<!-- ACE-guidelines.html,v 4.65 2003/07/19 19:04:16 dhinton Exp -->
<html>
<head>
<title>ACE Software Development Guidelines</title>
<link rev=made href="mailto:levine@cs.wustl.edu">
</head>
<body text = "#000000"
link="#000fff"
vlink="#ff0f0f"
bgcolor="#ffffff">
<hr>
<h3>ACE Software Development Guidelines</h3>
<ul>
<li><strong>General</strong><p>
<ul>
<li>Every text file must end with a newline.<p>
<li>Use spaces instead of tabs, except in Makefiles. Emacs users
can add this to their <strong>.emacs</strong>:
<pre>(setq-default indent-tabs-mode nil)</pre></p>
Microsoft Visual C++ users should do the following:
<pre>
Choose: Tools -- Options -- Tabs
Then Set: "Tab size" to 8 and "Indent size" to 2, and
indent using spaces.
</pre><p>
<li>Do not end text lines with spaces. Emacs users can add this to
their <strong>.emacs</strong>:
<pre>(setq-default nuke-trailing-whitespace-p t)</pre><p>
<li>Try to limit the length of source code lines to less than 80
characters. Users with 14 inch monitors appreciate it when
reading code. And, it avoids mangling problems with email
and net news.<p>
<li>If you add a comment to code that is directed to, or
requires the attention of, a particular individual:
<strong>SEND EMAIL TO THAT INDIVIDUAL!</strong>.<p>
<li>Every program should have a ``usage'' message. It should be
printed out if erroneous command line arguments, or a
<strong><code>-?</code></strong> command line argument, are
provided to the program.<p>
<li>A program entry poing <code>main</code> can take any of the
three forms:
<p><pre>
int main (int argc, char *argv[])
int wmain (int argc, wchar_t *argv[])
int ACE_TMAIN (int argc, ACE_TCHAR *argv[])
</pre></p>
Of them, the entry point <code>main</code> always gives you
the command line arguemnt in char strings form. The entry
point <code>wmain</code> currently can only be used under
Win32 and it returns the command line arguments in wchar
strings format. Defining the <code>ACE_TMAIN</code> as the
program entry point is the more portable form. The command
line arguments are given in char strings in most cases,
or wchar strings when <code>ACE_USES_WCHAR</code> is defined.
See <code>$ACE_ROOT/docs/wchar.txt</code> for more information
on ACE support on wchar.
<li>The program entry point function, in any form mentioned above, must
always be declared with arguments, <em>e.g.</em>,
<pre>
int
ACE_TMAIN (int argc, ACE_TCHAR *argv[])
{
[...]
return 0;
}
</pre><p>
If you don't use the <code>argc</code> and/or <code>argv</code>
arguments, don't declare them, <em>e.g.</em>,
<pre>
int
ACE_TMAIN (int, ACE_TCHAR *[])
{
[...]
return 0;
}
</pre><p>
Please declare the second argument as <code>ACE_TCHAR *[]</code>
instead of <code>ACE_TCHAR **</code> or <code>char *[]</CODE>.
Ancient versions of MSC
complained about <code>ACE_TCHAR **</code> and <code>char
*[]</CODE> is not Unicode-compliant.<p>
<code>main</code> must also return 0 on successful
termination, and non-zero otherwise.<p>
<li>Avoid use of floating point types (float and double) and operations
unless absolutely necessary. Not all ACE platforms support them.
Therefore, wherever they are used, ACE_LACKS_FLOATING_POINT
conditional code must be also be used.<p>
<li>Avoid including the string ``Error'' in a source code filename.
GNU Make's error messages start with ``Error''. So, it's much
easier to search for errors if filenames don't contain ``Error''.<p>
<li>Narrow interfaces are better than wide interfaces. If there
isn't a need for an interface, leave it out. This eases maintenance,
minimizes footprint, and reduces the likelihood of interference
when other interfaces need to be added later. (See the
<a href="#ACE_Time_Value example">ACE_Time_Value example</a>
below.<p>
</ul>
<li><strong>Code Documentation</strong><p>
<ul>
<li>Use comments and whitespace (:-) liberally. Comments
should consist of complete sentences, <em>i.e.</em>, start
with a capital letter and end with a period.<p>
<li>Insert a CVS/RCS keyword string at the top of every source file,
Makefile, config file, <em>etc</em>. For C++ files, it is:
<pre>
// $<!-- -->Id$
</pre>
It is not necessary to fill in the fields of the keyword string,
or modify them when you edit a file that already has one. CVS
does that automatically when you checkout or update the file.<p>
To insert that string at the top of a file:
<pre>
perl -pi -e \
'if (! $o) {printf "// \$<!-- -->Id\$\n\n";}; $o = 1;' <em>file</em>
</pre><p>
<li>Be sure to follow the guidelines and restrictions for use of the
documentation tools for ACE
header files, which must follow the
<a href="http://www.doxygen.org/">Doxygen</a>
format requirements.
The complete documentation for Doxygen is available in the
<a href="http://www.stack.nl/~dimitri/doxygen/download.html#latestman">Doxygen
manual</a>.
For an example header file using Doxygen-style comments,
please refer to <a href="../ace/ACE.h">ACE.h</a>.<p>
</ul>
<li><strong>Preprocessor</strong><p>
<ul>
<li>Never #include standard headers directly, except in a few
specific ACE files, <em>e.g.</em>, OS.h and stdcpp.h. Let
those files #include the correct headers. If you do not do
this, your code will not compile with the Standard C++ Library.<p>
<li>Always follow a preprocessor <strong><code>#endif</code></strong>
with a <strong><code>/* */</code></strong> C-style comment. It
should correspond to the condition in the matching
<strong><code>#if</code></strong> directive. For example,
<pre>
#if defined (ACE_HAS_THREADS)
# if defined (ACE_HAS_STHREADS)
# include /**/ <synch.h>
# include /**/ <thread.h>
# define ACE_SCOPE_PROCESS P_PID
# define ACE_SCOPE_LWP P_LWPID
# define ACE_SCOPE_THREAD (ACE_SCOPE_LWP + 1)
# else
# define ACE_SCOPE_PROCESS 0
# define ACE_SCOPE_LWP 1
# define ACE_SCOPE_THREAD 2
# endif /* ACE_HAS_STHREADS */
#endif /* ACE_HAS_THREADS */
</pre><p>
<li>Be sure to put spaces around comment delimiters, e.g.,
<strong><code>char * /* foo */</code></strong> instead of
<strong><code>char */*foo*/</code></strong>. MS VC++
complains otherwise.<p>
<li>Always insert a <strong><code>/**/</code></strong> between an
<strong><code>#include</code></strong> and
<strong><code>filename</code></strong>, for system headers and
<strong><code>ace/pre.h</code></strong> and
<strong><code>ace/post.h</code></strong> as
shown in the above example. This avoids dependency problems
with Visual C++ and prevents Doxygen from including the
headers in the file reference trees. <p>
<li>Be very careful with names of macros, enum values, and variables
It's always best to prefix them with something like <code>ACE_</code>
or <code>TAO_</code>. There are too many system headers out
there that #define <code>OK</code>, <code>SUCCESS</code>,
<code>ERROR</code>, <code>index</code>, <code>s_type</code>,
and so on.<p>
<li>When using macros in an arithmetic expression, be sure to test
that the macro is defined, using defined(macro) before specifying
the expression. For example:
<pre>
#if __FreeBSD__ < 3
</pre>
will evaluate true on any platform where __FreeBSD__ is not defined.
The correct way to write that guard is:
<pre>
#if defined (__FreeBSD__) && __FreeBSD__ < 3
</pre>
<li>Try to centralize <code>#ifdefs</code> with <code>typedefs</code>
and <code>#defines</code>. For example, use this:
<pre>
#if defined(ACE_PSOS)
typedef long ACE_NETIF_TYPE;
# define ACE_DEFAULT_NETIF 0
#else /* ! ACE_PSOS */
typedef const TCHAR* ACE_NETIF_TYPE;
# define ACE_DEFAULT_NETIF ASYS_TEXT("le0")
#endif /* ! ACE_PSOS */
</pre><p>
instead of:
<pre><p>
#if defined (ACE_PSOS)
// pSOS supports numbers, not names for network interfaces
long net_if,
#else /* ! ACE_PSOS */
const TCHAR *net_if,
#endif /* ! ACE_PSOS */
</pre><p>
<li>Protect header files against multiple inclusion with this
construct:
<pre>
#ifndef FOO_H
#define FOO_H
[contents of header file]
#endif /* FOO_H */
</pre><p>
This exact construct (note the <code>#ifndef</code>)
is optimized by many compilers such they only open the
file once per compilation unit. Thanks to Eric C. Newton
<ecn@smart.net> for pointing that out.<p>
If the header <code>#includes</code> an ACE library header,
then it's a good idea to include the <code>#pragma once</code>
directive:
<pre>
#ifndef FOO_H
#define FOO_H
#include "ace/ACE.h"
#if !defined (ACE_LACKS_PRAGMA_ONCE)
# pragma once
#endif /* ACE_LACKS_PRAGMA_ONCE */
[contents of header file]
#endif /* FOO_H */
</pre><p>
<code>#pragma once</code> must be protected, because some
compilers complain about it. The protection depends on
<code>ACE_LACKS_PRAGMA_ONCE</code>, which is defined in
some ACE config headers. Therefore, the protected
<code>#pragma once</code> construct should only be used after
an <code>#include</code> of an ACE library header. Note that
many compilers enable the optimization if the <code>#ifndef</code>
protection construct is used, so for them, <code>#pragma once</code>
is superfluous.<p>
<strong>No</strong> code can appear after the final
<code>#endif</code> for the optimization to be effective and
correct.<p>
<li><p>Files that contain parametric classes should follow this style:
<pre>
#ifndef FOO_T_H
#define FOO_T_H
#include "ace/ACE.h"
#if !defined (ACE_LACKS_PRAGMA_ONCE)
# pragma once
#endif /* ACE_LACKS_PRAGMA_ONCE */
// Put your template declarations here...
#if defined (__ACE_INLINE__)
#include "Foo_T.i"
#endif /* __ACE_INLINE__ */
#if defined (ACE_TEMPLATES_REQUIRE_SOURCE)
#include "Foo_T.cpp"
#endif /* ACE_TEMPLATES_REQUIRE_SOURCE */
#if defined (ACE_TEMPLATES_REQUIRE_PRAGMA)
#pragma implementation "Foo_T.cpp"
#endif /* ACE_TEMPLATES_REQUIRE_PRAGMA */
#endif /* FOO_T_H */
</pre></p>
<p>
Notice that some compilers need to see the code of the template,
hence the <code>.cpp</code> file must be included from the
header file.
</p>
<p>
To avoid multiple inclusions of the <code>.cpp</code> file it
should also be protected as in:
<pre>
#ifndef FOO_T_C
#define FOO_T_C
#include "Foo_T.h"
#if !defined (ACE_LACKS_PRAGMA_ONCE)
# pragma once
#endif /* ACE_LACKS_PRAGMA_ONCE */
#if !defined (__ACE_INLINE__)
#include "ace/Foo_T.i"
#endif /* __ACE_INLINE__ */
ACE_RCSID(lib, Foo_T, "$<!-- -->Id$")
// put your template code here
#endif /* FOO_T_H */
</pre></p>
<p>Finally, you may want to include the template header file from a
non-template header file (check
<code>$ACE_ROOT/ace/Synch.h</code>); in such a case the template
header should be included <strong>after</strong> the inline
function definitions, as in:</p>
<p><pre>
#ifndef FOO_H
#define FOO_H
#include "ace/ACE.h"
#if !defined (ACE_LACKS_PRAGMA_ONCE)
# pragma once
#endif /* ACE_LACKS_PRAGMA_ONCE */
// Put your non-template declarations here...
#if defined (__ACE_INLINE__)
#include "Foo.i"
#endif /* __ACE_INLINE__ */
#include "Foo_T.h"
#endif /* FOO_H */
</pre></p></li>
<li>Avoid <code>#include <math.h></code> if at all possible.
The <code>/usr/include/math.h</code> on SunOS 5.5.1 through 5.7
defines a struct name <strong>exception</strong>, which complicates
use of exceptions.<p>
<li>On a <code>.cpp</code> file always include the corresponding
header file <em>first</em>, like this:<p>
<pre>
// This is Foo.cpp
#include "Foo.h"
#include "tao/Bar.h"
#include "ace/Baz.h"
// Here comes the Foo.cpp code....
</pre><p>
In this way we are sure that the header file is self-contained
and can be safely included from some place else.
<li>In the TAO library <strong>never</strong> include
<code><corba.h></code>, this file should only be included
by the user and introduces cyclic dependencies in the library
that we must avoid.<p>
<li>Never include a header file when a forward reference will do,
remember that templates can be forward referenced too.
Consult your favorite C++ book to find out when you must include
the full class definition.<p>
</ul>
<li><strong>C++ Syntax and Constructs</strong><p>
<ul>
<li><strong><code>for</code></strong> loops should look like:
<pre>
for (u_int i = 0; i < count; ++i)
++total;
</pre>
Though, I prefer to always wrap the body of the loop in braces,
to avoid surprises when other code or debugging statements are
added, and to maintain sanity when the body consists of a macro,
such as an ACE_ASSERT without a trailing semicolon:
<pre>
for (u_int i = 0; i < count; ++i)
{
ACE_ASSERT (++total < UINT_MAX;)
}
</pre><p>
Similarly, <strong><code>if</code></strong> statements should have
a space after the ``<strong>if</strong>'', and no spaces just after
the opening parenthesis and just before the closing parenthesis.<p>
<li>If a loop index is used after the body of the loop, it
<strong>must</strong> be declared before the loop. For example,
<pre>
size_t i = 0;
for (size_t j = 0; file_name [j] != '\0'; ++i, ++j)
{
if (file_name [j] == '\\' && file_name [j + 1] == '\\')
++j;
file_name [i] = file_name [j];
}
// Terminate this string.
file_name [i] = '\0';
</pre><p>
<li>Prefix operators are sometimes more efficient than postfix
operators. Therefore, they are preferred over their postfix
counterparts where the expression value is not used.<p>
Therefore, use this idiom for iterators, with prefix operator
on the loop index:
<pre>
ACE_Ordered_MultiSet<int> set;
ACE_Ordered_MultiSet_Iterator<int> iter(set);
for (i = -10; i < 10; ++i)
set.insert (2 * i + 1);
</pre>
rather than the postfix operator:
<pre>
for (i = -10; i < 10; i++)
set.insert (2 * i + 1);
</pre><p>
<li>Prefer using <strong> <code> if (...) else .... </code> </strong>
instead of <strong> <code> ?: </code> </strong> operator. It is a lot
less error prone, and will help you avoid bugs caused due to the
precedence of <strong> <code> ?: </code> </strong>, compared with other
operators in an expression.
<li>When a class provides operator==, it must also provide
operator!=. Also, both these operators must be const.
<li>Avoid unnecessary parenthesis. We're not writing Lisp :-)<p>
<li>Put inline member functions in a <strong><code>.i</code></strong>
file. That file is conditionally included by both the
<strong><code>.h</code></strong> file, for example:<p>
<pre>
class ACE_Export ACE_High_Res_Timer
{
[...]
};
#if defined (__ACE_INLINE__)
#include "ace/High_Res_Timer.i"
#endif /* __ACE_INLINE__ */
</pre><p>
and <strong><code>.cpp</code></strong> file:<p>
<pre>
#define ACE_BUILD_DLL
#include "ace/High_Res_Timer.h"
#if !defined (__ACE_INLINE__)
#include "ace/High_Res_Timer.i"
#endif /* __ACE_INLINE__ */
ACE_ALLOC_HOOK_DEFINE(ACE_High_Res_Timer)
</pre><p>
<strong>NOTE:</strong> It is very important to ensure than an
inline function will not be used before its definition is seen.
Therefore, the inline functions in the .i file should be arranged
properly. Some compilers, such as <code>g++</code> with the
<code>-Wall</code> option, will issue warnings for violations.<p>
<li>Some inlining heuristics:<p>
<ul>
<li>One liners should almost always be inline, as in:
<pre>
ACE_INLINE
Foo::bar ()
{
this->baz();
}
</pre><p>
<li>The notable exception is virtual functions, which should never be
inlined.<p>
<li>Big (more than 10 lines) and complex function (more than one if ()
statement, or a switch, or a loop) should not be inlined.<p>
<li>Medium sized stuff depends on how performance critical it is.
If you know that it's in the critical path, then make it inline.<p>
</ul>
<li><code>ACE_Export</code> must be inserted between the
<code>class</code> keyword and class name for all classes that
are exported from libraries, as shown in the example above.
<strong>However</strong>, do <strong>not</strong> use
<code>ACE_Export</code> for template classes!<p>
<li>Mutators and accessors should be of this form:<p>
<pre>
void object_addr (const ACE_INET_Addr &);
// Sets <object_addr_> cache from <host> and <port>.
const ACE_INET_Addr &object_addr const (void);
// Returns the <ACE_INET_Addr> for this profile.
</pre><p>
instead of the ``set_'' and ``get_'' form.<p>
<li>Never use <strong><code>delete</code></strong> to deallocate
memory that was allocated with <strong><code>malloc</code></strong>.
Similarly, never associate <strong><code>free</code></strong> with
<strong><code>new</code></strong>.
<strong><code>ACE_NEW</code></strong> or
<strong><code>ACE_NEW_RETURN</code></strong> should be used to
allocate memory, and <strong><code>delete</code></strong> should
be used to deallocate it. And be careful to use the correct form,
<strong><code>delete</code></strong> or
<strong><code>delete []</code></strong> to correspond to the
allocation.<p>
<li>Don't check for a pointer being 0 before deleting it. It's
always safe to delete a 0 pointer. If the pointer is visible
outside the local scope, it's often a good idea to 0 it
_after_ deleting it. Note, the same argument applies to
free().<p>
<li>Always use <strong><code>ACE_NEW</code></strong> or
<strong><code>ACE_NEW_RETURN</code></strong> to allocate memory,
because they check for successful allocation and set errno
appropriately if it fails.<p>
<li>Never compare or assign a pointer value with <strong>NULL</strong>;
use <strong>0</strong> instead. The language allows any pointer to
be compared or assigned with <strong>0</strong>. The definition
of <strong>NULL</strong> is implementation dependent, so it is
difficult to use portably without casting.<p>
<li>Never use TRUE, true, or anything else other than 1 to indicate
true. Never use FALSE, false, or anything else other than 0 to
indicate false.<p>
<li>Never cast a pointer to or from an <strong><code>int</code></strong>.
On all currently supported ACE platforms, it is safe to cast
a pointer to or from a <strong><code>long</code></strong>.<p>
<li>Be very careful when selecting an integer type that must be a
certain size, <em>e.g.</em>, 4 bytes. <strong>long</strong> is
not 4 bytes on all platforms; it is 8 bytes on many 64-bit
machines. ACE_UINT32 is always 4 bytes, and ACE_UINT64 is
always 8 bytes.<p>
<li>If a class has any virtual functions, and its destructor is
declared explicitly in the class, then the destructor should
<strong>always</strong> be virtual as well. And to support
compiler activities such as generation of virtual tables and,
in some cases, template instantiation, the virtual destructor
should <strong>not be inline</strong>. (Actually, any non-pure
virtual function could be made non-inline for this purpose. But,
for convenience, if its performance is not critical, it is usually
easiest just to make the virtual destructor non-inline.)<p>
<li><a name="ACE_Time_Value example">Avoid default arguments</a>
unless there's a good reason. For an example of how they got
us into a jam is:
<pre>
ACE_Time_Value (long sec, long usec = 0);
</pre>
So, <code>ACE_Time_Value (2.5)</code> has the unfortunate
effect of coercing the 2.5 to a long with value 2. That's
probably not what the programmer intended, and many compilers
don't warn about it.<p>
A nice fix would be to add an <code>ACE_Time_Value (double)</code>
constructor. But, that would cause ambiguous overloading
due to the default value for the second argument of
<code>ACE_Time_Value (long sec, long usec = 0)</code>.
We're stuck with <code>ACE_Time_Value</code>, but now we
know that it's easy to avoid.<p>
<li>Constructor initializers must appear in the same order as
the data members are declared in the class header. This avoids
subtle errors, because initialization takes place in the order
of member declaration.<p>
<li>Initialization is usually cleaner than assignment, especially
in a conditional. So, instead of writing code like this:
<pre>
ssize_t n_bytes;
// Send multicast of one byte, enough to wake up server.
if ((n_bytes = multicast.send ((char *) &reply_port,
sizeof reply_port)) == -1)
</pre>
Write it like this:
<pre>
ssize_t n_bytes = multicast.send ((char *) &reply_port,
sizeof reply_port)
// Send multicast of one byte, enough to wake up server.
if (n_bytes == -1)
</pre><p>
But, beware if the initialization is of a static variable.
A static variable is only initialized the first time its
declaration is seen. Of course, we should avoid using
static variables at all.<p>
<li>It is usually clearer to write conditionals that have
both branches without a negated condition. For example,<p>
<pre>
if (test)
{
// true branch
}
else
{
// false branch
}
</pre><p>
is preferred over:<p>
<pre>
if (! test)
{
// false test branch
}
else
{
// true test branch
}
</pre><p>
<li>If a cast is necessary, avoid use of function-style casts,
<em>e.g.</em>, <code>int (foo)</code>. Instead, use
one of the ACE cast macros:
<pre>
return ACE_static_cast(size_t, this->count_) > that->size_;
</pre><p>
The general usage guidelines for the four styles of casts are:<p>
<ul>
<li><strong>ACE_const_cast</strong>: use to cast away
constness, or volatile-ness.<p>
<li><strong>ACE_static_cast</strong>: use to cast between
compatible types, such as downcasting a pointer or narrowing
an integer.<p>
<li><strong>ACE_reinterpret_cast</strong>: use only when
ACE_static_cast is not suitable.<p>
<li><strong>ACE_dynamic_cast</strong>: avoid, unless you really
want to type check at run-time.<p>
</ul>
<li>In general, if instances of a class should not be copied,
then a private copy constructor and assignment operator should
be declared for the class, but not implemented. For example:
<pre>
// Disallow copying by not implementing the following . . .
ACE_Object_Manager (const ACE_Object_Manager &);
ACE_Object_Manager &operator= (const ACE_Object_Manager &);
</pre><p>
If the class is a template class, then the
<code>ACE_UNIMPLEMENTED_FUNC</code> macro should be used:
<pre>
// = Disallow copying...
ACE_UNIMPLEMENTED_FUNC (ACE_TSS (const ACE_TSS<TYPE> &))
ACE_UNIMPLEMENTED_FUNC (void operator= (const ACE_TSS<TYPE> &))
</pre><p>
<code>ACE_UNIMPLEMENTED_FUNC</code> can be used with non-template
classes as well. Though for consistency and maximum safety, it
should be avoided for non-template classes.<p>
<li>Never use <code>bool</code>, <code>BOOL</code>, or similar
types. (CORBA::Boolean is acceptable). Use <code>int</code>
or <code>u_int</code> instead for boolean types.<p>
<li>Functions should always return -1 to indicate failure, and
0 or greater to indicate success.<p>
<li>Separate the code of your templates from the code for
non-parametric classes: some compilers get confused when
template and non-template code is mixed in the same file.<p>
<li>It's a good idea to specify the include path (with <code>-I</code>)
to include any directory which contains files with template
definitions. The Compaq Tru64 cxx <code>-ptv</code> compiler option
may help diagnose missing template instantiation problems.<p>
<li>When referring to member variables and functions, use
<code>this-></code><em>member</em>. This makes it clear to the
reader that a class member is being used. It also makes it crystal
clear to the compiler which variable/function you mean in cases
where it might make a difference.
</ul>
<li><strong>I/O</strong><p>
<ul>
<li>Use <strong><code>ACE_DEBUG</code></strong> for printouts,
and <strong><code>ACE_OS::fprintf ()</code></strong> for
file I/O. Avoid using iostreams because of implementation
differences across platforms.<p>
<li>After attempting to open an existing file, always check for success.
Take appropriate action if the open failed.<p>
<li>Notice that <strong><code>ACE_DEBUG</code></strong> and
<strong><code>ACE_ERROR</code></strong> don't support
<code>%ld</code> of any other multicharacter format.<p>
</ul>
<li><strong>WCHAR conformity</strong><p>
<ul>
<li>For ACE, use ACE_TCHAR instead of char for strings and ACE_TEXT ()
around string literals. Exceptions are char arrays used for data
and strings that need to remain as 1 byte characters.
<li>If you have a char string that needs to be converted to ACE_TCHAR,
use the ACE_TEXT_CHAR_TO_TCHAR () macro. If you have a ACE_TCHAR
string that needs to be converted to a char string, use the
ACE_TEXT_ALWAYS_CHAR () macro
<li>Do not use the Win32 TCHAR macros. The wide character-ness of ACE
is separate from UNICODE and _UNICODE.
<li>For TAO, don't use ACE_TCHAR or ACE_TEXT. The CORBA specification
defines APIs as using char. So most of the time there is no need
to use wide characters.
</ul><P>
<li><strong>Exceptions</strong><p>
<ul>
<li>There are many ways of throwing and catching exceptions. The
code below gives several examples. Note that each method has
different semantics and costs. Whenever possible, use the
first approach.<p>
<pre>
#include "iostream.h"
class exe_foo
{
public:
exe_foo (int data) : data_ (data)
{ cerr << "constructor of exception called" << endl; }
~exe_foo ()
{ cerr << "destructor of exception called" << endl; }
exe_foo (const exe_foo& foo) : data_ (foo.data_)
{ cerr << "copy constructor of exception called"
<< endl; }
int data_;
};
void
good (int a)
{
throw exe_foo (a);
};
void
bad (int a)
{
exe_foo foo (a);
throw foo;
};
int main ()
{
cout << endl << "First exception" << endl
<< endl;
try
{
good (0);
}
catch (exe_foo &foo)
{
cerr << "exception caught: " << foo.data_
<< endl;
}
cout << endl << "Second exception" << endl
<< endl;
try
{
good (0);
}
catch (exe_foo foo)
{
cerr << "exception caught: " << foo.data_
<< endl;
}
cout << endl << "Third exception" << endl
<< endl;
try
{
bad (1);
}
catch (exe_foo &foo)
{
cerr << "exception caught: " << foo.data_
<< endl;
}
cout << endl << "Fourth exception" << endl
<< endl;
try
{
bad (1);
}
catch (exe_foo foo)
{
cerr << "exception caught: " << foo.data_
<< endl;
}
return 0;
}
</pre>
Output is: <p>
<pre>
First exception
constructor of exception called
exception caught: 0
destructor of exception called
Second exception
constructor of exception called
copy constructor of exception called
exception caught: 0
destructor of exception called
destructor of exception called
Third exception
constructor of exception called
copy constructor of exception called
destructor of exception called
exception caught: 1
destructor of exception called
Fourth exception
constructor of exception called
copy constructor of exception called
destructor of exception called
copy constructor of exception called
exception caught: 1
destructor of exception called
destructor of exception called
</pre>
</ul><p>
<li><strong>Compilation</strong><p>
<ul>
<li>Whenever you add a new test or example to ACE or TAO, make
sure that you modify the Makefile or project file in the
parent directory. This will make sure that your code gets
compiled on a regular basis. In some cases, this also applies
to MSVC project files.<p>
</ul><p>
</ul>
<hr>
<h3><a href="http://www.cs.wustl.edu/~schmidt/ACE-overview.html">ACE</a>
Usage Guidelines</h3>
<ul>
<li>Always use <strong><code>ACE_OS</code></strong> (static)
member functions instead of bare OS system calls.<p>
<li>As a general rule, the only functions that should go into the
<strong><code>ACE_OS</code></strong> class are ones that have
direct equivalents on some OS platform. Functions that are
extensions should go in the <strong><code>ACE</code></strong> class.<p>
<li>Use the <strong><code>ACE_SYNCH_MUTEX</code></strong> macro,
instead of using one of the specific mutexes, such as
<strong><code>ACE_Thread_Mutex</code></strong>. This provides
portability between threaded and non-threaded platforms.<p>
<li>Avoid creating a static instance of user-defined (class) type.
Instead, either create it as an
<strong><code>ACE_Singleton</code></strong>,
<strong><code>ACE_TSS_Singleton</code></strong>, or as an
<strong><code>ACE_Cleanup</code></strong> object. See the
<strong>ACE</strong>
<a href="../ace/Singleton.h"><code>Singleton.h</code></a>,
<a href="../ace/Object_Manager.h"><code>Object_Manager.h</code></a>, and
<a href="../ace/Managed_Object.h"><code>Managed_Object.h</code></a>
header files for more information.<p>
Static instances of built-in types, such as
<strong><code>int</code></strong> or any pointer type, are fine.<p>
Construction of static instance of a user-defined type should
<em>never</em> spawn threads. Because order of construction of
statics across files is not defined by the language, it is usually
assumed that only one thread exists during static construction.
This allows statics suchs as locks to be safely created. We do not
want to violate this assumption.<p>
<li>Do not use run-time type identification (RTTI) directly since some platforms
do not support it. Instead, use the ACE macros, e.g.,
<CODE>ACE_static_cast()</CODE>, <CODE>ACE_dynamic_cast()</CODE>, etc.<p>
<li>Do not use C++ exception handling directly. Some platforms do
not support it. And, it can impose an execution speed penalty.
Instead use the TAO/ACE try/catch macros.<p>
<li>Because ACE does not use exception handling, dealing with
failures requires a bit of care. This is especially true
in constructors. Consider the following approach:
<pre>
ACE_NEW_RETURN (this->name_space_, LOCAL_NAME_SPACE, -1);
if (ACE_LOG_MSG->op_status () != 0)
....
</pre>
This snip of code is from
<a href="../ace/Naming_Context.cpp"><code>ACE_Naming_Context</code></a>.
All failed constructors in ACE (should) call ACE_ERROR. This sets
the thread-specific <strong>op_status</strong>, which can be checked
by the caller. This mechanism allows the caller to check for a failed
constructor without the requiring the constructor to throw
exceptions.<p>
<LI>Another consequence of ACE's avoidance of exception handling is
that you should use <CODE>open()</CODE> methods on classes that
perform initializations that can fail. This is because <CODE>open()</CODE>
returns an error code that's easily checked by the caller,
rather than relying on constructor and thread-specific status
values. <P>
<li>Avoid using the C++ Standard Template Library (STL) in our
applications. Some platforms do not support it yet.<p>
<li>Be <em>very</em> careful with <code>ACE_ASSERT</code>. It
must only be used to check values; it may never be used to
wrap a function call, or contain any other side effect. That's
because the statement will disappear when ACE_NDEBUG is enabled.
For example, this code is BAD:
<pre>
ACE_ASSERT (this->next (retv) != 0); // BAD CODE!
</pre>
Instead, the above should be coded this way:
<pre>
int result = this->next (retv);
ACE_ASSERT (result != 0);
ACE_UNUSED_ARG (result);
</pre><p>
<li>Never put side effects in <code>ACE_DEBUG</code> code:
<pre>
ACE_DEBUG ((LM_DEBUG,
"handling signal: %d iterations left\n",
--this->iterations_)); // BAD CODE!
</pre>
Note that this won't work correctly if <code>ACE_NDEBUG</code> is
defined, for the same reason that having side-effects in
<code>ACE_ASSERT</code>s won't work either, <em>i.e.</em>, because
the code is removed.<p>
<li>Be <strong>very</strong> careful with the code that you put
in a signal handler. On Solaris, the man pages document systems
calls as being Async-Signal-Safe if they can be called from signal
handlers. In general, it's best to just set a flag in a signal
handler and take appropriate action elsewhere. It's also best
to avoid using signals, especially asynchronous signals.<p>
<li>Immediately after opening a temporary file, unlink it. For
example:
<pre><code>
ACE_HANDLE h = open the file (filename);
ACE_OS::unlink (filename);
</code></pre><p>
This avoids leaving the temporary file even if the program crashes.<p>
<li>Always use <code>$(RM)</code> instead of <code>rm</code> or
<code>rm -f</code> in Makefiles.<p>
<li>Be sure to specify the <code>THR_BOUND</code> thread creation
flag for time-critical threads. This ensures that the thread competes
for resources globally on Solaris. It is harmless on other platforms.<p>
</ul>
<hr>
<h3><a href="http://www.cs.wustl.edu/~schmidt/ACE-overview.html">Other
ACE</a> and
<a href="http://www.cs.wustl.edu/~schmidt/TAO-overview.html">TAO</a>
Guidelines</h3>
<ul>
<li>When enhancing, updating, or fixing ACE or TAO, always:<p>
<ol>
<li>Test your change on at least one platform. All changes
<strong>must</strong> be tested with egcs before commiting.
That means you may need to test on at least two platforms.<p>
<li>An an entry to the appropriate ChangeLog. TAO and some
ACE subdirectories, such as <a href="../ASNMP">ASNMP</a>,
<a href="../apps/JAWS">JAWS</a>, and
<a href="../apps/gperf">gperf,</a> have their
own ChangeLogs. If you don't use one of those, use the
<a href="../ChangeLog">ChangeLog</a> in the top-level
<a href="..">ACE_wrappers</a> directory.<p>
<li>Commit your change using a message of this form:<p>
<code>
ChangeLogTag: Thu Jul 22 09:55:10 1999 David L. Levine
<levine@cs.wustl.edu>
</code><p>
<li>If the change is in response to a request by someone else:
<ol>
<li>Make sure that person is acknowledged in
<a href="../THANKS">ACE_wrappers/THANKS</a>, and<p>
<li>Respond to that person.<p>
</ol>
</ol>
<li>Never add copyrighted, confidential, or otherwise restricted
code to the ACE or TAO distributions without written permission
from the owner.<p>
</ul>
<hr>
<h3><a href="http://www.cs.wustl.edu/~levine/CVS.html">CVS</a>
Usage Guidelines</h3>
<ul>
<li>Always make sure that a change builds and executes correctly
on at least one platform before checking it into the CVS repository.
All changes <strong>must</strong> be tested with egcs before commiting.
That means you may need to test on at least two platforms.<p>
</ul>
<hr>
<h3>Script Guidelines</h3>
<ul>
<li>In general, it's best to write scripts in Perl. It's
OK to use Bourne shell. Never, never, never use csh, ksh,
bash, or any other kind of shell.<p>
<li>Follow the Perl style guide guide as closely as
possible. <code>man perlstyle</code> to view it.
<li>Don't specify a hard-coded path to Perl itself. Use
the following code at the top of the script to pick up
perl from the users <code>PATH</code>:<br>
<pre>
eval '(exit $?0)' && eval 'exec perl -S $0 ${1+"$@"}'
& eval 'exec perl -S $0 $argv:q'
if 0;
</pre><p>
<li>Never, never, never start the first line of a script
with ``#'', unless the first line is ``#! /bin/sh''.
With just ``#'', t/csh users will spawn a new shell.
That will cause their <code>.[t]cshrc</code> to be
processed, possibly clobbering a necessary part of
their environment.<p>
<li>If your Perl script relies on features only available
in newer versions of Perl, include the a statement similar
to the following:<br>
<pre>
require 5.003;
</pre>
<li>Don't depend on <strong><code>.</code></strong> being
in the user's path. If the script spawns another executable
that is supposed to be in the current directory, be sure the
prefix its filename with <strong><code>.</code></strong>.<p>
</ul>
<hr>
<h3>Software Engineering Guidelines</h3>
<ul>
<li><strong>Advise</strong>: Keep other developers informed of problems
and progress.<p>
<li><strong>Authorize</strong>: We have contractual obligations to not
unilaterally change interfaces. If you need to change or remove an
interface, get an OK.<p>
<li><strong>Minimize</strong> risk: Test all changes. Solicit review of
changes.<p>
<li><strong>Revise</strong> only when necessary: Every change has risk,
so avoid making any change unless there is a good reason for it.<p>
<li><strong>Normalize</strong>: Factor out commonality. For example,
maintain a data value in only one place.<p>
<li><strong>Synthesize</strong>: Build stubs and scaffolding early to
simulate the complete system. Maintain a checked-in version of the
system that cleanly builds and tests at all times.<p>
<li><strong>Be available</strong>: Breaking compilation in one
platform or another should be avoided (see above),
but it is bound to happen when so many platforms are in use.
Be available after making a change,
if you won't be available for at least 48 hours after the change
is made then don't make it!<p>
</ul>
<hr>
<h3><a href="http://www.cs.wustl.edu/~doc/PACE/">PACE</a>
Software Development Guidelines</h3>
PACE code should be developed following the ACE guidelines
above, with these exceptions:
<ul>
<li>An <code>if</code> statement that has just one statement must
be written with the braces:
<pre>
if (condition)
{
statement;
}
</pre>
This avoids bugs caused by subsequent insertion of code:
<pre>
if (condition)
ACE_OS::fprintf (stderr, "I need to see what's going on here\n");
statement; /* Ooops! This statement will always be executed!!!! */
</pre>
</ul>
<hr>
<h3><a href="http://www.cs.wustl.edu/~schmidt/rules.html">ACE
Design Rules</a></h3>
<hr><p>
<font size=-1>
Last modified <!--#echo var="LAST_MODIFIED" -->.<p>
</font>
Back to <A HREF="index.html">ACE Documentation Home</A>.
</body>
</html>
