<p>Attributes, and macros that expand to attributes, appear at the very
|
||
beginning of the function declaration or definition, before the
|
||
return type:</p>
|
||
<pre>ABSL_MUST_USE_RESULT bool IsOk();
|
||
</pre>
|
||
|
||
<h3 id="Formatting_Lambda_Expressions">Lambda Expressions</h3>
|
||
|
||
<p>Format parameters and bodies as for any other function, and capture
|
||
lists like other comma-separated lists.</p>
|
||
|
||
<p>For by-reference captures, do not leave a space between the
|
||
ampersand (&) and the variable name.</p>
|
||
<pre>int x = 0;
|
||
auto x_plus_n = [&x](int n) -> int { return x + n; }
|
||
</pre>
|
||
<p>Short lambdas may be written inline as function arguments.</p>
|
||
<pre>std::set<int> to_remove = {7, 8, 9};
|
||
std::vector<int> digits = {3, 9, 1, 8, 4, 7, 1};
|
||
digits.erase(std::remove_if(digits.begin(), digits.end(), [&to_remove](int i) {
|
||
return to_remove.find(i) != to_remove.end();
|
||
}),
|
||
digits.end());
|
||
</pre>
|
||
|
||
<h3 id="Floating_Literals">Floating-point Literals</h3>
|
||
|
||
<p>Floating-point literals should always have a radix point, with digits on both
|
||
sides, even if they use exponential notation. Readability is improved if all
|
||
floating-point literals take this familiar form, as this helps ensure that they
|
||
are not mistaken for integer literals, and that the
|
||
<code>E</code>/<code>e</code> of the exponential notation is not mistaken for a
|
||
hexadecimal digit. It is fine to initialize a floating-point variable with an
|
||
integer literal (assuming the variable type can exactly represent that integer),
|
||
but note that a number in exponential notation is never an integer literal.
|
||
</p>
|
||
|
||
<pre class="badcode">float f = 1.f;
|
||
long double ld = -.5L;
|
||
double d = 1248e6;
|
||
</pre>
|
||
|
||
<pre class="goodcode">float f = 1.0f;
|
||
float f2 = 1; // Also OK
|
||
long double ld = -0.5L;
|
||
double d = 1248.0e6;
|
||
</pre>
|
||
|
||
|
||
<h3 id="Function_Calls">Function Calls</h3>
|
||
|
||
<p>Either write the call all on a single line, wrap the
|
||
arguments at the parenthesis, or start the arguments on a new
|
||
line indented by four spaces and continue at that 4 space
|
||
indent. In the absence of other considerations, use the
|
||
minimum number of lines, including placing multiple arguments
|
||
on each line where appropriate.</p>
|
||
|
||
<p>Function calls have the following format:</p>
|
||
<pre>bool result = DoSomething(argument1, argument2, argument3);
|
||
</pre>
|
||
|
||
<p>If the arguments do not all fit on one line, they
|
||
should be broken up onto multiple lines, with each
|
||
subsequent line aligned with the first argument. Do not
|
||
add spaces after the open paren or before the close
|
||
paren:</p>
|
||
<pre>bool result = DoSomething(averyveryveryverylongargument1,
|
||
argument2, argument3);
|
||
</pre>
|
||
|
||
<p>Arguments may optionally all be placed on subsequent
|
||
lines with a four space indent:</p>
|
||
<pre>if (...) {
|
||
...
|
||
...
|
||
if (...) {
|
||
bool result = DoSomething(
|
||
argument1, argument2, // 4 space indent
|
||
argument3, argument4);
|
||
...
|
||
}
|
||
</pre>
|
||
|
||
<p>Put multiple arguments on a single line to reduce the
|
||
number of lines necessary for calling a function unless
|
||
there is a specific readability problem. Some find that
|
||
formatting with strictly one argument on each line is
|
||
more readable and simplifies editing of the arguments.
|
||
However, we prioritize for the reader over the ease of
|
||
editing arguments, and most readability problems are
|
||
better addressed with the following techniques.</p>
|
||
|
||
<p>If having multiple arguments in a single line decreases
|
||
readability due to the complexity or confusing nature of the
|
||
expressions that make up some arguments, try creating
|
||
variables that capture those arguments in a descriptive name:</p>
|
||
<pre>int my_heuristic = scores[x] * y + bases[x];
|
||
bool result = DoSomething(my_heuristic, x, y, z);
|
||
</pre>
|
||
|
||
<p>Or put the confusing argument on its own line with
|
||
an explanatory comment:</p>
|
||
<pre>bool result = DoSomething(scores[x] * y + bases[x], // Score heuristic.
|
||
x, y, z);
|
||
</pre>
|
||
|
||
<p>If there is still a case where one argument is
|
||
significantly more readable on its own line, then put it on
|
||
its own line. The decision should be specific to the argument
|
||
which is made more readable rather than a general policy.</p>
|
||
|
||
<p>Sometimes arguments form a structure that is important
|
||
for readability. In those cases, feel free to format the
|
||
arguments according to that structure:</p>
|
||
<pre>// Transform the widget by a 3x3 matrix.
|
||
my_widget.Transform(x1, x2, x3,
|
||
y1, y2, y3,
|
||
z1, z2, z3);
|
||
</pre>
|
||
|
||
<h3 id="Braced_Initializer_List_Format">Braced Initializer List Format</h3>
|
||
|
||
<p>Format a braced initializer list exactly like you would format a function
|
||
call in its place.</p>
|
||
|
||
<p>If the braced list follows a name (e.g., a type or
|
||
variable name), format as if the <code>{}</code> were the
|
||
parentheses of a function call with that name. If there
|
||
is no name, assume a zero-length name.</p>
|
||
|
||
<pre>// Examples of braced init list on a single line.
|
||
return {foo, bar};
|
||
functioncall({foo, bar});
|
||
std::pair<int, int> p{foo, bar};
|
||
|
||
// When you have to wrap.
|
||
SomeFunction(
|
||
{"assume a zero-length name before {"},
|
||
some_other_function_parameter);
|
||
SomeType variable{
|
||
some, other, values,
|
||
{"assume a zero-length name before {"},
|
||
SomeOtherType{
|
||
"Very long string requiring the surrounding breaks.",
|
||
some, other, values},
|
||
SomeOtherType{"Slightly shorter string",
|
||
some, other, values}};
|
||
SomeType variable{
|
||
"This is too long to fit all in one line"};
|
||
MyType m = { // Here, you could also break before {.
|
||
superlongvariablename1,
|
||
superlongvariablename2,
|
||
{short, interior, list},
|
||
{interiorwrappinglist,
|
||
interiorwrappinglist2}};
|
||
</pre>
|
||
|
||
<h3 id="Conditionals">Conditionals</h3>
|
||
|
||
<p>In an <code>if</code> statement, including its optional <code>else if</code>
|
||
and <code>else</code> clauses, put one space between the <code>if</code> and the
|
||
opening parenthesis, and between the closing parenthesis and the curly brace (if
|
||
any), but no spaces between the parentheses and the condition or initializer. If
|
||
the optional initializer is present, put a space or newline after the semicolon,
|
||
but not before.</p>
|
||
|
||
<pre class="badcode">if(condition) { // Bad - space missing after IF
|
||
if ( condition ) { // Bad - space between the parentheses and the condition
|
||
if (condition){ // Bad - space missing before {
|
||
if(condition){ // Doubly bad
|
||
|
||
if (int a = f();a == 10) { // Bad - space missing after the semicolon
|
||
</pre>
|
||
|
||
<p>Use curly braces for the controlled statements following
|
||
<code>if</code>, <code>else if</code> and <code>else</code>. Break the line
|
||
immediately after the opening brace, and immediately before the closing brace. A
|
||
subsequent <code>else</code>, if any, appears on the same line as the preceding
|
||
closing brace, separated by a space.</p>
|
||
|
||
<pre>if (condition) { // no spaces inside parentheses, space before brace
|
||
DoOneThing(); // two space indent
|
||
DoAnotherThing();
|
||
} else if (int a = f(); a != 3) { // closing brace on new line, else on same line
|
||
DoAThirdThing(a);
|
||
} else {
|
||
DoNothing();
|
||
}
|
||
</pre>
|
||
|
||
<p>For historical reasons, we allow one exception to the above rules: if an
|
||
<code>if</code> statement has no <code>else</code> or <code>else if</code>
|
||
clauses, then the curly braces for the controlled statement or the line breaks
|
||
inside the curly braces may be omitted if as a result the entire <code>if</code>
|
||
statement appears on either a single line (in which case there is a space
|
||
between the closing parenthesis and the controlled statement) or on two lines
|
||
(in which case there is a line break after the closing parenthesis and there are
|
||
no braces). For example, the following forms are allowed under this
|
||
exception.</p>
|
||
|
||
<pre>if (x == kFoo) return new Foo();
|
||
|
||
if (x == kBar)
|
||
return new Bar(arg1, arg2, arg3);
|
||
|
||
if (x == kQuz) { return new Quz(1, 2, 3); }
|
||
</pre>
|
||
|
||
<p>Use this style only when the statement is brief, and consider that
|
||
conditional statements with complex conditions or controlled statements may be
|
||
more readable with curly braces. Some
|
||
projects
|
||
require curly braces always.</p>
|
||
|
||
<p>Finally, these are not permitted:</p>
|
||
|
||
<pre class="badcode">// Bad - IF statement with ELSE is missing braces
|
||
if (x) DoThis();
|
||
else DoThat();
|
||
|
||
// Bad - IF statement with ELSE does not have braces everywhere
|
||
if (condition)
|
||
foo;
|
||
else {
|
||
bar;
|
||
}
|
||
|
||
// Bad - IF statement is too long to omit braces
|
||
if (condition)
|
||
// Comment
|
||
DoSomething();
|
||
|
||
// Bad - IF statement is too long to omit braces
|
||
if (condition1 &&
|
||
condition2)
|
||
DoSomething();
|
||
</pre>
|
||
|
||
<h3 id="Loops_and_Switch_Statements">Loops and Switch Statements</h3>
|
||
|
||
<p>Switch statements may use braces for blocks. Annotate
|
||
non-trivial fall-through between cases.
|
||
Braces are optional for single-statement loops.
|
||
Empty loop bodies should use either empty braces or <code>continue</code>.</p>
|
||
|
||
<p><code>case</code> blocks in <code>switch</code>
|
||
statements can have curly braces or not, depending on
|
||
your preference. If you do include curly braces they
|
||
should be placed as shown below.</p>
|
||
|
||
<p>If not conditional on an enumerated value, switch
|
||
statements should always have a <code>default</code> case
|
||
(in the case of an enumerated value, the compiler will
|
||
warn you if any values are not handled). If the default
|
||
case should never execute, treat this as an error. For example:
|
||
|
||
</p>
|
||
|
||
<div>
|
||
<pre>switch (var) {
|
||
case 0: { // 2 space indent
|
||
... // 4 space indent
|
||
break;
|
||
}
|
||
case 1: {
|
||
...
|
||
break;
|
||
}
|
||
default: {
|
||
assert(false);
|
||
}
|
||
}
|
||
</pre>
|
||
</div>
|
||
|
||
<p>Fall-through from one case label to
|
||
another must be annotated using the
|
||
<code>ABSL_FALLTHROUGH_INTENDED;</code> macro (defined in
|
||
|
||
<code>absl/base/macros.h</code>).
|
||
<code>ABSL_FALLTHROUGH_INTENDED;</code> should be placed at a
|
||
point of execution where a fall-through to the next case
|
||
label occurs. A common exception is consecutive case
|
||
labels without intervening code, in which case no
|
||
annotation is needed.</p>
|
||
|
||
<pre>switch (x) {
|
||
case 41: // No annotation needed here.
|
||
case 43:
|
||
if (dont_be_picky) {
|
||
// Use this instead of or along with annotations in comments.
|
||
ABSL_FALLTHROUGH_INTENDED;
|
||
} else {
|
||
CloseButNoCigar();
|
||
break;
|
||
}
|
||
case 42:
|
||
DoSomethingSpecial();
|
||
ABSL_FALLTHROUGH_INTENDED;
|
||
default:
|
||
DoSomethingGeneric();
|
||
break;
|
||
}
|
||
</pre>
|
||
|
||
<p> Braces are optional for single-statement loops.</p>
|
||
|
||
<pre>for (int i = 0; i < kSomeNumber; ++i)
|
||
printf("I love you\n");
|
||
|
||
for (int i = 0; i < kSomeNumber; ++i) {
|
||
printf("I take it back\n");
|
||
}
|
||
</pre>
|
||
|
||
|
||
<p>Empty loop bodies should use either an empty pair of braces or
|
||
<code>continue</code> with no braces, rather than a single semicolon.</p>
|
||
|
||
<pre>while (condition) {
|
||
// Repeat test until it returns false.
|
||
}
|
||
for (int i = 0; i < kSomeNumber; ++i) {} // Good - one newline is also OK.
|
||
while (condition) continue; // Good - continue indicates no logic.
|
||
</pre>
|
||
|
||
<pre class="badcode">while (condition); // Bad - looks like part of do/while loop.
|
||
</pre>
|
||
|
||
<h3 id="Pointer_and_Reference_Expressions">Pointer and Reference Expressions</h3>
|
||
|
||
<p>No spaces around period or arrow. Pointer operators do not
|
||
have trailing spaces.</p>
|
||
|
||
<p>The following are examples of correctly-formatted
|
||
pointer and reference expressions:</p>
|
||
|
||
<pre>x = *p;
|
||
p = &x;
|
||
x = r.y;
|
||
x = r->y;
|
||
</pre>
|
||
|
||
<p>Note that:</p>
|
||
|
||
<ul>
|
||
<li>There are no spaces around the period or arrow when
|
||
accessing a member.</li>
|
||
|
||
<li>Pointer operators have no space after the
|
||
<code>*</code> or <code>&</code>.</li>
|
||
</ul>
|
||
|
||
<p>When referring to a pointer or reference (variable declarations or definitions, arguments,
|
||
return types, template parameters, etc), you may place the space before or after the
|
||
asterisk/ampersand. In the trailing-space style, the space is elided in some cases (template
|
||
parameters, etc).</p>
|
||
|
||
<pre>// These are fine, space preceding.
|
||
char *c;
|
||
const std::string &str;
|
||
int *GetPointer();
|
||
std::vector<char *>
|
||
|
||
// These are fine, space following (or elided).
|
||
char* c;
|
||
const std::string& str;
|
||
int* GetPointer();
|
||
std::vector<char*> // Note no space between '*' and '>'
|
||
</pre>
|
||
|
||
<p>You should do this consistently within a single
|
||
file.
|
||
When modifying an existing file, use the style in
|
||
that file.</p>
|
||
|
||
It is allowed (if unusual) to declare multiple variables in the same
|
||
declaration, but it is disallowed if any of those have pointer or
|
||
reference decorations. Such declarations are easily misread.
|
||
<pre>// Fine if helpful for readability.
|
||
int x, y;
|
||
</pre>
|
||
<pre class="badcode">int x, *y; // Disallowed - no & or * in multiple declaration
|
||
int* x, *y; // Disallowed - no & or * in multiple declaration; inconsistent spacing
|
||
char * c; // Bad - spaces on both sides of *
|
||
const std::string & str; // Bad - spaces on both sides of &
|
||
</pre>
|
||
|
||
<h3 id="Boolean_Expressions">Boolean Expressions</h3>
|
||
|
||
<p>When you have a boolean expression that is longer than the
|
||
<a href="#Line_Length">standard line length</a>, be
|
||
consistent in how you break up the lines.</p>
|
||
|
||
<p>In this example, the logical AND operator is always at
|
||
the end of the lines:</p>
|
||
|
||
<pre>if (this_one_thing > this_other_thing &&
|
||
a_third_thing == a_fourth_thing &&
|
||
yet_another && last_one) {
|
||
...
|
||
}
|
||
</pre>
|
||
|
||
<p>Note that when the code wraps in this example, both of
|
||
the <code>&&</code> logical AND operators are at
|
||
the end of the line. This is more common in Google code,
|
||
though wrapping all operators at the beginning of the
|
||
line is also allowed. Feel free to insert extra
|
||
parentheses judiciously because they can be very helpful
|
||
in increasing readability when used
|
||
appropriately, but be careful about overuse. Also note that you
|
||
should always use the punctuation operators, such as
|
||
<code>&&</code> and <code>~</code>, rather than
|
||
the word operators, such as <code>and</code> and
|
||
<code>compl</code>.</p>
|
||
|
||
<h3 id="Return_Values">Return Values</h3>
|
||
|
||
<p>Do not needlessly surround the <code>return</code>
|
||
expression with parentheses.</p>
|
||
|
||
<p>Use parentheses in <code>return expr;</code> only
|
||
where you would use them in <code>x = expr;</code>.</p>
|
||
|
||
<pre>return result; // No parentheses in the simple case.
|
||
// Parentheses OK to make a complex expression more readable.
|
||
return (some_long_condition &&
|
||
another_condition);
|
||
</pre>
|
||
|
||
<pre class="badcode">return (value); // You wouldn't write var = (value);
|
||
return(result); // return is not a function!
|
||
</pre>
|
||
|
||
|
||
|
||
<h3 id="Variable_and_Array_Initialization">Variable and Array Initialization</h3>
|
||
|
||
<p>You may choose between <code>=</code>,
|
||
<code>()</code>, and <code>{}</code>; the following are
|
||
all correct:</p>
|
||
|
||
<pre>int x = 3;
|
||
int x(3);
|
||
int x{3};
|
||
std::string name = "Some Name";
|
||
std::string name("Some Name");
|
||
std::string name{"Some Name"};
|
||
</pre>
|
||
|
||
<p>Be careful when using a braced initialization list <code>{...}</code>
|
||
on a type with an <code>std::initializer_list</code> constructor.
|
||
A nonempty <i>braced-init-list</i> prefers the
|
||
<code>std::initializer_list</code> constructor whenever
|
||
possible. Note that empty braces <code>{}</code> are special, and
|
||
will call a default constructor if available. To force the
|
||
non-<code>std::initializer_list</code> constructor, use parentheses
|
||
instead of braces.</p>
|
||
|
||
<pre>std::vector<int> v(100, 1); // A vector containing 100 items: All 1s.
|
||
std::vector<int> v{100, 1}; // A vector containing 2 items: 100 and 1.
|
||
</pre>
|
||
|
||
<p>Also, the brace form prevents narrowing of integral
|
||
types. This can prevent some types of programming
|
||
errors.</p>
|
||
|
||
<pre>int pi(3.14); // OK -- pi == 3.
|
||
int pi{3.14}; // Compile error: narrowing conversion.
|
||
</pre>
|
||
|
||
<h3 id="Preprocessor_Directives">Preprocessor Directives</h3>
|
||
|
||
<p>The hash mark that starts a preprocessor directive should
|
||
always be at the beginning of the line.</p>
|
||
|
||
<p>Even when preprocessor directives are within the body
|
||
of indented code, the directives should start at the
|
||
beginning of the line.</p>
|
||
|
||
<pre>// Good - directives at beginning of line
|
||
if (lopsided_score) {
|
||
#if DISASTER_PENDING // Correct -- Starts at beginning of line
|
||
DropEverything();
|
||
# if NOTIFY // OK but not required -- Spaces after #
|
||
NotifyClient();
|
||
# endif
|
||
#endif
|
||
BackToNormal();
|
||
}
|
||
</pre>
|
||
|
||
<pre class="badcode">// Bad - indented directives
|
||
if (lopsided_score) {
|
||
#if DISASTER_PENDING // Wrong! The "#if" should be at beginning of line
|
||
DropEverything();
|
||
#endif // Wrong! Do not indent "#endif"
|
||
BackToNormal();
|
||
}
|
||
</pre>
|
||
|
||
<h3 id="Class_Format">Class Format</h3>
|
||
|
||
<p>Sections in <code>public</code>, <code>protected</code> and
|
||
<code>private</code> order, each indented one space.</p>
|
||
|
||
<p>The basic format for a class definition (lacking the
|
||
comments, see <a href="#Class_Comments">Class
|
||
Comments</a> for a discussion of what comments are
|
||
needed) is:</p>
|
||
|
||
<pre>class MyClass : public OtherClass {
|
||
public: // Note the 1 space indent!
|
||
MyClass(); // Regular 2 space indent.
|
||
explicit MyClass(int var);
|
||
~MyClass() {}
|
||
|
||
void SomeFunction();
|
||
void SomeFunctionThatDoesNothing() {
|
||
}
|
||
|
||
void set_some_var(int var) { some_var_ = var; }
|
||
int some_var() const { return some_var_; }
|
||
|
||
private:
|
||
bool SomeInternalFunction();
|
||
|
||
int some_var_;
|
||
int some_other_var_;
|
||
};
|
||
</pre>
|
||
|
||
<p>Things to note:</p>
|
||
|
||
<ul>
|
||
<li>Any base class name should be on the same line as
|
||
the subclass name, subject to the 80-column limit.</li>
|
||
|
||
<li>The <code>public:</code>, <code>protected:</code>,
|
||
and <code>private:</code> keywords should be indented
|
||
one space.</li>
|
||
|
||
<li>Except for the first instance, these keywords
|
||
should be preceded by a blank line. This rule is
|
||
optional in small classes.</li>
|
||
|
||
<li>Do not leave a blank line after these
|
||
keywords.</li>
|
||
|
||
<li>The <code>public</code> section should be first,
|
||
followed by the <code>protected</code> and finally the
|
||
<code>private</code> section.</li>
|
||
|
||
<li>See <a href="#Declaration_Order">Declaration
|
||
Order</a> for rules on ordering declarations within
|
||
each of these sections.</li>
|
||
</ul>
|
||
|
||
<h3 id="Constructor_Initializer_Lists">Constructor Initializer Lists</h3>
|
||
|
||
<p>Constructor initializer lists can be all on one line or
|
||
with subsequent lines indented four spaces.</p>
|
||
|
||
<p>The acceptable formats for initializer lists are:</p>
|
||
|
||
<pre>// When everything fits on one line:
|
||
MyClass::MyClass(int var) : some_var_(var) {
|
||
DoSomething();
|
||
}
|
||
|
||
// If the signature and initializer list are not all on one line,
|
||
// you must wrap before the colon and indent 4 spaces:
|
||
MyClass::MyClass(int var)
|
||
: some_var_(var), some_other_var_(var + 1) {
|
||
DoSomething();
|
||
}
|
||
|
||
// When the list spans multiple lines, put each member on its own line
|
||
// and align them:
|
||
MyClass::MyClass(int var)
|
||
: some_var_(var), // 4 space indent
|
||
some_other_var_(var + 1) { // lined up
|
||
DoSomething();
|
||
}
|
||
|
||
// As with any other code block, the close curly can be on the same
|
||
// line as the open curly, if it fits.
|
||
MyClass::MyClass(int var)
|
||
: some_var_(var) {}
|
||
</pre>
|
||
|
||
<h3 id="Namespace_Formatting">Namespace Formatting</h3>
|
||
|
||
<p>The contents of namespaces are not indented.</p>
|
||
|
||
<p><a href="#Namespaces">Namespaces</a> do not add an
|
||
extra level of indentation. For example, use:</p>
|
||
|
||
<pre>namespace {
|
||
|
||
void foo() { // Correct. No extra indentation within namespace.
|
||
...
|
||
}
|
||
|
||
} // namespace
|
||
</pre>
|
||
|
||
<p>Do not indent within a namespace:</p>
|
||
|
||
<pre class="badcode">namespace {
|
||
|
||
// Wrong! Indented when it should not be.
|
||
void foo() {
|
||
...
|
||
}
|
||
|
||
} // namespace
|
||
</pre>
|
||
|
||
<h3 id="Horizontal_Whitespace">Horizontal Whitespace</h3>
|
||
|
||
<p>Use of horizontal whitespace depends on location. Never put
|
||
trailing whitespace at the end of a line.</p>
|
||
|
||
<h4>General</h4>
|
||
|
||
<pre>void f(bool b) { // Open braces should always have a space before them.
|
||
...
|
||
int i = 0; // Semicolons usually have no space before them.
|
||
// Spaces inside braces for braced-init-list are optional. If you use them,
|
||
// put them on both sides!
|
||
int x[] = { 0 };
|
||
int x[] = {0};
|
||
|
||
// Spaces around the colon in inheritance and initializer lists.
|
||
class Foo : public Bar {
|
||
public:
|
||
// For inline function implementations, put spaces between the braces
|
||
// and the implementation itself.
|
||
Foo(int b) : Bar(), baz_(b) {} // No spaces inside empty braces.
|
||
void Reset() { baz_ = 0; } // Spaces separating braces from implementation.
|
||
...
|
||
</pre>
|
||
|
||
<p>Adding trailing whitespace can cause extra work for
|
||
others editing the same file, when they merge, as can
|
||
removing existing trailing whitespace. So: Don't
|
||
introduce trailing whitespace. Remove it if you're
|
||
already changing that line, or do it in a separate
|
||
clean-up
|
||
operation (preferably when no-one
|
||
else is working on the file).</p>
|
||
|
||
<h4>Loops and Conditionals</h4>
|
||
|
||
<pre>if (b) { // Space after the keyword in conditions and loops.
|
||
} else { // Spaces around else.
|
||
}
|
||
while (test) {} // There is usually no space inside parentheses.
|
||
switch (i) {
|
||
for (int i = 0; i < 5; ++i) {
|
||
// Loops and conditions may have spaces inside parentheses, but this
|
||
// is rare. Be consistent.
|
||
switch ( i ) {
|
||
if ( test ) {
|
||
for ( int i = 0; i < 5; ++i ) {
|
||
// For loops always have a space after the semicolon. They may have a space
|
||
// before the semicolon, but this is rare.
|
||
for ( ; i < 5 ; ++i) {
|
||
...
|
||
|
||
// Range-based for loops always have a space before and after the colon.
|
||
for (auto x : counts) {
|
||
...
|
||
}
|
||
switch (i) {
|
||
case 1: // No space before colon in a switch case.
|
||
...
|
||
case 2: break; // Use a space after a colon if there's code after it.
|
||
</pre>
|
||
|
||
<h4>Operators</h4>
|
||
|
||
<pre>// Assignment operators always have spaces around them.
|
||
x = 0;
|
||
|
||
// Other binary operators usually have spaces around them, but it's
|
||
// OK to remove spaces around factors. Parentheses should have no
|
||
// internal padding.
|
||
v = w * x + y / z;
|
||
v = w*x + y/z;
|
||
v = w * (x + z);
|
||
|
||
// No spaces separating unary operators and their arguments.
|
||
x = -5;
|
||
++x;
|
||
if (x && !y)
|
||
...
|
||
</pre>
|
||
|
||
<h4>Templates and Casts</h4>
|
||
|
||
<pre>// No spaces inside the angle brackets (< and >), before
|
||
// <, or between >( in a cast
|
||
std::vector<std::string> x;
|
||
y = static_cast<char*>(x);
|
||
|
||
// Spaces between type and pointer are OK, but be consistent.
|
||
std::vector<char *> x;
|
||
</pre>
|
||
|
||
<h3 id="Vertical_Whitespace">Vertical Whitespace</h3>
|
||
|
||
<p>Minimize use of vertical whitespace.</p>
|
||
|
||
<p>This is more a principle than a rule: don't use blank lines when
|
||
you don't have to. In particular, don't put more than one or two blank
|
||
lines between functions, resist starting functions with a blank line,
|
||
don't end functions with a blank line, and be sparing with your use of
|
||
blank lines. A blank line within a block of code serves like a
|
||
paragraph break in prose: visually separating two thoughts.</p>
|
||
|
||
<p>The basic principle is: The more code that fits on one screen, the
|
||
easier it is to follow and understand the control flow of the
|
||
program. Use whitespace purposefully to provide separation in that
|
||
flow.</p>
|
||
|
||
<p>Some rules of thumb to help when blank lines may be
|
||
useful:</p>
|
||
|
||
<ul>
|
||
<li>Blank lines at the beginning or end of a function
|
||
do not help readability.</li>
|
||
|
||
<li>Blank lines inside a chain of if-else blocks may
|
||
well help readability.</li>
|
||
|
||
<li>A blank line before a comment line usually helps
|
||
readability — the introduction of a new comment suggests
|
||
the start of a new thought, and the blank line makes it clear
|
||
that the comment goes with the following thing instead of the
|
||
preceding.</li>
|
||
|
||
<li>Blank lines immediately inside a declaration of a namespace or block of
|
||
namespaces may help readability by visually separating the load-bearing
|
||
content from the (largely non-semantic) organizational wrapper. Especially
|
||
when the first declaration inside the namespace(s) is preceded by a comment,
|
||
this becomes a special case of the previous rule, helping the comment to
|
||
"attach" to the subsequent declaration.</li>
|
||
</ul>
|
||
|
||
<h2 id="Exceptions_to_the_Rules">Exceptions to the Rules</h2>
|
||
|
||
<p>The coding conventions described above are mandatory.
|
||
However, like all good rules, these sometimes have exceptions,
|
||
which we discuss here.</p>
|
||
|
||
|
||
|
||
<div>
|
||
<h3 id="Existing_Non-conformant_Code">Existing Non-conformant Code</h3>
|
||
|
||
<p>You may diverge from the rules when dealing with code that
|
||
does not conform to this style guide.</p>
|
||
|
||
<p>If you find yourself modifying code that was written
|
||
to specifications other than those presented by this
|
||
guide, you may have to diverge from these rules in order
|
||
to stay consistent with the local conventions in that
|
||
code. If you are in doubt about how to do this, ask the
|
||
original author or the person currently responsible for
|
||
the code. Remember that <em>consistency</em> includes
|
||
local consistency, too.</p>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
<h3 id="Windows_Code">Windows Code</h3>
|
||
|
||
<p> Windows
|
||
programmers have developed their own set of coding
|
||
conventions, mainly derived from the conventions in Windows
|
||
headers and other Microsoft code. We want to make it easy
|
||
for anyone to understand your code, so we have a single set
|
||
of guidelines for everyone writing C++ on any platform.</p>
|
||
|
||
<p>It is worth reiterating a few of the guidelines that
|
||
you might forget if you are used to the prevalent Windows
|
||
style:</p>
|
||
|
||
<ul>
|
||
<li>Do not use Hungarian notation (for example, naming
|
||
an integer <code>iNum</code>). Use the Google naming
|
||
conventions, including the <code>.cc</code> extension
|
||
for source files.</li>
|
||
|
||
<li>Windows defines many of its own synonyms for
|
||
primitive types, such as <code>DWORD</code>,
|
||
<code>HANDLE</code>, etc. It is perfectly acceptable,
|
||
and encouraged, that you use these types when calling
|
||
Windows API functions. Even so, keep as close as you
|
||
can to the underlying C++ types. For example, use
|
||
<code>const TCHAR *</code> instead of
|
||
<code>LPCTSTR</code>.</li>
|
||
|
||
<li>When compiling with Microsoft Visual C++, set the
|
||
compiler to warning level 3 or higher, and treat all
|
||
warnings as errors.</li>
|
||
|
||
<li>Do not use <code>#pragma once</code>; instead use
|
||
the standard Google include guards. The path in the
|
||
include guards should be relative to the top of your
|
||
project tree.</li>
|
||
|
||
<li>In fact, do not use any nonstandard extensions,
|
||
like <code>#pragma</code> and <code>__declspec</code>,
|
||
unless you absolutely must. Using
|
||
<code>__declspec(dllimport)</code> and
|
||
<code>__declspec(dllexport)</code> is allowed; however,
|
||
you must use them through macros such as
|
||
<code>DLLIMPORT</code> and <code>DLLEXPORT</code>, so
|
||
that someone can easily disable the extensions if they
|
||
share the code.</li>
|
||
</ul>
|
||
|
||
<p>However, there are just a few rules that we
|
||
occasionally need to break on Windows:</p>
|
||
|
||
<ul>
|
||
<li>Normally we <a href="#Multiple_Inheritance">strongly discourage
|
||
the use of multiple implementation inheritance</a>;
|
||
however, it is required when using COM and some ATL/WTL
|
||
classes. You may use multiple implementation
|
||
inheritance to implement COM or ATL/WTL classes and
|
||
interfaces.</li>
|
||
|
||
<li>Although you should not use exceptions in your own
|
||
code, they are used extensively in the ATL and some
|
||
STLs, including the one that comes with Visual C++.
|
||
When using the ATL, you should define
|
||
<code>_ATL_NO_EXCEPTIONS</code> to disable exceptions.
|
||
You should investigate whether you can also disable
|
||
exceptions in your STL, but if not, it is OK to turn on
|
||
exceptions in the compiler. (Note that this is only to
|
||
get the STL to compile. You should still not write
|
||
exception handling code yourself.)</li>
|
||
|
||
<li>The usual way of working with precompiled headers
|
||
is to include a header file at the top of each source
|
||
file, typically with a name like <code>StdAfx.h</code>
|
||
or <code>precompile.h</code>. To make your code easier
|
||
to share with other projects, avoid including this file
|
||
explicitly (except in <code>precompile.cc</code>), and
|
||
use the <code>/FI</code> compiler option to include the
|
||
file automatically.</li>
|
||
|
||
<li>Resource headers, which are usually named
|
||
<code>resource.h</code> and contain only macros, do not
|
||
need to conform to these style guidelines.</li>
|
||
</ul>
|
||
|
||
<h2 id="Parting_Words">Parting Words</h2>
|
||
|
||
<p>Use common sense and <em>BE CONSISTENT</em>.</p>
|
||
|
||
<p>If you are editing code, take a few minutes to look at the
|
||
code around you and determine its style. If they use spaces
|
||
around their <code>if</code> clauses, you should, too. If their
|
||
comments have little boxes of stars around them, make your
|
||
comments have little boxes of stars around them too.</p>
|
||
|
||
<p>The point of having style guidelines is to have a common
|
||
vocabulary of coding so people can concentrate on what you are
|
||
saying, rather than on how you are saying it. We present global
|
||
style rules here so people know the vocabulary. But local style
|
||
is also important. If code you add to a file looks drastically
|
||
different from the existing code around it, the discontinuity
|
||
throws readers out of their rhythm when they go to read it. Try
|
||
to avoid this.</p>
|
||
|
||
|
||
|
||
<p>OK, enough writing about writing code; the code itself is much
|
||
more interesting. Have fun!</p>
|
||
|
||
<hr>
|
||
</div>
|
||
</body>
|
||
</html> |