diff options
Diffstat (limited to 'cppguide.html')
| -rw-r--r-- | cppguide.html | 3449 |
1 files changed, 1605 insertions, 1844 deletions
diff --git a/cppguide.html b/cppguide.html index 590cc9f..bbf1f64 100644 --- a/cppguide.html +++ b/cppguide.html @@ -1,20 +1,19 @@ <!DOCTYPE html> -<html> +<html lang="en"> <head> -<meta http-equiv="content-type" content="text/html; charset=UTF-8"> +<meta charset="utf-8"> <title>Google C++ Style Guide</title> -<link rel="stylesheet" type="text/css" href="include/styleguide.css"> -<script language="javascript" src="include/styleguide.js"></script> -<link rel="shortcut icon" type="image/x-icon" href="https://www.google.com/favicon.ico" /> +<link rel="stylesheet" href="include/styleguide.css"> +<script src="include/styleguide.js"></script> +<link rel="shortcut icon" href="https://www.google.com/favicon.ico"> </head> <body onload="initStyleGuide();"> <div id="content"> <h1>Google C++ Style Guide</h1> <div class="horizontal_toc" id="tocDiv"></div> - <div class="main_body"> -<h2 class="ignoreLink" id="Background">Background</h2> +<h2 id="Background" class="ignoreLink">Background</h2> <p>C++ is one of the main development languages used by many of Google's open-source projects. As every C++ @@ -23,8 +22,8 @@ this power brings with it complexity, which in turn can make code more bug-prone and harder to read and maintain.</p> <p>The goal of this guide is to manage this complexity by -describing in detail the dos and don'ts of writing C++ code. -These rules exist to +describing in detail the dos and don'ts of writing C++ code +. These rules exist to keep the code base manageable while still allowing coders to use C++ language features productively.</p> @@ -40,13 +39,11 @@ Google conform to the requirements in this guide. - - <p>Note that this guide is not a C++ tutorial: we assume that the reader is familiar with the language. </p> <h3 id="Goals">Goals of the Style Guide</h3> -<div class="stylebody"> + <p>Why do we have this document?</p> <p>There are a few core goals that we believe this guide should @@ -126,7 +123,7 @@ trickier language constructs, because any benefits of more complex implementation are multiplied widely by usage, and the cost in understanding the complexity does not need to be paid again when working with new portions of the codebase. When in doubt, waivers to rules of this type -can be sought by asking +can be sought by asking your project leads. This is specifically important for our codebase because code ownership and team membership changes over time: even if everyone that works with some piece of code @@ -158,9 +155,22 @@ same as a license to proceed. Use your judgment, and if you are unsure, please don't hesitate to ask your project leads to get additional input.</p> -</div> - + +<h2 id="C++_Version">C++ Version</h2> + +<p>Currently, code should target C++17, i.e., should not use C++2x + features. The C++ version targeted by this guide will advance + (aggressively) over time.</p> + + + +<p>Do not use + <a href="#Nonstandard_Extensions">non-standard extensions</a>.</p> + + <div>Consider portability to other environments +before using features from C++14 and C++17 in your project. +</div> <h2 id="Header_Files">Header Files</h2> @@ -179,13 +189,10 @@ pitfalls of using header files.</p> <a id="The_-inl.h_Files"></a> <h3 id="Self_contained_Headers">Self-contained Headers</h3> -<div class="summary"> <p>Header files should be self-contained (compile on their own) and end in <code>.h</code>. Non-header files that are meant for inclusion should end in <code>.inc</code> and be used sparingly.</p> -</div> -<div class="stylebody"> <p>All header files should be self-contained. Users and refactoring tools should not have to adhere to special conditions to include the header. Specifically, a header should @@ -214,26 +221,23 @@ their prerequisites. Name such files with the <code>.inc</code> extension. Use sparingly, and prefer self-contained headers when possible.</p> -</div> - <h3 id="The__define_Guard">The #define Guard</h3> -<div class="summary"> <p>All header files should have <code>#define</code> guards to prevent multiple inclusion. The format of the symbol name should be -<code><i><PROJECT></i>_<i><PATH></i>_<i><FILE></i>_H_</code>.</p> -</div> -<div class="stylebody"> +<code><i><PROJECT></i>_<i><PATH></i>_<i><FILE></i>_H_</code>.</p> +<div> <p>To guarantee uniqueness, they should be based on the full path in a project's source tree. For example, the file <code>foo/src/bar/baz.h</code> in project <code>foo</code> should have the following guard:</p> +</div> <pre>#ifndef FOO_BAR_BAZ_H_ #define FOO_BAR_BAZ_H_ @@ -245,24 +249,16 @@ guard:</p> - -</div> - <h3 id="Forward_Declarations">Forward Declarations</h3> -<div class="summary"> - <p>Avoid using forward declarations where possible. - Just <code>#include</code> the headers you need.</p> -</div> - -<div class="stylebody"> +<p>Avoid using forward declarations where possible. +Instead, <code>#include</code> the headers you need.</p> -<div class="definition"> +<p class="definition"></p> <p>A "forward declaration" is a declaration of a class, function, or template without an associated definition.</p> -</div> -<div class="pros"> +<p class="pros"></p> <ul> <li>Forward declarations can save compile time, as <code>#include</code>s force the compiler to open @@ -273,9 +269,8 @@ function, or template without an associated definition.</p> your code to be recompiled more often, due to unrelated changes in the header.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Forward declarations can hide a dependency, allowing user code to skip necessary recompilation when headers @@ -319,11 +314,10 @@ function, or template without an associated definition.</p> (e.g. using pointer members instead of object members) can make the code slower and more complex.</li> - + </ul> -</div> -<div class="decision"> +<p class="decision"></p> <ul> <li>Try to avoid forward declarations of entities defined in another project.</li> @@ -337,33 +331,24 @@ function, or template without an associated definition.</p> <p>Please see <a href="#Names_and_Order_of_Includes">Names and Order of Includes</a> for rules about when to #include a header.</p> -</div> - -</div> <h3 id="Inline_Functions">Inline Functions</h3> -<div class="summary"> <p>Define functions inline only when they are small, say, 10 lines or fewer.</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p>You can declare functions in a way that allows the compiler to expand them inline rather than calling them through the usual function call mechanism.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Inlining a function can generate more efficient object code, as long as the inlined function is small. Feel free to inline accessors and mutators, and other short, performance-critical functions.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Overuse of inlining can actually make programs slower. Depending on a function's size, inlining it can cause the code size to increase or decrease. Inlining a very small @@ -371,9 +356,8 @@ accessor function will usually decrease code size while inlining a very large function can dramatically increase code size. On modern processors smaller code usually runs faster due to better use of the instruction cache.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>A decent rule of thumb is to not inline a function if it is more than 10 lines long. Beware of destructors, which are often longer than they appear because of @@ -392,23 +376,18 @@ main reason for making a virtual function inline is to place its definition in the class, either for convenience or to document its behavior, e.g., for accessors and mutators.</p> -</div> - -</div> <h3 id="Names_and_Order_of_Includes">Names and Order of Includes</h3> -<div class="summary"> -<p>Use standard order for readability and to avoid hidden -dependencies: Related header, C library, C++ library, other libraries' -<code>.h</code>, your project's <code>.h</code>.</p> -</div> +<p>Include headers in the following order: Related header, C system headers, +C++ standard library headers, +other libraries' headers, your project's +headers.</p> -<div class="stylebody"> <p> All of a project's header files should be listed as descendants of the project's source -directory without use of UNIX directory shortcuts +directory without use of UNIX directory aliases <code>.</code> (the current directory) or <code>..</code> (the parent directory). For example, @@ -427,19 +406,31 @@ as follows:</p> <ol> <li><code><var>dir2/foo2</var>.h</code>.</li> - <li>C system files.</li> + <li>A blank line</li> - <li>C++ system files.</li> + <li>C system headers (more precisely: headers in angle brackets with the + <code>.h</code> extension), e.g. <code><unistd.h></code>, + <code><stdlib.h></code>.</li> - <li>Other libraries' <code>.h</code> - files.</li> + <li>A blank line</li> + + <li>C++ standard library headers (without file extension), e.g. + <code><algorithm></code>, <code><cstddef></code>.</li> + + <li>A blank line</li> + + <div> + <li>Other libraries' <code>.h</code> files.</li> + </div> <li> Your project's <code>.h</code> files.</li> </ol> -<p>With the preferred ordering, if +<p>Separate each non-empty group with one blank line.</p> + +<p>With the preferred ordering, if the related header <code><var>dir2/foo2</var>.h</code> omits any necessary includes, the build of <code><var>dir/foo</var>.cc</code> or <code><var>dir/foo</var>_test.cc</code> will break. @@ -455,6 +446,11 @@ directories too.</p> +<p>Note that the C headers such as <code>stddef.h</code> +are essentially interchangeable with their C++ counterparts +(<code>cstddef</code>). +Either style is acceptable, but prefer consistency with existing code.</p> + <p>Within each section the includes should be ordered alphabetically. Note that older code might not conform to this rule and should be fixed when convenient.</p> @@ -465,23 +461,19 @@ declaration</a>. If you rely on symbols from <code>bar.h</code>, don't count on the fact that you included <code>foo.h</code> which (currently) includes <code>bar.h</code>: include <code>bar.h</code> yourself, unless <code>foo.h</code> explicitly demonstrates its intent -to provide you the symbols of <code>bar.h</code>. However, any -includes present in the related header do not need to be included -again in the related <code>cc</code> (i.e., <code>foo.cc</code> can -rely on <code>foo.h</code>'s includes).</p> +to provide you the symbols of <code>bar.h</code>.</p> <p>For example, the includes in <code>google-awesome-project/src/foo/internal/fooserver.cc</code> might look like this:</p> - <pre>#include "foo/server/fooserver.h" #include <sys/types.h> #include <unistd.h> -#include <hash_map> +#include <string> #include <vector> #include "base/basictypes.h" @@ -489,7 +481,9 @@ might look like this:</p> #include "foo/server/bar.h" </pre> -<p class="exception">Sometimes, system-specific code needs +<p><b>Exception:</b></p> + +<p>Sometimes, system-specific code needs conditional includes. Such code can put conditional includes after other includes. Of course, keep your system-specific code small and localized. Example:</p> @@ -503,13 +497,10 @@ system-specific code small and localized. Example:</p> #endif // LANG_CXX11 </pre> -</div> - <h2 id="Scoping">Scoping</h2> <h3 id="Namespaces">Namespaces</h3> -<div class="summary"> <p>With few exceptions, place code in a namespace. Namespaces should have unique names based on the project name, and possibly its path. Do not use <i>using-directives</i> (e.g. @@ -517,17 +508,13 @@ its path. Do not use <i>using-directives</i> (e.g. inline namespaces. For unnamed namespaces, see <a href="#Unnamed_Namespaces_and_Static_Variables">Unnamed Namespaces and Static Variables</a>. -</p></div> - -<div class="stylebody"> -<div class="definition"> +</p><p class="definition"></p> <p>Namespaces subdivide the global scope into distinct, named scopes, and so are useful for preventing name collisions in the global scope.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Namespaces provide a method for preventing name conflicts in large programs while allowing most code to use reasonably @@ -545,20 +532,19 @@ can continue to refer to <code>Foo</code> without the prefix.</p> the enclosing scope. Consider the following snippet, for example:</p> -<pre>namespace X { -inline namespace Y { +<pre class="neutralcode">namespace outer { +inline namespace inner { void foo(); -} // namespace Y -} // namespace X +} // namespace inner +} // namespace outer </pre> -<p>The expressions <code>X::Y::foo()</code> and -<code>X::foo()</code> are interchangeable. Inline +<p>The expressions <code>outer::inner::foo()</code> and +<code>outer::foo()</code> are interchangeable. Inline namespaces are primarily intended for ABI compatibility across versions.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Namespaces can be confusing, because they complicate the mechanics of figuring out what definition a name refers @@ -572,9 +558,8 @@ some larger versioning policy.</p> <p>In some contexts, it's necessary to repeatedly refer to symbols by their fully-qualified names. For deeply-nested namespaces, this can add a lot of clutter.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>Namespaces should be used as follows:</p> @@ -584,7 +569,7 @@ namespaces, this can add a lot of clutter.</p> </li><li> <p>Namespaces wrap the entire source file after - includes, + includes, <a href="https://gflags.github.io/gflags/"> gflags</a> definitions/declarations and forward declarations of classes from other namespaces.</p> @@ -619,19 +604,27 @@ void MyClass::Foo() { <pre>#include "a.h" -DEFINE_FLAG(bool, someflag, false, "dummy flag"); +ABSL_FLAG(bool, someflag, false, "dummy flag"); -namespace a { +namespace mynamespace { -using ::foo::bar; +using ::foo::Bar; -...code for a... // Code goes against the left margin. +...code for mynamespace... // Code goes against the left margin. -} // namespace a +} // namespace mynamespace </pre> </li> - + <li>To place generated protocol + message code in a namespace, use the + <code>package</code> specifier in the + <code>.proto</code> file. See + + + <a href="https://developers.google.com/protocol-buffers/docs/reference/cpp-generated#package"> + Protocol Buffer Packages</a> + for details.</li> <li>Do not declare anything in namespace <code>std</code>, including forward declarations of @@ -674,30 +667,23 @@ inline void my_inline_function() { </li><li>Do not use inline namespaces.</li> </ul> -</div> -</div> <h3 id="Unnamed_Namespaces_and_Static_Variables">Unnamed Namespaces and Static Variables</h3> -<div class="summary"> <p>When definitions in a <code>.cc</code> file do not need to be referenced outside that file, place them in an unnamed namespace or declare them <code>static</code>. Do not use either of these constructs in <code>.h</code> files. -</p></div> - -<div class="stylebody"> -<div class="definition"> -<p>All declarations can be given internal linkage by placing them in -unnamed namespaces, and functions and variables can be given internal linkage by +</p><p class="definition"></p> +<p>All declarations can be given internal linkage by placing them in unnamed +namespaces. Functions and variables can also be given internal linkage by declaring them <code>static</code>. This means that anything you're declaring -can't be accessed from another file. If a different file declares something -with the same name, then the two entities are completely independent.</p> -</div> +can't be accessed from another file. If a different file declares something with +the same name, then the two entities are completely independent.</p> -<div class="decision"> +<p class="decision"></p> <p>Use of internal linkage in <code>.cc</code> files is encouraged for all code that does not need to be referenced elsewhere. @@ -710,76 +696,44 @@ Do not use internal linkage in <code>.h</code> files.</p> ... } // namespace </pre> -</div> -</div> <h3 id="Nonmember,_Static_Member,_and_Global_Functions">Nonmember, Static Member, and Global Functions</h3> -<div class="summary"> <p>Prefer placing nonmember functions in a namespace; use completely global -functions rarely. Prefer grouping functions with a namespace instead of -using a class as if it were a namespace. Static methods of a class should -generally be closely related to instances of the class or the class's static -data.</p> -</div> +functions rarely. Do not use a class simply to group static functions. Static +methods of a class should generally be closely related to instances of the +class or the class's static data.</p> - <div class="stylebody"> - <div class="pros"> - <p>Nonmember and static member functions can be useful in - some situations. Putting nonmember functions in a - namespace avoids polluting the global namespace.</p> - </div> +<p class="pros"></p> +<p>Nonmember and static member functions can be useful in +some situations. Putting nonmember functions in a +namespace avoids polluting the global namespace.</p> -<div class="cons"> +<p class="cons"></p> <p>Nonmember and static member functions may make more sense as members of a new class, especially if they access external resources or have significant dependencies.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>Sometimes it is useful to define a function not bound to a class instance. Such a function can be either a static member or a nonmember function. Nonmember functions should not depend on external variables, and should nearly always exist in a namespace. -Rather than creating classes only to group static member -functions which do not share static data, use -<a href="#Namespaces">namespaces</a> instead. For a header -<code>myproject/foo_bar.h</code>, for example, write</p> -<pre>namespace myproject { -namespace foo_bar { -void Function1(); -void Function2(); -} // namespace foo_bar -} // namespace myproject -</pre> -<p>instead of</p> -<pre class="badcode">namespace myproject { -class FooBar { - public: - static void Function1(); - static void Function2(); -}; -} // namespace myproject -</pre> +Do not create classes only to group static member functions; +this is no different than just giving the function names a +common prefix, and such grouping is usually unnecessary anyway.</p> <p>If you define a nonmember function and it is only needed in its <code>.cc</code> file, use <a href="#Unnamed_Namespaces_and_Static_Variables">internal linkage</a> to limit its scope.</p> -</div> - -</div> <h3 id="Local_Variables">Local Variables</h3> -<div class="summary"> <p>Place a function's variables in the narrowest scope possible, and initialize variables in the declaration.</p> -</div> - -<div class="stylebody"> <p>C++ allows you to declare variables anywhere in a function. We encourage you to declare them in as local a @@ -833,89 +787,286 @@ for (int i = 0; i < 1000000; ++i) { } </pre> -</div> - <h3 id="Static_and_Global_Variables">Static and Global Variables</h3> -<div class="summary"> - <p>Variables of class type with <a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration"> - static storage duration</a> are forbidden: they cause hard-to-find bugs due - to indeterminate order of construction and destruction. However, such - variables are allowed if they are <code>constexpr</code>: they have no - dynamic initialization or destruction.</p> -</div> +<p>Objects with +<a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration"> +static storage duration</a> are forbidden unless they are +<a href="http://en.cppreference.com/w/cpp/types/is_destructible">trivially +destructible</a>. Informally this means that the destructor does not do +anything, even taking member and base destructors into account. More formally it +means that the type has no user-defined or virtual destructor and that all bases +and non-static members are trivially destructible. +Static function-local variables may use dynamic initialization. +Use of dynamic initialization for static class member variables or variables at +namespace scope is discouraged, but allowed in limited circumstances; see below +for details.</p> + +<p>As a rule of thumb: a global variable satisfies these requirements if its +declaration, considered in isolation, could be <code>constexpr</code>.</p> + +<p class="definition"></p> +<p>Every object has a <dfn>storage duration</dfn>, which correlates with its +lifetime. Objects with static storage duration live from the point of their +initialization until the end of the program. Such objects appear as variables at +namespace scope ("global variables"), as static data members of classes, or as +function-local variables that are declared with the <code>static</code> +specifier. Function-local static variables are initialized when control first +passes through their declaration; all other objects with static storage duration +are initialized as part of program start-up. All objects with static storage +duration are destroyed at program exit (which happens before unjoined threads +are terminated).</p> + +<p>Initialization may be <dfn>dynamic</dfn>, which means that something +non-trivial happens during initialization. (For example, consider a constructor +that allocates memory, or a variable that is initialized with the current +process ID.) The other kind of initialization is <dfn>static</dfn> +initialization. The two aren't quite opposites, though: static +initialization <em>always</em> happens to objects with static storage duration +(initializing the object either to a given constant or to a representation +consisting of all bytes set to zero), whereas dynamic initialization happens +after that, if required.</p> + +<p class="pros"></p> +<p>Global and static variables are very useful for a large number of +applications: named constants, auxiliary data structures internal to some +translation unit, command-line flags, logging, registration mechanisms, +background infrastructure, etc.</p> + +<p class="cons"></p> +<p>Global and static variables that use dynamic initialization or have +non-trivial destructors create complexity that can easily lead to hard-to-find +bugs. Dynamic initialization is not ordered across translation units, and +neither is destruction (except that destruction +happens in reverse order of initialization). When one initialization refers to +another variable with static storage duration, it is possible that this causes +an object to be accessed before its lifetime has begun (or after its lifetime +has ended). Moreover, when a program starts threads that are not joined at exit, +those threads may attempt to access objects after their lifetime has ended if +their destructor has already run.</p> + +<p class="decision"></p> +<h4>Decision on destruction</h4> + +<p>When destructors are trivial, their execution is not subject to ordering at +all (they are effectively not "run"); otherwise we are exposed to the risk of +accessing objects after the end of their lifetime. Therefore, we only allow +objects with static storage duration if they are trivially destructible. +Fundamental types (like pointers and <code>int</code>) are trivially +destructible, as are arrays of trivially destructible types. Note that +variables marked with <code>constexpr</code> are trivially destructible.</p> +<pre>const int kNum = 10; // allowed + +struct X { int n; }; +const X kX[] = {{1}, {2}, {3}}; // allowed + +void foo() { + static const char* const kMessages[] = {"hello", "world"}; // allowed +} + +// allowed: constexpr guarantees trivial destructor +constexpr std::array<int, 3> kArray = {{1, 2, 3}};</pre> +<pre class="badcode">// bad: non-trivial destructor +const std::string kFoo = "foo"; + +// bad for the same reason, even though kBar is a reference (the +// rule also applies to lifetime-extended temporary objects) +const std::string& kBar = StrCat("a", "b", "c"); + +void bar() { + // bad: non-trivial destructor + static std::map<int, int> kData = {{1, 0}, {2, 0}, {3, 0}}; +}</pre> + +<p>Note that references are not objects, and thus they are not subject to the +constraints on destructibility. The constraint on dynamic initialization still +applies, though. In particular, a function-local static reference of the form +<code>static T& t = *new T;</code> is allowed.</p> + +<h4>Decision on initialization</h4> + +<p>Initialization is a more complex topic. This is because we must not only +consider whether class constructors execute, but we must also consider the +evaluation of the initializer:</p> +<pre class="neutralcode">int n = 5; // fine +int m = f(); // ? (depends on f) +Foo x; // ? (depends on Foo::Foo) +Bar y = g(); // ? (depends on g and on Bar::Bar) +</pre> + +<p>All but the first statement expose us to indeterminate initialization +ordering.</p> + +<p>The concept we are looking for is called <em>constant initialization</em> in +the formal language of the C++ standard. It means that the initializing +expression is a constant expression, and if the object is initialized by a +constructor call, then the constructor must be specified as +<code>constexpr</code>, too:</p> +<pre>struct Foo { constexpr Foo(int) {} }; + +int n = 5; // fine, 5 is a constant expression +Foo x(2); // fine, 2 is a constant expression and the chosen constructor is constexpr +Foo a[] = { Foo(1), Foo(2), Foo(3) }; // fine</pre> + +<p>Constant initialization is always allowed. Constant initialization of +static storage duration variables should be marked with <code>constexpr</code> +or where possible the + + +<a href="https://github.com/abseil/abseil-cpp/blob/03c1513538584f4a04d666be5eb469e3979febba/absl/base/attributes.h#L540"> +<code>ABSL_CONST_INIT</code></a> +attribute. Any non-local static storage +duration variable that is not so marked should be presumed to have +dynamic initialization, and reviewed very carefully.</p> + +<p>By contrast, the following initializations are problematic:</p> + +<pre class="badcode">// Some declarations used below. +time_t time(time_t*); // not constexpr! +int f(); // not constexpr! +struct Bar { Bar() {} }; + +// Problematic initializations. +time_t m = time(nullptr); // initializing expression not a constant expression +Foo y(f()); // ditto +Bar b; // chosen constructor Bar::Bar() not constexpr</pre> + +<p>Dynamic initialization of nonlocal variables is discouraged, and in general +it is forbidden. However, we do permit it if no aspect of the program depends +on the sequencing of this initialization with respect to all other +initializations. Under those restrictions, the ordering of the initialization +does not make an observable difference. For example:</p> +<pre>int p = getpid(); // allowed, as long as no other static variable + // uses p in its own initialization</pre> + +<p>Dynamic initialization of static local variables is allowed (and common).</p> + + -<div class="stylebody"> - -<p>Objects with static storage duration, including global -variables, static variables, static class member -variables, and function static variables, must be Plain -Old Data (POD): only ints, chars, floats, or pointers, or -arrays/structs of POD.</p> - -<p>The order in which class constructors and initializers -for static variables are called is only partially -specified in C++ and can even change from build to build, -which can cause bugs that are difficult to find. -Therefore in addition to banning globals of class type, -we do not allow non-local static variables to be initialized -with the result of a function, unless that function (such -as getenv(), or getpid()) does not itself depend on any -other globals. However, a static POD variable within -function scope may be initialized with the result of a -function, since its initialization order is well-defined -and does not occur until control passes through its -declaration.</p> - -<p>Likewise, global and static variables are destroyed -when the program terminates, regardless of whether the -termination is by returning from <code>main()</code> or -by calling <code>exit()</code>. The order in which -destructors are called is defined to be the reverse of -the order in which the constructors were called. Since -constructor order is indeterminate, so is destructor -order. For example, at program-end time a static variable -might have been destroyed, but code still running -— perhaps in another thread -— tries to access it and fails. Or the -destructor for a static <code>string</code> variable -might be run prior to the destructor for another variable -that contains a reference to that string.</p> - -<p>One way to alleviate the destructor problem is to -terminate the program by calling -<code>quick_exit()</code> instead of <code>exit()</code>. -The difference is that <code>quick_exit()</code> does not -invoke destructors and does not invoke any handlers that -were registered by calling <code>atexit()</code>. If you -have a handler that needs to run when a program -terminates via <code>quick_exit()</code> (flushing logs, -for example), you can register it using -<code>at_quick_exit()</code>. (If you have a handler that -needs to run at both <code>exit()</code> and -<code>quick_exit()</code>, you need to register it in -both places.)</p> - -<p>As a result we only allow static variables to contain -POD data. This rule completely disallows -<code>std::vector</code> (use C arrays instead), or -<code>string</code> (use <code>const char []</code>).</p> - - - -<p>If you need a static or global -variable of a class type, consider initializing a pointer -(which will never be freed), from either your main() -function or from pthread_once(). Note that this must be a -raw pointer, not a "smart" pointer, since the smart -pointer's destructor will have the order-of-destructor -issue that we are trying to avoid.</p> - - - - - -</div> +<h4>Common patterns</h4> + +<ul> + <li>Global strings: if you require a global or static string constant, + consider using a simple character array, or a char pointer to the first + element of a string literal. String literals have static storage duration + already and are usually sufficient.</li> + <li>Maps, sets, and other dynamic containers: if you require a static, fixed + collection, such as a set to search against or a lookup table, you cannot + use the dynamic containers from the standard library as a static variable, + since they have non-trivial destructors. Instead, consider a simple array of + trivial types, e.g. an array of arrays of ints (for a "map from int to + int"), or an array of pairs (e.g. pairs of <code>int</code> and <code>const + char*</code>). For small collections, linear search is entirely sufficient + (and efficient, due to memory locality); consider using the facilities from + + <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/algorithm/container.h">absl/algorithm/container.h</a> + + + for the standard operations. If necessary, keep the collection in sorted + order and use a binary search algorithm. If you do really prefer a dynamic + container from the standard library, consider using a function-local static + pointer, as described below.</li> + <li>Smart pointers (<code>unique_ptr</code>, <code>shared_ptr</code>): smart + pointers execute cleanup during destruction and are therefore forbidden. + Consider whether your use case fits into one of the other patterns described + in this section. One simple solution is to use a plain pointer to a + dynamically allocated object and never delete it (see last item).</li> + <li>Static variables of custom types: if you require static, constant data of + a type that you need to define yourself, give the type a trivial destructor + and a <code>constexpr</code> constructor.</li> + <li>If all else fails, you can create an object dynamically and never delete + it by using a function-local static pointer or reference (e.g. <code>static + const auto& impl = *new T(args...);</code>).</li> +</ul> + +<h3 id="thread_local">thread_local Variables</h3> + +<p><code>thread_local</code> variables that aren't declared inside a function +must be initialized with a true compile-time constant, +and this must be enforced by using the + + +<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h"> +<code>ABSL_CONST_INIT</code></a> +attribute. Prefer +<code>thread_local</code> over other ways of defining thread-local data.</p> + +<p class="definition"></p> +<p>Starting with C++11, variables can be declared with the +<code>thread_local</code> specifier:</p> +<pre>thread_local Foo foo = ...; +</pre> +<p>Such a variable is actually a collection of objects, so that when different +threads access it, they are actually accessing different objects. +<code>thread_local</code> variables are much like +<a href="#Static_and_Global_Variables">static storage duration variables</a> +in many respects. For instance, they can be declared at namespace scope, +inside functions, or as static class members, but not as ordinary class +members.</p> + +<p><code>thread_local</code> variable instances are initialized much like +static variables, except that they must be initialized separately for each +thread, rather than once at program startup. This means that +<code>thread_local</code> variables declared within a function are safe, but +other <code>thread_local</code> variables are subject to the same +initialization-order issues as static variables (and more besides).</p> + +<p><code>thread_local</code> variable instances are destroyed when their thread +terminates, so they do not have the destruction-order issues of static +variables.</p> + +<p class="pros"></p> +<ul> + <li>Thread-local data is inherently safe from races (because only one thread + can ordinarily access it), which makes <code>thread_local</code> useful for + concurrent programming.</li> + <li><code>thread_local</code> is the only standard-supported way of creating + thread-local data.</li> +</ul> + +<p class="cons"></p> +<ul> + <li>Accessing a <code>thread_local</code> variable may trigger execution of + an unpredictable and uncontrollable amount of other code.</li> + <li><code>thread_local</code> variables are effectively global variables, + and have all the drawbacks of global variables other than lack of + thread-safety.</li> + <li>The memory consumed by a <code>thread_local</code> variable scales with + the number of running threads (in the worst case), which can be quite large + in a program.</li> + <li>An ordinary class member cannot be <code>thread_local</code>.</li> + <li><code>thread_local</code> may not be as efficient as certain compiler + intrinsics.</li> +</ul> + +<p class="decision"></p> + <p><code>thread_local</code> variables inside a function have no safety + concerns, so they can be used without restriction. Note that you can use + a function-scope <code>thread_local</code> to simulate a class- or + namespace-scope <code>thread_local</code> by defining a function or + static method that exposes it:</p> + +<pre>Foo& MyThreadLocalFoo() { + thread_local Foo result = ComplicatedInitialization(); + return result; +} +</pre> + +<p><code>thread_local</code> variables at class or namespace scope must be +initialized with a true compile-time constant (i.e. they must have no +dynamic initialization). To enforce this, <code>thread_local</code> variables +at class or namespace scope must be annotated with + + +<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h"> +<code>ABSL_CONST_INIT</code></a> +(or <code>constexpr</code>, but that should be rare):</p> + +<pre>ABSL_CONST_INIT thread_local Foo foo = ...; +</pre> + +<p><code>thread_local</code> should be preferred over other mechanisms for +defining thread-local data.</p> <h2 id="Classes">Classes</h2> @@ -925,19 +1076,14 @@ don'ts you should follow when writing a class.</p> <h3 id="Doing_Work_in_Constructors">Doing Work in Constructors</h3> -<div class="summary"> <p>Avoid virtual method calls in constructors, and avoid initialization that can fail if you can't signal an error.</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p>It is possible to perform arbitrary initialization in the body of the constructor.</p> -</div> -<div class="pros"> +<p class="pros"></p> <ul> <li>No need to worry about whether the class has been initialized or not.</li> @@ -947,9 +1093,7 @@ of the constructor.</p> or algorithms.</li> </ul> -</div> - -<div class="cons"> +<p class="cons"></p> <ul> <li>If the work calls virtual functions, these calls will not get dispatched to the subclass @@ -970,35 +1114,28 @@ of the constructor.</p> is done in the constructor cannot easily be handed off to, for example, another thread.</li> </ul> -</div> - -<div class="decision"> +<p class="decision"></p> <p>Constructors should never call virtual functions. If appropriate -for your code -, +for your code , terminating the program may be an appropriate error handling response. Otherwise, consider a factory function -or <code>Init()</code> method. Avoid <code>Init()</code> methods on objects with +or <code>Init()</code> method as described in +<a href="https://abseil.io/tips/42">TotW #42</a> +. +Avoid <code>Init()</code> methods on objects with no other states that affect which public methods may be called (semi-constructed objects of this form are particularly hard to work with correctly).</p> -</div> - -</div> <a id="Explicit_Constructors"></a> <h3 id="Implicit_Conversions">Implicit Conversions</h3> -<div class="summary"> <p>Do not define implicit conversions. Use the <code>explicit</code> keyword for conversion operators and single-argument constructors.</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p>Implicit conversions allow an object of one type (called the <dfn>source type</dfn>) to be used where a different type (called the <dfn>destination @@ -1031,21 +1168,22 @@ void Func(Foo f); </pre> This kind of code isn't technically an implicit conversion, but the language treats it as one as far as <code>explicit</code> is concerned. -</div> -<div class="pros"> +<p class="pros"></p> <ul> <li>Implicit conversions can make a type more usable and expressive by eliminating the need to explicitly name a type when it's obvious.</li> <li>Implicit conversions can be a simpler alternative to - overloading.</li> + overloading, such as when a single + function with a <code>string_view</code> parameter takes the + place of separate overloads for <code>std::string</code> and + <code>const char*</code>.</li> <li>List initialization syntax is a concise and expressive way of initializing objects.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Implicit conversions can hide type-mismatch bugs, where the destination type does not match the user's expectation, or @@ -1071,9 +1209,8 @@ language treats it as one as far as <code>explicit</code> is concerned. the destination type is implicit, particularly if the list has only a single element.</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>Type conversion operators, and constructors that are callable with a single argument, must be marked <code>explicit</code> in the class definition. As an @@ -1081,47 +1218,47 @@ exception, copy and move constructors should not be <code>explicit</code>, since they do not perform type conversion. Implicit conversions can sometimes be necessary and appropriate for types that are designed to transparently wrap other -types. In that case, contact +types. In that case, contact your project leads to request a waiver of this rule.</p> <p>Constructors that cannot be called with a single argument -should usually omit <code>explicit</code>. Constructors that +may omit <code>explicit</code>. Constructors that take a single <code>std::initializer_list</code> parameter should also omit <code>explicit</code>, in order to support copy-initialization (e.g. <code>MyType m = {1, 2};</code>).</p> -</div> - -</div> <h3 id="Copyable_Movable_Types">Copyable and Movable Types</h3> <a id="Copy_Constructors"></a> -<div class="summary"> -<p>Support copying and/or moving if these operations are clear and meaningful -for your type. Otherwise, disable the implicitly generated special functions -that perform copies and moves. -</p></div> -<div class="stylebody"> - -<div class="definition"> -<p>A copyable type allows its objects to be initialized or assigned -from any other object of the same type, without changing the value of the source. -For user-defined types, the copy behavior is defined by the copy -constructor and the copy-assignment operator. -<code>string</code> is an example of a copyable type.</p> +<p>A class's public API must make clear whether the class is copyable, +move-only, or neither copyable nor movable. Support copying and/or +moving if these operations are clear and meaningful for your type.</p> +<p class="definition"></p> <p>A movable type is one that can be initialized and assigned -from temporaries (all copyable types are therefore movable). +from temporaries.</p> + +<p>A copyable type is one that can be initialized or assigned from +any other object of the same type (so is also movable by definition), with the +stipulation that the value of the source does not change. <code>std::unique_ptr<int></code> is an example of a movable but not -copyable type. For user-defined types, the move behavior is defined by the move -constructor and the move-assignment operator.</p> +copyable type (since the value of the source +<code>std::unique_ptr<int></code> must be modified during assignment to +the destination). <code>int</code> and <code>std::string</code> are examples of +movable types that are also copyable. (For <code>int</code>, the move and copy +operations are the same; for <code>std::string</code>, there exists a move operation +that is less expensive than a copy.)</p> + +<p>For user-defined types, the copy behavior is defined by the copy +constructor and the copy-assignment operator. Move behavior is defined by the +move constructor and the move-assignment operator, if they exist, or by the +copy constructor and the copy-assignment operator otherwise.</p> <p>The copy/move constructors can be implicitly invoked by the compiler in some situations, e.g. when passing objects by value.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Objects of copyable and movable types can be passed and returned by value, which makes APIs simpler, safer, and more general. Unlike when passing objects by pointer or reference, there's no risk of confusion over ownership, @@ -1148,9 +1285,8 @@ copy elision</a>.</p> <p>Move operations allow the implicit and efficient transfer of resources out of rvalue objects. This allows a plainer coding style in some cases.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Some types do not need to be copyable, and providing copy operations for such types can be confusing, nonsensical, or outright incorrect. Types representing singleton objects (<code>Registerer</code>), @@ -1166,65 +1302,93 @@ resulting bugs can be confusing and difficult to diagnose.</p> invocation easy to miss. This may cause confusion for programmers used to languages where pass-by-reference is conventional or mandatory. It may also encourage excessive copying, which can cause performance problems.</p> -</div> -<div class="decision"> +<p class="decision"></p> -<p>Provide the copy and move operations if their meaning is clear to a casual -user and the copying/moving does not incur unexpected costs. If you define a -copy or move constructor, define the corresponding assignment operator, and -vice-versa. If your type is copyable, do not define move operations unless they -are significantly more efficient than the corresponding copy operations. If your -type is not copyable, but the correctness of a move is obvious to users of the -type, you may make the type move-only by defining both of the move operations. -</p> +<p>Every class's public interface must make clear which copy and move +operations the class supports. This should usually take the form of explicitly +declaring and/or deleting the appropriate operations in the <code>public</code> +section of the declaration.</p> -<p>If your type provides copy operations, it is recommended that you design -your class so that the default implementation of those operations is correct. -Remember to review the correctness of any defaulted operations as you would any -other code, and to document that your class is copyable and/or cheaply movable -if that's an API guarantee.</p> +<p>Specifically, a copyable class should explicitly declare the copy +operations, a move-only class should explicitly declare the move operations, +and a non-copyable/movable class should explicitly delete the copy operations. +Explicitly declaring or deleting all four copy/move operations is permitted, +but not required. If you provide a copy or move assignment operator, you +must also provide the corresponding constructor.</p> -<pre class="badcode">class Foo { +<pre>class Copyable { public: - Foo(Foo&& other) : field_(other.field) {} - // Bad, defines only move constructor, but not operator=. + Copyable(const Copyable& other) = default; + Copyable& operator=(const Copyable& other) = default; - private: - Field field_; + // The implicit move operations are suppressed by the declarations above. +}; + +class MoveOnly { + public: + MoveOnly(MoveOnly&& other); + MoveOnly& operator=(MoveOnly&& other); + + // The copy operations are implicitly deleted, but you can + // spell that out explicitly if you want: + MoveOnly(const MoveOnly&) = delete; + MoveOnly& operator=(const MoveOnly&) = delete; +}; + +class NotCopyableOrMovable { + public: + // Not copyable or movable + NotCopyableOrMovable(const NotCopyableOrMovable&) = delete; + NotCopyableOrMovable& operator=(const NotCopyableOrMovable&) + = delete; + + // The move operations are implicitly disabled, but you can + // spell that out explicitly if you want: + NotCopyableOrMovable(NotCopyableOrMovable&&) = delete; + NotCopyableOrMovable& operator=(NotCopyableOrMovable&&) + = delete; }; </pre> -<p>Due to the risk of slicing, avoid providing an assignment -operator or public copy/move constructor for a class that's -intended to be derived from (and avoid deriving from a class +<p>These declarations/deletions can be omitted only if they are obvious: +</p><ul> +<li>If the class has no <code>private</code> section, like a + <a href="#Structs_vs._Classes">struct</a> or an interface-only base class, + then the copyability/movability can be determined by the + copyability/movability of any public data members. +</li><li>If a base class clearly isn't copyable or movable, derived classes + naturally won't be either. An interface-only base class that leaves these + operations implicit is not sufficient to make concrete subclasses clear. +</li><li>Note that if you explicitly declare or delete either the constructor or + assignment operation for copy, the other copy operation is not obvious and + must be declared or deleted. Likewise for move operations. +</li></ul> + +<p>A type should not be copyable/movable if the meaning of +copying/moving is unclear to a casual user, or if it incurs unexpected +costs. Move operations for copyable types are strictly a performance +optimization and are a potential source of bugs and complexity, so +avoid defining them unless they are significantly more efficient than +the corresponding copy operations. If your type provides copy operations, it is +recommended that you design your class so that the default implementation of +those operations is correct. Remember to review the correctness of any +defaulted operations as you would any other code.</p> + +<p>Due to the risk of slicing, prefer to avoid providing a public assignment +operator or copy/move constructor for a class that's +intended to be derived from (and prefer to avoid deriving from a class with such members). If your base class needs to be copyable, provide a public virtual <code>Clone()</code> method, and a protected copy constructor that derived classes can use to implement it.</p> -<p>If you do not want to support copy/move operations on your type, -explicitly disable them using <code>= delete</code> in -the <code>public:</code> section:</p> - -<pre class="code">// MyClass is neither copyable nor movable. -MyClass(const MyClass&) = delete; -MyClass& operator=(const MyClass&) = delete; -</pre> - -<p></p> -</div> -</div> <h3 id="Structs_vs._Classes">Structs vs. Classes</h3> -<div class="summary"> <p>Use a <code>struct</code> only for passive objects that carry data; everything else is a <code>class</code>.</p> -</div> - -<div class="stylebody"> <p>The <code>struct</code> and <code>class</code> keywords behave almost identically in C++. We add our own @@ -1232,51 +1396,67 @@ semantic meanings to each keyword, so you should use the appropriate keyword for the data-type you're defining.</p> -<p><code>structs</code> should be used for passive -objects that carry data, and may have associated -constants, but lack any functionality other than -access/setting the data members. The accessing/setting of -fields is done by directly accessing the fields rather -than through method invocations. Methods should not -provide behavior but should only be used to set up the -data members, e.g., constructor, destructor, -<code>Initialize()</code>, <code>Reset()</code>, -<code>Validate()</code>.</p> - -<p>If more functionality is required, a +<p><code>structs</code> should be used for passive objects that carry +data, and may have associated constants, but lack any functionality +other than access/setting the data members. All fields must be public, +and accessed directly rather than through getter/setter methods. The +struct must not have invariants that imply relationships between +different fields, since direct user access to those fields may break +those invariants. Methods should not provide behavior but should only +be used to set up the data members, e.g., constructor, destructor, +<code>Initialize()</code>, <code>Reset()</code>.</p> + +<p>If more functionality or invariants are required, a <code>class</code> is more appropriate. If in doubt, make it a <code>class</code>.</p> <p>For consistency with STL, you can use <code>struct</code> instead of <code>class</code> for -functors and traits.</p> +stateless types, such as traits, +<a href="#Template_metaprogramming">template metafunctions</a>, +and some functors.</p> <p>Note that member variables in structs and classes have <a href="#Variable_Names">different naming rules</a>.</p> -</div> +<h3 id="Structs_vs._Tuples">Structs vs. Pairs and Tuples</h3> + +<p>Prefer to use a <code>struct</code> instead of a pair or a +tuple whenever the elements can have meaningful names.</p> + +<p> + While using pairs and tuples can avoid the need to define a custom type, + potentially saving work when <em>writing</em> code, a meaningful field + name will almost always be much clearer when <em>reading</em> code than + <code>.first</code>, <code>.second</code>, or <code>std::get<X></code>. + While C++14's introduction of <code>std::get<Type></code> to access a + tuple element by type rather than index (when the type is unique) can + sometimes partially mitigate this, a field name is usually substantially + clearer and more informative than a type. +</p> + +<p> + Pairs and tuples may be appropriate in generic code where there are not + specific meanings for the elements of the pair or tuple. Their use may + also be required in order to interoperate with existing code or APIs. +</p> +<a id="Multiple_Inheritance"></a> <h3 id="Inheritance">Inheritance</h3> -<div class="summary"> <p>Composition is often more appropriate than inheritance. When using inheritance, make it <code>public</code>.</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p> When a sub-class inherits from a base class, it includes the definitions -of all the data and operations that the parent base class -defines. In practice, inheritance is used in two major -ways in C++: implementation inheritance, in which actual -code is inherited by the child, and -<a href="#Interfaces">interface inheritance</a>, in which -only method names are inherited.</p> -</div> +of all the data and operations that the base class +defines. "Interface inheritance" is inheritance from a +pure abstract base class (one with no state or defined +methods); all other inheritance is "implementation +inheritance".</p> -<div class="pros"> +<p class="pros"></p> <p>Implementation inheritance reduces code size by re-using the base class code as it specializes an existing type. Because inheritance is a compile-time declaration, you @@ -1286,20 +1466,24 @@ programmatically enforce that a class expose a particular API. Again, the compiler can detect errors, in this case, when a class does not define a necessary method of the API.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>For implementation inheritance, because the code implementing a sub-class is spread between the base and the sub-class, it can be more difficult to understand an implementation. The sub-class cannot override functions that are not virtual, so the sub-class cannot change -implementation. The base class may also define some data -members, so that specifies physical layout of the base -class.</p> -</div> +implementation.</p> + +<p>Multiple inheritance is especially problematic, because +it often imposes a higher performance overhead (in fact, +the performance drop from single inheritance to multiple +inheritance can often be greater than the performance +drop from ordinary to virtual dispatch), and because +it risks leading to "diamond" inheritance patterns, +which are prone to ambiguity, confusion, and outright bugs.</p> -<div class="decision"> +<p class="decision"></p> <p>All inheritance should be <code>public</code>. If you want to do private inheritance, you should be including @@ -1312,23 +1496,15 @@ subclasses <code>Foo</code> if it can reasonably be said that <code>Bar</code> "is a kind of" <code>Foo</code>.</p> -<p>Make your destructor <code>virtual</code> if -necessary. If your class has virtual methods, its -destructor should be virtual.</p> - <p>Limit the use of <code>protected</code> to those member functions that might need to be accessed from subclasses. Note that <a href="#Access_Control">data members should be private</a>.</p> -<p>Explicitly annotate overrides of virtual functions -or virtual destructors with an <code>override</code> -or (less frequently) <code>final</code> specifier. -Older (pre-C++11) code will use the -<code>virtual</code> keyword as an inferior -alternative annotation. For clarity, use exactly one of -<code>override</code>, <code>final</code>, or -<code>virtual</code> when declaring an override. +<p>Explicitly annotate overrides of virtual functions or virtual +destructors with exactly one of an <code>override</code> or (less +frequently) <code>final</code> specifier. Do not +use <code>virtual</code> when declaring an override. Rationale: A function or destructor marked <code>override</code> or <code>final</code> that is not an override of a base class virtual function will @@ -1337,132 +1513,15 @@ specifiers serve as documentation; if no specifier is present, the reader has to check all ancestors of the class in question to determine if the function or destructor is virtual or not.</p> -</div> - -</div> - -<h3 id="Multiple_Inheritance">Multiple Inheritance</h3> - -<div class="summary"> -<p>Only very rarely is multiple implementation inheritance -actually useful. We allow multiple inheritance only when at -most one of the base classes has an implementation; all -other base classes must be <a href="#Interfaces">pure -interface</a> classes tagged with the -<code>Interface</code> suffix.</p> -</div> - -<div class="stylebody"> - -<div class="definition"> -<p>Multiple inheritance allows a sub-class to have more than -one base class. We distinguish between base classes that are -<em>pure interfaces</em> and those that have an -<em>implementation</em>.</p> -</div> - -<div class="pros"> -<p>Multiple implementation inheritance may let you re-use -even more code than single inheritance (see <a href="#Inheritance">Inheritance</a>).</p> -</div> - -<div class="cons"> -<p>Only very rarely is multiple <em>implementation</em> -inheritance actually useful. When multiple implementation -inheritance seems like the solution, you can usually find -a different, more explicit, and cleaner solution.</p> -</div> - -<div class="decision"> -<p> Multiple inheritance is allowed only when all -superclasses, with the possible exception of the first one, -are <a href="#Interfaces">pure interfaces</a>. In order to -ensure that they remain pure interfaces, they must end with -the <code>Interface</code> suffix.</p> -</div> -<div class="note"> -<p>There is an <a href="#Windows_Code">exception</a> to -this rule on Windows.</p> -</div> - -</div> - -<h3 id="Interfaces">Interfaces</h3> - -<div class="summary"> -<p>Classes that satisfy certain conditions are allowed, but -not required, to end with an <code>Interface</code> suffix.</p> -</div> - -<div class="stylebody"> - -<div class="definition"> -<p>A class is a pure interface if it meets the following -requirements:</p> - -<ul> - <li>It has only public pure virtual ("<code>= - 0</code>") methods and static methods (but see below - for destructor).</li> - - <li>It may not have non-static data members.</li> - - <li>It need not have any constructors defined. If a - constructor is provided, it must take no arguments and - it must be protected.</li> - - <li>If it is a subclass, it may only be derived from - classes that satisfy these conditions and are tagged - with the <code>Interface</code> suffix.</li> -</ul> - -<p>An interface class can never be directly instantiated -because of the pure virtual method(s) it declares. To -make sure all implementations of the interface can be -destroyed correctly, the interface must also declare a -virtual destructor (in an exception to the first rule, -this should not be pure). See Stroustrup, <cite>The C++ -Programming Language</cite>, 3rd edition, section 12.4 -for details.</p> -</div> - -<div class="pros"> -<p>Tagging a class with the <code>Interface</code> suffix -lets others know that they must not add implemented -methods or non static data members. This is particularly -important in the case of <a href="#Multiple_Inheritance">multiple inheritance</a>. -Additionally, the interface concept is already -well-understood by Java programmers.</p> -</div> - -<div class="cons"> -<p>The <code>Interface</code> suffix lengthens the class -name, which can make it harder to read and understand. -Also, the interface property may be considered an -implementation detail that shouldn't be exposed to -clients.</p> -</div> - -<div class="decision"> -<p>A class may end -with <code>Interface</code> only if it meets the above -requirements. We do not require the converse, however: -classes that meet the above requirements are not required -to end with <code>Interface</code>.</p> -</div> - -</div> +<p>Multiple inheritance is permitted, but multiple <em>implementation</em> +inheritance is strongly discouraged.</p> <h3 id="Operator_Overloading">Operator Overloading</h3> -<div class="summary"> -<p>Overload operators judiciously. Do not create user-defined literals.</p> -</div> - -<div class="stylebody"> +<p>Overload operators judiciously. Do not use user-defined literals.</p> -<div class="definition"> +<p class="definition"></p> <p>C++ permits user code to <a href="http://en.cppreference.com/w/cpp/language/operators">declare overloaded versions of the built-in operators</a> using the @@ -1471,9 +1530,8 @@ is a user-defined type. The <code>operator</code> keyword also permits user code to define new kinds of literals using <code>operator""</code>, and to define type-conversion functions such as <code>operator bool()</code>.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Operator overloading can make code more concise and intuitive by enabling user-defined types to behave the same as built-in types. Overloaded operators are the idiomatic names @@ -1485,9 +1543,8 @@ those names.</p> <p>User-defined literals are a very concise notation for creating objects of user-defined types.</p> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Providing a correct, consistent, and unsurprising set of operator overloads requires some care, and failure @@ -1529,13 +1586,23 @@ creating objects of user-defined types.</p> in undefined behavior, which can manifest as subtle run-time bugs.</li> - <li>User-defined literals allow the creation of new + <li>User-defined literals (UDLs) allow the creation of new syntactic forms that are unfamiliar even to experienced C++ - programmers.</li> + programmers, such as <code>"Hello World"sv</code> as a + shorthand for <code>std::string_view("Hello World")</code>. + Existing notations are clearer, though less terse.</li> + + <li>Because they can't be namespace-qualified, uses of UDLs also require + use of either using-directives (which <a href="#Namespaces">we ban</a>) or + using-declarations (which <a href="#Aliases">we ban in header files</a> except + when the imported names are part of the interface exposed by the header + file in question). Given that header files would have to avoid UDL + suffixes, we prefer to avoid having conventions for literals differ + between header files and source files. + </li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>Define overloaded operators only if their meaning is obvious, unsurprising, and consistent with the corresponding built-in operators. For example, use <code>|</code> as a @@ -1575,7 +1642,8 @@ use a custom comparator rather than overloading <p>Do not overload <code>&&</code>, <code>||</code>, <code>,</code> (comma), or unary <code>&</code>. Do not overload <code>operator""</code>, i.e. do not introduce user-defined -literals.</p> +literals. Do not use any such literals provided by others +(including the standard library).</p> <p>Type conversion operators are covered in the section on <a href="#Implicit_Conversions">implicit conversions</a>. @@ -1585,32 +1653,25 @@ The <code>=</code> operator is covered in the section on section on <a href="#Streams">streams</a>. See also the rules on <a href="#Function_Overloading">function overloading</a>, which apply to operator overloading as well.</p> -</div> - -</div> <h3 id="Access_Control">Access Control</h3> -<div class="summary"> -<p> Make data members <code>private</code>, unless they are -<code>static const</code> (and follow the <a href="#Constant_Names"> -naming convention for constants</a>). For technical -reasons, we allow data members of a test fixture class to +<p>Make classes' data members <code>private</code>, unless they are +<a href="#Constant_Names">constants</a>. This simplifies reasoning about invariants, at the cost +of some easy boilerplate in the form of accessors (usually <code>const</code>) if necessary.</p> + +<p>For technical +reasons, we allow data members of a test fixture class in a .cc file to be <code>protected</code> when using <a href="https://github.com/google/googletest">Google Test</a>).</p> -</div> <h3 id="Declaration_Order">Declaration Order</h3> -<div class="summary"> <p>Group similar declarations together, placing public parts earlier.</p> -</div> - -<div class="stylebody"> <p>A class definition should usually start with a <code>public:</code> section, followed by @@ -1630,43 +1691,39 @@ performance-critical, and very short, methods may be defined inline. See <a href="#Inline_Functions">Inline Functions</a> for more details.</p> -</div> - <h2 id="Functions">Functions</h2> -<h3 id="Function_Parameter_Ordering">Parameter Ordering</h3> +<a id="Function_Parameter_Ordering"></a> +<h3 id="Output_Parameters">Output Parameters</h3> -<div class="summary"> -<p>When defining a function, parameter order is: inputs, then -outputs.</p> -</div> +<p>The output of a C++ function is naturally provided via +a return value and sometimes via output parameters.</p> + +<p>Prefer using return values over output parameters: they +improve readability, and often provide the same or better +performance. If output-only parameters are used, +they should appear after input parameters.</p> -<div class="stylebody"> -<p>Parameters to C/C++ functions are either input to the -function, output from the function, or both. Input -parameters are usually values or <code>const</code> -references, while output and input/output parameters will -be pointers to non-<code>const</code>. When ordering -function parameters, put all input-only parameters before -any output parameters. In particular, do not add new -parameters to the end of the function just because they -are new; place new input-only parameters before the -output parameters.</p> +<p>Parameters are either input to the function, output from the +function, or both. Input parameters are usually values or +<code>const</code> references, while output and input/output +parameters will be pointers to non-<code>const</code>.</p> + +<p>When ordering function parameters, put all input-only +parameters before any output parameters. In particular, +do not add new parameters to the end of the function just +because they are new; place new input-only parameters before +the output parameters.</p> <p>This is not a hard-and-fast rule. Parameters that are both input and output (often classes/structs) muddy the waters, and, as always, consistency with related functions may require you to bend the rule.</p> -</div> - <h3 id="Write_Short_Functions">Write Short Functions</h3> -<div class="summary"> <p>Prefer small and focused functions.</p> -</div> -<div class="stylebody"> <p>We recognize that long functions are sometimes appropriate, so no hard limit is placed on functions length. If a function exceeds about 40 lines, think about @@ -1677,10 +1734,11 @@ of the program.</p> someone modifying it in a few months may add new behavior. This could result in bugs that are hard to find. Keeping your functions short and simple makes it -easier for other people to read and modify your code.</p> +easier for other people to read and modify your code. +Small functions are also easier to test.</p> <p>You could find long and complicated functions when -working with +working with some code. Do not be intimidated by modifying existing code: if working with such a function proves to be difficult, you find that @@ -1688,43 +1746,34 @@ errors are hard to debug, or you want to use a piece of it in several different contexts, consider breaking up the function into smaller and more manageable pieces.</p> -</div> - <h3 id="Reference_Arguments">Reference Arguments</h3> -<div class="summary"> -<p>All parameters passed by reference must be labeled +<p>All parameters passed by lvalue reference must be labeled <code>const</code>.</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p>In C, if a function needs to modify a variable, the parameter must use a pointer, eg <code>int foo(int *pval)</code>. In C++, the function can alternatively declare a reference parameter: <code>int foo(int &val)</code>.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Defining a parameter as reference avoids ugly code like <code>(*pval)++</code>. Necessary for some applications like copy constructors. Makes it clear, unlike with pointers, that a null pointer is not a possible value.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>References can be confusing, as they have value syntax but pointer semantics.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>Within function parameter lists all references must be <code>const</code>:</p> -<pre>void Foo(const string &in, string *out); +<pre>void Foo(const std::string &in, std::string *out); </pre> <p>In fact it is a very strong convention in Google code @@ -1755,77 +1804,64 @@ T*</code> rather than <code>const T&</code>, do so for a concrete reason; otherwise it will likely confuse readers by making them look for an explanation that doesn't exist.</p> -</div> - -</div> <h3 id="Function_Overloading">Function Overloading</h3> -<div class="summary"> <p>Use overloaded functions (including constructors) only if a reader looking at a call site can get a good idea of what is happening without having to first figure out exactly which overload is being called.</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p>You may write a function that takes a <code>const -string&</code> and overload it with another that -takes <code>const char*</code>.</p> +std::string&</code> and overload it with another that +takes <code>const char*</code>. However, in this case consider +std::string_view + instead.</p> <pre>class MyClass { public: - void Analyze(const string &text); + void Analyze(const std::string &text); void Analyze(const char *text, size_t textlen); }; </pre> -</div> -<div class="pros"> +<p class="pros"></p> <p>Overloading can make code more intuitive by allowing an identically-named function to take different arguments. It may be necessary for templatized code, and it can be convenient for Visitors.</p> -</div> +<p>Overloading based on const or ref qualification may make utility + code more usable, more efficient, or both. + (See <a href="http://abseil.io/tips/148">TotW 148</a> for more.) +</p> -<div class="cons"> +<p class="cons"></p> <p>If a function is overloaded by the argument types alone, a reader may have to understand C++'s complex matching rules in order to tell what's going on. Also many people are confused by the semantics of inheritance if a derived class overrides only some of the variants of a function.</p> -</div> -<div class="decision"> -<p>If you want to overload a function, consider qualifying -the name with some information about the arguments, e.g., -<code>AppendString()</code>, <code>AppendInt()</code> -rather than just <code>Append()</code>. If you are -overloading a function to support variable number of -arguments of the same type, consider making it take a -<code>std::vector</code> so that the user can use an -<a href="#Braced_Initializer_List">initializer list -</a> to specify the arguments.</p> -</div> - -</div> +<p class="decision"></p> +<p>You may overload a function when there are no semantic differences +between variants. These overloads may vary in types, qualifiers, or +argument count. However, a reader of such a call must not need to know +which member of the overload set is chosen, only that <b>something</b> +from the set is being called. If you can document all entries in the +overload set with a single comment in the header, that is a good sign +that it is a well-designed overload set.</p> <h3 id="Default_Arguments">Default Arguments</h3> -<div class="summary"> <p>Default arguments are allowed on non-virtual functions when the default is guaranteed to always have the same value. Follow the same restrictions as for <a href="#Function_Overloading">function overloading</a>, and prefer overloaded functions if the readability gained with default arguments doesn't outweigh the downsides below.</p> -</div> -<div class="stylebody"> - -<div class="pros"> +<p class="pros"></p> <p>Often you have a function that uses default values, but occasionally you want to override the defaults. Default parameters allow an easy way to do this without having to @@ -1834,9 +1870,8 @@ to overloading the function, default arguments have a cleaner syntax, with less boilerplate and a clearer distinction between 'required' and 'optional' arguments.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Defaulted arguments are another way to achieve the semantics of overloaded functions, so all the <a href="#Function_Overloading">reasons not to overload functions</a> apply.</p> @@ -1855,9 +1890,8 @@ of varying at each call.</p> default arguments, since the function signature often doesn't match the call signature. Adding function overloads avoids these problems.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>Default arguments are banned on virtual functions, where they don't work properly, and in cases where the specified default might not evaluate to the same value depending on @@ -1868,22 +1902,18 @@ f(int n = counter++);</code>.)</p> readability of their function declarations enough to overcome the downsides above, so they are allowed. When in doubt, use overloads.</p> -</div> - -</div> <h3 id="trailing_return">Trailing Return Type Syntax</h3> -<div class="summary"> + <p>Use trailing return types only where using the ordinary syntax (leading return types) is impractical or much less readable.</p> -</div> -<div class="definition"> +<p class="definition"></p> <p>C++ allows two different forms of function declarations. In the older form, the return type appears before the function name. For example:</p> <pre>int foo(int x); </pre> -<p>The new form, introduced in C++11, uses the <code>auto</code> +<p>The newer form, introduced in C++11, uses the <code>auto</code> keyword before the function name and a trailing return type after the argument list. For example, the declaration above could equivalently be written:</p> @@ -1893,10 +1923,8 @@ doubt, use overloads.</p> make a difference for a simple case like <code>int</code> but it matters for more complicated cases, like types declared in class scope or types written in terms of the function parameters.</p> -</div> -<div class="stylebody"> -<div class="pros"> +<p class="pros"></p> <p>Trailing return types are the only way to explicitly specify the return type of a <a href="#Lambda_expressions">lambda expression</a>. In some cases the compiler is able to deduce a lambda's return type, @@ -1907,22 +1935,24 @@ doubt, use overloads.</p> after the function's parameter list has already appeared. This is particularly true when the return type depends on template parameters. For example:</p> - <pre>template <class T, class U> auto add(T t, U u) -> decltype(t + u);</pre> + <pre> template <typename T, typename U> + auto add(T t, U u) -> decltype(t + u); + </pre> versus - <pre>template <class T, class U> decltype(declval<T&>() + declval<U&>()) add(T t, U u);</pre> -</div> + <pre> template <typename T, typename U> + decltype(declval<T&>() + declval<U&>()) add(T t, U u); + </pre> -<div class="cons"> +<p class="cons"></p> <p>Trailing return type syntax is relatively new and it has no - analogue in C++-like languages like C and Java, so some readers may + analogue in C++-like languages such as C and Java, so some readers may find it unfamiliar.</p> <p>Existing code bases have an enormous number of function declarations that aren't going to get changed to use the new syntax, so the realistic choices are using the old syntax only or using a mixture of the two. Using a single version is better for uniformity of style.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>In most cases, continue to use the older style of function declaration where the return type goes before the function name. Use the new trailing-return-type form only in cases where it's @@ -1932,30 +1962,26 @@ doubt, use overloads.</p> issue in fairly complicated template code, which is <a href="#Template_metaprogramming">discouraged in most cases</a>.</p> -</div> -</div> <h2 id="Google-Specific_Magic">Google-Specific Magic</h2> +<div> <p>There are various tricks and utilities that we use to make C++ code more robust, and various ways we use C++ that may differ from what you see elsewhere.</p> +</div> + - <h3 id="Ownership_and_Smart_Pointers">Ownership and Smart Pointers</h3> -<div class="summary"> <p>Prefer to have single, fixed owners for dynamically allocated objects. Prefer to transfer ownership with smart pointers.</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p>"Ownership" is a bookkeeping technique for managing dynamically allocated memory (and other resources). The owner of a dynamically allocated object is an object or @@ -1985,9 +2011,8 @@ a dynamically allocated object. <code>std::shared_ptr</code>s can be copied; ownership of the object is shared among all copies, and the object is deleted when the last <code>std::shared_ptr</code> is destroyed. </p> -</div> -<div class="pros"> +<p class="pros"></p> <ul> <li>It's virtually impossible to manage dynamically allocated memory without some sort of ownership @@ -2012,9 +2037,8 @@ all copies, and the object is deleted when the last <li>For const objects, shared ownership can be a simple and efficient alternative to deep copying.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Ownership must be represented and transferred via pointers (whether smart or plain). Pointer semantics @@ -2051,9 +2075,8 @@ all copies, and the object is deleted when the last <li>Smart pointers are not perfect substitutes for plain pointers.</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>If dynamic allocation is necessary, prefer to keep ownership with the code that allocated it. If other code needs access to the object, consider passing it a copy, @@ -2078,18 +2101,10 @@ do use shared ownership, prefer to use <p>Never use <code>std::auto_ptr</code>. Instead, use <code>std::unique_ptr</code>.</p> -</div> - -</div> <h3 id="cpplint">cpplint</h3> -<div class="summary"> -<p>Use <code>cpplint.py</code> -to detect style errors.</p> -</div> - -<div class="stylebody"> +<p>Use <code>cpplint.py</code> to detect style errors.</p> <p><code>cpplint.py</code> is a tool that reads a source file and identifies many @@ -2101,56 +2116,60 @@ NOLINT</code> at the end of the line or +<div> <p>Some projects have instructions on how to run <code>cpplint.py</code> from their project tools. If the project you are contributing to does not, you can download <a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/cpplint/cpplint.py"> <code>cpplint.py</code></a> separately.</p> +</div> -</div> - <h2 id="Other_C++_Features">Other C++ Features</h2> <h3 id="Rvalue_references">Rvalue References</h3> -<div class="summary"> -<p>Use rvalue references only to define move constructors and move assignment -operators, or for perfect forwarding. -</p> -</div> +<p>Use rvalue references to:</p> +<ul> + <li>Define move constructors and move assignment operators.</li> -<div class="stylebody"> + <li>Define <a href="#Function_Overloading">overload sets</a> with + const& and && variants if you have evidence that this + provides meaningfully better performance than passing by value, + or if you're writing low-overhead generic code that needs to support + arbitrary types. Beware combinatorial overload sets, that is, seldom + overload more than one parameter.</li> -<div class="definition"> + <li>Support 'perfect forwarding' in generic code.</li> +</ul> + +<p class="definition"></p> <p> Rvalue references are a type of reference that can only bind to temporary objects. The syntax is similar to traditional reference -syntax. For example, <code>void f(string&& +syntax. For example, <code>void f(std::string&& s);</code> declares a function whose argument is an -rvalue reference to a string.</p> -</div> +rvalue reference to a std::string.</p> + +<p id="Forwarding_references"> When the token '&&' is applied to +an unqualified template argument in a function +parameter, special template argument deduction +rules apply. Such a reference is called forwarding reference.</p> -<div class="pros"> +<p class="pros"></p> <ul> <li>Defining a move constructor (a constructor taking an rvalue reference to the class type) makes it possible to move a value instead of copying it. If - <code>v1</code> is a <code>std::vector<string></code>, + <code>v1</code> is a <code>std::vector<std::string></code>, for example, then <code>auto v2(std::move(v1))</code> will probably just result in some simple pointer manipulation instead of copying a large amount of data. - In some cases this can result in a major performance + In many cases this can result in a major performance improvement.</li> - <li>Rvalue references make it possible to write a - generic function wrapper that forwards its arguments to - another function, and works whether or not its - arguments are temporary objects. (This is sometimes called - "perfect forwarding".)</li> - <li>Rvalue references make it possible to implement types that are movable but not copyable, which can be useful for types that have no sensible definition of @@ -2160,37 +2179,50 @@ rvalue reference to a string.</p> <li><code>std::move</code> is necessary to make effective use of some standard-library types, such as <code>std::unique_ptr</code>.</li> + + <li><a href="#Forwarding_references">Forwarding references</a> which + use the rvalue reference token, make it possible to write a + generic function wrapper that forwards its arguments to + another function, and works whether or not its + arguments are temporary objects and/or const. + This is called 'perfect forwarding'.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> - <li>Rvalue references are a relatively new feature - (introduced as part of C++11), and not yet widely - understood. Rules like reference collapsing, and - automatic synthesis of move constructors, are - complicated.</li> + <li>Rvalue references are not yet widely understood. Rules like reference + collapsing and the special deduction rule for forwarding references + are somewhat obscure.</li> + + <li>Rvalue references are often misused. Using rvalue + references is counter-intuitive in signatures where the argument is expected + to have a valid specified state after the function call, or where no move + operation is performed.</li> </ul> -</div> -<div class="decision"> - <p>Use rvalue references only to define move constructors and move assignment - operators (as described in <a href="#Copyable_Movable_Types">Copyable and - Movable Types</a>) and, in conjunction with <code><a href="http://en.cppreference.com/w/cpp/utility/forward">std::forward</a></code>, -to support perfect forwarding. You may use <code>std::move</code> to express -moving a value from one object to another rather than copying it. </p> -</div> - -</div> +<p class="decision"></p> +<p>You may use rvalue references to define move constructors and move +assignment operators (as described in +<a href="#Copyable_Movable_Types">Copyable and Movable Types</a>). See the +<a href="primer#copying_moving">C++ Primer</a> for more information about +move semantics and <code>std::move</code>.</p> + +<p>You may use rvalue references to define pairs of overloads, one taking +<code>Foo&&</code> and the other taking <code>const Foo&</code>. +Usually the preferred solution is just to pass by value, but an overloaded pair +of functions sometimes yields better performance and is sometimes necessary in +generic code that needs to support a wide variety of types. As always: if +you're writing more complicated code for the sake of performance, make sure you +have evidence that it actually helps.</p> + +<p>You may use forwarding references in conjunction with <code> +<a href="http://en.cppreference.com/w/cpp/utility/forward">std::forward</a></code>, +to support perfect forwarding.</p> <h3 id="Friends">Friends</h3> -<div class="summary"> <p>We allow use of <code>friend</code> classes and functions, within reason.</p> -</div> - -<div class="stylebody"> <p>Friends should usually be defined in the same file so that the reader does not have to look in another file to @@ -2209,29 +2241,25 @@ other class access to it. However, most classes should interact with other classes solely through their public members.</p> -</div> - <h3 id="Exceptions">Exceptions</h3> -<div class="summary"> <p>We do not use C++ exceptions.</p> -</div> -<div class="stylebody"> - -<div class="pros"> +<p class="pros"></p> <ul> <li>Exceptions allow higher levels of an application to decide how to handle "can't happen" failures in deeply nested functions, without the obscuring and error-prone bookkeeping of error codes.</li> - + + <div> <li>Exceptions are used by most other modern languages. Using them in C++ would make it more consistent with Python, Java, and the C++ that others are familiar with.</li> + </div> <li>Some third-party C++ libraries use exceptions, and turning them off internally makes it harder to @@ -2245,9 +2273,8 @@ members.</p> <li>Exceptions are really handy in testing frameworks.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>When you add a <code>throw</code> statement to an existing function, you must examine all of its @@ -2291,9 +2318,8 @@ members.</p> to be thrown. We would need to make the style guide even longer to document these restrictions!</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>On their face, the benefits of using exceptions outweigh the costs, especially in new projects. However, for existing code, the introduction of exceptions has @@ -2322,46 +2348,108 @@ exceptions in Google open-source projects as well. Things would probably be different if we had to do it all over again from scratch.</p> -<p>This prohibition also applies to the exception-related -features added in C++11, such as <code>noexcept</code>, -<code>std::exception_ptr</code>, and +<p>This prohibition also applies to the exception handling related +features added in C++11, such as +<code>std::exception_ptr</code> and <code>std::nested_exception</code>.</p> <p>There is an <a href="#Windows_Code">exception</a> to this rule (no pun intended) for Windows code.</p> -</div> -</div> +<h3 id="noexcept"><code>noexcept</code></h3> + +<p>Specify <code>noexcept</code> when it is useful and correct.</p> + +<p class="definition"></p> +<p>The <code>noexcept</code> specifier is used to specify whether +a function will throw exceptions or not. If an exception +escapes from a function marked <code>noexcept</code>, the program +crashes via <code>std::terminate</code>.</p> + +<p>The <code>noexcept</code> operator performs a compile-time +check that returns true if an expression is declared to not +throw any exceptions.</p> + +<p class="pros"></p> +<ul> + <li>Specifying move constructors as <code>noexcept</code> + improves performance in some cases, e.g. + <code>std::vector<T>::resize()</code> moves rather than + copies the objects if T's move constructor is + <code>noexcept</code>.</li> + + <li>Specifying <code>noexcept</code> on a function can + trigger compiler optimizations in environments where + exceptions are enabled, e.g. compiler does not have to + generate extra code for stack-unwinding, if it knows + that no exceptions can be thrown due to a + <code>noexcept</code> specifier.</li> +</ul> + +<p class="cons"></p> +<ul> + <li> + + In projects following this guide + that have exceptions disabled it is hard + to ensure that <code>noexcept</code> + specifiers are correct, and hard to define what + correctness even means.</li> + + <li>It's hard, if not impossible, to undo <code>noexcept</code> + because it eliminates a guarantee that callers may be relying + on, in ways that are hard to detect.</li> +</ul> + +<p class="decision"></p> +<p>You may use <code>noexcept</code> when it is useful for +performance if it accurately reflects the intended semantics +of your function, i.e. that if an exception is somehow thrown +from within the function body then it represents a fatal error. +You can assume that <code>noexcept</code> on move constructors +has a meaningful performance benefit. If you think +there is significant performance benefit from specifying +<code>noexcept</code> on some other function, please discuss it +with +your project leads.</p> + +<p>Prefer unconditional <code>noexcept</code> if exceptions are +completely disabled (i.e. most Google C++ environments). +Otherwise, use conditional <code>noexcept</code> specifiers +with simple conditions, in ways that evaluate false only in +the few cases where the function could potentially throw. +The tests might include type traits check on whether the +involved operation might throw (e.g. +<code>std::is_nothrow_move_constructible</code> for +move-constructing objects), or on whether allocation can throw +(e.g. <code>absl::default_allocator_is_nothrow</code> for +standard default allocation). Note in many cases the only +possible cause for an exception is allocation failure (we +believe move constructors should not throw except due to +allocation failure), and there are many applications where it’s +appropriate to treat memory exhaustion as a fatal error rather +than an exceptional condition that your program should attempt +to recover from. Even for other +potential failures you should prioritize interface simplicity +over supporting all possible exception throwing scenarios: +instead of writing a complicated <code>noexcept</code> clause +that depends on whether a hash function can throw, for example, +simply document that your component doesn’t support hash +functions throwing and make it unconditionally +<code>noexcept</code>.</p> <h3 id="Run-Time_Type_Information__RTTI_">Run-Time Type Information (RTTI)</h3> -<div class="summary"> <p>Avoid using Run Time Type Information (RTTI).</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p> RTTI allows a programmer to query the C++ class of an object at run time. This is done by use of <code>typeid</code> or <code>dynamic_cast</code>.</p> -</div> -<div class="cons"> -<p>Querying the type of an object at run-time frequently -means a design problem. Needing to know the type of an -object at runtime is often an indication that the design -of your class hierarchy is flawed.</p> - -<p>Undisciplined use of RTTI makes code hard to maintain. -It can lead to type-based decision trees or switch -statements scattered throughout the code, all of which -must be examined when making further changes.</p> -</div> - -<div class="pros"> +<p class="pros"></p> <p>The standard alternatives to RTTI (described below) require modification or redesign of the class hierarchy in question. Sometimes such modifications are infeasible @@ -2380,14 +2468,24 @@ objects. Consider</p> <pre>bool Base::Equal(Base* other) = 0; bool Derived::Equal(Base* other) { Derived* that = dynamic_cast<Derived*>(other); - if (that == NULL) + if (that == nullptr) return false; ... } </pre> -</div> -<div class="decision"> +<p class="cons"></p> +<p>Querying the type of an object at run-time frequently +means a design problem. Needing to know the type of an +object at runtime is often an indication that the design +of your class hierarchy is flawed.</p> + +<p>Undisciplined use of RTTI makes code hard to maintain. +It can lead to type-based decision trees or switch +statements scattered throughout the code, all of which +must be examined when making further changes.</p> + +<p class="decision"></p> <p>RTTI has legitimate uses but is prone to abuse, so you must be careful when using it. You may use it freely in unittests, but avoid it when possible in other code. In @@ -2437,13 +2535,9 @@ find and modify all the affected code segments.</p> arguments against RTTI apply just as much to workarounds like class hierarchies with type tags. Moreover, workarounds disguise your true intent.</p> -</div> - -</div> <h3 id="Casting">Casting</h3> -<div class="summary"> <p>Use C++-style casts like <code>static_cast<float>(double_value)</code>, or brace initialization for conversion of arithmetic types like @@ -2451,17 +2545,13 @@ initialization for conversion of arithmetic types like cast formats like <code>int y = (int)x</code> or <code>int y = int(x)</code> (but the latter is okay when invoking a constructor of a class type).</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p> C++ introduced a different cast system from C that distinguishes the types of cast operations.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>The problem with C casts is the ambiguity of the operation; sometimes you are doing a <em>conversion</em> (e.g., <code>(int)3.5</code>) and sometimes you are doing @@ -2469,13 +2559,11 @@ a <em>cast</em> (e.g., <code>(int)"hello"</code>). Brace initialization and C++ casts can often help avoid this ambiguity. Additionally, C++ casts are more visible when searching for them.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>The C++-style cast syntax is verbose and cumbersome.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>Do not use C-style casts. Instead, use these C++-style casts when explicit type conversion is necessary. </p> @@ -2485,7 +2573,7 @@ explicit type conversion is necessary. </p> will not compile if conversion can result in information loss. The syntax is also concise.</li> - + <li>Use <code>static_cast</code> as the equivalent of a C-style cast that does value conversion, when you need to @@ -2494,49 +2582,47 @@ explicit type conversion is necessary. </p> subclass. In this last case, you must be sure your object is actually an instance of the subclass.</li> - + <li>Use <code>const_cast</code> to remove the <code>const</code> qualifier (see <a href="#Use_of_const">const</a>).</li> - <li>Use <code>reinterpret_cast</code> to do unsafe - conversions of pointer types to and from integer and - other pointer types. Use this only if you know what you - are doing and you understand the aliasing issues. - </li> - - + <li>Use <code>reinterpret_cast</code> to do unsafe conversions of + pointer types to and from integer and other pointer + types. Use this + only if you know what you are doing and you understand the aliasing + issues. Also, consider the alternative + <code>absl::bit_cast</code>.</li> + + <li>Use <code>absl::bit_cast</code> to interpret the raw bits of a + value using a different type of the same size (a type pun), such as + interpreting the bits of a <code>double</code> as + <code>int64</code>.</li> </ul> <p>See the <a href="#Run-Time_Type_Information__RTTI_"> RTTI section</a> for guidance on the use of <code>dynamic_cast</code>.</p> -</div> - -</div> <h3 id="Streams">Streams</h3> -<div class="summary"> <p>Use streams where appropriate, and stick to "simple" -usages.</p> -</div> - -<div class="stylebody"> +usages. Overload <code><<</code> for streaming only for types +representing values, and write only the user-visible value, not any +implementation details.</p> -<div class="definition"> +<p class="definition"></p> <p>Streams are the standard I/O abstraction in C++, as exemplified by the standard header <code><iostream></code>. -They are widely used in Google code, but only for debug logging +They are widely used in Google code, mostly for debug logging and test diagnostics.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>The <code><<</code> and <code>>></code> stream operators provide an API for formatted I/O that is easily learned, portable, reusable, and extensible. <code>printf</code>, by contrast, doesn't even support -<code>string</code>, to say nothing of user-defined types, +<code>std::string</code>, to say nothing of user-defined types, and is very difficult to use portably. <code>printf</code> also obliges you to choose among the numerous slightly different versions of that function, @@ -2547,9 +2633,8 @@ via <code>std::cin</code>, <code>std::cout</code>, <code>std::cerr</code>, and <code>std::clog</code>. The C APIs do as well, but are hampered by the need to manually buffer the input. </p> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Stream formatting can be configured by mutating the state of the stream. Such mutations are persistent, so @@ -2576,27 +2661,30 @@ flawed</a>.</li> <li>The streams API is subtle and complex, so programmers must -develop experience with it in order to use it effectively. -However, streams were historically banned in Google code (except -for logging and diagnostics), so Google engineers tend not to -have that experience. Consequently, streams-based code is likely -to be less readable and maintainable by Googlers than code based -on more familiar abstractions.</li> +develop experience with it in order to use it effectively.</li> <li>Resolving the many overloads of <code><<</code> is extremely costly for the compiler. When used pervasively in a large code base, it can consume as much as 20% of the parsing and semantic analysis time.</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>Use streams only when they are the best tool for the job. This is typically the case when the I/O is ad-hoc, local, human-readable, and targeted at other developers rather than end-users. Be consistent with the code around you, and with the codebase as a whole; if there's an established tool for -your problem, use that tool instead. </p> +your problem, use that tool instead. +In particular, + +logging libraries are usually a better +choice than <code>std::cerr</code> or <code>std::clog</code> +for diagnostic output, and the libraries in + +<code>absl/strings</code> +or the equivalent are usually a +better choice than <code>std::stringstream</code>.</p> <p>Avoid using streams for I/O that faces external users or handles untrusted data. Instead, find and use the appropriate @@ -2606,7 +2694,10 @@ localization, and security hardening.</p> <p>If you do use streams, avoid the stateful parts of the streams API (other than error state), such as <code>imbue()</code>, <code>xalloc()</code>, and <code>register_callback()</code>. -Use explicit formatting functions rather than +Use explicit formatting functions (see e.g. + +<code>absl/strings</code>) +rather than stream manipulators or formatting flags to control formatting details such as number base, precision, or padding.</p> @@ -2618,30 +2709,22 @@ details in the output of <code><<</code>; if you need to print object internals for debugging, use named functions instead (a method named <code>DebugString()</code> is the most common convention).</p> -</div> - -</div> <h3 id="Preincrement_and_Predecrement">Preincrement and Predecrement</h3> -<div class="summary"> <p>Use prefix form (<code>++i</code>) of the increment and decrement operators with iterators and other template objects.</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p> When a variable is incremented (<code>++i</code> or <code>i++</code>) or decremented (<code>--i</code> or <code>i--</code>) and the value of the expression is not used, one must decide whether to preincrement (decrement) or postincrement (decrement).</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>When the return value is ignored, the "pre" form (<code>++i</code>) is never less efficient than the "post" form (<code>i++</code>), and is often more @@ -2652,36 +2735,27 @@ iterator or other non-scalar type, copying <code>i</code> could be expensive. Since the two types of increment behave the same when the value is ignored, why not just always pre-increment?</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>The tradition developed, in C, of using post-increment when the expression value is not used, especially in <code>for</code> loops. Some find post-increment easier to read, since the "subject" (<code>i</code>) precedes the "verb" (<code>++</code>), just like in English.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p> For simple scalar (non-object) values there is no reason to prefer one form and we allow either. For iterators and other template types, use pre-increment.</p> -</div> - -</div> <h3 id="Use_of_const">Use of const</h3> -<div class="summary"> -<p>Use <code>const</code> whenever it makes sense. With C++11, +<p>In APIs, use <code>const</code> whenever it makes sense. <code>constexpr</code> is a better choice for some uses of const.</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p> Declared variables and parameters can be preceded by the keyword <code>const</code> to indicate the variables are not changed (e.g., <code>const int foo</code>). Class @@ -2689,9 +2763,8 @@ functions can have the <code>const</code> qualifier to indicate the function does not change the state of the class member variables (e.g., <code>class Foo { int Bar(char c) const; };</code>).</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Easier for people to understand how variables are being used. Allows the compiler to do better type checking, and, conceivably, generate better code. Helps people @@ -2700,23 +2773,24 @@ know the functions they call are limited in how they can modify your variables. Helps people know what functions are safe to use without locks in multi-threaded programs.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p><code>const</code> is viral: if you pass a <code>const</code> variable to a function, that function must have <code>const</code> in its prototype (or the variable will need a <code>const_cast</code>). This can be a particular problem when calling library functions.</p> -</div> -<div class="decision"> -<p><code>const</code> variables, data members, methods -and arguments add a level of compile-time type checking; -it is better to detect errors as soon as possible. -Therefore we strongly recommend that you use -<code>const</code> whenever it makes sense to do so:</p> +<p class="decision"></p> +<p>We strongly recommend using <code>const</code> +in APIs (i.e. on function parameters, methods, and +non-local variables) wherever it is meaningful and accurate. This +provides consistent, mostly compiler-verified documentation +of what objects an operation can mutate. Having +a consistent and reliable way to distinguish reads from writes +is critical to writing thread-safe code, and is useful in +many other contexts as well. In particular:</p> <ul> <li>If a function guarantees that it will not modify an argument @@ -2724,25 +2798,28 @@ Therefore we strongly recommend that you use should be a reference-to-const (<code>const T&</code>) or pointer-to-const (<code>const T*</code>), respectively.</li> - <li>Declare methods to be <code>const</code> whenever - possible. Accessors should almost always be - <code>const</code>. Other methods should be const if - they do not modify any data members, do not call any - non-<code>const</code> methods, and do not return a - non-<code>const</code> pointer or - non-<code>const</code> reference to a data member.</li> - - <li>Consider making data members <code>const</code> - whenever they do not need to be modified after - construction.</li> + <li>For a function parameter passed by value, <code>const</code> has + no effect on the caller, thus is not recommended in function + declarations. See + + + <a href="https://abseil.io/tips/109">TotW #109</a>. + + + </li><li>Declare methods to be <code>const</code> unless they + alter the logical state of the object (or enable the user to modify + that state, e.g. by returning a non-const reference, but that's + rare), or they can't safely be invoked concurrently.</li> </ul> -<p>The <code>mutable</code> keyword is allowed but is -unsafe when used with threads, so thread safety should be -carefully considered first.</p> -</div> +<p>Using <code>const</code> on local variables is neither encouraged +nor discouraged.</p> + +<p>All of a class's <code>const</code> operations should be safe +to invoke concurrently with each other. If that's not feasible, the class must +be clearly documented as "thread-unsafe".</p> + -<div class="stylepoint_subsection"> <h4>Where to put the const</h4> <p>Some people favor the form <code>int const *foo</code> @@ -2762,45 +2839,35 @@ putting the "adjective" (<code>const</code>) before the <p>That said, while we encourage putting <code>const</code> first, we do not require it. But be consistent with the code around you!</p> -</div> - -</div> <h3 id="Use_of_constexpr">Use of constexpr</h3> -<div class="summary"> -<p>In C++11, use <code>constexpr</code> to define true +<p>Use <code>constexpr</code> to define true constants or to ensure constant initialization.</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p> Some variables can be declared <code>constexpr</code> to indicate the variables are true constants, i.e. fixed at compilation/link time. Some functions and constructors can be declared <code>constexpr</code> which enables them to be used in defining a <code>constexpr</code> variable.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Use of <code>constexpr</code> enables definition of constants with floating-point expressions rather than just literals; definition of constants of user-defined types; and definition of constants with function calls.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Prematurely marking something as constexpr may cause migration problems if later on it has to be downgraded. Current restrictions on what is allowed in constexpr functions and constructors may invite obscure workarounds in these definitions.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p><code>constexpr</code> definitions enable a more robust specification of the constant parts of an interface. Use <code>constexpr</code> to specify true @@ -2808,17 +2875,13 @@ constants and the functions that support their definitions. Avoid complexifying function definitions to enable their use with <code>constexpr</code>. Do not use <code>constexpr</code> to force inlining.</p> -</div> - -</div> <h3 id="Integer_Types">Integer Types</h3> -<div class="summary"> <p>Of the built-in C++ integer types, the only one used is <code>int</code>. If a program needs a variable of a -different size, use +different size, use a precise-width integer type from <code><stdint.h></code>, such as <code>int16_t</code>. If your variable represents a @@ -2829,30 +2892,25 @@ Keep in mind that even if your value won't ever be too large for an <code>int</code>, it may be used in intermediate calculations which may require a larger type. When in doubt, choose a larger type.</p> -</div> - -<div class="stylebody"> -<div class="definition"> -<p> C++ does not specify the sizes of its integer types. -Typically people assume that <code>short</code> is 16 bits, +<p class="definition"></p> +<p> C++ does not specify the sizes of integer types +like <code>int</code>. Typically people assume +that <code>short</code> is 16 bits, <code>int</code> is 32 bits, <code>long</code> is 32 bits and <code>long long</code> is 64 bits.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Uniformity of declaration.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>The sizes of integral types in C++ can vary based on compiler and architecture.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p> -<code><stdint.h></code> defines types +<code><cstdint></code> defines types like <code>int16_t</code>, <code>uint32_t</code>, <code>int64_t</code>, etc. You should always use those in preference to <code>short</code>, <code>unsigned @@ -2880,11 +2938,13 @@ or </p> <p>You should not use the unsigned integer types such as + <code>uint32_t</code>, unless there is a valid reason such as representing a bit pattern rather than a number, or you need defined overflow modulo 2^N. In particular, do not use unsigned types to say a number -will never be negative. Instead, use +will never be negative. Instead, use + assertions for this.</p> @@ -2894,153 +2954,68 @@ sure to use a type that will accommodate any possible usage of your container. When in doubt, use a larger type rather than a smaller type.</p> -<p>Use care when converting integer types. Integer -conversions and promotions can cause non-intuitive -behavior. </p> -</div> - -<div class="stylepoint_subsection"> +<p>Use care when converting integer types. Integer conversions and +promotions can cause undefined behavior, leading to security bugs and +other problems.</p> <h4>On Unsigned Integers</h4> -<p>Some people, including some textbook authors, -recommend using unsigned types to represent numbers that -are never negative. This is intended as a form of -self-documentation. However, in C, the advantages of such -documentation are outweighed by the real bugs it can -introduce. Consider:</p> - -<pre>for (unsigned int i = foo.Length()-1; i >= 0; --i) ... -</pre> - -<p>This code will never terminate! Sometimes gcc will -notice this bug and warn you, but often it will not. -Equally bad bugs can occur when comparing signed and -unsigned variables. Basically, C's type-promotion scheme -causes unsigned types to behave differently than one -might expect.</p> - -<p>So, document that a variable is non-negative using -assertions. Don't use an unsigned -type.</p> -</div> - -</div> +<p>Unsigned integers are good for representing bitfields and modular +arithmetic. Because of historical accident, the C++ standard also uses +unsigned integers to represent the size of containers - many members +of the standards body believe this to be a mistake, but it is +effectively impossible to fix at this point. The fact that unsigned +arithmetic doesn't model the behavior of a simple integer, but is +instead defined by the standard to model modular arithmetic (wrapping +around on overflow/underflow), means that a significant class of bugs +cannot be diagnosed by the compiler. In other cases, the defined +behavior impedes optimization.</p> + +<p>That said, mixing signedness of integer types is responsible for an +equally large class of problems. The best advice we can provide: try +to use iterators and containers rather than pointers and sizes, try +not to mix signedness, and try to avoid unsigned types (except for +representing bitfields or modular arithmetic). Do not use an unsigned +type merely to assert that a variable is non-negative.</p> <h3 id="64-bit_Portability">64-bit Portability</h3> -<div class="summary"> <p>Code should be 64-bit and 32-bit friendly. Bear in mind problems of printing, comparisons, and structure alignment.</p> -</div> - -<div class="stylebody"> <ul> <li> - <p><code>printf()</code> specifiers for some types - are not cleanly portable between 32-bit and 64-bit - systems. C99 defines some portable format specifiers. - Unfortunately, MSVC 7.1 does not understand some of - these specifiers and the standard is missing a few, - so we - have to define our own ugly versions in some cases - (in the style of the standard include file - <code>inttypes.h</code>):</p> + <p>Correct portable <code>printf()</code> conversion specifiers for + some integral typedefs rely on macro expansions that we find unpleasant to + use and impractical to require (the <code>PRI</code> macros from + <code><cinttypes></code>). Unless there is no reasonable alternative + for your particular case, try to avoid or even upgrade APIs that rely on the + <code>printf</code> family. Instead use a library supporting typesafe numeric + formatting, such as - <div> - <pre>// printf macros for size_t, in the style of inttypes.h -#ifdef _LP64 -#define __PRIS_PREFIX "z" -#else -#define __PRIS_PREFIX -#endif -// Use these macros after a % in a printf format string -// to get correct 32/64 bit behavior, like this: -// size_t size = records.size(); -// printf("%" PRIuS "\n", size); + <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/str_cat.h"><code>StrCat</code></a> -#define PRIdS __PRIS_PREFIX "d" -#define PRIxS __PRIS_PREFIX "x" -#define PRIuS __PRIS_PREFIX "u" -#define PRIXS __PRIS_PREFIX "X" -#define PRIoS __PRIS_PREFIX "o" - </pre> - </div> - - <table border="1" summary="portable printf specifiers"> - <tbody><tr align="center"> - <th>Type</th> - <th>DO NOT use</th> - <th>DO use</th> - <th>Notes</th> - </tr> - - <tr align="center"> - <td><code>void *</code> (or any pointer)</td> - <td><code>%lx</code></td> - <td><code>%p</code></td> - <td></td> - </tr> - - - - <tr align="center"> - <td><code>int64_t</code></td> - <td><code>%qd</code>, <code>%lld</code></td> - <td><code>%" PRId64 "</code></td> - <td></td> - </tr> - - - - <tr align="center"> - <td><code>uint64_t</code></td> - <td><code>%qu</code>, <code>%llu</code>, - <code>%llx</code></td> - <td><code>%" PRIu64 "</code>, - <code>%" PRIx64 "</code></td> - <td></td> - </tr> - - - - <tr align="center"> - <td><code>size_t</code></td> - <td><code>%u</code></td> - <td><code>%" PRIuS "</code>, <code>%" PRIxS "</code></td> - <td> - C99 specifies <code>%zu</code></td> - </tr> - - <tr align="center"> - <td><code>ptrdiff_t</code></td> - <td><code>%d</code></td> - <td><code>%" PRIdS "</code></td> - <td> - C99 specifies <code>%td</code></td> - </tr> - - - </tbody></table> - - <p>Note that the <code>PRI*</code> macros expand to - independent strings which are concatenated by the - compiler. Hence if you are using a non-constant - format string, you need to insert the value of the - macro into the format, rather than the name. Note also - that spaces are required around the macro identifier to - separate it from the string literal. It is - still possible, as usual, to include length - specifiers, etc., after the <code>%</code> when using - the <code>PRI*</code> macros. So, e.g. - <code>printf("x = %30" PRIuS "\n", x)</code> would - expand on 32-bit Linux to <code>printf("x = %30" "u" - "\n", x)</code>, which the compiler will treat as - <code>printf("x = %30u\n", x)</code>.</p> - - + or + + + <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/substitute.h"><code>Substitute</code></a> + + for fast simple conversions, + + or <a href="#Streams"><code>std::ostream</code></a>.</p> + + <p>Unfortunately, the <code>PRI</code> macros are the only portable way to + specify a conversion for the standard bitwidth typedefs (e.g. + <code>int64_t</code>, <code>uint64_t</code>, <code>int32_t</code>, + <code>uint32_t</code>, etc). + + Where possible, avoid passing arguments of types specified by bitwidth + typedefs to <code>printf</code>-based APIs. Note that it is acceptable + to use typedefs for which printf has dedicated length modifiers, such as + <code>size_t</code> (<code>z</code>), + <code>ptrdiff_t</code> (<code>t</code>), and + <code>maxint_t</code> (<code>j</code>).</p> </li> <li>Remember that <code>sizeof(void *)</code> != @@ -3049,13 +3024,13 @@ problems of printing, comparisons, and structure alignment.</p> <li>You may need to be careful with structure alignments, particularly for structures being stored on - disk. Any class/structure with a + disk. Any class/structure with a <code>int64_t</code>/<code>uint64_t</code> member will by default end up being 8-byte aligned on a 64-bit system. If you have such structures being shared on disk between 32-bit and 64-bit code, you will need to ensure that they are packed the same on both - architectures. + architectures. Most compilers offer a way to alter structure alignment. For gcc, you can use <code>__attribute__((packed))</code>. MSVC offers @@ -3063,29 +3038,24 @@ problems of printing, comparisons, and structure alignment.</p> <code>__declspec(align())</code>.</li> <li> - <p>Use the <code>LL</code> or <code>ULL</code> - suffixes as needed to create 64-bit constants. For - example:</p> + <p>Use <a href="#Casting">braced-initialization</a> as needed to create + 64-bit constants. For example:</p> -<pre>int64_t my_value = 0x123456789LL; -uint64_t my_mask = 3ULL << 48; +<div> +<pre>int64_t my_value{0x123456789}; +uint64_t my_mask{3ULL << 48}; </pre> +</div> </li> </ul> -</div> - <h3 id="Preprocessor_Macros">Preprocessor Macros</h3> -<div class="summary"> <p>Avoid defining macros, especially in headers; prefer inline functions, enums, and <code>const</code> variables. Name macros with a project-specific prefix. Do not use macros to define pieces of a C++ API.</p> -</div> - -<div class="stylebody"> <p>Macros mean that the code you see is not the same as the code the compiler sees. This can introduce unexpected @@ -3130,7 +3100,7 @@ lower-level libraries. And some of their special features available through the language proper. But before using a macro, consider carefully whether there's a non-macro way to achieve the same result. If you need to use a macro to -define an interface, contact +define an interface, contact your project leads to request a waiver of this rule.</p> @@ -3163,46 +3133,27 @@ header, it must have a globally unique name. To achieve this, it must be named with a prefix consisting of your project's namespace name (but upper case). </p> -</div> - <h3 id="0_and_nullptr/NULL">0 and nullptr/NULL</h3> -<div class="summary"> -<p>Use <code>0</code> for integers, <code>0.0</code> for -reals, <code>nullptr</code> (or <code>NULL</code>) for -pointers, and <code>'\0'</code> for chars.</p> -</div> - -<div class="stylebody"> - -<p>Use <code>0</code> for integers and <code>0.0</code> -for reals. This is not controversial.</p> +<p>Use <code>nullptr</code> for pointers, and <code>'\0'</code> for chars (and +not the <code>0</code> literal).</p> -<p> For -pointers (address values), there is a choice between -<code>0</code>, <code>NULL</code>, and -<code>nullptr</code>. For projects that allow C++11 -features, use <code>nullptr</code>. For C++03 projects, -we prefer <code>NULL</code> because it looks like a -pointer. In fact, some C++ compilers provide special -definitions of <code>NULL</code> which enable them to -give useful warnings, particularly in situations where -<code>sizeof(NULL)</code> is not equal to -<code>sizeof(0)</code>.</p> +<p>For pointers (address values), use <code>nullptr</code>, as this +provides type-safety.</p> -<p>Use <code>'\0'</code> for chars. This is the correct -type and also makes code more readable.</p> +<p>For C++03 projects, prefer <code>NULL</code> to <code>0</code>. While the +values are equivalent, <code>NULL</code> looks more like a pointer to the +reader, and some C++ compilers provide special definitions of <code>NULL</code> +which enable them to give useful warnings. Never use <code>NULL</code> for +numeric (integer or floating-point) values.</p> -</div> +<p>Use <code>'\0'</code> for the null character. Using the correct type makes +the code more readable.</p> <h3 id="sizeof">sizeof</h3> -<div class="summary"> <p>Prefer <code>sizeof(<var>varname</var>)</code> to <code>sizeof(<var>type</var>)</code>.</p> -</div> - -<div class="stylebody"> <p>Use <code>sizeof(<var>varname</var>)</code> when you take the size of a particular variable. @@ -3214,7 +3165,7 @@ to any particular variable, such as code that manages an external or internal data format where a variable of an appropriate C++ type is not convenient.</p> -<pre>Struct data; +<pre>struct data; memset(&data, 0, sizeof(data)); </pre> @@ -3227,205 +3178,310 @@ memset(&data, 0, sizeof(data)); } </pre> -</div> +<a name="auto"></a> +<h3 id="Type_deduction">Type deduction</h3> -<h3 id="auto">auto</h3> +<p>Use type deduction only if it makes the code clearer to readers who aren't + familiar with the project, or if it makes the code safer. Do not use it + merely to avoid the inconvenience of writing an explicit type.</p> -<div class="summary"> -<p>Use <code>auto</code> to avoid type names that are noisy, obvious, -or unimportant - cases where the type doesn't aid in clarity for the -reader. Continue to use manifest type declarations when it helps -readability.</p> -</div> +<p class="definition"></p> -<div class="stylebody"> +<p>There are several contexts in which C++ allows (or even requires) types to +be deduced by the compiler, rather than spelled out explicitly in the code:</p> +<dl> + <dt><a href="https://en.cppreference.com/w/cpp/language/template_argument_deduction">Function template argument deduction</a></dt> + <dd>A function template can be invoked without explicit template arguments. + The compiler deduces those arguments from the types of the function + arguments: + <pre class="neutralcode">template <typename T> +void f(T t); + +f(0); // Invokes f<int>(0)</pre> + </dd> + <dt><a href="https://en.cppreference.com/w/cpp/language/auto"><code>auto</code> variable declarations</a></dt> + <dd>A variable declaration can use the <code>auto</code> keyword in place + of the type. The compiler deduces the type from the variable's + initializer, following the same rules as function template argument + deduction with the same initializer (so long as you don't use curly braces + instead of parentheses). + <pre class="neutralcode">auto a = 42; // a is an int +auto& b = a; // b is an int& +auto c = b; // c is an int +auto d{42}; // d is an int, not a std::initializer_list<int> +</pre> + <code>auto</code> can be qualified with <code>const</code>, and can be + used as part of a pointer or reference type, but it can't be used as a + template argument. A rare variant of this syntax uses + <code>decltype(auto)</code> instead of <code>auto</code>, in which case + the deduced type is the result of applying + <a href="https://en.cppreference.com/w/cpp/language/decltype"><code>decltype</code></a> + to the initializer. + </dd> + <dt><a href="https://en.cppreference.com/w/cpp/language/function#Return_type_deduction">Function return type deduction</a></dt> + <dd><code>auto</code> (and <code>decltype(auto)</code>) can also be used in + place of a function return type. The compiler deduces the return type from + the <code>return</code> statements in the function body, following the same + rules as for variable declarations: + <pre class="neutralcode">auto f() { return 0; } // The return type of f is int</pre> + <a href="#Lambda_expressions">Lambda expression</a> return types can be + deduced in the same way, but this is triggered by omitting the return type, + rather than by an explicit <code>auto</code>. Confusingly, + <a href="trailing_return">trailing return type</a> syntax for functions + also uses <code>auto</code> in the return-type position, but that doesn't + rely on type deduction; it's just an alternate syntax for an explicit + return type. + </dd> + <dt><a href="https://isocpp.org/wiki/faq/cpp14-language#generic-lambdas">Generic lambdas</a></dt> + <dd>A lambda expression can use the <code>auto</code> keyword in place of + one or more of its parameter types. This causes the lambda's call operator + to be a function template instead of an ordinary function, with a separate + template parameter for each <code>auto</code> function parameter: + <pre class="neutralcode">// Sort `vec` in increasing order +std::sort(vec.begin(), vec.end(), [](auto lhs, auto rhs) { return lhs > rhs; });</pre> + </dd> + <dt><a href="https://isocpp.org/wiki/faq/cpp14-language#lambda-captures">Lambda init captures</a></dt> + <dd>Lambda captures can have explicit initializers, which can be used to + declare wholly new variables rather than only capturing existing ones: + <pre class="neutralcode">[x = 42, y = "foo"] { ... } // x is an int, and y is a const char*</pre> + This syntax doesn't allow the type to be specified; instead, it's deduced + using the rules for <code>auto</code> variables. + </dd> + <dt><a href="https://en.cppreference.com/w/cpp/language/class_template_argument_deduction">Class template argument deduction</a></dt> + <dd>See <a href="#CTAD">below</a>.</dd> + <dt><a href="https://en.cppreference.com/w/cpp/language/structured_binding">Structured bindings</a></dt> + <dd>When declaring a tuple, struct, or array using <code>auto</code>, you can + specify names for the individual elements instead of a name for the whole + object; these names are called "structured bindings", and the whole + declaration is called a "structured binding declaration". This syntax + provides no way of specifying the type of either the enclosing object + or the individual names: + <pre class="neutralcode">auto [iter, success] = my_map.insert({key, value}); +if (!success) { + iter->second = value; +}</pre> + The <code>auto</code> can also be qualified with <code>const</code>, + <code>&</code>, and <code>&&</code>, but note that these qualifiers + technically apply to the anonymous tuple/struct/array, rather than the + individual bindings. The rules that determine the types of the bindings + are quite complex; the results tend to be unsurprising, except that + the binding types typically won't be references even if the declaration + declares a reference (but they will usually behave like references anyway). + </dd> + +<p>(These summaries omit many details and caveats; see the links for further + information.)</p> + +<p class="pros"></p> -<div class="pros"> -<p> -</p><ul> -<li>C++ type names can be long and cumbersome, especially when they -involve templates or namespaces.</li> -<li>When a C++ type name is repeated within a single declaration or a -small code region, the repetition may not be aiding readability.</li> -<li>It is sometimes safer to let the type be specified by the type of -the initialization expression, since that avoids the possibility of -unintended copies or type conversions.</li> +<ul> + <li>C++ type names can be long and cumbersome, especially when they + involve templates or namespaces.</li> + <li>When a C++ type name is repeated within a single declaration or a + small code region, the repetition may not be aiding readability.</li> + <li>It is sometimes safer to let the type be deduced, since that avoids + the possibility of unintended copies or type conversions.</li> </ul> -</div> -<div class="cons"> -<p>Sometimes code is clearer when types are manifest, -especially when a variable's initialization depends on -things that were declared far away. In expressions -like:</p> +<p class="cons"></p> +<p>C++ code is usually clearer when types are explicit, + especially when type deduction would depend on information from + distant parts of the code. In expressions like:</p> <pre class="badcode">auto foo = x.add_foo(); auto i = y.Find(key); </pre> <p>it may not be obvious what the resulting types are if the type -of <code>y</code> isn't very well known, or if <code>y</code> was -declared many lines earlier.</p> - -<p>Programmers have to understand the difference between -<code>auto</code> and <code>const auto&</code> or -they'll get copies when they didn't mean to.</p> - -<p>If an <code>auto</code> variable is used as part of an -interface, e.g. as a constant in a header, then a -programmer might change its type while only intending to -change its value, leading to a more radical API change -than intended.</p> -</div> - -<div class="decision"> - -<p><code>auto</code> is permitted when it increases readability, -particularly as described below. Never initialize an <code>auto</code>-typed -variable with a braced initializer list.</p> - -<p>Specific cases where <code>auto</code> is allowed or encouraged: -</p><ul> -<li>(Encouraged) For iterators and other long/cluttery type names, particularly -when the type is clear from context (calls -to <code>find</code>, <code>begin</code>, or <code>end</code> for -instance).</li> -<li>(Allowed) When the type is clear from local context (in the same expression -or within a few lines). Initialization of a pointer or smart pointer -with calls -to <code>new</code> -commonly falls into this category, as does use of <code>auto</code> in -a range-based loop over a container whose type is spelled out -nearby.</li> -<li>(Allowed) When the type doesn't matter because it isn't being used for -anything other than equality comparison.</li> -<li>(Encouraged) When iterating over a map with a range-based loop -(because it is often assumed that the correct type -is <code>std::pair<KeyType, ValueType></code> whereas it is actually -<code>std::pair<const KeyType, ValueType></code>). This is -particularly well paired with local <code>key</code> -and <code>value</code> aliases for <code>.first</code> -and <code>.second</code> (often const-ref). -<pre class="code">for (const auto& item : some_map) { - const KeyType& key = item.first; - const ValType& value = item.second; - // The rest of the loop can now just refer to key and value, - // a reader can see the types in question, and we've avoided - // the too-common case of extra copies in this iteration. -} -</pre> -</li> -</ul> - -</div> - -</div> - -<h3 id="Braced_Initializer_List">Braced Initializer List</h3> - -<div class="summary"> -<p>You may use braced initializer lists.</p> -</div> - -<div class="stylebody"> - -<p>In C++03, aggregate types (arrays and structs with no -constructor) could be initialized with braced initializer lists.</p> - -<pre>struct Point { int x; int y; }; -Point p = {1, 2}; -</pre> - -<p>In C++11, this syntax was generalized, and any object type can now -be created with a braced initializer list, known as a -<i>braced-init-list</i> in the C++ grammar. Here are a few examples -of its use.</p> - -<pre>// Vector takes a braced-init-list of elements. -std::vector<string> v{"foo", "bar"}; - -// Basically the same, ignoring some small technicalities. -// You may choose to use either form. -std::vector<string> v = {"foo", "bar"}; - -// Usable with 'new' expressions. -auto p = new vector<string>{"foo", "bar"}; - -// A map can take a list of pairs. Nested braced-init-lists work. -std::map<int, string> m = {{1, "one"}, {2, "2"}}; - -// A braced-init-list can be implicitly converted to a return type. -std::vector<int> test_function() { return {1, 2, 3}; } - -// Iterate over a braced-init-list. -for (int i : {-1, -2, -3}) {} - -// Call a function using a braced-init-list. -void TestFunction2(std::vector<int> v) {} -TestFunction2({1, 2, 3}); -</pre> - -<p>A user-defined type can also define a constructor and/or assignment operator -that take <code>std::initializer_list<T></code>, which is automatically -created from <i>braced-init-list</i>:</p> - -<pre>class MyType { - public: - // std::initializer_list references the underlying init list. - // It should be passed by value. - MyType(std::initializer_list<int> init_list) { - for (int i : init_list) append(i); - } - MyType& operator=(std::initializer_list<int> init_list) { - clear(); - for (int i : init_list) append(i); - } -}; -MyType m{2, 3, 5, 7}; -</pre> - -<p>Finally, brace initialization can also call ordinary -constructors of data types, even if they do not have -<code>std::initializer_list<T></code> constructors.</p> - -<pre>double d{1.23}; -// Calls ordinary constructor as long as MyOtherType has no -// std::initializer_list constructor. -class MyOtherType { - public: - explicit MyOtherType(string); - MyOtherType(int, string); -}; -MyOtherType m = {1, "b"}; -// If the constructor is explicit, you can't use the "= {}" form. -MyOtherType m{"b"}; -</pre> - -<p>Never assign a <i>braced-init-list</i> to an auto -local variable. In the single element case, what this -means can be confusing.</p> - -<pre class="badcode">auto d = {1.23}; // d is a std::initializer_list<double> -</pre> - -<pre>auto d = double{1.23}; // Good -- d is a double, not a std::initializer_list. -</pre> - -<p>See <a href="#Braced_Initializer_List_Format">Braced_Initializer_List_Format</a> for formatting.</p> - -</div> + of <code>y</code> isn't very well known, or if <code>y</code> was + declared many lines earlier.</p> + +<p>Programmers have to understand when type deduction will or won't + produce a reference type, or they'll get copies when they didn't + mean to.</p> + +<p>If a deduced type is used as part of an interface, then a + programmer might change its type while only intending to + change its value, leading to a more radical API change + than intended.</p> + +<p class="decision"></p> + +<p>The fundamental rule is: use type deduction only to make the code + clearer or safer, and do not use it merely to avoid the + inconvenience of writing an explicit type. When judging whether the + code is clearer, keep in mind that your readers are not necessarily + on your team, or familiar with your project, so types that you and + your reviewer experience as as unnecessary clutter will very often + provide useful information to others. For example, you can assume that + the return type of <code>make_unique<Foo>()</code> is obvious, + but the return type of <code>MyWidgetFactory()</code> probably isn't.</p> + + <p>These principles applies to all forms of type deduction, but the + details vary, as described in the following sections.</p> + +<h4>Function template argument deduction</h4> + +<p>Function template argument deduction is almost always OK. Type deduction + is the expected default way of interacting with function templates, + because it allows function templates to act like infinite sets of ordinary + function overloads. Consequently, function templates are almost always + designed so that template argument deduction is clear and safe, or + doesn't compile.</p> + +<h4>Local variable type deduction</h4> + +<p>For local variables, you can use type deduction to make the code clearer + by eliminating type information that is obvious or irrelevant, so that + the reader can focus on the meaningful parts of the code: + </p><pre class="neutralcode">std::unique_ptr<WidgetWithBellsAndWhistles> widget_ptr = + absl::make_unique<WidgetWithBellsAndWhistles>(arg1, arg2); +absl::flat_hash_map<std::string, + std::unique_ptr<WidgetWithBellsAndWhistles>>::const_iterator + it = my_map_.find(key); +std::array<int, 0> numbers = {4, 8, 15, 16, 23, 42};</pre> + + <pre class="goodcode">auto widget_ptr = absl::make_unique<WidgetWithBellsAndWhistles>(arg1, arg2); +auto it = my_map_.find(key); +std::array numbers = {4, 8, 15, 16, 23, 42};</pre> + +<p>Types sometimes contain a mixture of useful information and boilerplate, + such as <code>it</code> in the example above: it's obvious that the + type is an iterator, and in many contexts the container type and even the + key type aren't relevant, but the type of the values is probably useful. + In such situations, it's often possible to define local variables with + explicit types that convey the relevant information: + </p><pre class="goodcode">auto it = my_map_.find(key); +if (it != my_map_.end()) { + WidgetWithBellsAndWhistles& widget = *it->second; + // Do stuff with `widget` +}</pre> + If the type is a template instance, and the parameters are + boilerplate but the template itself is informative, you can use + class template argument deduction to suppress the boilerplate. However, + cases where this actually provides a meaningful benefit are quite rare. + Note that class template argument deduction is also subject to a + <a href="#CTAD">separate style rule</a>. + +<p>Do not use <code>decltype(auto)</code> if a simpler option will work, + because it's a fairly obscure feature, so it has a high cost in code + clarity.</p> + +<h4>Return type deduction</h4> + +<p>Use return type deduction (for both functions and lambdas) only if the + function body has a very small number of <code>return</code> statements, + and very little other code, because otherwise the reader may not be able + to tell at a glance what the return type is. Furthermore, use it only + if the function or lambda has a very narrow scope, because functions with + deduced return types don't define abstraction boundaries: the implementation + <em>is</em> the interface. In particular, public functions in header files + should almost never have deduced return types.</p> + +<h4>Parameter type deduction</h4> + +<p><code>auto</code> parameter types for lambdas should be used with caution, + because the actual type is determined by the code that calls the lambda, + rather than by the definition of the lambda. Consequently, an explicit + type will almost always be clearer unless the lambda is explicitly called + very close to where it's defined (so that the reader can easily see both), + or the lambda is passed to an interface so well-known that it's + obvious what arguments it will eventually be called with (e.g. + the <code>std::sort</code> example above).</p> + +<h4>Lambda init captures</h4> + +<p>Init captures are covered by a <a href="#Lambda_expressions">more specific + style rule</a>, which largely supersedes the general rules for + type deduction.</p> + +<h4>Structured bindings</h4> + +<p>Unlike other forms of type deduction, structured bindings can actually + give the reader additional information, by giving meaningful names to the + elements of a larger object. This means that a structured binding declaration + may provide a net readability improvement over an explicit type, even in cases + where <code>auto</code> would not. Structured bindings are especially + beneficial when the object is a pair or tuple (as in the <code>insert</code> + example above), because they don't have meaningful field names to begin with, + but note that you generally <a href="#Structs_vs._Tuples">shouldn't use + pairs or tuples</a> unless a pre-existing API like <code>insert</code> + forces you to.</p> + +<p>If the object being bound is a struct, it may sometimes be helpful to + provide names that are more specific to your usage, but keep in mind that + this may also mean the names are less recognizable to your reader than the + field names. We recommend using a comment to indicate the name of the + underlying field, if it doesn't match the name of the binding, using the + same syntax as for function parameter comments: + </p><pre>auto [/*field_name1=*/ bound_name1, /*field_name2=*/ bound_name2] = ...</pre> + As with function parameter comments, this can enable tools to detect if + you get the order of the fields wrong. + +<h3 id="CTAD">Class template argument deduction</h3> + +<p>Use class template argument deduction only with templates that have + explicitly opted into supporting it.</p> + +<p class="definition"></p> +<p><a href="https://en.cppreference.com/w/cpp/language/class_template_argument_deduction">Class + template argument deduction</a> (often abbreviated "CTAD") occurs when + a variable is declared with a type that names a template, and the template + argument list is not provided (not even empty angle brackets): + </p><pre class="neutralcode">std::array a = {1, 2, 3}; // `a` is a std::array<int, 3></pre> + The compiler deduces the arguments from the initializer using the + template's "deduction guides", which can be explicit or implicit. + +<p>Explicit deduction guides look like function declarations with trailing + return types, except that there's no leading <code>auto</code>, and the + function name is the name of the template. For example, the above example + relies on this deduction guide for <code>std::array</code>: + </p><pre class="neutralcode">namespace std { +template <class T, class... U> +array(T, U...) -> std::array<T, 1 + sizeof...(U)>; +}</pre> + Constructors in a primary template (as opposed to a template specialization) + also implicitly define deduction guides. + +<p>When you declare a variable that relies on CTAD, the compiler selects + a deduction guide using the rules of constructor overload resolution, + and that guide's return type becomes the type of the variable.</p> + +<p class="pros"></p> +<p>CTAD can sometimes allow you to omit boilerplate from your code.</p> + +<p class="cons"></p> +<p>The implicit deduction guides that are generated from constructors + may have undesirable behavior, or be outright incorrect. This is + particularly problematic for constructors written before CTAD was + introduced in C++17, because the authors of those constructors had no + way of knowing about (much less fixing) any problems that their + constructors would cause for CTAD. Furthermore, adding explicit deduction + guides to fix those problems might break any existing code that relies on + the implicit deduction guides.</p> + +<p>CTAD also suffers from many of the same drawbacks as <code>auto</code>, + because they are both mechanisms for deducing all or part of a variable's + type from its initializer. CTAD does give the reader more information + than <code>auto</code>, but it also doesn't give the reader an obvious + cue that information has been omitted.</p> + +<p class="decision"></p> +<p>Do not use CTAD with a given template unless the template's maintainers + have opted into supporting use of CTAD by providing at least one explicit + deduction guide (all templates in the <code>std</code> namespace are + also presumed to have opted in). This should be enforced with a compiler + warning if available.</p> + +<p>Uses of CTAD must also follow the general rules on + <a href="#Type_deduction">Type deduction</a>.</p> <h3 id="Lambda_expressions">Lambda expressions</h3> -<div class="summary"> <p>Use lambda expressions where appropriate. Prefer explicit captures when the lambda will escape the current scope.</p> -</div> - -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p> Lambda expressions are a concise way of creating anonymous function objects. They're often useful when passing functions as arguments. For example:</p> @@ -3449,8 +3505,8 @@ std::for_each(v.begin(), v.end(), [weight, &sum](int x) { </pre> -Default captures implicitly capture any variable referenced in the -lambda body, including <code>this</code> if any members are used: +<p>Default captures implicitly capture any variable referenced in the +lambda body, including <code>this</code> if any members are used:</p> <pre>const std::vector<int> lookup_table = ...; std::vector<int> indices = ...; @@ -3461,13 +3517,24 @@ std::sort(indices.begin(), indices.end(), [&](int a, int b) { }); </pre> -<p>Lambdas were introduced in C++11 along with a set of utilities -for working with function objects, such as the polymorphic -wrapper <code>std::function</code>. -</p> -</div> +<p>A variable capture can also have an explicit initializer, which can + be used for capturing move-only variables by value, or for other situations + not handled by ordinary reference or value captures: + </p><pre>std::unique_ptr<Foo> foo = ...; +[foo = std::move(foo)] () { + ... +}</pre> + Such captures (often called "init captures" or "generalized lambda captures") + need not actually "capture" anything from the enclosing scope, or even have + a name from the enclosing scope; this syntax is a fully general way to define + members of a lambda object: + <pre class="neutralcode">[foo = std::vector<int>({1, 2, 3})] () { + ... +}</pre> + The type of a capture with an initializer is deduced using the same rules + as <code>auto</code>. -<div class="pros"> +<p class="pros"></p> <ul> <li>Lambdas are much more concise than other ways of defining function objects to be passed to STL @@ -3484,9 +3551,8 @@ wrapper <code>std::function</code>. to write functions that take bound functions as arguments.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Variable capture in lambdas can be a source of dangling-pointer bugs, particularly if a lambda escapes the current scope.</li> @@ -3497,14 +3563,25 @@ wrapper <code>std::function</code>. This is especially confusing when capturing 'this' by value, since the use of 'this' is often implicit.</li> + <li>Captures actually declare new variables (whether or not the captures have + initializers), but they look nothing like any other variable declaration + syntax in C++. In particular, there's no place for the variable's type, + or even an <code>auto</code> placeholder (although init captures can + indicate it indirectly, e.g. with a cast). This can make it difficult to + even recognize them as declarations.</li> + + <li>Init captures inherently rely on <a href="#Type_deduction">type + deduction</a>, and suffer from many of the same drawbacks as + <code>auto</code>, with the additional problem that the syntax doesn't + even cue the reader that deduction is taking place.</li> + <li>It's possible for use of lambdas to get out of hand; very long nested anonymous functions can make code harder to understand.</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <ul> <li>Use lambda expressions where appropriate, with formatting as described <a href="#Formatting_Lambda_Expressions">below</a>.</li> @@ -3543,48 +3620,41 @@ few variables for a short lambda, where the set of captured variables is obvious at a glance. Prefer not to write long or complex lambdas with default capture by value. </li> -<li>Keep unnamed lambdas short. If a lambda body is more than -maybe five lines long, prefer to give the lambda a name, or to -use a named function instead of a lambda.</li> -<li>Specify the return type of the lambda explicitly if that will -make it more obvious to readers, as with -<a href="#auto"><code>auto</code></a>.</li> +<li>Use captures only to actually capture variables from the enclosing scope. + Do not use captures with initializers to introduce new names, or + to substantially change the meaning of an existing name. Instead, + declare a new variable in the conventional way and then capture it, + or avoid the lambda shorthand and define a function object explicitly.</li> +<li>See the section on <a href="#Type_deduction">type deduction</a> + for guidance on specifying the parameter and return types.</li> </ul> -</div> - -</div> <h3 id="Template_metaprogramming">Template metaprogramming</h3> -<div class="summary"> -<p>Avoid complicated template programming.</p> -</div> -<div class="stylebody"> +<p>Avoid complicated template programming.</p> -<div class="definition"> +<p class="definition"></p> <p>Template metaprogramming refers to a family of techniques that exploit the fact that the C++ template instantiation mechanism is Turing complete and can be used to perform arbitrary compile-time computation in the type domain.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Template metaprogramming allows extremely flexible interfaces that are type safe and high performance. Facilities like <a href="https://code.google.com/p/googletest/">Google Test</a>, <code>std::tuple</code>, <code>std::function</code>, and Boost.Spirit would be impossible without it.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>The techniques used in template metaprogramming are often obscure to anyone but language experts. Code that uses templates in complicated ways is often unreadable, and is hard to debug or maintain.</p> -<p>Template metaprogramming often leads to extremely poor compiler +<p>Template metaprogramming often leads to extremely poor compile time error messages: even if an interface is simple, the complicated implementation details become visible when the user does something wrong.</p> @@ -3597,9 +3667,8 @@ tools work with an AST that only represents the structure of the code after template expansion. It can be difficult to automatically work back to the original source construct that needs to be rewritten.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>Template metaprogramming sometimes allows cleaner and easier-to-use interfaces than would be possible without it, but it's also often a temptation to be overly clever. It's best used in a small number of @@ -3630,42 +3699,31 @@ error messages are part of your user interface, and your code should be tweaked as necessary so that the error messages are understandable and actionable from a user point of view.</p> -</div> -</div> - - <h3 id="Boost">Boost</h3> -<div class="summary"> <p>Use only approved libraries from the Boost library collection.</p> -</div> - -<div class="stylebody"> -<div class="definition"> +<p class="definition"></p> <p> The <a href="https://www.boost.org/"> Boost library collection</a> is a popular collection of peer-reviewed, free, open-source C++ libraries.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p>Boost code is generally very high-quality, is widely portable, and fills many important gaps in the C++ standard library, such as type traits and better binders.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Some Boost libraries encourage coding practices which can hamper readability, such as metaprogramming and other advanced template techniques, and an excessively "functional" style of programming. </p> -</div> -<div class="decision"> +<p class="decision"></p> + - <div> <p>In order to maintain a high level of readability for @@ -3713,6 +3771,9 @@ Currently, the following libraries are permitted:</p> <li><a href="https://www.boost.org/libs/math/doc/html/special.html"> Special Functions</a> from <code>boost/math/special_functions</code></li> + <li><a href="https://www.boost.org/libs/math/doc/html/root_finding.html"> + Root Finding Functions</a> from <code>boost/math/tools</code></li> + <li><a href="https://www.boost.org/libs/multi_index/"> Multi-index</a> from <code>boost/multi_index</code></li> @@ -3737,44 +3798,21 @@ Currently, the following libraries are permitted:</p> <p>We are actively considering adding other Boost features to the list, so this list may be expanded in the future.</p> -</div> - -<p>The following libraries are permitted, but their use -is discouraged because they've been superseded by -standard libraries in C++11:</p> - -<ul> - <li><a href="https://www.boost.org/libs/array/"> - Array</a> from <code>boost/array.hpp</code>: use - <a href="http://en.cppreference.com/w/cpp/container/array"> - <code>std::array</code></a> instead.</li> - - <li><a href="https://www.boost.org/libs/ptr_container/"> - Pointer Container</a> from <code>boost/ptr_container</code>: use containers of - <a href="http://en.cppreference.com/w/cpp/memory/unique_ptr"> - <code>std::unique_ptr</code></a> instead.</li> -</ul> -</div> +</div> -</div> - <h3 id="std_hash">std::hash</h3> -<div class="summary"> <p>Do not define specializations of <code>std::hash</code>.</p> -</div> -<div class="stylebody"> - -<div class="definition"> +<p class="definition"></p> <p><code>std::hash<T></code> is the function object that the C++11 hash containers use to hash keys of type <code>T</code>, unless the user explicitly specifies a different hash function. For -example, <code>std::unordered_map<int, string></code> is a hash +example, <code>std::unordered_map<int, std::string></code> is a hash map that uses <code>std::hash<int></code> to hash its keys, -whereas <code>std::unordered_map<int, string, MyIntHash></code> +whereas <code>std::unordered_map<int, std::string, MyIntHash></code> uses <code>MyIntHash</code>.</p> <p><code>std::hash</code> is defined for all integral, floating-point, @@ -3782,17 +3820,15 @@ pointer, and <code>enum</code> types, as well as some standard library types such as <code>string</code> and <code>unique_ptr</code>. Users can enable it to work for their own types by defining specializations of it for those types.</p> -</div> -<div class="pros"> +<p class="pros"></p> <p><code>std::hash</code> is easy to use, and simplifies the code since you don't have to name it explicitly. Specializing <code>std::hash</code> is the standard way of specifying how to hash a type, so it's what outside resources will teach, and what new engineers will expect.</p> -</div> -<div class="cons"> +<p class="cons"></p> <p><code>std::hash</code> is hard to specialize. It requires a lot of boilerplate code, and more importantly, it combines responsibility for identifying the hash inputs with responsibility for executing the @@ -3816,9 +3852,8 @@ should not be done more than once.</p> <p>Due to exactly that issue, <code>std::hash</code> does not work with <code>std::pair</code> or <code>std::tuple</code>, and the language does not allow us to extend it to support them.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p>You can use <code>std::hash</code> with the types that it supports "out of the box", but do not specialize it to support additional types. If you need a hash table with a key type that <code>std::hash</code> @@ -3837,47 +3872,12 @@ that you can use; otherwise work with them to provide one, <p>We are planning to provide a hash function that can work with any type, using a new customization mechanism that doesn't have the drawbacks of <code>std::hash</code>.</p> -</div> - -</div> -<h3 id="C++11">C++11</h3> -<div class="summary"> -<p>Use libraries and language extensions from C++11 when appropriate. -Consider portability to other environments -before using C++11 features in your -project. </p> -</div> - -<div class="stylebody"> - -<div class="definition"> -<p> C++11 contains <a href="https://en.wikipedia.org/wiki/C%2B%2B11"> -significant changes</a> both to the language and -libraries. </p> -</div> - -<div class="pros"> -<p>C++11 was the official standard until august 2014, and -is supported by most C++ compilers. It standardizes -some common C++ extensions that we use already, allows -shorthands for some operations, and has some performance -and safety improvements.</p> -</div> +<h3 id="Other_Features"><a name="C++11">Other C++ Features</a></h3> -<div class="cons"> -<p>The C++11 standard is substantially more complex than -its predecessor (1,300 pages versus 800 pages), and is -unfamiliar to many developers. The long-term effects of -some features on code readability and maintenance are -unknown. We cannot predict when its various features will -be implemented uniformly by tools that may be of -interest, particularly in the case of projects that are -forced to use older versions of tools.</p> - -<p>As with <a href="#Boost">Boost</a>, some C++11 +<p>As with <a href="#Boost">Boost</a>, some modern C++ extensions encourage coding practices that hamper readability—for example by removing checked redundancy (such as type names) that may be @@ -3886,23 +3886,12 @@ metaprogramming. Other extensions duplicate functionality available through existing mechanisms, which may lead to confusion and conversion costs.</p> - -</div> - -<div class="decision"> - -<p>C++11 features may be used unless specified otherwise. -In addition to what's described in the rest of the style -guide, the following C++11 features may not be used:</p> +<p class="decision"></p> +<p>In addition to what's described in the rest of the style +guide, the following C++ features may not be used:</p> <ul> - - - - - - <li>Compile-time rational numbers (<code><ratio></code>), because of concerns that @@ -3913,35 +3902,29 @@ guide, the following C++11 features may not be used:</p> <code><fenv.h></code> headers, because many compilers do not support those features reliably.</li> - <li>Ref-qualifiers on member functions, such as <code>void X::Foo() - &</code> or <code>void X::Foo() &&</code>, because of concerns - that they're an overly obscure feature.</li> + <li>The <code><filesystem></code> header, which - + does not have sufficient support for testing, and suffers + from inherent security vulnerabilities.</li> - -</ul> -</div> -</div> +</ul> <h3 id="Nonstandard_Extensions">Nonstandard Extensions</h3> -<div class="summary"> <p>Nonstandard extensions to C++ may not be used unless otherwise specified.</p> -</div> -<div class="stylebody"> -<div class="definition"> + +<p class="definition"></p> <p>Compilers support various extensions that are not part of standard C++. Such extensions include GCC's <code>__attribute__</code>, intrinsic functions such as <code>__builtin_prefetch</code>, designated initializers (e.g. <code>Foo f = {.field = 3}</code>), inline assembly, <code>__COUNTER__</code>, <code>__PRETTY_FUNCTION__</code>, compound statement expressions (e.g. <code>foo = ({ int x; Bar(&x); x })</code>, variable-length arrays and - <code>alloca()</code>, and the <code>a?:b</code> syntax.</p> -</div> + <code>alloca()</code>, and the "<a href="https://en.wikipedia.org/wiki/Elvis_operator">Elvis Operator</a>" + <code>a?:b</code>.</p> -<div class="pros"> +<p class="pros"></p> <ul> <li>Nonstandard extensions may provide useful features that do not exist in standard C++. For example, some people think that designated @@ -3950,9 +3933,8 @@ guide, the following C++11 features may not be used:</p> <li>Important performance guidance to the compiler can only be specified using extensions.</li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>Nonstandard extensions do not work in all compilers. Use of nonstandard extensions reduces portability of code.</li> @@ -3962,47 +3944,44 @@ guide, the following C++11 features may not be used:</p> <li>Nonstandard extensions add to the language features that a reader must know to understand the code.</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>Do not use nonstandard extensions. You may use portability wrappers that are implemented using nonstandard extensions, so long as those wrappers - + are provided by a designated project-wide portability header.</p> -</div> -</div> <h3 id="Aliases">Aliases</h3> -<div class="summary"> <p>Public aliases are for the benefit of an API's user, and should be clearly documented.</p> -</div> -<div class="stylebody"> -<div class="definition"> + +<p class="definition"></p> <p>There are several ways to create names that are aliases of other entities:</p> <pre>typedef Foo Bar; using Bar = Foo; using other_namespace::Foo; </pre> + <p>In new code, <code>using</code> is preferable to <code>typedef</code>, + because it provides a more consistent syntax with the rest of C++ and works + with templates.</p> + <p>Like other declarations, aliases declared in a header file are part of that header's public API unless they're in a function definition, in the private portion of a class, or in an explicitly-marked internal namespace. Aliases in such areas or in .cc files are implementation details (because client code can't refer to them), and are not restricted by this rule.</p> -</div> -<div class="pros"> +<p class="pros"></p> <ul> <li>Aliases can improve readability by simplifying a long or complicated name.</li> <li>Aliases can reduce duplication by naming in one place a type used repeatedly in an API, which <em>might</em> make it easier to change the type later. </li> </ul> -</div> -<div class="cons"> +<p class="cons"></p> <ul> <li>When placed in a header where client code can refer to them, aliases increase the number of entities in that header's API, increasing its complexity.</li> @@ -4016,9 +3995,8 @@ using other_namespace::Foo; it is unclear whether the alias is guaranteed to be identical to the type it aliases, to have the same API, or only to be usable in specified narrow ways</li> </ul> -</div> -<div class="decision"> +<p class="decision"></p> <p>Don't put an alias in your public API just to save typing in the implementation; do so only if you intend it to be used by your clients.</p> <p>When defining a public alias, document the intent of @@ -4031,37 +4009,34 @@ implementation retain some degree of freedom to change the alias.</p> </p> <p>For example, these aliases document how they are intended to be used in client code:</p> -<pre>namespace a { +<pre>namespace mynamespace { // Used to store field measurements. DataPoint may change from Bar* to some internal type. // Client code should treat it as an opaque pointer. -using DataPoint = foo::bar::Bar*; +using DataPoint = foo::Bar*; // A set of measurements. Just an alias for user convenience. using TimeSeries = std::unordered_set<DataPoint, std::hash<DataPoint>, DataPointComparator>; -} // namespace a +} // namespace mynamespace </pre> <p>These aliases don't document intended use, and half of them aren't meant for client use:</p> -<pre class="badcode">namespace a { +<pre class="badcode">namespace mynamespace { // Bad: none of these say how they should be used. -using DataPoint = foo::bar::Bar*; +using DataPoint = foo::Bar*; using std::unordered_set; // Bad: just for local convenience using std::hash; // Bad: just for local convenience typedef unordered_set<DataPoint, hash<DataPoint>, DataPointComparator> TimeSeries; -} // namespace a +} // namespace mynamespace </pre> <p>However, local convenience aliases are fine in function definitions, private sections of classes, explicitly marked internal namespaces, and in .cc files:</p> <pre>// In a .cc file -using std::unordered_set; +using foo::Bar; </pre> -</div> -</div> - <h2 id="Naming">Naming</h2> <p>The most important consistency rules are those that govern @@ -4080,56 +4055,83 @@ the rules are the rules.</p> <h3 id="General_Naming_Rules">General Naming Rules</h3> -<div class="summary"> -<p>Names should be descriptive; avoid abbreviation.</p> -</div> +<p>Optimize for readability using names that would be clear +even to people on a different team.</p> -<div class="stylebody"> -<p>Give as descriptive a name as possible, within reason. +<p>Use names that describe the purpose or intent of the object. Do not worry about saving horizontal space as it is far more important to make your code immediately -understandable by a new reader. Do not use abbreviations -that are ambiguous or unfamiliar to readers outside your -project, and do not abbreviate by deleting letters within -a word.</p> - -<pre>int price_count_reader; // No abbreviation. -int num_errors; // "num" is a widespread convention. -int num_dns_connections; // Most people know what "DNS" stands for. +understandable by a new reader. Minimize the use of +abbreviations that would likely be unknown to someone outside +your project (especially acronyms and initialisms). Do not +abbreviate by deleting letters within a word. As a rule of thumb, +an abbreviation is probably OK if it's listed in + Wikipedia. Generally speaking, descriptiveness should be +proportional to the name's scope of visibility. For example, +<code>n</code> may be a fine name within a 5-line function, +but within the scope of a class, it's likely too vague.</p> + +<pre>class MyClass { + public: + int CountFooErrors(const std::vector<Foo>& foos) { + int n = 0; // Clear meaning given limited scope and context + for (const auto& foo : foos) { + ... + ++n; + } + return n; + } + void DoSomethingImportant() { + std::string fqdn = ...; // Well-known abbreviation for Fully Qualified Domain Name + } + private: + const int kMaxAllowedConnections = ...; // Clear meaning within context +}; </pre> -<pre class="badcode">int n; // Meaningless. -int nerr; // Ambiguous abbreviation. -int n_comp_conns; // Ambiguous abbreviation. -int wgc_connections; // Only your group knows what this stands for. -int pc_reader; // Lots of things can be abbreviated "pc". -int cstmr_id; // Deletes internal letters. +<pre class="badcode">class MyClass { + public: + int CountFooErrors(const std::vector<Foo>& foos) { + int total_number_of_foo_errors = 0; // Overly verbose given limited scope and context + for (int foo_index = 0; foo_index < foos.size(); ++foo_index) { // Use idiomatic `i` + ... + ++total_number_of_foo_errors; + } + return total_number_of_foo_errors; + } + void DoSomethingImportant() { + int cstmr_id = ...; // Deletes internal letters + } + private: + const int kNum = ...; // Unclear meaning within broad scope +}; </pre> <p>Note that certain universally-known abbreviations are OK, such as <code>i</code> for an iteration variable and <code>T</code> for a template parameter.</p> +<p>For the purposes of the naming rules below, a "word" is anything that you +would write in English without internal spaces. This includes abbreviations and +acronyms; e.g., for "<a href="https://en.wikipedia.org/wiki/Camel_case">camel +case</a>" or "Pascal case," in which the first letter of each word is +capitalized, use a name like <code>StartRpc()</code>, not +<code>StartRPC()</code>.</p> + <p>Template parameters should follow the naming style for their category: type template parameters should follow the rules for <a href="#Type_Names">type names</a>, and non-type template parameters should follow the rules for <a href="#Variable_Names"> variable names</a>. -</p></div> +</p><h3 id="File_Names">File Names</h3> -<h3 id="File_Names">File Names</h3> - -<div class="summary"> <p>Filenames should be all lowercase and can include underscores (<code>_</code>) or dashes (<code>-</code>). Follow the convention that your - + project uses. If there is no consistent local pattern to follow, prefer "_".</p> -</div> - -<div class="stylebody"> <p>Examples of acceptable file names:</p> @@ -4155,21 +4157,11 @@ of files called, e.g., <code>foo_bar.h</code> and <code>foo_bar.cc</code>, defining a class called <code>FooBar</code>.</p> -<p>Inline functions must be in a <code>.h</code> file. If -your inline functions are very short, they should go -directly into your <code>.h</code> file. </p> - -</div> - <h3 id="Type_Names">Type Names</h3> -<div class="summary"> <p>Type names start with a capital letter and have a capital letter for each new word, with no underscores: <code>MyExcitingClass</code>, <code>MyExcitingEnum</code>.</p> -</div> - -<div class="stylebody"> <p>The names of all types — classes, structs, type aliases, enums, and type template parameters — have the same naming convention. @@ -4182,41 +4174,34 @@ class UrlTableTester { ... struct UrlTableProperties { ... // typedefs -typedef hash_map<UrlTableProperties *, string> PropertiesMap; +typedef hash_map<UrlTableProperties *, std::string> PropertiesMap; // using aliases -using PropertiesMap = hash_map<UrlTableProperties *, string>; +using PropertiesMap = hash_map<UrlTableProperties *, std::string>; // enums enum UrlTableErrors { ... </pre> -</div> - <h3 id="Variable_Names">Variable Names</h3> -<div class="summary"> <p>The names of variables (including function parameters) and data members are all lowercase, with underscores between words. Data members of classes (but not structs) additionally have trailing underscores. For instance: <code>a_local_variable</code>, <code>a_struct_data_member</code>, <code>a_class_data_member_</code>.</p> -</div> - -<div class="stylebody"> -<h4 class="stylepoint_subsection">Common Variable names</h4> +<h4>Common Variable names</h4> <p>For example:</p> -<pre>string table_name; // OK - uses underscore. -string tablename; // OK - all lowercase. +<pre>std::string table_name; // OK - lowercase with underscore. </pre> -<pre class="badcode">string tableName; // Bad - mixed case. +<pre class="badcode">std::string tableName; // Bad - mixed case. </pre> -<h4 class="stylepoint_subsection">Class Data Members</h4> +<h4>Class Data Members</h4> <p>Data members of classes, both static and non-static, are named like ordinary nonmember variables, but with a @@ -4225,20 +4210,19 @@ trailing underscore.</p> <pre>class TableInfo { ... private: - string table_name_; // OK - underscore at end. - string tablename_; // OK. + std::string table_name_; // OK - underscore at end. static Pool<TableInfo>* pool_; // OK. }; </pre> -<h4 class="stylepoint_subsection">Struct Data Members</h4> +<h4>Struct Data Members</h4> <p>Data members of structs, both static and non-static, are named like ordinary nonmember variables. They do not have the trailing underscores that data members in classes have.</p> <pre>struct UrlTableProperties { - string name; + std::string name; int num_entries; static Pool<UrlTableProperties>* pool; }; @@ -4249,44 +4233,30 @@ the trailing underscores that data members in classes have.</p> Classes</a> for a discussion of when to use a struct versus a class.</p> -</div> - <h3 id="Constant_Names">Constant Names</h3> -<div class="summary"> - <p>Variables declared constexpr or const, and whose value is fixed for - the duration of the program, are named with a leading "k" followed - by mixed case. For example:</p> -</div> +<p>Variables declared constexpr or const, and whose value is fixed for +the duration of the program, are named with a leading "k" followed +by mixed case. Underscores can be used as separators in the rare cases +where capitalization cannot be used for separation. For example:</p> <pre>const int kDaysInAWeek = 7; +const int kAndroid8_0_0 = 24; // Android 8.0.0 </pre> -<div class="stylebody"> - - <p>All such variables with static storage duration (i.e. statics and globals, - see <a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration"> - Storage Duration</a> for details) should be named this way. This - convention is optional for variables of other storage classes, e.g. automatic - variables, otherwise the usual variable naming rules apply.</p><p> - -</p></div> +<p>All such variables with static storage duration (i.e. statics and globals, +see <a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration"> +Storage Duration</a> for details) should be named this way. This +convention is optional for variables of other storage classes, e.g. automatic +variables, otherwise the usual variable naming rules apply.</p> <h3 id="Function_Names">Function Names</h3> -<div class="summary"> <p>Regular functions have mixed case; accessors and mutators may be named like variables.</p> -</div> - -<div class="stylebody"> <p>Ordinarily, functions should start with a capital letter and have a -capital letter for each new word -(a.k.a. "<a href="https://en.wikipedia.org/wiki/Camel_case">Camel -Case</a>" or "Pascal case"). Such names should not have -underscores. Prefer to capitalize acronyms as single words -(i.e. <code>StartRpc()</code>, not <code>StartRPC()</code>).</p> +capital letter for each new word.</p> <pre>AddTableEntry() DeleteUrl() @@ -4295,36 +4265,29 @@ OpenFileOrDie() <p>(The same naming rule applies to class- and namespace-scope constants that are exposed as part of an API and that are intended to look -like functions, because the fact that they're -objects rather than functions is an unimportant implementation detail.)</p> +like functions, because the fact that they're objects rather than functions +is an unimportant implementation detail.)</p> <p>Accessors and mutators (get and set functions) may be named like variables. These often correspond to actual member variables, but this is not required. For example, <code>int count()</code> and <code>void set_count(int count)</code>.</p> -</div> - <h3 id="Namespace_Names">Namespace Names</h3> -<div class="summary"> Namespace names are all lower-case. Top-level namespace names are based on the project name . Avoid collisions between nested namespaces and well-known top-level namespaces. -</div> -<div class="stylebody"> <p>The name of a top-level namespace should usually be the name of the project or team whose code is contained in that namespace. The code in that namespace should usually be in -a directory whose basename matches the namespace name (or +a directory whose basename matches the namespace name (or in subdirectories thereof).</p> - - <p>Keep in mind that the <a href="#General_Naming_Rules">rule against abbreviated names</a> applies to namespaces just as much as variable names. Code inside the namespace seldom needs to @@ -4347,18 +4310,12 @@ internal name is helpful (<code>websearch::index::frobber_internal</code> for use in <code>frobber.h</code>)</p> -</div> - <h3 id="Enumerator_Names">Enumerator Names</h3> -<div class="summary"> <p>Enumerators (for both scoped and unscoped enums) should be named <i>either</i> like <a href="#Constant_Names">constants</a> or like <a href="#Macro_Names">macros</a>: either <code>kEnumName</code> or <code>ENUM_NAME</code>.</p> -</div> - -<div class="stylebody"> <p>Preferably, the individual enumerators should be named like <a href="#Constant_Names">constants</a>. However, it @@ -4369,7 +4326,7 @@ is also acceptable to name them like therefore mixed case.</p> <pre>enum UrlTableErrors { - kOK = 0, + kOk = 0, kErrorOutOfMemory, kErrorMalformedInput, }; @@ -4391,17 +4348,12 @@ names are actually causing a compile-time problem.</p> -</div> - <h3 id="Macro_Names">Macro Names</h3> -<div class="summary"> <p>You're not really going to <a href="#Preprocessor_Macros"> define a macro</a>, are you? If you do, they're like this: -<code>MY_MACRO_THAT_SCARES_SMALL_CHILDREN</code>.</p> -</div> - -<div class="stylebody"> +<code>MY_MACRO_THAT_SCARES_SMALL_CHILDREN_AND_ADULTS_ALIKE</code>. +</p> <p>Please see the <a href="#Preprocessor_Macros">description of macros</a>; in general macros should <em>not</em> be used. @@ -4412,17 +4364,11 @@ named with all capitals and underscores.</p> #define PI_ROUNDED 3.0 </pre> -</div> - <h3 id="Exceptions_to_Naming_Rules">Exceptions to Naming Rules</h3> -<div class="summary"> <p>If you are naming something that is analogous to an existing C or C++ entity then you can follow the existing naming convention scheme.</p> -</div> - -<div class="stylebody"> <dl> <dt><code>bigopen()</code></dt> @@ -4442,67 +4388,58 @@ naming convention scheme.</p> <dd>a constant, as in <code>INT_MAX</code></dd> </dl> -</div> - <h2 id="Comments">Comments</h2> -<p>Though a pain to write, comments are absolutely vital to -keeping our code readable. The following rules describe what -you should comment and where. But remember: while comments are -very important, the best code is self-documenting. Giving -sensible names to types and variables is much better than using -obscure names that you must then explain through comments.</p> +<p>Comments are absolutely vital to keeping our code readable. The following rules describe what you +should comment and where. But remember: while comments are very important, the best code is +self-documenting. Giving sensible names to types and variables is much better than using obscure +names that you must then explain through comments.</p> <p>When writing your comments, write for your audience: the -next +next contributor who will need to understand your code. Be generous — the next one may be you!</p> <h3 id="Comment_Style">Comment Style</h3> -<div class="summary"> <p>Use either the <code>//</code> or <code>/* */</code> syntax, as long as you are consistent.</p> -</div> - -<div class="stylebody"> <p>You can use either the <code>//</code> or the <code>/* */</code> syntax; however, <code>//</code> is <em>much</em> more common. Be consistent with how you comment and what style you use where.</p> -</div> - <h3 id="File_Comments">File Comments</h3> -<div class="summary"> +<div> <p>Start each file with license boilerplate.</p> +</div> <p>File comments describe the contents of a file. If a file declares, implements, or tests exactly one abstraction that is documented by a comment at the point of declaration, file comments are not required. All other files must have file comments.</p> -</div> - -<div class="stylebody"> - -<h4 class="stylepoint_subsection">Legal Notice and Author +<h4>Legal Notice and Author Line</h4> +<div> <p>Every file should contain license boilerplate. Choose the appropriate boilerplate for the license used by the project (for example, Apache 2.0, BSD, LGPL, GPL).</p> +</div> <p>If you make significant changes to a file with an -author line, consider deleting the author line.</p> +author line, consider deleting the author line. +New files should usually not contain copyright notice or +author line.</p> -<h4 class="stylepoint_subsection">File Contents</h4> +<h4>File Contents</h4> <p>If a <code>.h</code> declares multiple abstractions, the file-level comment should broadly describe the contents of the file, and how the abstractions are @@ -4513,16 +4450,10 @@ not at the file level.</p> <p>Do not duplicate comments in both the <code>.h</code> and the <code>.cc</code>. Duplicated comments diverge.</p> -</div> - <h3 id="Class_Comments">Class Comments</h3> -<div class="summary"> <p>Every non-obvious class declaration should have an accompanying comment that describes what it is for and how it should be used.</p> -</div> - -<div class="stylebody"> <pre>// Iterates over the contents of a GargantuanTable. // Example: @@ -4551,29 +4482,24 @@ files), comments describing the use of the class should go together with its interface definition; comments about the class operation and implementation should accompany the implementation of the class's methods.</p> -</div> - <h3 id="Function_Comments">Function Comments</h3> -<div class="summary"> <p>Declaration comments describe use of the function (when it is non-obvious); comments at the definition of a function describe operation.</p> -</div> - -<div class="stylebody"> -<h4 class="stylepoint_subsection">Function Declarations</h4> +<h4>Function Declarations</h4> <p>Almost every function declaration should have comments immediately preceding it that describe what the function does and how to use it. These comments may be omitted only if the function is simple and obvious (e.g. simple accessors for obvious properties of the -class). These comments should be descriptive ("Opens the file") -rather than imperative ("Open the file"); the comment describes the -function, it does not tell the function what to do. In general, these -comments do not describe how the function performs its task. Instead, -that should be left to comments in the function definition.</p> +class). These comments should open with descriptive verbs in the +indicative mood ("Opens the file") rather than verbs in the imperative +("Open the file"). The comment describes the function; it does not +tell the function what to do. In general, these comments do not +describe how the function performs its task. Instead, that should be +left to comments in the function definition.</p> <p>Types of things to mention in comments at the function declaration:</p> @@ -4619,13 +4545,7 @@ Iterator* GetIterator() const; </pre> <p>However, do not be unnecessarily verbose or state the -completely obvious. Notice below that it is not necessary - to say "returns false otherwise" because this is -implied.</p> - -<pre>// Returns true if the table cannot hold any more entries. -bool IsTableFull(); -</pre> +completely obvious.</p> <p>When documenting function overrides, focus on the specifics of the override itself, rather than repeating @@ -4643,7 +4563,7 @@ cleanup the destructor does. If this is trivial, just skip the comment. It is quite common for destructors not to have a header comment.</p> -<h4 class="stylepoint_subsection">Function Definitions</h4> +<h4>Function Definitions</h4> <p>If there is anything tricky about how a function does its job, the function definition should have an @@ -4662,19 +4582,13 @@ given with the function declaration, in the recapitulate briefly what the function does, but the focus of the comments should be on how it does it.</p> -</div> - <h3 id="Variable_Comments">Variable Comments</h3> -<div class="summary"> <p>In general the actual name of the variable should be descriptive enough to give a good idea of what the variable is used for. In certain cases, more comments are required.</p> -</div> -<div class="stylebody"> - -<h4 class="stylepoint_subsection">Class Data Members</h4> +<h4>Class Data Members</h4> <p>The purpose of each class data member (also called an instance variable or member variable) must be clear. If there are any @@ -4693,7 +4607,7 @@ obvious. For example:</p> int num_total_entries_; </pre> -<h4 class="stylepoint_subsection">Global Variables</h4> +<h4>Global Variables</h4> <p>All global variables should have a comment describing what they are, what they are used for, and (if unclear) why it needs to be @@ -4703,32 +4617,26 @@ global. For example:</p> const int kNumTestCases = 6; </pre> -</div> - <h3 id="Implementation_Comments">Implementation Comments</h3> -<div class="summary"> <p>In your implementation you should have comments in tricky, non-obvious, interesting, or important parts of your code.</p> -</div> -<div class="stylebody"> - -<h4 class="stylepoint_subsection">Explanatory Comments</h4> +<h4>Explanatory Comments</h4> <p>Tricky or complicated code blocks should have comments before them. Example:</p> <pre>// Divide result by two, taking into account that x // contains the carry from the add. -for (int i = 0; i < result->size(); i++) { +for (int i = 0; i < result->size(); ++i) { x = (x << 8) + (*result)[i]; (*result)[i] = x >> 1; x &= 1; } </pre> -<h4 class="stylepoint_subsection">Line Comments</h4> +<h4>Line-end Comments</h4> <p>Also, lines that are non-obvious should get a comment at the end of the line. These end-of-line comments should @@ -4745,24 +4653,7 @@ the code is doing, and comments that mention that an error has already been logged when the function returns.</p> -<p>If you have several comments on subsequent lines, it -can often be more readable to line them up:</p> - -<pre>DoSomething(); // Comment here so the comments line up. -DoSomethingElseThatIsLonger(); // Two spaces between the code and the comment. -{ // One space before comment when opening a new scope is allowed, - // thus the comment lines up with the following comments and code. - DoSomethingElse(); // Two spaces before line comments normally. -} -std::vector<string> list{ - // Comments in braced lists describe the next element... - "First item", - // .. and should be aligned appropriately. - "Second item"}; -DoSomething(); /* For trailing block comments, one space is fine. */ -</pre> - -<h4 class="stylepoint_subsection">Function Argument Comments</h4> +<h4 id="Function_Argument_Comments" class="stylepoint_subsection">Function Argument Comments</h4> <p>When the meaning of a function argument is nonobvious, consider one of the following remedies:</p> @@ -4791,7 +4682,7 @@ one of the following remedies:</p> <li>Replace large or complex nested expressions with named variables.</li> <li>As a last resort, use comments to clarify argument meanings at the - call site.</li> + call site. </li> </ul> Consider the following example: @@ -4809,7 +4700,7 @@ const DecimalNumber product = CalculateProduct(values, options, /*completion_callback=*/nullptr); </pre> -<h4 class="stylepoint_subsection">Don'ts</h4> +<h4 id="Implementation_Comment_Donts">Don'ts</h4> <p>Do not state the obvious. In particular, don't literally describe what code does, unless the behavior is nonobvious to a reader who understands @@ -4842,17 +4733,11 @@ the example above would be obvious: } </pre> -</div> - -<h3 id="Punctuation,_Spelling_and_Grammar">Punctuation, Spelling and Grammar</h3> +<h3 id="Punctuation,_Spelling_and_Grammar">Punctuation, Spelling, and Grammar</h3> -<div class="summary"> <p>Pay attention to punctuation, spelling, and grammar; it is easier to read well-written comments than badly written ones.</p> -</div> - -<div class="stylebody"> <p>Comments should be as readable as narrative text, with proper capitalization and punctuation. In many cases, @@ -4868,16 +4753,10 @@ maintain a high level of clarity and readability. Proper punctuation, spelling, and grammar help with that goal.</p> -</div> - <h3 id="TODO_Comments">TODO Comments</h3> -<div class="summary"> <p>Use <code>TODO</code> comments for code that is temporary, a short-term solution, or good-enough but not perfect.</p> -</div> - -<div class="stylebody"> <p><code>TODO</code>s should include the string <code>TODO</code> in all caps, followed by the @@ -4908,50 +4787,6 @@ very specific date ("Fix by November 2005") or a very specific event ("Remove this code when all clients can handle XML responses.").</p> -</div> - -<h3 id="Deprecation_Comments">Deprecation Comments</h3> - -<div class="summary"> -<p>Mark deprecated interface points with <code>DEPRECATED</code> -comments.</p> -</div> - -<div class="stylebody"> - -<p>You can mark an interface as deprecated by writing a -comment containing the word <code>DEPRECATED</code> in -all caps. The comment goes either before the declaration -of the interface or on the same line as the -declaration.</p> - - - -<p>After the word -<code>DEPRECATED</code>, write your name, e-mail address, -or other identifier in parentheses.</p> - -<p>A deprecation comment must include simple, clear -directions for people to fix their callsites. In C++, you -can implement a deprecated function as an inline function -that calls the new interface point.</p> - -<p>Marking an interface point <code>DEPRECATED</code> -will not magically cause any callsites to change. If you -want people to actually stop using the deprecated -facility, you will have to fix the callsites yourself or -recruit a crew to help you.</p> - -<p>New code should not contain calls to deprecated -interface points. Use the new interface point instead. If -you cannot understand the directions, find the person who -created the deprecation and ask them for help using the -new interface point.</p> - - - -</div> - <h2 id="Formatting">Formatting</h2> <p>Coding style and formatting are pretty arbitrary, but a @@ -4962,33 +4797,32 @@ aspect of the formatting rules, and some of the rules may take some getting used to, but it is important that all project contributors follow the -style rules so that +style rules so that they can all read and understand everyone's code easily.</p> -<p>To help you format code correctly, we've -created a +<div> +<p>To help you format code correctly, we've created a <a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/google-c-style.el"> settings file for emacs</a>.</p> +</div> <h3 id="Line_Length">Line Length</h3> -<div class="summary"> <p>Each line of text in your code should be at most 80 characters long.</p> -</div> -<div class="stylebody"> - - <p>We recognize that this rule is +<div> +<p>We recognize that this rule is controversial, but so much existing code already adheres to it, and we feel that consistency is important.</p> +</div> -<div class="pros"> +<p class="pros"></p> <p>Those who favor this rule argue that it is rude to force them to resize their windows and there is no need for anything longer. @@ -4998,46 +4832,37 @@ windows in any case. People set up their work environment assuming a particular maximum window width, and 80 columns has been the traditional standard. Why change it?</p> -</div> -<div class="cons"> +<p class="cons"></p> <p>Proponents of change argue that a wider line can make code more readable. The 80-column limit is an hidebound throwback to 1960s mainframes; modern equipment has wide screens that can easily show longer lines.</p> -</div> -<div class="decision"> +<p class="decision"></p> <p> 80 characters is the maximum.</p> -<p class="exception">Comment lines can be longer than 80 -characters if it is not feasible to split them without -harming readability, ease of cut and paste or auto-linking --- e.g. if a line contains an example command or a literal -URL longer than 80 characters.</p> +<p>A line may exceed 80 characters if it is</p> -<p class="exception">A raw-string literal may have content -that exceeds 80 characters. Except for test code, such literals -should appear near the top of a file.</p> +<ul> + <li>a comment line which is not feasible to split without harming + readability, ease of cut and paste or auto-linking -- e.g. if a line + contains an example command or a literal URL longer than 80 characters.</li> -<p class="exception">An <code>#include</code> statement with a -long path may exceed 80 columns.</p> + <li>a raw-string literal with content that exceeds 80 characters. Except for + test code, such literals should appear near the top of a file.</li> -<p class="exception">You needn't be concerned about -<a href="#The__define_Guard">header guards</a> that exceed -the maximum length. </p> -</div> + <li>an include statement.</li> + + <li>a <a href="#The__define_Guard">header guard</a></li> -</div> + <li>a using-declaration</li> +</ul> <h3 id="Non-ASCII_Characters">Non-ASCII Characters</h3> -<div class="summary"> <p>Non-ASCII characters should be rare, and must use UTF-8 formatting.</p> -</div> - -<div class="stylebody"> <p>You shouldn't hard-code user-facing text in source, even English, so use of non-ASCII characters should be @@ -5074,32 +4899,20 @@ use <code>wchar_t</code> (unless you're writing code that interacts with the Windows API, which uses <code>wchar_t</code> extensively).</p> -</div> - <h3 id="Spaces_vs._Tabs">Spaces vs. Tabs</h3> -<div class="summary"> <p>Use only spaces, and indent 2 spaces at a time.</p> -</div> - -<div class="stylebody"> <p>We use spaces for indentation. Do not use tabs in your code. You should set your editor to emit spaces when you hit the tab key.</p> -</div> - <h3 id="Function_Declarations_and_Definitions">Function Declarations and Definitions</h3> -<div class="summary"> <p>Return type on the same line as function name, parameters on the same line if they fit. Wrap parameter lists which do not fit on a single line as you would wrap arguments in a <a href="#Function_Calls">function call</a>.</p> -</div> - -<div class="stylebody"> <p>Functions look like this:</p> @@ -5135,8 +4948,8 @@ not fit on a single line as you would wrap arguments in a <ul> <li>Choose good parameter names.</li> - <li>Parameter names may be omitted only if the parameter is unused and its - purpose is obvious.</li> + <li>A parameter name may be omitted only if the parameter is not used in the + function's definition.</li> <li>If you cannot fit the return type and the function name on a single line, break between them.</li> @@ -5173,10 +4986,8 @@ not fit on a single line as you would wrap arguments in a <pre>class Foo { public: - Foo(Foo&&); - Foo(const Foo&); - Foo& operator=(Foo&&); - Foo& operator=(const Foo&); + Foo(const Foo&) = delete; + Foo& operator=(const Foo&) = delete; }; </pre> @@ -5204,19 +5015,14 @@ void Circle::Rotate(double) {} <p>Attributes, and macros that expand to attributes, appear at the very beginning of the function declaration or definition, before the return type:</p> -<pre>MUST_USE_RESULT bool IsOK(); +<pre>ABSL_MUST_USE_RESULT bool IsOk(); </pre> -</div> - <h3 id="Formatting_Lambda_Expressions">Lambda Expressions</h3> -<div class="summary"> <p>Format parameters and bodies as for any other function, and capture lists like other comma-separated lists.</p> -</div> -<div class="stylebody"> <p>For by-reference captures, do not leave a space between the ampersand (&) and the variable name.</p> <pre>int x = 0; @@ -5231,20 +5037,38 @@ digits.erase(std::remove_if(digits.begin(), digits.end(), [&blacklist](int i digits.end()); </pre> -</div> +<h3 id="Floating_Literals">Floating-point Literals</h3> + +<p>Floating-point literals should always have a radix point, with digits on both +sides, even if they use exponential notation. Readability is improved if all +floating-point literals take this familiar form, as this helps ensure that they +are not mistaken for integer literals, and that the +<code>E</code>/<code>e</code> of the exponential notation is not mistaken for a +hexadecimal digit. It is fine to initialize a floating-point variable with an +integer literal (assuming the variable type can exactly represent that integer), +but note that a number in exponential notation is never an integer literal. +</p> + +<pre class="badcode">float f = 1.f; +long double ld = -.5L; +double d = 1248e6; +</pre> + +<pre class="goodcode">float f = 1.0f; +float f2 = 1; // Also OK +long double ld = -0.5L; +double d = 1248.0e6; +</pre> + <h3 id="Function_Calls">Function Calls</h3> -<div class="summary"> <p>Either write the call all on a single line, wrap the arguments at the parenthesis, or start the arguments on a new line indented by four spaces and continue at that 4 space indent. In the absence of other considerations, use the minimum number of lines, including placing multiple arguments on each line where appropriate.</p> -</div> - -<div class="stylebody"> <p>Function calls have the following format:</p> <pre>bool result = DoSomething(argument1, argument2, argument3); @@ -5309,16 +5133,10 @@ my_widget.Transform(x1, x2, x3, z1, z2, z3); </pre> -</div> - <h3 id="Braced_Initializer_List_Format">Braced Initializer List Format</h3> -<div class="summary"> <p>Format a <a href="#Braced_Initializer_List">braced initializer list</a> exactly like you would format a function call in its place.</p> -</div> - -<div class="stylebody"> <p>If the braced list follows a name (e.g. a type or variable name), format as if the <code>{}</code> were the @@ -5352,16 +5170,10 @@ MyType m = { // Here, you could also break before {. interiorwrappinglist2}}; </pre> -</div> - <h3 id="Conditionals">Conditionals</h3> -<div class="summary"> <p>Prefer no spaces inside parentheses. The <code>if</code> and <code>else</code> keywords belong on separate lines.</p> -</div> - -<div class="stylebody"> <p>There are two acceptable formats for a basic conditional statement. One includes spaces between the @@ -5427,9 +5239,9 @@ else DoThat(); single-line statements, but they are allowed if you like them; conditional or loop statements with complex conditions or statements may be more readable with curly -braces. Some +braces. Some projects require that an -<code>if</code> must always always have an accompanying +<code>if</code> must always have an accompanying brace.</p> <pre>if (condition) @@ -5467,18 +5279,12 @@ if (condition) { } </pre> -</div> - <h3 id="Loops_and_Switch_Statements">Loops and Switch Statements</h3> -<div class="summary"> <p>Switch statements may use braces for blocks. Annotate non-trivial fall-through between cases. Braces are optional for single-statement loops. -Empty loop bodies should use empty braces or <code>continue</code>.</p> -</div> - -<div class="stylebody"> +Empty loop bodies should use either empty braces or <code>continue</code>.</p> <p><code>case</code> blocks in <code>switch</code> statements can have curly braces or not, depending on @@ -5489,10 +5295,9 @@ should be placed as shown below.</p> statements should always have a <code>default</code> case (in the case of an enumerated value, the compiler will warn you if any values are not handled). If the default -case should never execute, simply -<code>assert</code>:</p> +case should never execute, treat this as an error. For example: - +</p> <div> <pre>switch (var) { @@ -5509,11 +5314,37 @@ case should never execute, simply } } </pre> -</div> - - - +</div> +<p>Fall-through from one case label to +another must be annotated using the +<code>ABSL_FALLTHROUGH_INTENDED;</code> macro (defined in + +<code>absl/base/macros.h</code>). +<code>ABSL_FALLTHROUGH_INTENDED;</code> should be placed at a +point of execution where a fall-through to the next case +label occurs. A common exception is consecutive case +labels without intervening code, in which case no +annotation is needed.</p> + +<pre>switch (x) { + case 41: // No annotation needed here. + case 43: + if (dont_be_picky) { + // Use this instead of or along with annotations in comments. + ABSL_FALLTHROUGH_INTENDED; + } else { + CloseButNoCigar(); + break; + } + case 42: + DoSomethingSpecial(); + ABSL_FALLTHROUGH_INTENDED; + default: + DoSomethingGeneric(); + break; +} +</pre> <p> Braces are optional for single-statement loops.</p> @@ -5526,8 +5357,8 @@ for (int i = 0; i < kSomeNumber; ++i) { </pre> -<p>Empty loop bodies should use an empty pair of braces or <code>continue</code>, -but not a single semicolon.</p> +<p>Empty loop bodies should use either an empty pair of braces or +<code>continue</code> with no braces, rather than a single semicolon.</p> <pre>while (condition) { // Repeat test until it returns false. @@ -5539,16 +5370,10 @@ while (condition) continue; // Good - continue indicates no logic. <pre class="badcode">while (condition); // Bad - looks like part of do/while loop. </pre> -</div> - <h3 id="Pointer_and_Reference_Expressions">Pointer and Reference Expressions</h3> -<div class="summary"> <p>No spaces around period or arrow. Pointer operators do not have trailing spaces.</p> -</div> - -<div class="stylebody"> <p>The following are examples of correctly-formatted pointer and reference expressions:</p> @@ -5575,13 +5400,18 @@ variable name:</p> <pre>// These are fine, space preceding. char *c; -const string &str; +const std::string &str; // These are fine, space following. char* c; -const string& str; +const std::string& str; </pre> +<p>You should do this consistently within a single +file, +so, when modifying an existing file, use the style in +that file.</p> + It is allowed (if unusual) to declare multiple variables in the same declaration, but it is disallowed if any of those have pointer or reference decorations. Such declarations are easily misread. @@ -5590,25 +5420,14 @@ int x, y; </pre> <pre class="badcode">int x, *y; // Disallowed - no & or * in multiple declaration char * c; // Bad - spaces on both sides of * -const string & str; // Bad - spaces on both sides of & +const std::string & str; // Bad - spaces on both sides of & </pre> -<p>You should do this consistently within a single -file, -so, when modifying an existing file, use the style in -that file.</p> - -</div> - <h3 id="Boolean_Expressions">Boolean Expressions</h3> -<div class="summary"> <p>When you have a boolean expression that is longer than the <a href="#Line_Length">standard line length</a>, be consistent in how you break up the lines.</p> -</div> - -<div class="stylebody"> <p>In this example, the logical AND operator is always at the end of the lines:</p> @@ -5633,16 +5452,10 @@ the punctuation operators, such as the word operators, such as <code>and</code> and <code>compl</code>.</p> -</div> - <h3 id="Return_Values">Return Values</h3> -<div class="summary"> <p>Do not needlessly surround the <code>return</code> expression with parentheses.</p> -</div> - -<div class="stylebody"> <p>Use parentheses in <code>return expr;</code> only where you would use them in <code>x = expr;</code>.</p> @@ -5657,18 +5470,12 @@ return (some_long_condition && return(result); // return is not a function! </pre> -</div> - <h3 id="Variable_and_Array_Initialization">Variable and Array Initialization</h3> -<div class="summary"> <p>Your choice of <code>=</code>, <code>()</code>, or <code>{}</code>.</p> -</div> - -<div class="stylebody"> <p>You may choose between <code>=</code>, <code>()</code>, and <code>{}</code>; the following are @@ -5677,9 +5484,9 @@ all correct:</p> <pre>int x = 3; int x(3); int x{3}; -string name = "Some Name"; -string name("Some Name"); -string name{"Some Name"}; +std::string name = "Some Name"; +std::string name("Some Name"); +std::string name{"Some Name"}; </pre> <p>Be careful when using a braced initialization list <code>{...}</code> @@ -5691,8 +5498,8 @@ will call a default constructor if available. To force the non-<code>std::initializer_list</code> constructor, use parentheses instead of braces.</p> -<pre>std::vector<int> v(100, 1); // A vector of 100 1s. -std::vector<int> v{100, 1}; // A vector of 100, 1. +<pre>std::vector<int> v(100, 1); // A vector containing 100 items: All 1s. +std::vector<int> v{100, 1}; // A vector containing 2 items: 100 and 1. </pre> <p>Also, the brace form prevents narrowing of integral @@ -5703,16 +5510,10 @@ errors.</p> int pi{3.14}; // Compile error: narrowing conversion. </pre> -</div> - <h3 id="Preprocessor_Directives">Preprocessor Directives</h3> -<div class="summary"> <p>The hash mark that starts a preprocessor directive should always be at the beginning of the line.</p> -</div> - -<div class="stylebody"> <p>Even when preprocessor directives are within the body of indented code, the directives should start at the @@ -5739,16 +5540,10 @@ beginning of the line.</p> } </pre> -</div> - <h3 id="Class_Format">Class Format</h3> -<div class="summary"> <p>Sections in <code>public</code>, <code>protected</code> and <code>private</code> order, each indented one space.</p> -</div> - -<div class="stylebody"> <p>The basic format for a class definition (lacking the comments, see <a href="#Class_Comments">Class @@ -5802,16 +5597,10 @@ needed) is:</p> each of these sections.</li> </ul> -</div> - <h3 id="Constructor_Initializer_Lists">Constructor Initializer Lists</h3> -<div class="summary"> <p>Constructor initializer lists can be all on one line or with subsequent lines indented four spaces.</p> -</div> - -<div class="stylebody"> <p>The acceptable formats for initializer lists are:</p> @@ -5841,15 +5630,9 @@ MyClass::MyClass(int var) : some_var_(var) {} </pre> -</div> - <h3 id="Namespace_Formatting">Namespace Formatting</h3> -<div class="summary"> <p>The contents of namespaces are not indented.</p> -</div> - -<div class="stylebody"> <p><a href="#Namespaces">Namespaces</a> do not add an extra level of indentation. For example, use:</p> @@ -5867,7 +5650,7 @@ void foo() { // Correct. No extra indentation within namespace. <pre class="badcode">namespace { - // Wrong. Indented when it should not be. + // Wrong! Indented when it should not be. void foo() { ... } @@ -5882,18 +5665,12 @@ on its own line.</p> namespace bar { </pre> -</div> - <h3 id="Horizontal_Whitespace">Horizontal Whitespace</h3> -<div class="summary"> <p>Use of horizontal whitespace depends on location. Never put trailing whitespace at the end of a line.</p> -</div> -<div class="stylebody"> - -<h4 class="stylepoint_subsection">General</h4> +<h4>General</h4> <pre>void f(bool b) { // Open braces should always have a space before them. ... @@ -5918,11 +5695,11 @@ others editing the same file, when they merge, as can removing existing trailing whitespace. So: Don't introduce trailing whitespace. Remove it if you're already changing that line, or do it in a separate -clean-up +clean-up operation (preferably when no-one else is working on the file).</p> -<h4 class="stylepoint_subsection">Loops and Conditionals</h4> +<h4>Loops and Conditionals</h4> <pre>if (b) { // Space after the keyword in conditions and loops. } else { // Spaces around else. @@ -5950,7 +5727,7 @@ switch (i) { case 2: break; // Use a space after a colon if there's code after it. </pre> -<h4 class="stylepoint_subsection">Operators</h4> +<h4>Operators</h4> <pre>// Assignment operators always have spaces around them. x = 0; @@ -5969,53 +5746,49 @@ if (x && !y) ... </pre> -<h4 class="stylepoint_subsection">Templates and Casts</h4> +<h4>Templates and Casts</h4> <pre>// No spaces inside the angle brackets (< and >), before // <, or between >( in a cast -std::vector<string> x; +std::vector<std::string> x; y = static_cast<char*>(x); // Spaces between type and pointer are OK, but be consistent. std::vector<char *> x; </pre> -</div> - <h3 id="Vertical_Whitespace">Vertical Whitespace</h3> -<div class="summary"> <p>Minimize use of vertical whitespace.</p> -</div> -<div class="stylebody"> +<p>This is more a principle than a rule: don't use blank lines when +you don't have to. In particular, don't put more than one or two blank +lines between functions, resist starting functions with a blank line, +don't end functions with a blank line, and be sparing with your use of +blank lines. A blank line within a block of code serves like a +paragraph break in prose: visually separating two thoughts.</p> -<p>This is more a principle than a rule: don't use blank -lines when you don't have to. In particular, don't put -more than one or two blank lines between functions, -resist starting functions with a blank line, don't end -functions with a blank line, and be discriminating with -your use of blank lines inside functions.</p> - -<p>The basic principle is: The more code that fits on one -screen, the easier it is to follow and understand the -control flow of the program. Of course, readability can -suffer from code being too dense as well as too spread -out, so use your judgement. But in general, minimize use -of vertical whitespace.</p> +<p>The basic principle is: The more code that fits on one screen, the +easier it is to follow and understand the control flow of the +program. Use whitespace purposefully to provide separation in that +flow.</p> <p>Some rules of thumb to help when blank lines may be useful:</p> <ul> <li>Blank lines at the beginning or end of a function - very rarely help readability.</li> + do not help readability.</li> <li>Blank lines inside a chain of if-else blocks may well help readability.</li> -</ul> -</div> + <li>A blank line before a comment line usually helps + readability — the introduction of a new comment suggests + the start of a new thought, and the blank line makes it clear + that the comment goes with the following thing instead of the + preceding.</li> +</ul> <h2 id="Exceptions_to_the_Rules">Exceptions to the Rules</h2> @@ -6023,17 +5796,13 @@ useful:</p> However, like all good rules, these sometimes have exceptions, which we discuss here.</p> - + <div> <h3 id="Existing_Non-conformant_Code">Existing Non-conformant Code</h3> -<div class="summary"> <p>You may diverge from the rules when dealing with code that does not conform to this style guide.</p> -</div> - -<div class="stylebody"> <p>If you find yourself modifying code that was written to specifications other than those presented by this @@ -6044,23 +5813,19 @@ original author or the person currently responsible for the code. Remember that <em>consistency</em> includes local consistency, too.</p> -</div> -</div> +</div> + - <h3 id="Windows_Code">Windows Code</h3> -<div class="summary"> <p> Windows programmers have developed their own set of coding conventions, mainly derived from the conventions in Windows headers and other Microsoft code. We want to make it easy for anyone to understand your code, so we have a single set of guidelines for everyone writing C++ on any platform.</p> -</div> -<div class="stylebody"> <p>It is worth reiterating a few of the guidelines that you might forget if you are used to the prevalent Windows style:</p> @@ -6104,7 +5869,7 @@ style:</p> occasionally need to break on Windows:</p> <ul> - <li>Normally we <a href="#Multiple_Inheritance">forbid + <li>Normally we <a href="#Multiple_Inheritance">strongly discourage the use of multiple implementation inheritance</a>; however, it is required when using COM and some ATL/WTL classes. You may use multiple implementation @@ -6136,9 +5901,7 @@ occasionally need to break on Windows:</p> need to conform to these style guidelines.</li> </ul> -</div> - -<h2 class="ignoreLink">Parting Words</h2> +<h2 id="Parting_Words">Parting Words</h2> <p>Use common sense and <em>BE CONSISTENT</em>.</p> @@ -6163,8 +5926,6 @@ to avoid this.</p> more interesting. Have fun!</p> <hr> - -</div> </div> </body> </html> |