![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to HACKING CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu|
Return to HACKING CVS log | Up to [Qemu by Fabrice Bellard] / qemu |
1.1 ! root 1: 1. Preprocessor ! 2: ! 3: For variadic macros, stick with this C99-like syntax: ! 4: ! 5: #define DPRINTF(fmt, ...) \ ! 6: do { printf("IRQ: " fmt, ## __VA_ARGS__); } while (0) ! 7: ! 8: 2. C types ! 9: ! 10: It should be common sense to use the right type, but we have collected ! 11: a few useful guidelines here. ! 12: ! 13: 2.1. Scalars ! 14: ! 15: If you're using "int" or "long", odds are good that there's a better type. ! 16: If a variable is counting something, it should be declared with an ! 17: unsigned type. ! 18: ! 19: If it's host memory-size related, size_t should be a good choice (use ! 20: ssize_t only if required). Guest RAM memory offsets must use ram_addr_t, ! 21: but only for RAM, it may not cover whole guest address space. ! 22: ! 23: If it's file-size related, use off_t. ! 24: If it's file-offset related (i.e., signed), use off_t. ! 25: If it's just counting small numbers use "unsigned int"; ! 26: (on all but oddball embedded systems, you can assume that that ! 27: type is at least four bytes wide). ! 28: ! 29: In the event that you require a specific width, use a standard type ! 30: like int32_t, uint32_t, uint64_t, etc. The specific types are ! 31: mandatory for VMState fields. ! 32: ! 33: Don't use Linux kernel internal types like u32, __u32 or __le32. ! 34: ! 35: Use target_phys_addr_t for guest physical addresses except pcibus_t ! 36: for PCI addresses. In addition, ram_addr_t is a QEMU internal address ! 37: space that maps guest RAM physical addresses into an intermediate ! 38: address space that can map to host virtual address spaces. Generally ! 39: speaking, the size of guest memory can always fit into ram_addr_t but ! 40: it would not be correct to store an actual guest physical address in a ! 41: ram_addr_t. ! 42: ! 43: Use target_ulong (or abi_ulong) for CPU virtual addresses, however ! 44: devices should not need to use target_ulong. ! 45: ! 46: Of course, take all of the above with a grain of salt. If you're about ! 47: to use some system interface that requires a type like size_t, pid_t or ! 48: off_t, use matching types for any corresponding variables. ! 49: ! 50: Also, if you try to use e.g., "unsigned int" as a type, and that ! 51: conflicts with the signedness of a related variable, sometimes ! 52: it's best just to use the *wrong* type, if "pulling the thread" ! 53: and fixing all related variables would be too invasive. ! 54: ! 55: Finally, while using descriptive types is important, be careful not to ! 56: go overboard. If whatever you're doing causes warnings, or requires ! 57: casts, then reconsider or ask for help. ! 58: ! 59: 2.2. Pointers ! 60: ! 61: Ensure that all of your pointers are "const-correct". ! 62: Unless a pointer is used to modify the pointed-to storage, ! 63: give it the "const" attribute. That way, the reader knows ! 64: up-front that this is a read-only pointer. Perhaps more ! 65: importantly, if we're diligent about this, when you see a non-const ! 66: pointer, you're guaranteed that it is used to modify the storage ! 67: it points to, or it is aliased to another pointer that is. ! 68: ! 69: 2.3. Typedefs ! 70: Typedefs are used to eliminate the redundant 'struct' keyword. ! 71: ! 72: 2.4. Reserved namespaces in C and POSIX ! 73: Underscore capital, double underscore, and underscore 't' suffixes should be ! 74: avoided. ! 75: ! 76: 3. Low level memory management ! 77: ! 78: Use of the malloc/free/realloc/calloc/valloc/memalign/posix_memalign ! 79: APIs is not allowed in the QEMU codebase. Instead of these routines, ! 80: use the replacement qemu_malloc/qemu_mallocz/qemu_realloc/qemu_free or ! 81: qemu_vmalloc/qemu_memalign/qemu_vfree APIs. ! 82: ! 83: Please note that NULL check for the qemu_malloc result is redundant and ! 84: that qemu_malloc() call with zero size is not allowed. ! 85: ! 86: Memory allocated by qemu_vmalloc or qemu_memalign must be freed with ! 87: qemu_vfree, since breaking this will cause problems on Win32 and user ! 88: emulators. ! 89: ! 90: 4. String manipulation ! 91: ! 92: Do not use the strncpy function. According to the man page, it does ! 93: *not* guarantee a NULL-terminated buffer, which makes it extremely dangerous ! 94: to use. Instead, use functionally equivalent function: ! 95: void pstrcpy(char *buf, int buf_size, const char *str) ! 96: ! 97: Don't use strcat because it can't check for buffer overflows, but: ! 98: char *pstrcat(char *buf, int buf_size, const char *s) ! 99: ! 100: The same limitation exists with sprintf and vsprintf, so use snprintf and ! 101: vsnprintf. ! 102: ! 103: QEMU provides other useful string functions: ! 104: int strstart(const char *str, const char *val, const char **ptr) ! 105: int stristart(const char *str, const char *val, const char **ptr) ! 106: int qemu_strnlen(const char *s, int max_len) ! 107: ! 108: There are also replacement character processing macros for isxyz and toxyz, ! 109: so instead of e.g. isalnum you should use qemu_isalnum. ! 110: ! 111: Because of the memory management rules, you must use qemu_strdup/qemu_strndup ! 112: instead of plain strdup/strndup. ! 113: ! 114: 5. Printf-style functions ! 115: ! 116: Whenever you add a new printf-style function, i.e., one with a format ! 117: string argument and following "..." in its prototype, be sure to use ! 118: gcc's printf attribute directive in the prototype. ! 119: ! 120: This makes it so gcc's -Wformat and -Wformat-security options can do ! 121: their jobs and cross-check format strings with the number and types ! 122: of arguments. ! 123: ! 124: Currently many functions in QEMU are not following this rule but ! 125: patches to add the attribute would be very much appreciated.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.