Skip to content

coding-style.md: add various rules for writing C expressions#39

Closed
DDvO wants to merge 5 commits intoopenssl:masterfrom
DDvO:coding-style-expressions
Closed

coding-style.md: add various rules for writing C expressions#39
DDvO wants to merge 5 commits intoopenssl:masterfrom
DDvO:coding-style-expressions

Conversation

@DDvO
Copy link
Contributor

@DDvO DDvO commented Apr 1, 2022

Add a first chunk of rules, taken from the list of proposed ones collected at openssl/openssl#10725,
focusing on how (not) to write C expressions.

This PR significantly generalizes the former Miscellaneous section of policies/coding-style.md.

This PR only partially fixes openssl/openssl#10725 - as @mattcaswell wrote in openssl/openssl#10725 (comment):

I'd suggest any PR target only one or a handful of changes at a time.

@DDvO

This comment was marked as resolved.

@paulidale paulidale added the policy change A change to a policy is being proposed label Apr 3, 2022
@paulidale
Copy link
Contributor

As a policy change, this will require an OTC vote at least two weeks after the PR was first raised.

Copy link

@zuiderkwast zuiderkwast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. I was going to create this PR myself.

@levitte
Copy link
Member

levitte commented Apr 5, 2022

Re <br/>, I agree that if they are meant as paragraph separators, then replace them with an empty line. Paragraph style should NOT be a markdown matter, but a rendering (stylesheet) matter.

Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please drop the <br/> marks. Replace with blank lines where appropriate.

@DDvO DDvO requested a review from t8m April 5, 2022 14:50
@DDvO
Copy link
Contributor Author

DDvO commented Apr 7, 2022

As a policy change, this will require an OTC vote at least two weeks after the PR was first raised.

Would it be adequate to start with such an OTC vote now, or after two weeks of waiting time?

@t8m
Copy link
Member

t8m commented Apr 7, 2022

It has to wait.

if (p == NULL && !f(2 * x + y == z++)).
```

For clarity, always put parentheses when mixing `&&` and `||` operations.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect we will want a whole lot more exceptions. C has lots of operators and almost nobody learns the precedence order. Perhaps this is a common sense rule, reduce parenthesis as far as is reasonable but no further?

E.g. a <= b == c >= d + 1 is a perfectly well defined C expression with minimal parenthesis but a lot of folks won't instantly know what it's doing.

Copy link
Contributor Author

@DDvO DDvO Apr 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've extended the text and the example this way,
and now also explicitly cover the so-called bitwise operators &, ^, and |.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The whole approach of preventing "extra" parentheses is something I think should be removed completely - as mistakes do happen and parentheses do significantly improve readability.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@t-j-h I wholeheartedly disagree. For me a code with needless parentheses is much less readable actually. I always have to count the parentheses and so on to understand what is going on there. The example in this PR is a perfect one for me. The condition with the extra parentheses looks like parentheses hell to me where the one without is perfectly readable.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In most real life cases I'd agree with @t-j-h. I never remember the operators priority :(

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, what to consider a reasonable amount of extra parentheses is a matter of both taste and fluency with C.
This could be debated ad nauseam.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this ever becomes a problem in practice (in a code review) just update the coding style again when that happens?

@DDvO DDvO force-pushed the coding-style-expressions branch from 8d7f420 to 103a28c Compare April 25, 2022 13:02
@t8m
Copy link
Member

t8m commented May 3, 2022

Vote for accepting the coding style changes at f2ae669 has started.

@t8m
Copy link
Member

t8m commented May 3, 2022

Vote: [+1]

@slontis
Copy link
Member

slontis commented May 3, 2022

Vote: [+1]

@paulidale
Copy link
Contributor

paulidale commented May 3, 2022

Vote: [+1] amended vote below

@beldmit
Copy link
Member

beldmit commented May 3, 2022

Vote: [+1]

1 similar comment
@t-j-h
Copy link
Member

t-j-h commented May 3, 2022

Vote: [+1]

@romen
Copy link
Member

romen commented May 3, 2022

Vote: [+0]

```

For clarity, always put parentheses when mixing `&&` and `||` operations,
comparison operators like `<=` and `==`, and bitwise operators.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one surprised me 😕

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So now, (a == 1 || b == 2) is badly seen? We have written that sort of expression all over the place until now...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This recent addition was motivated by #39 (comment).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That comment was intended as the kind of mess C operators can create. I don't think it's a great example to make a rule from, but I can live with it. I have seen code along the lines of a < b != c < d.

I think we need some flexibility in interpretation. Minimal parenthesis is an ideal but needs to be tempered but comprehension.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need some flexibility in interpretation

I agree on principle, but have a hard time seeing the flexibility in "always"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it can be added after the minor policy edits is approved.

It would probably change the meaning...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way I read it the sentence above is completely contradicting the immediately previous example.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it can be added after the minor policy edits is approved.

It would probably change the meaning...

No, the sentence @t8m proposed to add later:

I.E., do not depend on && having higher precedence than ||, <= having higher precedence than ==, and & having higher precedence than | or ^.

would just clarify the sentence before:

For clarity, always put parentheses when mixing && and || operations, comparison operators like <= and ==, and bitwise operators.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way I read it the sentence above is completely contradicting the immediately previous example.

Which sentence do you mean here?

All the rules and examples about extra parentheses state exceptions on the most general rule stated upfront:

Avoid needless parentheses as far as reasonable.

In this sense, they are of course somewhat contradicting ;-)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've understood it (and I think it was meant to be) as mixing operators in the same category only. I.E. this does not apply to a == b && c > d. But applies to a && b || c which should be written as (a && b) || c even if the former is equivalent according to C rules.

Upon re-reading it, I can understand the sentence like that. But it's not perfectly clear. I suspect that we might have disputes later on depending on interpretation.

Ah well

@levitte
Copy link
Member

levitte commented May 3, 2022

Vote: [-0]

@mspncp
Copy link
Contributor

mspncp commented May 3, 2022

Vote: [0]

```

Do not use implicit checks for
numbers (not) being `0` or pointers (not) being `NULL`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where the number is intended to be a boolean value I think this is ok and is very common in the codebase (in particular when checking function return values)m e.g. if (!EVP_DecryptUpdate(...))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, and therefore the rule is stated just about numbers (integers etc.), not about Boolean values.
Maybe this should be made more clear.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mattcaswell it would have been good to receive such comments regarding clarifications earlier,
not after most people have already voted.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To clarify this, we could add (after the given examples) for instance:

Note that Boolean values shall be used directly as usual, e.g.,
if (check(x) && !success(y))

@mattcaswell
Copy link
Member

Vote: [-1]

I broadly support this, but there are a couple of details I'm not happy with.

@paulidale
Copy link
Contributor

With the discussion, I'm changing my vote because I think we need additional clarifications:

Vote: [-1]

@levitte
Copy link
Member

levitte commented May 4, 2022

Changing my vote too for the current text.

Vote: [-1]

Comment on lines +616 to +617
For clarity, always put parentheses when mixing `&&` and `||` operations,
comparison operators like `<=` and `==`, and bitwise operators.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the sentence again, it wouldn't be very hard to make it clearer:

Suggested change
For clarity, always put parentheses when mixing `&&` and `||` operations,
comparison operators like `<=` and `==`, and bitwise operators.
For clarity, always put parentheses when mixing operators of the same category,
such as `&&` and `||` operations, or comparison operators like `<=` and `==`,
or bitwise operators.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, when re-reading the above suggestion, which does include an improvement, I do not like the "category" and "such as" very much.
For instance, this could also be understood that one should put parentheses when mixing * and +, which is not intended.
So I propose a further refinement as follows:

For clarity, always put parentheses when mixing the Boolean && and || operations,
when mixing comparison operators like <= and ==, and when when mixing bitwise operators.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For clarity, always put parentheses when mixing the Boolean && and || operations, when mixing comparison operators like <= and ==, and when when mixing bitwise operators.

"Boolean" should be "Logical", to match C parlance.
The last "and" should probably be "or"
Drop the double "when"

With those mods, I approve

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, and "operations" should be "operators"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, and I suggest including in the sentence also examples for the bitwise operators.
So:

For clarity, always put parentheses when mixing the logical && and || operators,
mixing comparison operators like <= and ==, or mixing bitwise operators like & and | .

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any changes will require a new vote -- too many have voted to change the wording now. We don't have a process to abort a vote without it failing.

I don't think there is a need for different failure modes. If the vote fails, it fails. But if the OTC members indicate that a revised version would be accepted, then discussion can be immediately restarted on a new PR.

Copy link
Contributor Author

@DDvO DDvO May 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DDvO I agree with Richard: IMHO a PR which has been voted down should be closed. In cases like this one, were it just failed because changes were requested, it can immediately be replaced by a new PR from the same branch (or with some suffix like coding-style-expressions-r2, as you prefer).

True, at least when using the same branch, a new PR is very easily set up.
Yet a pointer to the previous PR should be given such that original discussion can be found quickly.

Having multiple votes within the same PR would make the thread history too confusing. But at this moment, that's just my personal opinion Your thoughts, @openssl/otc ?

That's a very good point in favor of a new PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The vote includes the hash. I don't see a big problem having a second vote here.
Another alternative would be an issue for the vote, keeping this PR open.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current process IMO does not allow for second vote. If anyone wants to propose a change to it no problem. I suppose we would need to change it to always use a separate issue for the votes.

Copy link
Contributor

@mspncp mspncp May 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@paulidale @t8m this is actually a very good idea: we shouldn't carry out the vote in the PR, but always create a dedicated Issue for a vote, with a standardized subject line (VOTE: <subject>). In this way, we could decouple the PR from the vote. Nevertheless, we need to amend the policies to regulate things like a shortened waiting period, if desired.

@mspncp
Copy link
Contributor

mspncp commented May 4, 2022

Vote: [-1]

I'm not opposed against this PR in general, but I see some need for more discussion as well.

@DDvO
Copy link
Contributor Author

DDvO commented May 4, 2022

I'm going to set up a new PR with the two improvements proposed above this evening (European time).
Are there any other proposals for (further) changes?

@t8m
Copy link
Member

t8m commented May 4, 2022

Changing my vote so I can immediately close the vote.

Vote: [-1]

@mspncp
Copy link
Contributor

mspncp commented May 4, 2022

I'm going to set up a new PR with the two improvements proposed above this evening (European time). Are there any other proposals for (further) changes?

There will be a review period as usual. And this time we promise to review before voting 😉.

@paulidale
Copy link
Contributor

Another concern with a new PR is "does the waiting period reset"?

@t8m
Copy link
Member

t8m commented May 4, 2022

Another concern with a new PR is "does the waiting period reset"?

There is no escape route for that. So yes.

@mspncp
Copy link
Contributor

mspncp commented May 4, 2022

Yes it does, at least until we change the policy. (We could decide to have a shorter waiting period for revised PRs in the future.)

@t8m
Copy link
Member

t8m commented May 4, 2022

Vote is closed. The change is rejected.

Topic: coding-style.md: add various rules for writing C expressions
       at commit f2ae669
       This will become an official OTC policy.
Proposed by: Tomas
Issue link: https://github.com/openssl/technical-policies/pull/39
Public: yes
Opened: 2022-05-03
Closed: 2022-05-04
Accepted: no   (for: 3, against: 5, abstained: 1, not voted: 1)

   Dmitry     [+1]
   Matt       [-1]
   Pauli      [-1]
   Tim        [+1]
   Richard    [-1]
   Shane      [+1]
   Tomas      [-1]
   Kurt       [  ]
   Matthias   [-1]
   Nicola     [+0]

@t8m t8m added rejected The policy change proposal was rejected by an OTC vote and removed ready to vote The policy change proposal is ready to be voted on by the OTC labels May 4, 2022
@t8m
Copy link
Member

t8m commented May 4, 2022

Closing. Further discussion should be in the new pr once it is open.

@kroeckx
Copy link
Member

kroeckx commented May 7, 2022

So I'm voting -1 too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

discussed The issue/pr was discussed by the OTC policy change A change to a policy is being proposed rejected The policy change proposal was rejected by an OTC vote

Projects

None yet

Development

Successfully merging this pull request may close these issues.

The coding style guideline document should be updated