logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

2023-03-09-Comment-or-no-comment.md (11017B)

    

  1. ---
  2. title: When to comment that code
  3. date: 2023-03-09
  4. ---
  6. My software tends to have a surprisingly low number of comments. One of my
  7. projects, [scdoc], has 25 comments among its 1,133 lines of C code, or 2%,
  8. compared to the average of 19%.[^1] Naturally, I insist that my code is
  9. well-written in spite of this divergence from the norm. Allow me to explain.
  11. [scdoc]: https://git.sr.ht/~sircmpwn/scdoc
  12. [^1]: O. Arafat and D. Riehle, "The comment density of open source software code," 2009 31st International Conference on Software Engineering - Companion Volume, Vancouver, BC, Canada, 2009, pp. 195-198, doi: 10.1109/ICSE-COMPANION.2009.5070980.
  14. The philosophy and implementation of code comments varies widely in the
  15. industry, and some view comment density as a proxy for code quality.[^2] I'll
  16. state my views here, but will note that yours may differ and I find that
  17. acceptable; I am not here to suggest that your strategy is wrong and I will
  18. happily adopt it when I write a patch for your codebase.
  20. [^2]: I hold this view weakly, but reverse of the norm: I consider a high
  21.   comment density a sign that the code quality may be poor.
  23. Let's begin with an illustrative example from one of my projects:
  25. ```hare
  26. // Reads the next entry from an EFI [[FILE_PROTOCOL]] handle of an open
  27. // directory. The return value is statically allocated and will be overwritten
  28. // on the next call.
  29. export fn readdir(dir: *FILE_PROTOCOL) (*FILE_INFO | void | error) = {
  30. 	// size(FILE_INFO) plus reserve up to 512 bytes for file name (FAT32
  31. 	// maximum, times two for wstr encoding)
  32. 	static let buf: [FILE_INFO_SIZE + 512]u8 = [0...];
  33. 	const n = read(dir, buf)?;
  34. 	if (n == 0) {
  35. 		return;
  36. 	};
  37. 	return &buf[0]: *FILE_INFO;
  38. };
  39. ```
  41. This code illustrates two of my various approaches to writing comments. The
  42. first comment is a documentation comment: the intended audience is the consumer
  43. of this API. The call-site has access to the following information:
  45. - This comment
  46. - The name of the function, and the module in which it resides (efi::readdir)
  47. - The parameter names and types
  48. - The return type
  50. The goal is for the user of this function to gather enough information from
  51. these details to correctly utilize this API.
  53. The module in which it resides suggests that this function interacts with the
  54. EFI (Extensible Firmware Interface) standard, and the user would be wise to pair
  55. a reading of this code (or API) with skimming the relevant standard. Indeed, the
  56. strategic naming of the FILE\_PROTOCOL and FILE\_INFO types (notably written in
  57. defiance of the Hare style guide), provide hints to the relevant parts of the
  58. EFI specification to read for a complete understanding of this code.
  60. The name of the function is also carefully chosen to carry some weight: it is a
  61. reference to the Unix readdir function, which brings with it an intuition about
  62. its purpose and usage for programmers familiar with a Unix environment.
  64. The return type also provides hints about the function's use: it may return
  65. either a FILE\_INFO pointer, void (nothing), or an error. Without reading the
  66. documentation string, and taking the name and return type into account, we might
  67. (correctly) surmise that we need to call this function repeatedly to read file
  68. details out of a directory until it returns void, indicating that all entries
  69. have been processed, handling any errors which might occur along the way.
  71. We have established a lot of information about this function without actually
  72. reading the comment; in my philosophy of programming I view this information as
  73. a critical means for the author to communicate to the user, and we can lean on
  74. it to reduce the need for explicit documentation. Nevertheless, the
  75. documentation comment adds something here. The first sentence is a relatively
  76. information-sparse summary of the function's purpose, and mainly exists to tick
  77. a box in the Hare style guide.[^3] The second sentence is the only real reason
  78. this comment exists: to clarify an important detail for the user which is not
  79. apparent from the function signature, namely the storage semantics associated
  80. with the return value.
  82. [^3]: Which states that all exported functions that the module consumer is
  83.   expected to use should have a comment, and that exported but undocumented
  84.   symbols are exported to fulfill an implementation detail and not to provide a
  85.   useful interface.
  87. Let's now study the second comment's purpose:
  89. ```hare
  90. // size(FILE_INFO) plus reserve up to 512 bytes for file name (FAT32
  91. // maximum, times two for wstr encoding)
  92. static let buf: [FILE_INFO_SIZE + 512]u8 = [0...];
  93. ```
  95. This comment exists to explain the use of the magic constant of 512. The
  96. audience of this comment is someone reading the *implementation* of this
  97. function. This audience has access to a different context than the user of the
  98. function, for instance they are expected to have a more comprehensive knowledge
  99. of EFI and are *definitely* expected to be reading the specification to a much
  100. greater degree of detail. We can and should lean on that context to make our
  101. comments more concise and useful.
  103. An alternative writing which does not rely on this context, and which in
  104. my view is strictly worse, may look like the following:
  106. ```hare
  107. // The FILE_INFO structure includes the file details plus a variable length
  108. // array for the filename. The underlying filesystem is always FAT32 per the
  109. // EFI specification, which has a maximum filename length of 256 characters. The
  110. // filename is encoded as a wide-string (UCS-2), which encodes two bytes per
  111. // character, and is not NUL-terminated, so we need to reserve up to 512 bytes
  112. // for the filename.
  113. static let buf: [FILE_INFO_SIZE + 512]u8 = [0...];
  114. ```
  116. The target audience of this comment should have a reasonable understanding of
  117. EFI. We simply need to clarify that this constant is the FAT32 max filename
  118. length, times two to account for the wstr encoding, and our magic constant is
  119. sufficiently explained.
  121. Let's move on to another kind of comment I occasionally write: medium-length
  122. prose. These often appear at the start of a function or the start of a file and
  123. serve to add context to the implementation, to justify the code's existence or
  124. explain why it works. Another sample:
  126. ```hare
  127. fn init_pagetables() void = {
  128. 	// 0xFFFF0000xxxxxxxx - 0xFFFF0200xxxxxxxx: identity map
  129. 	// 0xFFFF0200xxxxxxxx - 0xFFFF0400xxxxxxxx: identity map (dev)
  130. 	// 0xFFFF8000xxxxxxxx - 0xFFFF8000xxxxxxxx: kernel image
  131. 	//
  132. 	// L0[0x000]    => L1_ident
  133. 	// L0[0x004]    => L1_devident
  134. 	// L1_ident[*]  => 1 GiB identity mappings
  135. 	// L0[0x100]    => L1_kernel
  136. 	// L1_kernel[0] => L2_kernel
  137. 	// L2_kernel[0] => L3_kernel
  138. 	// L3_kernel[0] => 4 KiB kernel pages
  139. 	L0[0x000] = PT_TABLE | &L1_ident: uintptr | PT_AF;
  140. 	L0[0x004] = PT_TABLE | &L1_devident: uintptr | PT_AF;
  141. 	L0[0x100] = PT_TABLE | &L1_kernel: uintptr | PT_AF;
  142. 	L1_kernel[0] = PT_TABLE | &L2_kernel: uintptr | PT_AF;
  143. 	L2_kernel[0] = PT_TABLE | &L3_kernel: uintptr | PT_AF;
  144. 	for (let i = 0u64; i < len(L1_ident): u64; i += 1) {
  145. 		L1_ident[i] = PT_BLOCK | (i * 0x40000000): uintptr |
  146. 			PT_NORMAL | PT_AF | PT_ISM | PT_RW;
  147. 	};
  148. 	for (let i = 0u64; i < len(L1_devident): u64; i += 1) {
  149. 		L1_devident[i] = PT_BLOCK | (i * 0x40000000): uintptr |
  150. 			PT_DEVICE | PT_AF | PT_ISM | PT_RW;
  151. 	};
  152. };
  153. ```
  155. This comment shares a trait with the previous example: its purpose, in part, is
  156. to justify magic constants. It explains the indices of the arrays by way of the
  157. desired address space, and a perceptive reader will notice that 1 GiB =
  158. 1073741824 bytes = 0x40000000 bytes.
  160. To fully understand this, we must again consider the intended audience. This
  161. is an implementation comment, so the reader is an *implementer*. They will need
  162. to possess some familiarity with the behavior of page tables to be productive in
  163. this code, and they likely have the ARM manual up on their second monitor. This
  164. comment simply fills in the blanks for an informed reader.
  166. There are two additional kinds of comments I often write: TODO and XXX.
  168. A TODO comment indicates some important implementation deficiency; it *must* be
  169. addressed at some point in the future and generally indicates that the function
  170. does not meet its stated interface and is often accompanied by an assertion, or
  171. a link to a ticket on the bug tracker, or both.
  173. ```hare
  174. assert(ep.send == null); // TODO: support multiple senders
  175. ```
  177. This function should support multiple senders, but does not; an assertion here
  178. prevents the code from running under conditions it does not yet support and the
  179. TODO comment indicates that this should be addressed in the future. The target
  180. audience for this comment is someone who brings about these conditions and runs
  181. into the assertion failure.
  183. ```hare
  184. fn memory_empty(mem: *memory) bool = {
  185. 	// XXX: This O(n) linked list traversal is bad
  186. 	let next = mem.next;
  187. 	let pages = 0u;
  188. 	for (next != FREELIST_END; pages += 1) {
  189. 		const addr = mem.phys + (next * mem::PAGESIZE): uintptr;
  190. 		const ptr = mem::phys_tokernel(addr): *uint;
  191. 		next = *ptr;
  192. 	};
  193. 	return pages == mem.pages;
  194. };
  195. ```
  197. Here we find an example of an XXX comment. This code is correct: it implements
  198. the function's interface perfectly. However, given its expected usage, a
  199. performance of O(n) is not great: this function is expected to be used in hot
  200. paths. This comment documents the deficiency, and provides a hint to a reader
  201. that might be profiling this code in regards to a possible improvement.
  203. One final example:
  205. ```hare
  206. // Invalidates the TLB for a virtual address.
  207. export fn invalidate(virt: uintptr) void = {
  208. 	// TODO: Notify other cores (XXX SMP)
  209. 	invlpg(virt);
  210. };
  211. ```
  213. This is an atypical usage of XXX, but one which I still occasionally reach for.
  214. Here we have a TODO comment which indicates a case which this code does not
  215. consider, but which must be addressed in the future: it will have to raise an
  216. IPI to get other cores to invalidate the affected virtual address. However, this
  217. is one of many changes which fall under a broader milestone of SMP support, and
  218. the "XXX SMP" comment is here to make it easy to grep through the codebase for
  219. any places which are known to require attention while implementing SMP support.
  220. An XXX comment is often written for the purpose of being easily found with grep.
  222. That sums up most of the common reasons I will write a comment in my software.
  223. Each comment is written considering a target audience and the context provided
  224. by the code in which it resides, and aims to avoid stating redundant information
  225. within these conditions. It's for this reason that my code is sparse on
  226. comments: I find the information outside of the comments equally important and
  227. aim to be concise such that a comment is not redundant with information found
  228. elsewhere.
  230. Hopefully this post inspired some thought in you, to consider your comments
  231. deliberately and to be more aware of your ability to communicate information in
  232. other ways. Even if you chose to write your comments more densely than I do, I
  233. hope you will take care to communicate well through other mediums in your code
  234. as well.