logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

How-I-learned-to-stop-worrying-and-love-C.md (6457B)

    

  1. ---
  2. date: 2017-03-15
  3. # vim: tw=80
  4. title: Principles for C programming
  5. layout: post
  6. tags: [C, philosophy]
  7. ---
  9. In the words of Doug Gwyn, "Unix was not designed to stop you from doing stupid
  10. things, because that would also stop you from doing clever things". C is a very
  11. powerful tool, but it is to be used with care and discipline. Learning this
  12. discipline is well worth the effort, because C is one of the best programming
  13. languages ever made. A disciplined C programmer will...
  15. **Prefer maintainability**. Do not be clever where cleverness is not required.
  16. Instead, seek out the simplest and most understandable solution that meets the
  17. requirements. Most concerns, including performance, are secondary to
  18. maintainability. You should have a performance budget for your code, and you
  19. should be comfortable spending it.
  21. As you become more proficient with the language and learn about more features
  22. you can take advantage of, you should also be learning when not to use them.
  23. It's more important that a novice could understand your code than it is to use
  24. some interesting way of solving the problem. Ideally, a novice will understand
  25. your code *and* learn something from it. Write code as if the person maintaining
  26. it was you, circa last year.
  28. **Avoid magic**. Do not use macros[^1]. Do not use a typedef to hide a pointer or
  29. avoid writing "struct". Avoid writing complex abstractions. Keep your build
  30. system simple and transparent. Don't use stupid hacky crap just because it's a
  31. cool way of solving the problem. The underlying behavior of your code should be
  32. apparent even without context.
  34. One of C's greatest advantages is its transparency and simplicity. This should
  35. be embraced, not subverted. But in the fine C tradition of giving yourself
  36. enough rope to hang yourself with, you can use it for magical purposes. You
  37. must not do this. Be a muggle.
  39. **Recognize and avoid dangerous patterns**. Do not use fixed size buffers with
  40. variable sized data - always calculate how much space you'll need and allocate
  41. it. Read the man pages for functions you use and handle their failure modes.
  42. Immediately convert unsafe user input into sanitized C structures. If you later
  43. have to present this data to the user, keep it in C structures until the last
  44. possible moment. Learn of and use extra care around sensitive functions like
  45. strcat.
  47. Writing C is sometimes like handling a gun. Guns are important tools, but
  48. accidents with them can be very bad. You treat guns with care: you don't point
  49. them at anything you love, you exercise good trigger discipline, and you treat
  50. it like it's always loaded. And like guns are useful for making holes in things,
  51. C is useful for writing kernels with.
  53. **Take care organizing the code**. Never put code into a header. Never use the
  54. `inline` keyword. Put separate concerns in separate files. Use static functions
  55. liberally to organize your logic. Use a coding style that gives everything
  56. enough breathing room to be easy on the eyes. Use single letter variable names
  57. when their purpose is self-evident and descriptive names when it's not, and
  58. avoid neither.
  60. I like to organize my code into directories that implement some group of
  61. functions, and give each function its own file. This file will often contain
  62. lots of static functions, but they all serve to organize the behavior this file
  63. is responsible for implementing. Write up a header to give others access to
  64. this module. And use the Linux kernel coding style, god dammit.
  66. **Use only standard features**. Do not assume the platform is Linux. Do not
  67. assume the compiler is gcc. Do not assume the libc is glibc. Do not assume the
  68. architecture is x86. Do not assume the coreutils are GNU. Do not define
  69. \_GNU_SOURCE.
  71. If you must use platform-specific features, describe an interface for it,
  72. then write platform-specific support code separately. Under no circumstances
  73. should you ever use gcc extensions or glibc extensions. GNU is a blight on this
  74. Earth, do not let it infect your code.
  76. **Use a disciplined workflow**. Have a disciplined approach to version control,
  77. too. Write thoughtful commit messages - briefly explain the change in the first
  78. line, and add justification for it in the extended commit message. Work in
  79. feature branches with clearly defined goals, and do not include changes that
  80. don't serve that goal. Do not be afraid to rebase and edit your branch's history
  81. so that it presents your changes clearly.
  83. When you have to return to your code later, you will be thankful for the
  84. detailed commit message you wrote. Others who interact with your code will be
  85. thankful for this as well. When you see some stupid code, it's nice to know what
  86. the bastard was thinking at the time, especially when the bastard in question
  87. was you.
  89. **Do strict testing and reviews**. Identify the different possible code paths
  90. that your changes may take. Test each of them for the correct behavior. Give it
  91. incorrect input. Give it inputs that could "never happen". Pay special attention
  92. to error-prone patterns. Look for places to simplify the code and make the
  93. processes clearer.
  95. Next, give your changes to another human to review. This human should apply the
  96. same process and sign off on your changes. Review with discipline as well,
  97. taking all of the same steps. Review like it'll be your ass on the line if
  98. there's a problem with this code.
  100. **Learn from mistakes**. First, fix the bug. Then, fix the real bug: your
  101. process allowed this mistake to happen. Bring your code reviewer into the
  102. discussion - this is their fault, too. Critically examine the process of
  103. writing, reviewing, and deploying this code, and seek out the root cause.
  105. The solution might be simple, like adding strcat to the list of functions that
  106. should trigger your "review this code carefully" reflex. It might be employing
  107. static analysis so a computer can detect this problem for you. Perhaps the code
  108. needs to be refactored so it's simpler and easier to spot errors in. Failing to
  109. reflect on how to avoid future fuck-ups would be the real fuck-up here.
  111. - - -
  113. It's important to remember that rules are made to be broken. There may be cases
  114. where things that are discouraged should be used, and things that are encouraged
  115. disregarded. You should strive to make such cases the exception, not the norm,
  116. and carefully justify them when they happen.
  118. C is the shit. I love it, and I hope more people can learn to see it the way I
  119. do. Good luck!
  121. [^1]: Defining constants with them is fine, though