C Coding Standard

NuttX follows a specific coding style which needs to be followed at all times a contribution to be accepted. Please read this document before working on new code so that you can follow the style from the start. To check your code for conformance to the coding style, you should use the nxstyle tool included under tools/ in the main NuttX repository.

General Conventions

File Organization

File Extensions Use the .h extension for C header files and .c for C source files.

File header. Every C, C++, make file, or script begins with a file header. That file header is enclosed with a block comment (see below). Within the block comment, the following must appear:

• The relative path to the file from the top-level directory.

• An optional, one-line description of the file contents.

• A blank line

• NuttX standard Apache 2.0 licensing information as provided in the appendix.

Sample File Headers. Sample file headers are provided in an Appendix to this document. No new software may be included in the NuttX source tree that does not have licensing information included in the file. No new software may be included in the NuttX source tree that does not have a Apache 2.0 license or license (or, in the case of 3rd party file, a compatible license such as the BSD or MIT licenses). If the file does not follow Apache 2.0 licensing, then the appropriate license information should be provided in the header rather than the Apache 2.0 licensing information and a NOTE should be included in the top-level LICENSE and/or NOTICE file(s), as appropriate, to indicate any variations from Apache 2.0 licensing.

Grouping. All like components in a C source or header file are grouped together. Definitions do not appear arbitrarily through the file, rather, like definitions are grouped together and preceded by a block comment identifying the grouping.

Block Comments. Each grouping in the file is separated with a block comment. The block comment consists of:

• A line that consists of the opening C comment (/*) followed by a series of asterisks extending to the length of the line (usually to column 78).

• The name of the grouping, starting at column 4. An asterisk preceives the name of the grouping in column 1.

• A line that consists of the closing C comment (*/) at the end of the line (usually column 78) preceded by a series of asterisks extending to column 1.

Examples of Block Comments. See Appendix A for examples of block comments.

Order of Groupings. The following groupings should appear in all C source files in the following order:

1. Included Files

2. Pre-processor Definitions

3. Private Types (definitions)

4. Private Function Prototypes (declarations)

5. Private Data (definitions)

6. Public Data (definitions)

7. Private Functions (definitions)

8. Public Functions (definitions)

The following groupings should appear in all C header files in the following order:

1. Included Files

2. Pre-processor Definitions

3. Public Types (definitions)

4. Public Data (declarations)

5. Inline Functions (definitions)

6. Public Function Prototypes (declarations)

Large vs. Small Files. In larger files, block comments should be included for all groupings, even if they are empty; the empty grouping provides important information in itself. Smaller files may omit some of the block comments; it is awkard if the block comments are larger than the file content!

Header File Idempotence. C header file must protect against multiple inclusion through the use of macros that “guard” against multiple definitions if the header file is included multiple times.

• Each header file must contain the following pre-processor conditional logic near the beginning of the header file: Between the file header and the “Included Files” block comment. For example:

  #ifndef __INCLUDE_NUTTX_ARCH_H
  #define __INCLUDE_NUTTX_ARCH_H
  

  Notice that the definitions within of the header do not follow the usually rules: The presence of the conditional test at the top of the file does not cause the remaining definitions within the file to be indented.

• Then conditional compilation is closed at the fine line of the header file with:

  #endif /* __INCLUDE_NUTTX_ARCH_H */
  

Forming Guard Names. Then pre-processor macro name used in the guard is formed from the full, relative path to the header for from the top-level, controlled directory. That path is preceded by __ and _ replaces each character that would otherwise be invalid in a macro name. So, for example, __INCLUDE_NUTTX_ARCH_H corresponds to the header file include/nuttx/arch.h

Deoxygen Information. NuttX does not use Deoxygen for documentation and no file should contain Doxygen tags or Doxygen style comments.

Sample File Formats. C source and header file templates are provided in an Appendix to this document.

Lines

Line Endings. Files should be formatted with the newline character (\n) as the line ending (Unix-style line endings) and specifically not the carriage return, newline sequence (\r\n) used with Windows-style line endings. There should be no extra whitespace at the end of the line. In addition, all text files should end in a single newline (\n). This avoids the “No newline at end of file” warning generated by certain tools.

Line Width. Text should not extend past column 78 in the typical C source or header file. Sometimes the nature of the content of a file may require that the lines exceed this limit. This often occurs in header files with naturally long definitions. If the line width must extend 78 lines, then some wider line width may be used in the file provided that it is used consistently.

Line Wrapping.

Error

This is incorrect

struct some_long_struct_name_s
{
  struct some_long_struct_name_s *flink;  /* The forward link to the next instance of struct some_long_struct_name_s in a singly linked list */
  int short_name1;   /* Short comment 1 */
  int short_name2;   /* This is a very long comment describing subtle aspects of the short_name2 field */
};

struct some_medium_name_s *ptr = malloc(sizeof(some_medium_name_s);

struct some_long_struct_name_s *ptr = malloc(sizeof(some_long_struct_name_s);

ret = some_function_with_many parameters(long_parameter_name_1, long_parameter_name_2, long_parameter_name_3, long_parameter_name_4, long_parameter_name_5, long_parameter_name_6, long_parameter_name_7, long_parameter_name_8);

ret = some_function_with_many parameters(long_parameter_name_1,
  long_parameter_name_2,
  long_parameter_name_3
  long_parameter_name_4,
  long_parameter_name_5,
  long_parameter_name_6,
  long_parameter_name_7,
  long_parameter_name_8);

Hint

This is correct

struct some_long_struct_name_s
{
  /* The forward link to the next instance of struct
   * some_long_struct_name_s in a singly linked list.
   */

  struct some_long_struct_name_s *flink;
  int short_name1;   /* Short comment 1. */
  int short_name2;   /* This is a very long comment describing subtle
                      * aspects of the short_name2 field. */
};

FAR struct some_medium_name_s *ptr = malloc(sizeof(some_medium_name_s);

FAR struct some_medium_name_s *ptr = malloc(sizeof(some_medium_name_s);

FAR struct some_long_struct_name_s *ptr = malloc(sizeof(some_long_struct_name_s);

ret = some_function_with_many parameters(long_parameter_name_1,
                                         long_parameter_name_2,
                                         long_parameter_name_3,
                                         long_parameter_name_4,
                                         long_parameter_name_5,
                                         long_parameter_name_6,
                                         long_parameter_name_7,
                                         long_parameter_name_8);

NOTE: See the discussion of pointers for information about the FAR qualifier used above.

Double Spacing. A single blank line may be use to separate logical groupings as the designer feels fit. Single blank lines are also required in certain contexts as defined in this standard. Additional blanks lines (two or more) are prohibited.

Columnar Organization. Similar things should be aligned on the same column unless doing so would cause the line width to be exceeded.

Note

This is acceptable

dog = cat;
monkey = oxen;
aardvark = macaque;

Hint

This is preferred

dog      = cat;
monkey   = oxen;
aardvark = macaque;

Block Comments The final asterisk (*) should occur at column 78 (or the line width of files with longer lines). Note that the final comment delimiter of the block comment is an exception an lies at column 79.

Comments

General. Within a comment, the text must be standard English conforming to standard English rules of grammar and spelling (US English spelling). Of course, this is not the place to summarize all English grammar, but as examples of common grammatic issues in comments:

• All sentences should begin with an upper-case character and end with either ‘.’, ‘?’, or ‘!’.

• Sentence fragments and phrases are generally treated the same as sentences.

• The punctuation ‘.’ and ‘:’ is followed by two spaces; the punctuation ‘,’ and ‘;’ is followed by a single space.

• Text following ‘.’ or ‘:’ begins with an upper-case character; text following ‘,’ or ‘;’ begins with a lower-case character.

Line Spacing A single blank line should precede and follow each comment. The only exceptions are:

For the file header block comment that begins on line one; there is no preceding blank line in that case. For conditional compilation. Conditional compilation should include the conditional logic and all comments associated with the conditional logic. In this case, the blank line appears before the conditional, not after it. No blank lines precede any comments following the conditional. With braces. No blank line separates the line containing the opening left brace from a comment. No blank line follows a comment that may be the final line preceding a closing right brace. With Labels. No blank line separates the line containing the label from a comment.

Error

This is incorrect

  /* set a equal to b */
  a = b;
  /* set b equal to c */
  b = c;

  /* Do the impossible */

#ifdef CONFIG_THE_IMPOSSIBLE
  the_impossible();
#endif

  if (a == b)
    {

      /* Only a comment */

    }

  here:

  /* This is the place */

Tip

This is correct

  /* Set a equal to b. */

  a = b;

  /* Set b equal to c. */

  b = c;

#ifdef CONFIG_THE_IMPOSSIBLE
  /* Do the impossible */

  the_impossible();
#endif

  if (a == b)
    {
      /* Only a comment */
    }

  here:
    /* This is the place */

Indentation Comments should, typically, be placed before the code section to which they apply. The comment indentation should be the same as the follow indentation rules as the following code (if applicable).

Short, Single line comments. Short comments must lie on a single line. The comment delimiters must lie on the same line.

Error

This is incorrect

/*
 * This is a single line comment
 */

Tip

This is correct

/* This is a single line comment. */

Multi-line comments. If the comment is too long to fit on a single, it must be broken into a multi-line comment. The comment must be begin on the first line of the multi-line comment with the opening comment delimiter (/*). The following lines of the multi-line comment must be with an asterisk (*) aligned in the same column as the asterisk in the preceding line. The closing comment delimiter must lie on a separate line with the asterisk (*) aligned in the same column as the asterisk in the preceding line.

Error

This is incorrect

/*
   This is the first line of a multi-line comment.
   This is the second line of a multi-line comment.
   This is the third line of a multi-line comment. */

/* This is the first line of another multi-line comment.  */
/* This is the second line of another multi-line comment. */
/* This is the third line of another multi-line comment.  */

Tip

This is correct

/* This is the first line of a multi-line comment.
 * This is the second line of a multi-line comment.
 * This is the third line of a multi-line comment.
 */

Comments to the Right of Statements. Comments to the right of statements in C source files are discouraged. If such comments are used, they should be (1) very short so that they do not exceed the line width (typically 78 characters), (2) aligned so that the comment begins in the same column on each line.

Error

This is incorrect

dog = cat; /* Make the dog be a cat */
monkey = oxen; /* Make the monkey be an oxen */
aardvark = macaque; /* Make the aardvark be a macaque */

Note

This is acceptable

dog      = cat;     /* Make the dog be a cat. */
monkey   = oxen;    /* Make the monkey be an oxen. */
aardvark = macaque; /* Make the aardvark be a macaque. */

Tip

This is preferred

/* Make the dog be a cat. */

dog      = cat;

/* Make the monkey be an oxen. */

monkey   = oxen;

/* Make the aardvark be a macaque. */

aardvark = macaque;

Comments to the Right of Data Definitions. Comments to the right of a declaration with an enumeration or structure, on the other hand, are encouraged, provided that the comments are short and do not exceed the maximum line width (usually 78 characters). Columnar alignment of comments is very desirable (but often cannot be achieved without violating the line width).

Error

This is incorrect

struct animals_s
{
  int dog; /* This is a dog */
  int cat; /* This is a cat */
  double monkey; /* This is a monkey */
  double oxen; /* This is an oxen */
  bool aardvark; /* This is an aardvark */
  bool macaque; /* This is a macaque */
};

Note

This is acceptable

struct animals_s
{
  int dog;       /* This is a dog. */
  int cat;       /* This is a cat. */
  double monkey; /* This is a monkey. */
  double oxen;   /* This is an oxen. */
  bool aardvark; /* This is an aardvark. */
  bool macaque;  /* This is a macaque. */
};

Tip

This is preferred

struct animals_s
{
  int    dog;      /* This is a dog. */
  int    cat;      /* This is a cat. */
  double monkey;   /* This is a monkey. */
  double oxen;     /* This is an oxen. */
  bool   aardvark; /* This is an aardvark. */
  bool   macaque;  /* This is a macaque. */
};

Long Comments on the Right. Comments on the right of statements or data definitions must be short and fit on the same line without exceeding the maximum line length. If a longer comment is needed, then it should appear above the statement of definition rather than to the right of the definition.

Breaking Long Comments to the Right of Statements Breaking long comments to the right of statements is acceptable as well, but not encouraged. In this case the comment must be begin on the first line of the multi-line, right-hand comment with the opening comment delimiter (/). The following lines of the multi-line, right hand comment must be with an asterisk () aligned in the same column as the asterisk in the preceding line. The closing comment delimiter must lie on the same line with the asterisk.

Error

This is incorrect

dog = cat; /* This assignment will convert what was at one time a lowly dog into a ferocious feline. */

Note

This is acceptable

dog = cat;       /* This assignment will convert what was at one time a
                  * lowly dog into a ferocious feline. */

Tip

This is preferred

/* This assignment will convert what was at one time a lowly dog into a
 * ferocious feline.
 */

dog = cat;

Note that if the comment is continued on multiple lines, the comment alignment and multi-line comment rules still apply with one exception: The closing */ appears on the same line as the final text of the comment. This exception to the rule is enforced to keep the statements and definitions from becoming to spread out.

Block comments. Block comments are only used to delimit groupings with the overall file organization and should not be used unless the usage is consistent with delimiting logical groupings in the program.

C Style Comments. C99/C11/C++ style comments (beginning with //) should not be used with NuttX. NuttX generally follows C89 and all code outside of architecture specific directories must be compatible with C89.

Error

This is incorrect

// This is a structure of animals
struct animals_s
{
  int    dog;      // This is a dog
  int    cat;      // This is a cat
  double monkey;   // This is a monkey
  double oxen;     // This is an oxen
  bool   aardvark; // This is an aardvark
  bool   macaque;  // This is a macaque
};

Tip

This is correct

/* This is a structure of animals. */

struct animals_s
{
  int    dog;      /* This is a dog. */
  int    cat;      /* This is a cat. */
  double monkey;   /* This is a monkey. */
  double oxen;     /* This is an oxen. */
  bool   aardvark; /* This is an aardvark. */
  bool   macaque;  /* This is a macaque. */
};

“Commenting Out” Large Code Blocks. Do not use C or C++ comments to disable compilation of large blocks of code. Instead, use #if 0 to do that. Make sure there is a comment before the #if 0 to explain why the code is not compiled.

Error

This is incorrect

void some_function(void)
{
  ... compiled code ...

  /*
  ... disabled code ..
   */

  ... compiled code ...
}

void some_function(void)
{
  ... compiled code ...

  //
  // ... disabled code ..
  //

  ... compiled code ...
}

Tip

This is correct

void some_function(void)
{
  ... compiled code ...

  /* The following code is disabled because it is no longer needed. */

#if 0
  ... disabled code ..
#endif

  ... compiled code ...
}

Braces

In general, the use of braces in the NuttX coding standard is similar to the use of braces in the GNU Coding standards with a few subtle differences.

Coding Standard:

• Always on Separate Lines. Braces always appear on a separate line containing nothing else other than white space.

• Never Comments on Braces. Do not put comments on the same line as braces.

• Compound Statements. Within this document, an opening left brace followed by a sequence of statements, and ending with a closing right brace is referred to as a compound statement.

• Nested Compound Statements. In the case where there are nested compound statements that end with several consecutive right braces, each closing right brace must lie on a separate line and must be indented to match the corresponding opening brace.

• Final brace followed by a single blank line. The final right brace must be followed by a blank line as per standard rules. There are two exceptions to this rule:

  1. In the case where there are nested several consecutive right braces, no blank lines should be inserted except for after the final right brace.

  2. No blank should be used to separate the final, closing right brace when it is followed by a break; statement.

• Special Indentation Rules. Special indentation rules apply to braces.

Error

This is incorrect

while (true)
  {
    if (valid)
      {
      ...
      } /* if valid */
    else
      {
      ...
      } /* not valid */
  } /* end forever */
if (a < b) {
  if (a < 0) {
      c = -a;
  } else {
      c = a;
  }
} else {
  if (b < 0) {
      c = -b;
  } else {
      c = b;
  }
}

Tip

This is correct

while (true)
  {
    if (valid)
      {
      ...
      }
    else
      {
      ...
      }
  }

if (a < b)
  {
    if (a < 0)
      {
        c = -a;
      }
    else
      {
        c = a;
      }
  }
else
  {
    if (b < 0)
      {
        c = -b;
      }
    else
      {
        c = b;
      }
  }

Exception to Indentation Rule for Braces. The exception is braces that following structure, enumeration, union, and function declarations. There is no additional indentation for those braces; those braces align with the beginning of the definition

Error

This is incorrect

enum kinds_of_dogs_e
  {
  ...
  };

struct dogs_s {
  ...
  union {
  ...
  } u;
  ...
};

struct cats_s
  {
  ...
    union
     {
     ...
     } u;
  ...
  };

int animals(int animal)
  {
  ...
  }

Tip

This is correct

enum kinds_of_dogs_e
{
  ...
};

struct dogs_s
{
  ...
  union
  {
  ...
  } u;
  ...
};

struct cats_s
{
  ...
  union
  {
  ...
  } u;
  ...
};

int animals(int animal)
{
  ...
}

Indentation

In general, the indentation in the NuttX coding standard is similar to the indentation requirements of the GNU Coding standards with a few subtle differences.

Indentation Unit. Indentation is in units of two spaces; Each indentation level is twos spaces further to the right than the preceding indentation levels. TAB characters may not be used for indentation.

Error

This is incorrect

if (x == y) {
        dosomething(x);
}

  if (x == y) {
      dosomething(x);
  }

Tip

This is correct

if (x == y)
  {
    dosomething(x);
  }

Use of TAB Characters. The use of TAB characters for indentation is prohibited in C source and header files. TAB characters are, however, used in make files, assembly language source files, Kconfig files and some script files. When TAB characters are used in these files, spaces may not be used for indentation. The correct TAB setting is 4 spaces (not 8) in these cases.

Alignment of Braces. Note that since braces must be on a separate line (see above), this indentation by two spaces has an interesting property:

• All C statements (and case selectors) lie on lines that are multiples of 4 spaces (beginning with an indentation of two): 2, 6, 10, … (4*n + 2) (for indentation level n = 0, 1, …)

• Braces lie on a separate line also indented by multiple of 4 spaces: 4, 8, 12, … 4*n (for indentation level n = 1, 2, …)

Thus, all code at the indentation level should align on the same column. Similarly, opening and closing braces at the same indentation level should also align on the same (but different) column.

Indentation of Pre-Processor Lines. C Pre-processor commands following any conditional computation are also indented following basically the indentation same rules, differing in that the # always remains in column 1.

When C pre-processor statements are indented, they should be should be indented by 2 spaces per level-of-indentation following the #. C pre-processor statements should be indented when they are enclosed within C pre-processor conditional logic (#if..#endif). The level of indentation increases with each level of such nested conditional logic.

C pre-processor statements should always be indented in this way in the Pre-processor Definitions section of each file. C pre-processor statements may be indented in the Public/Private Data and Public/Private Functions sections of the file. However, often the indentation of C pre-processor statements conflicts with the indentation of the C code and makes the code more difficult to read. In such cases, indentation of C pre-processor statements should be omitted in those sections (only).

Error

This is incorrect

#ifdef CONFIG_ABC
#define ABC_THING1 1
#define ABC_THING2 2
#define ABC_THING3 3
#endif

#ifdef CONFIG_ABC
  #define ABC_THING1 1
  #define ABC_THING2 2
  #define ABC_THING3 3
#endif

Tip

This is correct

#ifdef CONFIG_ABC
#  define ABC_THING1 1
#  define ABC_THING2 2
#  define ABC_THING3 3
#endif

#ifdef CONFIG_ABC
#  define ABC_THING1 1
#  define ABC_THING2 2
#  define ABC_THING3 3
#endif

Exception. Each header file includes idempotence definitions at the beginning of the header file. This conditional compilation does not cause any change to the indentation.

Error

This is incorrect

#ifndef __INCLUDE_SOMEHEADER_H
#  define __INCLUDE_SOMEHEADER_H
...
#  define THING1 1
#  define THING2 2
#  define THING3 3
...
#endif /* __INCLUDE_SOMEHEADER_H */

Tip

This is correct

#ifndef __INCLUDE_SOMEHEADER_H
#define __INCLUDE_SOMEHEADER_H
...
#define THING1 1
#define THING2 2
#define THING3 3
...
#endif /* __INCLUDE_SOMEHEADER_H */

Parentheses

Coding Standard:

• Space after key words. Do not put a left parenthesis (() immediately after any C keywords (for, switch, while, do, return, etc.). Put a space before the left parenthesis in these cases.

• Otherwise, no space before left parentheses. Otherwise, there should be no space before the left parentheses

• No space between function name and argument list. There should be no space between a function name and an argument list.

• Never space before the right parentheses. There should never be space before a right parenthesis ( ) ).

• No parentheses around returned values. Returned values should never be enclosed in parentheses unless the parentheses are required to force the correct order of operations in a computed return value.

Error

This is incorrect

int do_foobar ( void )
{
  int ret = 0;
  int i;

  for( i = 0; ( ( i < 5 ) || ( ret < 10 ) ); i++ )
    {
      ret = foobar ( i );
    }

  return ( ret );
}

Tip

This is correct

int do_foobar(void)
{
  int ret = 0;
  int i;

  for (i = 0; i < 5 || ret < 10; i++)
    {
      ret = foobar(i);
    }

  return ret;
}

NOTE: Many people do not trust their understanding of the precedence of operators and so use lots of parentheses in expressions to force the order of evaluation even though the parentheses may have no effect. This will certainly avoid errors due to an unexpected order of evaluation, but can also make the code ugly and overly complex (as in the above example). In general, NuttX does not use unnecessary parentheses to force order of operations. There is no particular policy in this regard. However, you are are advised to check your C Programming Language book if necessary and avoid unnecessary parenthesis when possible.

Data and Type Definitions

One Definition/Declaration Per Line

Error

This is incorrect

extern long time, money;
char **ach, *bch;
int i, j, k;

Tip

This is correct

extern long time;
extern long money;
FAR char **ach;
FAR char *bch;
int i;
int j;
int k;

NOTE: See the discussion of pointers for information about the FAR qualifier used above.

Global Variables

Global vs. Local vs. Public vs. Private By a global variable it is meant any variable defined outside of a function. The distinction is between this kind of global and function local definition and refers to the scope a symbol within a file. A related concept for all global names defined within a file is the scope of the name across different files. If the global symbol is pre-pended with the static storage class then the scope of the global symbol is within the file only. This is a somewhat different concept and within NuttX you will find these distinguished as private vs. public global symbols. However, within this standard, the term global variable will refer to any variable that has more than local scope.

Coding Standard:

• Short global variable names. Names should be terse, but generally descriptive of what the variable is for. Try to say something with the variable name, but don’t try to say too much. For example, the variable name of g_filelen is preferable to something like g_lengthoffile.

• Global variable prefix. All global variables begin with the prefix g_ to indicate the scope of variable.

• Module name prefix If a global variable belongs in a module with a name of, say xyz, then that module should be included as part of the prefix like: g_xyz_.

• Lowercase, Use all lower case letters.

• Minimal use of _. Preferably there are no _ separators within the name. Long variable names might require some delimitation using _. Long variable names, however, are discouraged.

• Use structures. If possible, wrap all global variables within a structure to minimize the liklihood of name collisions.

• Avoid global variables when possible. Use of global variables, in general, is discourage unless there is no other reasonable solution.

Error

This is incorrect

extern int someint;
static int anotherint;
uint32_t dwA32BitInt;
uint32_t gAGlobalVariable;

Note

This is acceptable

extern int g_someint;
static int g_anotherint;
uint32_t g_a32bitint;
uint32_t g_aglobal;

Tip

This is preferred

struct my_variables_s
{
  uint32_t a32bitint;
  uint32_t aglobal;
};

extern int g_someint;
static int g_anotherint;
struct my_variables_s g_myvariables;

Parameters and Local Variables

Coding Standard:

• Common naming standard. Naming for function parameters and local variables is the same.

• Short variable names. Names should be terse, but generally descriptive of what the variable is for. Try to say something with the variable name, but don’t try to say too much. For example, the variable name of len is preferable to something like lengthofiobuffer.

• No special ornamentation. There is no special ornamentation of the name to indication that the variable is a local variable. The prefix p or pp may be used on names of pointers (or pointer to pointers) if it helps to distinguish the variable from some other local variable with a similar name. Even this convention is discouraged when not necessary.

• Lowercase Use all lower case letters.

• Minimal use of single character variable names. Short variable names are preferred. However, single character variable names should be avoided. Exceptions to this include i, j, and k which are reserved only for use as loop indices (part of our Fortran legacy).

• Minimal use of _. Preferably there are no _ separators within the name. Long variable names might require some delimitation using _. Long variable names, however, are discouraged.

Error

This is incorrect

uint32_t somefunction(int a, uint32_t dwBValue)
{
  uint32_t this_is_a_long_variable_name = 1;
  int i;

  for (i = 0; i < a; i++)
    {
      this_is_a_long_variable_name *= dwBValue--;
    }

  return this_is_a_long_variable_name;
}

Tip

This is correct

uint32_t somefunction(int limit, uint32_t value)
{
  uint32_t ret = 1;
  int i;

  for (i = 0; i < limit; i++)
    {
      ret *= value--;
    }

  return ret;
}

NOTE: You will see the local variable named ret is frequently used in the code base for the name of a local variable whose value will be returned or to received the returned value from a called function.

Type Definitions

Coding Standard:

• Short type names. Type names should be terse, but generally descriptive of what the type is for. Try to say something with the type name, but don’t try to say too much. For example, the type name of fhandle_t is preferable to something like openfilehandle_t.

• Type name suffix. All typedef’ed names end with the suffix _t.

• Module name prefix If a type belongs in a module with a name of, say xyz, then that module should be included as a prefix to the type name like: xyz_.

• Lowercase. Use all lower case letters.

• Minimal use of _. Preferably there are few _ separators within the type name. Long type names might require some delimitation using _. Long type names, however, are discouraged.

Error

This is incorrect

typedef void *myhandle;
typedef int myInteger;

Tip

This is correct

typedef FAR void *myhandle_t;
typedef int myinteger_t;

NOTE: See the discussion of pointers for information about the FAR qualifier used above.

Structures

Structure Naming

• No un-named structures. All structures must be named, even if they are part of a type definition. That is, a structure name must follow the reserved word struct in all structure definitions. There are two exceptions to this rule:

  1. First for structures that are defined within another union or structure (discouraged). In those cases, the structure name should always be omitted.

  2. Second for structures as the type of a local variable. In this case, again, the structure name should always be omitted.

• Structured defined with structures discouraged. Fields within a structure may be another structure that is defined only with the scope of the containing structure. This practice is acceptable, but discouraged.

• No un-named structure fields. Structures may contain other structures as fields. In this case, the structure field must be named. C11 permits such un-named structure fields within a structure. NuttX generally follows C89 and all code outside of architecture specific directories must be compatible with C89.

• No structure definitions within Type Definition. The practice of defining a structure within a type definition is discouraged. It is preferred that the structure definition and the type definition be separate definitions. In general, the NuttX coding style discourages any typdef-ing of structures; normally the full structure name is used as types throughout the code. The reason for this is that is structure pointers may be forward referenced in header files without having to include the file the provides the type definition. This greatly reduces header file coupling.

• Short structure names. Structure names should be terse, but generally descriptive of what the structure contains. Try to say something with the structure name, but don’t try to say too much. For example, the structure name of xyz_info_s is preferable to something like xyz_datainputstatusinformation_s.

• Structure name suffix. All structure names end with the suffix _s.

• Module name prefix If a structure belongs to a module with a name of, say xyz, then that module should be included as a prefix to the structure name like: xyz_.

• Lowercase. Use all lower case letters.

• Minimal use of _. Preferably there are few _ separators within the structure name. Long variable names might require some delimitation using '_'. Long variable names, however, are discouraged.

Structure Field Naming

• Common variable naming. Structure field naming is generally the same as for local variables.

• One definition per line. The one definition per line rule applies to structure fields, including bit field definitions.

• Each field should be commented. Each structure field should be commented. Commenting should follow the standard conventions.

• Optional structure field prefix. It make be helpful to add a two-letter prefix to each field name so that is is clear which structure the field belongs to. Although a good practice, that convention has not been used consistently in NuttX.

• Lowercase. Use all lower case letters.

• Minimal use of _. Preferably there are few _ separators within the field name. Long variable names might require some delimitation using '_'. Long variable names, however, are discouraged.

Other Applicable Coding Standards. See sections related to line formatting, use of braces, indentation, and comments.

Size Optimizations. When declaring fields in structures, order the declarations in such a way as to minimize memory waste due of data alignment. This essentially means that that fields should be organized by data size, not by functionality: Put all pointers togeter, all uint8_t’s together, all uint32_t’s together. Data types withi well known like uint8_t and uint32_t should also be place in either ascending or descending size order.

Error

This is incorrect

typedef struct       /* Un-named structure */
{
  ...
  int val1, val2, val3; /* Values 1-3 */
  ...
} xzy_info_t;

struct xyz_information
{
  ...
  uint8_t bita : 1,  /* Bit A */
          bitb : 1,  /* Bit B */
          bitc : 1;  /* Bit C */
  ...
};

struct abc_s
{
  ...
  struct
  {
    int a;           /* Value A */
    int b;           /* Value B */
    int c;           /* Value C */
  };                 /* Un-named structure field */
  ...
};

Tip

This is correct

struct xyz_info_s
{
  ...
  int val1;          /* Value 1 */
  int val2;          /* Value 2 */
  int val3;          /* Value 3 */
  ...
};

Warning

This is discouraged

typedef struct xyz_info_s xzy_info_t;

The use of typedef’ed structures is acceptable but discouraged.

Tip

This is correct

struct xyz_info_s
{
  ...
  uint8_t bita : 1,  /* Bit A */
  uint8_t bitb : 1,  /* Bit B */
  uint8_t bitc : 1,  /* Bit C */
  ...
};

Warning

This is discouraged

struct abc_s
{
  ...
  struct
  {
    int a;           /* Value A */
    int b;           /* Value B */
    int c;           /* Value C */
  } abc;
  ...
};

The use of structures defined within other structures is acceptable provided that they define named fields. The general practice of defining a structure within the scope of another structure, however, is still but discouraged in any case. The following is preferred:

Tip

This is preferred

struct abc_s
{
  ...
  int a;             /* Value A */
  int b;             /* Value B */
  int c;             /* Value C */
  ...
};

Unions

Union and Field Names. Naming of unions and fields within unions follow the same naming rules as for structures and structure fields. The only difference is that the suffix _u is used to identify unions.

Other Applicable Coding Standards. See sections related to line formatting, use of braces, indentation, and comments.

Note

This is acceptable

union xyz_union_u  /* All unions must be named */
{
  uint8_t  b[4];   /* Byte values. */
  uint16_t h[2];   /* Half word values. */
  uint32_t w;      /* Word Value. */
};

typedef union xyz_union_u xzy_union_t;

The use of typedef’ed unions is acceptable but discouraged.

Tip

This is preferred

struct xyz_info_s
{
  ...
  union
  {
    uint8_t  b[4]; /* Byte values. */
    uint16_t h[2]; /* Half word values. */
    uint32_t w;    /* Word Value. */
  } u;             /* All union fields must be named */
  ...
};

NOTE: Note that the union fields within structures are often named u. This is another exception to the prohibition against using single character variable and field names. The short field name u clearly identifies a union field and prevents the full name of the union value from being excessively long.

Enumerations

Enumeration Naming. Naming of enumerations follow the same naming rules as for structure and union naming. The only difference is that the suffix _e is used to identify an enumeration.

Enumeration Value Naming. Enumeration values, however, following a naming convention more similar to macros.

• Uppercase. Enumeration values are always in upper case.

• Use of _ encouraged. Unlike other naming, use of the underscore character _ to break up enumeration names is encouraged.

• Prefix. Each value in the enumeration should begin with an upper-case prefix that identifies the value as a member of the enumeration. This prefix should, ideally, derive from the name of the enumeration.

• No dangling commas. There should be no dangling comma on the final value of the enumeration. The most commonly used tool chain are tolerant of such dangling commas, but others will not.

Other Applicable Coding Standards. See sections related to line formatting, use of braces, indentation, and comments.

Tip

This is correct

enum xyz_state_e
{
  XYZ_STATE_UNINITIALIZED = 0, /* Uninitialized state. */
  XYZ_STATE_WAITING,           /* Waiting for input state. */
  XYZ_STATE_BUSY,              /* Busy processing input state. */
  XYZ_STATE_ERROR,             /* Halted due to an error. */
  XYZ_STATE_TERMINATING,       /* Terminating stated. */
  XYZ_STATE_TERMINATED         /* Terminating stated. */
};

C Pre-processor Macros

Coding Standard:

Macro Naming. Macro naming following a naming convention similar to the naming of enumeration values.

• Uppercase. Macro names are always in upper case.

• Lowercase Exceptions. There are a few lower case values in NuttX macro names. Such as a lower-case p for a period or decimal point (such as VOLTAGE_3p3V). I have also used lower-case v for a version number (such as CONFIG_NET_IPv6). However, these are exceptions to the rule rather than illustrating a rule.

• Macros that could be functions. Lower-case macro names are also acceptable if the macro is a substitute for a function name that might be used in some other context. In that case, normal function naming applies.

• Use of _ encouraged. Unlike other naming, use of the underscore character _ to break up macro names is encouraged.

• Prefix. Each related macro value should begin with an upper-case prefix that identifies the value as part of a set of values (and also to minimize the likelihood of naming collisions).

• Single space after #define. A single space character should separate the #define from the macro name. Tabs are never used.

• Normal commenting rules. Normal commenting rules apply.

• Line continuations. Macro definitions may be continued on the next line by terminating the line with the \ character just before the newline character. There should be a single space before the \ character. Aligned \ characters on multiple line continuations are discouraged because they are a maintenance problem.

• Parentheses around macro argument expansions. Macros may have argument lists. In the macros expansion, each argument should be enclosed in parentheses.

• Real statements. If a macro functions as a statement, then the macro expansion should be wrapped in do { ... } while (0) to assume that the macros is, indeed, a statement.

• Magic numbers are prohibited in code. Any numeric value is not intuitively obvious, must be properly named and provided as either a pre-processor macro or an enumeration value.

• Side effects. Be careful of side effects.

• Indentation. See the Indentation of Pre-Processor Lines requirements above.

Other Applicable Coding Standards. See sections related to line formatting, indentation, and comments.

Error

This is incorrect

#define max(a,b) a > b ? a : b

#define ADD(x,y) x + y

#ifdef HAVE_SOMEFUNCTION
int somefunction(struct somestruct_s* psomething);
#else
#define SOMEFUNCTION() (0)
#endif

#   define  IS_A_CAT(c)             ((c) == A_CAT)

#define LONG_MACRO(a,b)                                  \
  {                                                      \
    int value;                                           \
    value = b-1;                                         \
    a = b*value;                                         \
  }

#define DO_ASSIGN(a,b) a = b

Tip

This is correct

#define MAX(a,b) (((a) > (b)) ? (a) : (b))

#define ADD(x,y) ((x) + (y))

#ifdef HAVE_SOMEFUNCTION
int somefunction(struct somestruct_s* psomething);
#else
#  define somefunction(p) (0)
#endif

# define IS_A_CAT(c)  ((c) == A_CAT)

#define LONG_MACRO(a,b) \
  { \
    int value; \
    value = (b)-1; \
    (a) = (b)*value; \
  }

#define DO_ASSIGN(a,b) do { (a) = (b); } while (0)

Pointer Variables

Pointer Naming. Pointers following same naming conventions as for other variable types. A pointer (or pointer-to-a-pointer) variable may be prefaced with p (or pp) with no intervening underscore character _ in order to identify that variable is a pointer. That convention is not encouraged, however, and is only appropriate if there is some reason to be concerned that there might otherwise be confusion with another variable that differs only in not being a pointer.

White Space. The asterisk used in the declaration of a pointer variable or to dereference a pointer variable should be placed immediately before the variable name with no intervening spaces. A space should precede the asterisk in a cast to a pointer type.

Error

This is incorrect

int somefunction(struct somestruct_s* psomething);

ptr = (struct somestruct_s*)value;

Tip

This is correct

int somefunction(FAR struct somestruct_s *something);

ptr = (FAR struct somestruct_s *)value;

FAR

FAR, NEAR, DSEG and CODE pointers. Some architectures require a qualifier on pointers to identify the address space into which the pointer refers. The macros FAR, NEAR, DSEG and CODE are defined in include/nuttx/compiler.h to provide meaning for this qualifiers when needed. For portability, the general rule is that pointers to data that may lie in the stack, heap, .bss, or .data should be prefaced by the qualifier FAR; pointers to functions probably lie in a code address space and should have the qualifier CODE. The typical effect of these macros on architectures where they have meaning to determine the size of the pointer (size in the sense of the width of the pointer value in bits).

Initializers

Applicable Coding Standards. See the section related to parentheses.

C89 Compatibility. All common NuttX code must conform to ANSII C89 requirements. Newer C standards permit more flexible initialization with named initializers and array initializers. However, these are not backward compatible with C89 and cannot be used in common code. Newer C99 features may be included in architecture-specific sub-directories where there is no possibility of the use of such older toolchains. C11 is included in NuttX, but has not been verified and, hence, it not encourage anywhere.

Functions

Function Headers

Coding Standard:

• Function headers. Each function is preceded by a function header. The function header is a block comment that provides information about the function. The block comment consists of the following:

  • The block comment begins with a line that consists of the opening C comment in column 1 (/*) followed by a series of asterisks extending to the length of the line (usually to column 78).

  • The block comment ends with a line that consists of series of asterisks beginning at column 2 and extending to the near the end line (usually to column 77) followed by the closing C comment in (usually at column 78 for a total length of 79 characters).

  • Information about the function is included in lines between the first and final lines. Each of these begin with a space in column 1, an sterisk (*) in column 2, and a space in column 3.

• Function header preceded by one blank line. Exactly one blank line precedes each function header.

• Function header followed by one blank line. Exactly one blank line is placed after function header and before the function definition.

• Function header sections. Within the function header, the following data sections must be provided:

  • * Name: followed by the name of the function on the same line.

  • * Description: followed by a description of the function beginning on the second line. Each line of the function description is indented by two additional spaces.

  • * Input Parameters: followed by a description of the of each input parameter beginning on the second line. Each input parameter begins on a separator line indented by two additional spaces. The description needs to include (1) the name of the input parameters, and (2) a short description of the input parameter.

  • * Returned Value: followed by a description of the of returned value(s) beginning on the second line. The description of the returned value should identify all error values returned by the function.

  • * Assumptions/Limitations: followed by a any additional information that is needed to use the function correctly. This section is optional and may be omitted with there is no such special information required for use of the function.

  Each of these data sections is separated by a single line like *.

Function header template. Refer to Appendix A for the template for a function header.

Function Naming

Coding Standard:

• Short function names. Function names should be terse, but generally descriptive of what the function is for. Try to say something with the function name, but don’t try to say too much. For example, the variable name of xyz_putvalue is preferable to something like xyz_savethenewvalueinthebuffer.

• Lowercase. Use all lower case letters.

• Module prefix. All functions in the same module, or sub-system, or within the same file should have a name beginning with a common prefix separated from the remainder of the function name with the underscore, '_', character. For example, for a module called xyz, all of the functions should begin with xyz_.

• Extended prefix. Other larger functional grouping should have another level in the naming convention. For example, if module xyz contains a set of functions that manage a set of I/O buffers (IOB), then those functions all should get naming beginning with a common prefix like xyz_iob_.

• Use of _ discouraged. Further use of the '_' separators is discouraged in function naming. Long function names might require some additional elimitation using '_'. Long function names, however, are also discouraged.

• Verbs and Objects. The remainder of the function name should be either in the form of verb-object or object-verb. It does not matter which as long as the usage is consistent within the module. Common verbs include get and set (or put) for operations that retrieve or store data, respectively. The verb is is reserved for functions that perform some test and return a boolean value to indicate the result of the test. In this case, the object should indicate what is testing and the return value of true should be consistent with result of the test being true.

Parameter Lists

Coding Standards. See general rules for parameter naming. See also the sections related to the use of parentheses.

Use of const parameters. Use of the const storage class is encouraged. This is appropriate to indicate that the function will not modify the object.

Function Body

Coding Standard:

• Single compound statement. The function body consists of a single compound statement.

• Braces in column 1 The opening and close braces of the compound statement must be placed in column one.

• First definition or statement in column 3. The first data definitions or statements in the function body are idented by two spaces. Standards for statements are covered in the following paragraph

• Local variables first. Because NuttX conforms to the older C89 standard, all variables that have scope over the compound statement must be defined at the beginning of the compound statement prior to any executable statements. Local variable definitions intermixed within the following sequence of executable statements are forbidden. A single blank line must follow the local variable definitions separating the local variable definitions from the following executable statements. NOTE that a function body consists of a compound statement, but typically so does the statement following if, else, for, while, do. Local variable definitions are also acceptable at the beginning of these compound statements as with any other.

• Long functions are discouraged. As a rule of thumb, the length of a function should be limited so that it would fit on a single page (if you were to print the source code).

• Return Statement. The argument of the return statement should not be enclosed in parentheses. A reasonable exception is the case where the returned value argument is a complex expression and where the parentheses improve the readability of the code. Such complex expressions might be Boolean expressions or expressions containing conditions. Simple arithmetic computations would not be considered complex expressions.

• Space after the function body. A one (and only one) blank line must follow the closing right brace of the function body.

Other Applicable Coding Standards. See sections related to General Conventions, Parameters and Local Variables, and Statements.

Error

This is incorrect

int myfunction(int a, int b)
  {
    int c, d;
    c = a
    d = b;

    int e = c + d;

    for (int i = 0; i < a; i++)
      {
        for (int j = 0; j < b; j++)
          {
            e += j * d;
          }
      }

    return (e / a);
  }

Tip

This is correct

int myfunction(int a, int b)
{
  int c;
  int d;
  int e;
  int i;

  c = a
  d = b;
  e = c + d;

  for (i = 0; i < a; i++)
    {
      int j;

      for (j = 0; j < b; j++)
        {
          e += j * d;
        }
    }

  return e / a;
}

Returned Values

OS Internal Functions. In general, OS internal functions return a type int to indicate success or failure conditions. Non-negative values indicate success. The return value of zero is the typical success return value, but other successful return can be represented with other positive values. Errors are always reported with negative values. These negative values must be a well-defined errno as defined in the file nuttx/include/errno.h.

Application/OS Interface. All but a few OS interfaces conform to documented standards that have precedence over the coding standards of this document.

Checking Return Values. Callers of internal OS functions should always check return values for an error. At a minimum, a debug statement should indicate that an error has occurred. Ignored return values are always suspicious. All calls to malloc or realloc, in particular, must be checked for failures to allocate memory to avoid use of NULL pointers.

Statements

One Statement Per Line

Coding Standard:

• One statement per line. There should never be more than one statement on a line.

• No more than one assignment per statement. Related to this, there should never be multiple assignments in the same statement.

• Statements should never be on the same line as any keyword. Statements should never be on the same line as case selectors or any C keyword.

Other Applicable Coding Standards. See the section related to the use of braces.

Error

This is incorrect

if (var1 < var2) var1 = var2;

case 5: var1 = var2; break;

var1 = 5; var2 = 6; var3 = 7;

var1 = var2 = var3 = 0;

Tip

This is correct

if (var1 < var2)
  {
    var1 = var2;
  }

case 5:
  {
    var1 = var2;
  }
  break;

var1 = 5;
var2 = 6;
var3 = 7;

var1 = 0;
var2 = 0;
var3 = 0;

Casts

Coding Standard:

• No space in cast. There should be no space between a cast and the value being cast.

Error

This is incorrect

struct something_s *x = (struct something_s*) y;

Tip

This is correct

struct something_s *x = (struct something_s *)y;

Operators

Spaces before and after binary operators. All binary operators (operators that come between two values), such as +, -, =, !=, ==, >, etc. should have a space before and after the operator, for readability. As examples:

Error

This is incorrect

for=bar;
if(a==b)
for(i=0;i<5;i++)

Tip

This is correct

for = bar;
if (a == b)
for (i = 0; i < 5; i++)

No space separating unary operators. Unary operators (operators that operate on only one value), such as ++, should not have a space between the operator and the variable or number they are operating on.

Error

This is incorrect

x ++;

Tip

This is correct

x++;

Forbidden Multicharacter Forms. Many operators are expressed as a character in combination with = such as +=, >=, >>=, etc. Some compilers will accept the = at the beginning or the end of the sequence. This standard, however, requires that the = always appear last in order to avoid amiguities that may arise if the = were to appear first. For example, a =++ b; could also be interpreted as a =+ +b; or a = ++b all of which are very different.

if then else Statement

Coding Standard:

• if separated from <condition>. The if keyword and the <condition> must appear on the same line. The if keyword and the <condition> must be separated by a single space.

• Indentation and parentheses. if <condition> follows the standard indentation and parentheses rules.

• Alignment. The if in the if <condition> line and the else must be aligned at the same column.

• Statement(s) always enclosed in braces. Statement(s) following the if <condition> and else keywords must always be enclosed in braces. Braces must follow the if <condition> and else lines even in the cases where (a) there is no contained statement or (b) there is only a single statement!

• Braces and indentation. The placement of braces and statements must follow the standard rules for braces and indentation.

• Final brace followed by a single blank line. The final right brace of the if-else must be followed by a blank line in most cases (the exception given below). This may be the final brace of the if compound statement if the else keyword is not present. Or it may be the the final brace of the else compound statement if present. A blank line never follows the right brace closing the if compound statement if the else keyword is present. Use of braces must follow all other standard rules for braces and spacing.

• Exception. That blank line must also be omitted for certain cases where the if <condition>-else statement is nested within another compound statement; there should be no blank lines between consecutive right braces as discussed in the standard rules for use of braces.

Other Applicable Coding Standards. See sections related to use of braces and indentation.

Error

This is incorrect

if(var1 < var2) var1 = var2;

if(var > 0)
  var--;
else
  var = 0;

if (var1 > 0) {
  var1--;
} else {
  var1 = 0;
}
var2 = var1;

Tip

This is correct

if (var1 < var2)
  {
    var1 = var2;
  }

if (var > 0)
  {
    var--;
  }
else
  {
    var = 0;
  }

if (var1 > 0)
  {
    var1--;
  }
else
  {
    var1 = 0;
  }

var2 = var1;

Ternary operator (<condition> ? <then> : <else>):

• Only if the expression is short. Use of this form is only appropriate if the entire sequence is short and fits neatly on the line.

• Multiple lines forbidden. This form is forbidden if it extends to more than one line.

• Use of parentheses. The condition and the entire sequence are often enclosed in parentheses. These are, however, not required if the expressions evaluate properly without them.

Other Applicable Coding Standards. See sections related to parentheses.

Tip

This is correct

int arg1 = arg2 > arg3 ? arg2 : arg3;
int arg1 = ((arg2 > arg3) ? arg2 : arg3);

switch Statement

Definitions:

• Case logic. By case logic it is mean the case or default and all of the lines of code following the case or default up to the next case, default, or the right brace indicating the end of the switch statement.

Coding Standard:

• switch separated from <value>. The switch keyword and the switch <value> must appear on the same line. The if keyword and the <value> must be separated by a single space.

• Falling through. Falling through a case statement into the next case statement is be permitted as long as a comment is included.

• default case. The default case should always be present and trigger an error if it is reached when it should not be.

• Case logic in braces. It is preferable that all case logic (except for the break) be enclosed in braces. If you need to instantiate local variables in case logic, then that logic must be surrounded with braces.

• break outside of braces. break statements are normally indented by two spaces. When used conditionally with case logic, the placement of the break statement follows normal indentation rules.

• Case logic followed by a single blank line. A single blank line must separate the case logic and any following case or default. The should, however, be no blank lines between the case logic and the closing right brace.

• Switch followed by a single blank line. The final right brace that closes the switch <value> statement must be followed by a single blank line.

• Exception. That blank line must be omitted for certain cases where the switch <value> statement is nested within another compound statement; there should be no blank lines between consecutive right braces as discussed in the standard rules for use of braces.

Other Applicable Coding Standards. See sections related to use of braces, indentation, and comments.

Tip

This is correct

switch (...)
  {
    case 1:  /* Example of a comment following a case selector. */
    ...

    /* Example of a comment preceding a case selector. */

    case 2:
      {
        /* Example of comment following the case selector. */

        int value;
        ...
      }
      break;

    default:
      break;
  }

while Statement

Coding Standard:

• while separated from <condition>. The while keyword and the <condition> must appear on the same line. The while keyword and the <condition> must be separated by a single space.

• Keywords on separate lines. while <condition> must lie on a separate line with nothing else present on the line.

• Indentation and parentheses. while <condition> follows the standard indentation and parentheses rules.

• Statements enclosed in braces Statement(s) following the while <condition> must always be enclosed in braces, even if only a single statement follows.

• No braces on null statements. No braces are required if no statements follow the while <condition>. The single semicolon (null statement) is sufficient;

• Braces and indentation. The placement of braces and statements must follow the standard rules for braces and indentation.

• Followed by a single blank line. The final right brace that closes the while <condition> statement must be followed by a single blank line.

• Exception. That blank line must be omitted for certain cases where the while <condition> statement is nested within another compound statement; there should be no blank lines between consecutive right braces as discussed in the standard rules for use of braces.

Other Applicable Coding Standards. See sections related to use of braces, indentation, and comments.

Error

This is incorrect

while( notready() )
  {
  }
ready = true;

while (*ptr != '\0') ptr++;

Tip

This is correct

while (notready());

ready = true;

while (*ptr != '\0')
  {
    ptr++;
  }

do while Statement

Coding Standard:

• Keywords on separate lines. do and while <condition> must lie on separate lines with nothing else present on the line.

• Indentation and parentheses. do .. while <condition> follows the standard indentation and parentheses rules.

• Statements enclosed in braces Statement(s) following the do must always be enclosed in braces, even if only a single statement (or no statement) follows.

• Braces and indentation. The placement of braces and statements must follow the standard rules for braces and indentation.

• while separated from <condition>. The while keyword and the <condition> must appear on the same line. The while keyword and the <condition> must be separated by a single space.

• Followed by a single blank line. The concluding while <condition> must be followed by a single blank line.

Other Applicable Coding Standards. See sections related to use of braces, indentation, and comments.

Error

This is incorrect

do {
  ready = !notready();
} while (!ready);
senddata();

do ptr++; while (*ptr != '\0');

Error

This is incorrect

do
  {
    ready = !notready();
  }
while (!ready);

senddata();

do
  {
    ptr++;
  }
while (*ptr != '\0');

Use of goto

Coding Standard:

• Limited Usage of goto. All use of the goto statement is prohibited except for one usage: for handling error conditions in complex, nested logic. A simple goto in those conditions can greatly improve the readability and complexity of the code.

• Label Naming. Labels must all lower case. The underscore character _ is permitted to break up long labels.

• Error Exit Labels. The error exit label is normally called errout. Multiple error labels are often to required to unwind to recover resources committed in logic prior to the error to otherwise undo preceding operations. Naming for these other labels would be some like errout_with_allocation, errout_with_openfile, etc.

• Label Positioning. Labels are never indented. Labels must always begin in column 1.

Tip

This is correct

   FAR struct some_struct_s *ptr;
   int fd;
   int ret;
   ...

   if (arg == NULL)
     {
       ret = -EINVAL;
       goto errout;
     }
   ...
   ptr = malloc(sizeof(struct some_struct_s));
   if (!ptr)
     {
       ret = -ENOMEM;
       goto errout;
     }
   ...
   fd = open(filename, O_RDONLY);
   if (fd < 0)
     {
       errcode = -errno;
       DEBUGASSERT(errcode > 0);
       goto errotout_with_alloc;
     }
   ...
   ret = readfile(fd);
   if (ret < 0)
     {
       goto errout_with_openfile;
     }
   ...
errout_with_openfile:
  close(fd);

errout_with_alloc:
  free(ptr);

error:
  return ret;

NOTE: See the discussion of pointers for information about the FAR qualifier used above.

C++

There is no existing document that provides a complete coding standard for NuttX C++ files. This section is included here to provide some minimal guidance in C++ code development. In most details like indentation, spacing, and file organization, it is identical to the C coding standard. But there are significant differences in the acceptable standard beyond that. The primary differences are as follows:

C++ style comments are not only permissible but are required (other than for the following exception). This includes the block comments of in the Source File Structure described in an Appendix to this standard.

Deoxygen tags are acceptable. As are C style comments when needed to provide DOxygen tags.

There is currently no requirement to conform any specific C++ version. However, for portability reasons, conformance to older, pre-C++11 standards is encouraged where reasonable.

C++ file name extensions: The extension .cxx is used for C++ source files; the extension .hxx is used for C++ header files.

All naming must use CamelCase. Use of the underbar character, ‘_’ is discouraged. This includes variables, classes, structures, …, etc.: All user-nameable C++ elements. Pre-processor definitions are still required to be all upper case.

Local variable, method names, and function names must all begin with a lower case letter. As examples, myLocalVariable would be a compliant name for a local variable; myMethod would be a compliant name for a method;

Namespaces, global variable, class, structure, template, and enumeration names begin with a capital letter identifying what is being named:

Namespace Names

Namespaces begin with an upper case character but no particular character is specified. As an example, MyNamespace is fully compliant.

Global Variable Names

Global variables and singletons begin with an upper case ‘G’. For example, GMyGlobalVariable. The prefix g_ is never used.

Implementation Class Names

Classes that implement methods begin with an upper case ‘C’. For example, CMyClass. A fully qualified method of CMyClass could be MyNamespace::CMyClass::myMethod

Pure Virtual Base Class Names

Such base classes begin with an upper case ‘I’. For example, IMyInterface.

Template Class Names

Template classes begin with an upper case ‘T’. For example, TMyTemplate.

``typedef``’d Type Names

Currently all such types also begin with an upper case ‘T’. That probably needs some resolution to distinguish for template names. The suffix _t is never used.

Structure Names

Structures begin with an upper case ‘S’. For example, SMyStructure. The suffix _s is never used.

Enumerations Names

Enumerations begin with an upper case ‘E’. For example, EMyEnumeration. The suffix _e is never used.

Appendix

C Source File Structure

/****************************************************************************
 * <Relative path to the file>
 * <Optional one line file description>
 *
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.  The
 * ASF licenses this file to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the
 * License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
 * License for the specific language governing permissions and limitations
 * under the License.
 *
 ****************************************************************************/

/****************************************************************************
 * Included Files
 ****************************************************************************/

All header files are included here.

/****************************************************************************
 * Pre-processor Definitions
 ****************************************************************************/

All C pre-processor macros are defined here.

/****************************************************************************
 * Private Types
 ****************************************************************************/

Any types, enumerations, structures or unions used by the file are defined here.

/****************************************************************************
 * Private Function Prototypes
 ****************************************************************************/

Prototypes of all static functions in the file are provided here.

/****************************************************************************
 * Private Data
 ****************************************************************************/

All static data definitions appear here.

/****************************************************************************
 * Public Data
 ****************************************************************************/

All data definitions with global scope appear here.

/****************************************************************************
 * Private Functions
 ****************************************************************************/

/****************************************************************************
 * Name: <Static function name>
 *
 * Description:
 *   Description of the operation of the static function.
 *
 * Input Parameters:
 *   A list of input parameters, one-per-line, appears here along with a
 *   description of each input parameter.
 *
 * Returned Value:
 *   Description of the value returned by this function (if any),
 *   including an enumeration of all possible error values.
 *
 * Assumptions/Limitations:
 *   Anything else that one might need to know to use this function.
 *
 ****************************************************************************/

All static functions in the file are defined in this grouping. Each is preceded by a function header similar to the above.

/****************************************************************************
 * Public Functions
 ****************************************************************************/

/****************************************************************************
 * Name: <Global function name>
 *
 * Description:
 *   Description of the operation of the function.
 *
 * Input Parameters:
 *   A list of input parameters, one-per-line, appears here along with a
 *   description of each input parameter.
 *
 * Returned Value:
 *   Description of the value returned by this function (if any),
 *   including an enumeration of all possible error values.
 *
 * Assumptions/Limitations:
 *   Anything else that one might need to know to use this function.
 *
 ****************************************************************************/

All global functions in the file are defined here.

C Header File Structure

/****************************************************************************
* <Relative path to the file>
* <Optional one line file description>
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements.  See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.  The
* ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the
* License.  You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
* License for the specific language governing permissions and limitations
* under the License.
*
****************************************************************************/

Header file idempotence definitions go here

/****************************************************************************
* Included Files
****************************************************************************/

All header files are included here.

/****************************************************************************
* Pre-processor Definitions
****************************************************************************/

All C pre-processor macros are defined here.

/****************************************************************************
* Public Types
****************************************************************************/

#ifndef __ASSEMBLY__

Any types, enumerations, structures or unions are defined here.

/****************************************************************************
* Public Data
****************************************************************************/

#ifdef __cplusplus
#define EXTERN extern "C"
extern "C"
{
#else
#define EXTERN extern
#endif

All data declarations with global scope appear here, preceded by the definition EXTERN.

/****************************************************************************
 * Inline Functions
 ****************************************************************************/

/****************************************************************************
 * Name: <Inline function name>
 *
 * Description:
 *   Description of the operation of the inline function.
 *
 * Input Parameters:
 *   A list of input parameters, one-per-line, appears here along with a
 *   description of each input parameter.
 *
 * Returned Value:
 *   Description of the value returned by this function (if any),
 *   including an enumeration of all possible error values.
 *
 * Assumptions/Limitations:
 *   Anything else that one might need to know to use this function.
 *
 ****************************************************************************/

Any static inline functions may be defined in this grouping. Each is preceded by a function header similar to the above.

/****************************************************************************
* Public Function Prototypes
****************************************************************************/

/****************************************************************************
* Name: <Global function name>
*
* Description:
*   Description of the operation of the function.
*
* Input Parameters:
*   A list of input parameters, one-per-line, appears here along with a
*   description of each input parameter.
*
* Returned Value:
*   Description of the value returned by this function (if any),
*   including an enumeration of all possible error values.
*
* Assumptions/Limitations:
*   Anything else that one might need to know to use this function.
*
****************************************************************************/

All global functions in the file are prototyped here. The keyword extern or the definition EXTERN are never used with function prototypes.

#undef EXTERN
#ifdef __cplusplus
}
#endif

#endif /* __INCLUDE_ASSERT_H */

Ending with the header idempotence #endif.