cppguide.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Google C++ Style Guide</title>
<link rel="stylesheet" href="include/styleguide.css">
<script src="include/styleguide.js"></script>
<link rel="shortcut icon" href="https://www.google.com/favicon.ico">
</head>
<body onload="initStyleGuide();">
<div id="content">
<h1>Google C++ Style Guide</h1>
<div class="horizontal_toc" id="tocDiv"></div>

<div class="main_body">

<h2 class="ignoreLink" id="Background">Background</h2>

<p>C++ is one of the main development languages  used by
many of Google's open-source projects. As every C++
programmer knows, the language has many powerful features, but
this power brings with it complexity, which in turn can make
code more bug-prone and harder to read and maintain.</p>

<p>The goal of this guide is to manage this complexity by
describing in detail the dos and don'ts of writing C++ code.
These rules exist to
keep  the code base manageable while still allowing
coders to use C++ language features productively.</p>

<p><em>Style</em>, also known as readability, is what we call
the conventions that govern our C++ code. The term Style is a
bit of a misnomer, since these conventions cover far more than
just source file formatting.</p>

<p>
Most open-source projects developed by
Google conform to the requirements in this guide.
</p>





<p>Note that this guide is not a C++ tutorial: we assume that
the reader is familiar with the language. </p>

<h3 id="Goals">Goals of the Style Guide</h3>
<div class="stylebody">
<p>Why do we have this document?</p>

<p>There are a few core goals that we believe this guide should
serve. These are the fundamental <b>why</b>s that
underlie all of the individual rules. By bringing these ideas to
the fore, we hope to ground discussions and make it clearer to our
broader community why the rules are in place and why particular
decisions have been made. If you understand what goals each rule is
serving, it should be clearer to everyone when a rule may be waived
(some can be), and what sort of argument or alternative would be
necessary to change a rule in the guide.</p>

<p>The goals of the style guide as we currently see them are as follows:</p>
<dl>
<dt>Style rules should pull their weight</dt>
<dd>The benefit of a style rule
must be large enough to justify asking all of our engineers to
remember it. The benefit is measured relative to the codebase we would
get without the rule, so a rule against a very harmful practice may
still have a small benefit if people are unlikely to do it
anyway. This principle mostly explains the rules we don&#8217;t have, rather
than the rules we do: for example, <code>goto</code> contravenes many
of the following principles, but is already vanishingly rare, so the Style
Guide doesn&#8217;t discuss it.</dd>

<dt>Optimize for the reader, not the writer</dt>
<dd>Our codebase (and most individual components submitted to it) is
expected to continue for quite some time. As a result, more time will
be spent reading most of our code than writing it. We explicitly
choose to optimize for the experience of our average software engineer
reading, maintaining, and debugging code in our codebase rather than
ease when writing said code.  "Leave a trace for the reader" is a
particularly common sub-point of this principle: When something
surprising or unusual is happening in a snippet of code (for example,
transfer of pointer ownership), leaving textual hints for the reader
at the point of use is valuable (<code>std::unique_ptr</code>
demonstrates the ownership transfer unambiguously at the call
site). </dd>

<dt>Be consistent with existing code</dt>
<dd>Using one style consistently through our codebase lets us focus on
other (more important) issues. Consistency also allows for
automation: tools that format your code or adjust
your <code>#include</code>s only work properly when your code is
consistent with the expectations of the tooling. In many cases, rules
that are attributed to "Be Consistent" boil down to "Just pick one and
stop worrying about it"; the potential value of allowing flexibility
on these points is outweighed by the cost of having people argue over
them. </dd>

<dt>Be consistent with the broader C++ community when appropriate</dt>
<dd>Consistency with the way other organizations use C++ has value for
the same reasons as consistency within our code base. If a feature in
the C++ standard solves a problem, or if some idiom is widely known
and accepted, that's an argument for using it. However, sometimes
standard features and idioms are flawed, or were just designed without
our codebase's needs in mind. In those cases (as described below) it's
appropriate to constrain or ban standard features.  In some cases we
prefer a homegrown or third-party library over a library defined in
the C++ Standard, either out of perceived superiority or insufficient
value to transition the codebase to the standard interface.</dd>

<dt>Avoid surprising or dangerous constructs</dt>
<dd>C++ has features that are more surprising or dangerous than one
might think at a glance. Some style guide restrictions are in place to
prevent falling into these pitfalls. There is a high bar for style
guide waivers on such restrictions, because waiving such rules often
directly risks compromising program correctness.
</dd>

<dt>Avoid constructs that our average C++ programmer would find tricky
or hard to maintain</dt>
<dd>C++ has features that may not be generally appropriate because of
the complexity they introduce to the code. In widely used
code, it may be more acceptable to use
trickier language constructs, because any benefits of more complex
implementation are multiplied widely by usage, and the cost in understanding
the complexity does not need to be paid again when working with new
portions of the codebase. When in doubt, waivers to rules of this type
can be sought by asking 
your project leads. This is specifically
important for our codebase because code ownership and team membership
changes over time: even if everyone that works with some piece of code
currently understands it, such understanding is not guaranteed to hold a
few years from now.</dd>

<dt>Be mindful of our scale</dt>
<dd>With a codebase of 100+ million lines and thousands of engineers,
some mistakes and simplifications for one engineer can become costly
for many. For instance it's particularly important to
avoid polluting the global namespace: name collisions across a
codebase of hundreds of millions of lines are difficult to work with
and hard to avoid if everyone puts things into the global
namespace.</dd>

<dt>Concede to optimization when necessary</dt>
<dd>Performance optimizations can sometimes be necessary and
appropriate, even when they conflict with the other principles of this
document.</dd>
</dl>

<p>The intent of this document is to provide maximal guidance with
reasonable restriction. As always, common sense and good taste should
prevail. By this we specifically refer to the established conventions
of the entire Google C++ community, not just your personal preferences
or those of your team. Be skeptical about and reluctant to use
clever or unusual constructs: the absence of a prohibition is not the
same as a license to proceed.  Use your judgment, and if you are
unsure, please don't hesitate to ask your project leads to get additional
input.</p>

</div>

 

<h2 id="Header_Files">Header Files</h2>

<p>In general, every <code>.cc</code> file should have an
associated <code>.h</code> file. There are some common
exceptions, such as  unittests and
small <code>.cc</code> files containing just a
<code>main()</code> function.</p>

<p>Correct use of header files can make a huge difference to
the readability, size and performance of your code.</p>

<p>The following rules will guide you through the various
pitfalls of using header files.</p>

<a id="The_-inl.h_Files"></a>
<h3 id="Self_contained_Headers">Self-contained Headers</h3>

<div class="summary">
<p>Header files should be self-contained (compile on their own) and
end in <code>.h</code>.  Non-header files that are meant for inclusion
should end in <code>.inc</code> and be used sparingly.</p>
</div> 

<div class="stylebody">
<p>All header files should be self-contained. Users and refactoring
tools should not have to adhere to special conditions to include the
header. Specifically, a header should
have <a href="#The__define_Guard">header guards</a> and include all
other headers it needs.</p>

<p>Prefer placing the definitions for template and inline functions in
the same file as their declarations.  The definitions of these
constructs must be included into every <code>.cc</code> file that uses
them, or the program may fail to link in some build configurations.  If
declarations and definitions are in different files, including the
former should transitively include the latter.  Do not move these
definitions to separately included header files (<code>-inl.h</code>);
this practice was common in the past, but is no longer allowed.</p>

<p>As an exception, a template that is explicitly instantiated for
all relevant sets of template arguments, or that is a private
implementation detail of a class, is allowed to be defined in the one
and only <code>.cc</code> file that instantiates the template.</p>

<p>There are rare cases where a file designed to be included is not
self-contained.  These are typically intended to be included at unusual
locations, such as the middle of another file.  They might not
use <a href="#The__define_Guard">header guards</a>, and might not include
their prerequisites.  Name such files with the <code>.inc</code>
extension.  Use sparingly, and prefer self-contained headers when
possible.</p>

</div> 

<h3 id="The__define_Guard">The #define Guard</h3>

<div class="summary">
<p>All header files should have <code>#define</code> guards to
prevent multiple inclusion. The format of the symbol name
should be
<code><i>&lt;PROJECT&gt;</i>_<i>&lt;PATH&gt;</i>_<i>&lt;FILE&gt;</i>_H_</code>.</p>
</div> 

<div class="stylebody">



<p>To guarantee uniqueness, they should
be based on the full path in a project's source tree. For
example, the file <code>foo/src/bar/baz.h</code> in
project <code>foo</code> should have the following
guard:</p>

<pre>#ifndef FOO_BAR_BAZ_H_
#define FOO_BAR_BAZ_H_

...

#endif  // FOO_BAR_BAZ_H_
</pre>




</div> 

<h3 id="Forward_Declarations">Forward Declarations</h3>

<div class="summary">
  <p>Avoid using forward declarations where possible.
  Just <code>#include</code> the headers you need.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>A "forward declaration" is a declaration of a class,
function, or template without an associated definition.</p>
</div>

<div class="pros">
<ul>
  <li>Forward declarations can save compile time, as
  <code>#include</code>s force the compiler to open
  more files and process more input.</li>

  <li>Forward declarations can save on unnecessary
  recompilation. <code>#include</code>s can force
  your code to be recompiled more often, due to unrelated
  changes in the header.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>Forward declarations can hide a dependency, allowing
  user code to skip necessary recompilation when headers
  change.</li>

  <li>A forward declaration may be broken by subsequent
  changes to the library. Forward declarations of functions
  and templates can prevent the header owners from making
  otherwise-compatible changes to their APIs, such as
  widening a parameter type, adding a template parameter
  with a default value, or migrating to a new namespace.</li>

  <li>Forward declaring symbols from namespace
  <code>std::</code> yields undefined behavior.</li>

  <li>It can be difficult to determine whether a forward
  declaration or a full <code>#include</code> is needed.
  Replacing an <code>#include</code> with a forward
  declaration can silently change the meaning of
  code:
      <pre>      // b.h:
      struct B {};
      struct D : B {};

      // good_user.cc:
      #include "b.h"
      void f(B*);
      void f(void*);
      void test(D* x) { f(x); }  // calls f(B*)
      </pre>
  If the <code>#include</code> was replaced with forward
  decls for <code>B</code> and <code>D</code>,
  <code>test()</code> would call <code>f(void*)</code>.
  </li>

  <li>Forward declaring multiple symbols from a header
  can be more verbose than simply
  <code>#include</code>ing the header.</li>

  <li>Structuring code to enable forward declarations
  (e.g. using pointer members instead of object members)
  can make the code slower and more complex.</li>

  
</ul>
</div>

<div class="decision">
<ul>
  <li>Try to avoid forward declarations of entities
  defined in another project.</li>

  <li>When using a function declared in a header file,
  always <code>#include</code> that header.</li>

  <li>When using a class template, prefer to
  <code>#include</code> its header file.</li>
</ul>

<p>Please see <a href="#Names_and_Order_of_Includes">Names and Order
of Includes</a> for rules about when to #include a header.</p>
</div>

</div> 

<h3 id="Inline_Functions">Inline Functions</h3>

<div class="summary">
<p>Define functions inline only when they are small, say, 10
lines or fewer.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>You can declare functions in a way that allows the compiler to expand
them inline rather than calling them through the usual
function call mechanism.</p>
</div>

<div class="pros">
<p>Inlining a function can generate more efficient object
code, as long as the inlined function is small. Feel free
to inline accessors and mutators, and other short,
performance-critical functions.</p>
</div>

<div class="cons">
<p>Overuse of inlining can actually make programs slower.
Depending on a function's size, inlining it can cause the
code size to increase or decrease. Inlining a very small
accessor function will usually decrease code size while
inlining a very large function can dramatically increase
code size. On modern processors smaller code usually runs
faster due to better use of the instruction cache.</p>
</div>

<div class="decision">
<p>A decent rule of thumb is to not inline a function if
it is more than 10 lines long. Beware of destructors,
which are often longer than they appear because of
implicit member- and base-destructor calls!</p>

<p>Another useful rule of thumb: it's typically not cost
effective to inline functions with loops or switch
statements (unless, in the common case, the loop or
switch statement is never executed).</p>

<p>It is important to know that functions are not always
inlined even if they are declared as such; for example,
virtual and recursive functions are not normally inlined.
Usually recursive functions should not be inline. The
main reason for making a virtual function inline is to
place its definition in the class, either for convenience
or to document its behavior, e.g., for accessors and
mutators.</p>
</div> 

</div> 

<h3 id="Names_and_Order_of_Includes">Names and Order of Includes</h3>

<div class="summary">
<p>Use standard order for readability and to avoid hidden
dependencies: Related header, C library, C++ library,  other libraries'
<code>.h</code>, your project's <code>.h</code>.</p>
</div>

<div class="stylebody">
<p>
All of a project's header files should be
listed as descendants of the project's source
directory without use of UNIX directory shortcuts
<code>.</code> (the current directory) or <code>..</code>
(the parent directory). For example,

<code>google-awesome-project/src/base/logging.h</code>
should be included as:</p>

<pre>#include "base/logging.h"
</pre>

<p>In <code><var>dir/foo</var>.cc</code> or
<code><var>dir/foo_test</var>.cc</code>, whose main
purpose is to implement or test the stuff in
<code><var>dir2/foo2</var>.h</code>, order your includes
as follows:</p>

<ol>
  <li><code><var>dir2/foo2</var>.h</code>.</li>

  <li>A blank line</li>

  <li>C system files.</li>

  <li>C++ system files.</li>

  <li>A blank line</li>

  <li>Other libraries' <code>.h</code>
  files.</li>

  <li>
  Your project's <code>.h</code>
  files.</li>
</ol>

<p>Note that any adjacent blank lines should be collapsed.</p>

<p>With the preferred ordering, if
<code><var>dir2/foo2</var>.h</code> omits any necessary
includes, the build of <code><var>dir/foo</var>.cc</code>
or <code><var>dir/foo</var>_test.cc</code> will break.
Thus, this rule ensures that build breaks show up first
for the people working on these files, not for innocent
people in other packages.</p>

<p><code><var>dir/foo</var>.cc</code> and
<code><var>dir2/foo2</var>.h</code> are usually in the same
directory (e.g. <code>base/basictypes_test.cc</code> and
<code>base/basictypes.h</code>), but may sometimes be in different
directories too.</p>



<p>Note that the C compatibility headers such as <code>stddef.h</code>
are essentially interchangeable with their C++ counterparts
(<code>cstddef</code>)
Either style is acceptable, but prefer consistency with existing code.</p>

<p>Within each section the includes should be ordered
alphabetically. Note that older code might not conform to
this rule and should be fixed when convenient.</p>

<p>You should include all the headers that define the symbols you rely
upon, except in the unusual case of <a href="#Forward_Declarations">forward
declaration</a>. If you rely on symbols from <code>bar.h</code>,
don't count on the fact that you included <code>foo.h</code> which
(currently) includes <code>bar.h</code>: include <code>bar.h</code>
yourself, unless <code>foo.h</code> explicitly demonstrates its intent
to provide you the symbols of <code>bar.h</code>.  However, any
includes present in the related header do not need to be included
again in the related <code>cc</code> (i.e., <code>foo.cc</code> can
rely on <code>foo.h</code>'s includes).</p>

<p>For example, the includes in

<code>google-awesome-project/src/foo/internal/fooserver.cc</code>
might look like this:</p>


<pre>#include "foo/server/fooserver.h"

#include &lt;sys/types.h&gt;
#include &lt;unistd.h&gt;
#include &lt;vector&gt;

#include "base/basictypes.h"
#include "base/commandlineflags.h"
#include "foo/server/bar.h"
</pre>

<p class="exception">Sometimes, system-specific code needs
conditional includes. Such code can put conditional
includes after other includes. Of course, keep your
system-specific code small and localized. Example:</p>

<pre>#include "foo/public/fooserver.h"

#include "base/port.h"  // For LANG_CXX11.

#ifdef LANG_CXX11
#include &lt;initializer_list&gt;
#endif  // LANG_CXX11
</pre>

</div> 

<h2 id="Scoping">Scoping</h2>

<h3 id="Namespaces">Namespaces</h3>

<div class="summary">
<p>With few exceptions, place code in a namespace. Namespaces
should have unique names based on the project name, and possibly
its path. Do not use <i>using-directives</i> (e.g.
<code>using namespace foo</code>). Do not use
inline namespaces. For unnamed namespaces, see
<a href="#Unnamed_Namespaces_and_Static_Variables">Unnamed Namespaces and
Static Variables</a>.
</p></div>

<div class="stylebody">

<div class="definition">
<p>Namespaces subdivide the global scope
into distinct, named scopes, and so are useful for preventing
name collisions in the global scope.</p>
</div>

<div class="pros">

<p>Namespaces provide a method for preventing name conflicts
in large programs while allowing most code to use reasonably
short names.</p>

<p>For example, if two different projects have a class
<code>Foo</code> in the global scope, these symbols may
collide at compile time or at runtime. If each project
places their code in a namespace, <code>project1::Foo</code>
and <code>project2::Foo</code> are now distinct symbols that
do not collide, and code within each project's namespace
can continue to refer to <code>Foo</code> without the prefix.</p>

<p>Inline namespaces automatically place their names in
the enclosing scope. Consider the following snippet, for
example:</p>

<pre>namespace outer {
inline namespace inner {
  void foo();
}  // namespace inner
}  // namespace outer
</pre>

<p>The expressions <code>outer::inner::foo()</code> and
<code>outer::foo()</code> are interchangeable. Inline
namespaces are primarily intended for ABI compatibility
across versions.</p>
</div>

<div class="cons">

<p>Namespaces can be confusing, because they complicate
the mechanics of figuring out what definition a name refers
to.</p>

<p>Inline namespaces, in particular, can be confusing
because names aren't actually restricted to the namespace
where they are declared. They are only useful as part of
some larger versioning policy.</p>

<p>In some contexts, it's necessary to repeatedly refer to
symbols by their fully-qualified names. For deeply-nested
namespaces, this can add a lot of clutter.</p>
</div>

<div class="decision">

<p>Namespaces should be used as follows:</p>

<ul>
  <li>Follow the rules on <a href="#Namespace_Names">Namespace Names</a>.
  </li><li>Terminate namespaces with comments as shown in the given examples.
  </li><li>

  <p>Namespaces wrap the entire source file after
  includes,  
  <a href="https://gflags.github.io/gflags/">
  gflags</a> definitions/declarations
  and forward declarations of classes from other namespaces.</p>

<pre>// In the .h file
namespace mynamespace {

// All declarations are within the namespace scope.
// Notice the lack of indentation.
class MyClass {
 public:
  ...
  void Foo();
};

}  // namespace mynamespace
</pre>

<pre>// In the .cc file
namespace mynamespace {

// Definition of functions is within scope of the namespace.
void MyClass::Foo() {
  ...
}

}  // namespace mynamespace
</pre>

  <p>More complex <code>.cc</code> files might have additional details,
  like flags or using-declarations.</p>

<pre>#include "a.h"

DEFINE_FLAG(bool, someflag, false, "dummy flag");

namespace mynamespace {

using ::foo::bar;

...code for mynamespace...    // Code goes against the left margin.

}  // namespace mynamespace
</pre>
  </li>

  <li>To place generated protocol
  message code in a namespace, use the
  <code>package</code> specifier in the
  <code>.proto</code> file. See
  
  <a href="https://developers.google.com/protocol-buffers/docs/reference/cpp-generated#package">
  Protocol Buffer Packages</a>
  for details.</li>

  <li>Do not declare anything in namespace
  <code>std</code>, including forward declarations of
  standard library classes. Declaring entities in
  namespace <code>std</code> is undefined behavior, i.e.,
  not portable. To declare entities from the standard
  library, include the appropriate header file.</li>

  <li><p>You may not use a <i>using-directive</i>
  to make all names from a namespace available.</p>

<pre class="badcode">// Forbidden -- This pollutes the namespace.
using namespace foo;
</pre>
  </li>

  <li><p>Do not use <i>Namespace aliases</i> at namespace scope
  in header files except in explicitly marked
  internal-only namespaces, because anything imported into a namespace
  in a header file becomes part of the public
  API exported by that file.</p>

<pre>// Shorten access to some commonly used names in .cc files.
namespace baz = ::foo::bar::baz;
</pre>

<pre>// Shorten access to some commonly used names (in a .h file).
namespace librarian {
namespace impl {  // Internal, not part of the API.
namespace sidetable = ::pipeline_diagnostics::sidetable;
}  // namespace impl

inline void my_inline_function() {
  // namespace alias local to a function (or method).
  namespace baz = ::foo::bar::baz;
  ...
}
}  // namespace librarian
</pre>

  </li><li>Do not use inline namespaces.</li>
</ul>
</div>
</div>

<h3 id="Unnamed_Namespaces_and_Static_Variables">Unnamed Namespaces and Static
Variables</h3>

<div class="summary">
<p>When definitions in a <code>.cc</code> file do not need to be
referenced outside that file, place them in an unnamed
namespace or declare them <code>static</code>. Do not use either
of these constructs in <code>.h</code> files.
</p></div>

<div class="stylebody">

<div class="definition">
<p>All declarations can be given internal linkage by placing them in unnamed
namespaces. Functions and variables can also be given internal linkage by
declaring them <code>static</code>. This means that anything you're declaring
can't be accessed from another file. If a different file declares something with
the same name, then the two entities are completely independent.</p>
</div>

<div class="decision">

<p>Use of internal linkage in <code>.cc</code> files is encouraged
for all code that does not need to be referenced elsewhere.
Do not use internal linkage in <code>.h</code> files.</p>

<p>Format unnamed namespaces like named namespaces. In the
  terminating comment, leave the namespace name empty:</p>

<pre>namespace {
...
}  // namespace
</pre>
</div>
</div>

<h3 id="Nonmember,_Static_Member,_and_Global_Functions">Nonmember, Static Member, and Global Functions</h3>

<div class="summary">
<p>Prefer placing nonmember functions in a namespace; use completely global
functions rarely. Do not use a class simply to group static functions. Static
methods of a class should generally be closely related to instances of the
class or the class's static data.</p>
</div>

 <div class="stylebody">

 <div class="pros">
 <p>Nonmember and static member functions can be useful in
 some situations. Putting nonmember functions in a
 namespace avoids polluting the global namespace.</p>
 </div>

<div class="cons">
<p>Nonmember and static member functions may make more sense
as members of a new class, especially if they access
external resources or have significant dependencies.</p>
</div>

<div class="decision">
<p>Sometimes it is useful to define a
function not bound to a class instance. Such a function
can be either a static member or a nonmember function.
Nonmember functions should not depend on external
variables, and should nearly always exist in a namespace.
Do not create classes only to group static member functions;
this is no different than just giving the function names a
common prefix, and such grouping is usually unnecessary anyway.</p>

<p>If you define a nonmember function and it is only
needed in its <code>.cc</code> file, use
<a href="#Unnamed_Namespaces_and_Static_Variables">internal linkage</a> to limit
its scope.</p>
</div>

</div> 

<h3 id="Local_Variables">Local Variables</h3>

<div class="summary">
<p>Place a function's variables in the narrowest scope
possible, and initialize variables in the declaration.</p>
</div>

<div class="stylebody">

<p>C++ allows you to declare variables anywhere in a
function. We encourage you to declare them in as local a
scope as possible, and as close to the first use as
possible. This makes it easier for the reader to find the
declaration and see what type the variable is and what it
was initialized to. In particular, initialization should
be used instead of declaration and assignment, e.g.:</p>

<pre class="badcode">int i;
i = f();      // Bad -- initialization separate from declaration.
</pre>

<pre>int j = g();  // Good -- declaration has initialization.
</pre>

<pre class="badcode">std::vector&lt;int&gt; v;
v.push_back(1);  // Prefer initializing using brace initialization.
v.push_back(2);
</pre>

<pre>std::vector&lt;int&gt; v = {1, 2};  // Good -- v starts initialized.
</pre>

<p>Variables needed for <code>if</code>, <code>while</code>
and <code>for</code> statements should normally be declared
within those statements, so that such variables are confined
to those scopes.  E.g.:</p>

<pre>while (const char* p = strchr(str, '/')) str = p + 1;
</pre>

<p>There is one caveat: if the variable is an object, its
constructor is invoked every time it enters scope and is
created, and its destructor is invoked every time it goes
out of scope.</p>

<pre class="badcode">// Inefficient implementation:
for (int i = 0; i &lt; 1000000; ++i) {
  Foo f;  // My ctor and dtor get called 1000000 times each.
  f.DoSomething(i);
}
</pre>

<p>It may be more efficient to declare such a variable
used in a loop outside that loop:</p>

<pre>Foo f;  // My ctor and dtor get called once each.
for (int i = 0; i &lt; 1000000; ++i) {
  f.DoSomething(i);
}
</pre>

</div> 

<h3 id="Static_and_Global_Variables">Static and Global Variables</h3>

<div class="summary">
<p>Objects with
<a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration">
static storage duration</a> are forbidden unless they are
<a href="http://en.cppreference.com/w/cpp/types/is_destructible">trivially
destructible</a>. Informally this means that the destructor does not do
anything, even taking member and base destructors into account. More formally it
means that the type has no user-defined or virtual destructor and that all bases
and non-static members are trivially destructible.
Static function-local variables may use dynamic initialization.
Use of dynamic initialization for static class member variables or variables at
namespace scope is discouraged, but allowed in limited circumstances; see below
for details.</p>

<p>As a rule of thumb: a global variable satisfies these requirements if its
declaration, considered in isolation, could be <code>constexpr</code>.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>Every object has a <dfn>storage duration</dfn>, which correlates with its
lifetime. Objects with static storage duration live from the point of their
initialization until the end of the program. Such objects appear as variables at
namespace scope ("global variables"), as static data members of classes, or as
function-local variables that are declared with the <code>static</code>
specifier. Function-local static variables are initialized when control first
passes through their declaration; all other objects with static storage duration
are initialized as part of program start-up. All objects with static storage
duration are destroyed at program exit (which happens before unjoined threads
are terminated).</p>

<p>Initialization may be <dfn>dynamic</dfn>, which means that something
non-trivial happens during initialization. (For example, consider a constructor
that allocates memory, or a variable that is initialized with the current
process ID.) The other kind of initialization is <dfn>static</dfn>
initialization. The two aren't quite opposites, though: static
initialization <em>always</em> happens to objects with static storage duration
(initializing the object either to a given constant or to a representation
consisting of all bytes set to zero), whereas dynamic initialization happens
after that, if required.</p>
</div>

<div class="pros">
<p>Global and static variables are very useful for a large number of
applications: named constants, auxiliary data structures internal to some
translation unit, command-line flags, logging, registration mechanisms,
background infrastructure, etc.</p>
</div>

<div class="cons">
<p>Global and static variables that use dynamic initialization or have
non-trivial destructors create complexity that can easily lead to hard-to-find
bugs. Dynamic initialization is not ordered across translation units, and
neither is destruction (except that destruction
happens in reverse order of initialization). When one initialization refers to
another variable with static storage duration, it is possible that this causes
an object to be accessed before its lifetime has begun (or after its lifetime
has ended). Moreover, when a program starts threads that are not joined at exit,
those threads may attempt to access objects after their lifetime has ended if
their destructor has already run.</p>
</div>

<div class="decision">
<h4>Decision on destruction</h4>

<p>When destructors are trivial, their execution is not subject to ordering at
all (they are effectively not "run"); otherwise we are exposed to the risk of
accessing objects after the end of their lifetime. Therefore, we only allow
objects with static storage duration if they are trivially destructible.
Fundamental types (like pointers and <code>int</code>) are trivially
destructible, as are arrays of trivially destructible types. Note that
variables marked with <code>constexpr</code> are trivially destructible.</p>
<pre>const int kNum = 10;  // allowed

struct X { int n; };
const X kX[] = {{1}, {2}, {3}};  // allowed

void foo() {
  static const char* const kMessages[] = {"hello", "world"};  // allowed
}

// allowed: constexpr guarantees trivial destructor
constexpr std::array&lt;int, 3&gt; kArray = {{1, 2, 3}};</pre>
<pre class="badcode">// bad: non-trivial destructor
const string kFoo = "foo";

// bad for the same reason, even though kBar is a reference (the
// rule also applies to lifetime-extended temporary objects)
const string&amp; kBar = StrCat("a", "b", "c");

void bar() {
  // bad: non-trivial destructor
  static std::map&lt;int, int&gt; kData = {{1, 0}, {2, 0}, {3, 0}};
}</pre>

<p>Note that references are not objects, and thus they are not subject to the
constraints on destructibility. The constraint on dynamic initialization still
applies, though. In particular, a function-local static reference of the form
<code>static T&amp; t = *new T;</code> is allowed.</p>

<h4>Decision on initialization</h4>

<p>Initialization is a more complex topic. This is because we must not only
consider whether class constructors execute, but we must also consider the
evaluation of the initializer:</p>
<pre class="neutralcode">int n = 5;    // fine
int m = f();  // ? (depends on f)
Foo x;        // ? (depends on Foo::Foo)
Bar y = g();  // ? (depends on g and on Bar::Bar)</pre>

<p>All but the first statement expose us to indeterminate initialization
ordering.</p>

<p>The concept we are looking for is called <em>constant initialization</em> in
the formal language of the C++ standard. It means that the initializing
expression is a constant expression, and if the object is initialized by a
constructor call, then the constructor must be specified as
<code>constexpr</code>, too:</p>
<pre>struct Foo { constexpr Foo(int) {} };

int n = 5;  // fine, 5 is a constant expression
Foo x(2);   // fine, 2 is a constant expression and the chosen constructor is constexpr
Foo a[] = { Foo(1), Foo(2), Foo(3) };  // fine</pre>

<p>Constant initialization is always allowed. Constant initialization of
static storage duration variables should be marked with <code>constexpr</code>
or where possible the

<a href="https://github.com/abseil/abseil-cpp/blob/03c1513538584f4a04d666be5eb469e3979febba/absl/base/attributes.h#L540">
<code>ABSL_CONST_INIT</code></a>
attribute. Any non-local static storage
duration variable that is not so marked should be presumed to have
dynamic initialization, and reviewed very carefully.</p>

<p>By contrast, the following initializations are problematic:</p>

<pre class="neutralcode">time_t time(time_t*);      // not constexpr!
int f();                   // not constexpr!
struct Bar { Bar() {} };

time_t m = time(nullptr);  // initializing expression not a constant expression
Foo y(f());                // ditto
Bar b;                     // chosen constructor Bar::Bar() not constexpr</pre>

<p>Dynamic initialization of nonlocal variables is discouraged, and in general
it is forbidden. However, we do permit it if no aspect of the program depends
on the sequencing of this initialization with respect to all other
initializations. Under those restrictions, the ordering of the initialization
does not make an observable difference. For example:</p>
<pre>int p = getpid();  // allowed, as long as no other static variable
                   // uses p in its own initialization</pre>

<p>Dynamic initialization of static local variables is allowed (and common).</p>


</div>

<h4>Common patterns</h4>

<ul>
  <li>Global strings: if you require a global or static string constant,
    consider using a simple character array, or a char pointer to the first
    element of a string literal. String literals have static storage duration
    already and are usually sufficient.</li>
  <li>Maps, sets, and other dynamic containers: if you require a static, fixed
    collection, such as a set to search against or a lookup table, you cannot
    use the dynamic containers from the standard library as a static variable,
    since they have non-trivial destructors. Instead, consider a simple array of
    trivial types, e.g. an array of arrays of ints (for a "map from int to
    int"), or an array of pairs (e.g. pairs of <code>int</code> and <code>const
    char*</code>). For small collections, linear search is entirely sufficient
    (and efficient, due to memory locality). If necessary, keep the collection in
    sorted order and use a binary search algorithm. If you do really prefer a
    dynamic container from the standard library, consider using a function-local
    static pointer, as described below.</li>
  <li>Smart pointers (<code>unique_ptr</code>, <code>shared_ptr</code>): smart
    pointers execute cleanup during destruction and are therefore forbidden.
    Consider whether your use case fits into one of the other patterns described
    in this section. One simple solution is to use a plain pointer to a
    dynamically allocated object and never delete it (see last item).</li>
  <li>Static variables of custom types: if you require static, constant data of
    a type that you need to define yourself, give the type a trivial destructor
    and a <code>constexpr</code> constructor.</li>
  <li>If all else fails, you can create an object dynamically and never delete
    it by binding the pointer to a function-local static pointer variable:
    <code>static const auto* const impl = new T(args...);</code> (If the
    initialization is more complex, it can be moved into a function or lambda
    expression.)</li>
</ul>

</div> 

<h3 id="thread_local">thread_local Variables</h3>

<div class="summary">
<p><code>thread_local</code> variables that aren't declared inside a function
must be initialized with a true compile-time constant,
and this must be enforced by using the

<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h">
<code>ABSL_CONST_INIT</code></a>
attribute. Prefer
<code>thread_local</code> over other ways of defining thread-local data.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>Starting with C++11, variables can be declared with the
<code>thread_local</code> specifier:</p>
<pre>thread_local Foo foo = ...;
</pre>
<p>Such a variable is actually a collection of objects, so that when different
threads access it, they are actually accessing different objects.
<code>thread_local</code> variables are much like
<a href="#Static_and_Global_Variables">static storage duration variables</a>
in many respects. For instance, they can be declared at namespace scope,
inside functions, or as static class members, but not as ordinary class
members.</p>

<p><code>thread_local</code> variable instances are initialized much like
static variables, except that they must be initialized separately for each
thread, rather than once at program startup. This means that
<code>thread_local</code> variables declared within a function are safe, but
other <code>thread_local</code> variables are subject to the same
initialization-order issues as static variables (and more besides).</p>

<p><code>thread_local</code> variable instances are destroyed when their thread
terminates, so they do not have the destruction-order issues of static
variables.</p>
</div>

<div class="pros">
<ul>
  <li>Thread-local data is inherently safe from races (because only one thread
    can ordinarily access it), which makes <code>thread_local</code> useful for
    concurrent programming.</li>
  <li><code>thread_local</code> is the only standard-supported way of creating
    thread-local data.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>Accessing a <code>thread_local</code> variable may trigger execution of
    an unpredictable and uncontrollable amount of other code.</li>
  <li><code>thread_local</code> variables are effectively global variables,
    and have all the drawbacks of global variables other than lack of
    thread-safety.</li>
  <li>The memory consumed by a <code>thread_local</code> variable scales with
    the number of running threads (in the worst case), which can be quite large
    in a  program.</li>
  <li>An ordinary class member cannot be <code>thread_local</code>.</li>
  <li><code>thread_local</code> may not be as efficient as certain compiler
    intrinsics.</li>
</ul>
</div>

<div class="decision">
  <p><code>thread_local</code> variables inside a function have no safety
    concerns, so they can be used without restriction. Note that you can use
    a function-scope <code>thread_local</code> to simulate a class- or
    namespace-scope <code>thread_local</code> by defining a function or
    static method that exposes it:</p>

<pre>Foo&amp; MyThreadLocalFoo() {
  thread_local Foo result = ComplicatedInitialization();
  return result;
}
</pre>

  <p><code>thread_local</code> variables at class or namespace scope must be
    initialized with a true compile-time constant (i.e. they must have no
    dynamic initialization). To enforce this,
    <code>thread_local</code> variables at class or namespace scope must be
    annotated with
    
    <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h">
    <code>ABSL_CONST_INIT</code></a>
    (or <code>constexpr</code>, but that should be rare):</p>

<pre>ABSL_CONST_INIT thread_local Foo foo = ...;
</pre>

  <p><code>thread_local</code> should be preferred over other mechanisms for
    defining thread-local data.</p>
</div>

</div> 


<h2 id="Classes">Classes</h2>

<p>Classes are the fundamental unit of code in C++. Naturally,
we use them extensively. This section lists the main dos and
don'ts you should follow when writing a class.</p>

<h3 id="Doing_Work_in_Constructors">Doing Work in Constructors</h3>

<div class="summary">
<p>Avoid virtual method calls in constructors, and avoid
initialization that can fail if you can't signal an error.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>It is possible to perform arbitrary initialization in the body
of the constructor.</p>
</div>

<div class="pros">
<ul>
  <li>No need to worry about whether the class has been initialized or
  not.</li>

  <li>Objects that are fully initialized by constructor call can
  be <code>const</code> and may also be easier to use with standard containers
  or algorithms.</li>
</ul>

</div>

<div class="cons">
<ul>
  <li>If the work calls virtual functions, these calls
  will not get dispatched to the subclass
  implementations. Future modification to your class can
  quietly introduce this problem even if your class is
  not currently subclassed, causing much confusion.</li>

  <li>There is no easy way for constructors to signal errors, short of
  crashing the program (not always appropriate) or using exceptions
  (which are <a href="#Exceptions">forbidden</a>).</li>

  <li>If the work fails, we now have an object whose initialization
  code failed, so it may be an unusual state requiring a <code>bool
  IsValid()</code> state checking mechanism (or similar) which is easy
  to forget to call.</li>

  <li>You cannot take the address of a constructor, so whatever work
  is done in the constructor cannot easily be handed off to, for
  example, another thread.</li>
</ul>
</div>


<div class="decision">
<p>Constructors should never call virtual functions. If appropriate
for your code
,
terminating the program may be an appropriate error handling
response. Otherwise, consider a factory function
or <code>Init()</code> method as described in


<a href="https://abseil.io/tips/42">TotW #42</a>
.
Avoid <code>Init()</code> methods on objects with
no other states that affect which public methods may be called
(semi-constructed objects of this form are particularly hard to work
with correctly).</p>
</div>

</div> 

<a id="Explicit_Constructors"></a>
<h3 id="Implicit_Conversions">Implicit Conversions</h3>

<div class="summary">
<p>Do not define implicit conversions. Use the <code>explicit</code>
keyword for conversion operators and single-argument
constructors.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>Implicit conversions allow an
object of one type (called the <dfn>source type</dfn>) to
be used where a different type (called the <dfn>destination
type</dfn>) is expected, such as when passing an
<code>int</code> argument to a function that takes a
<code>double</code> parameter.</p>

<p>In addition to the implicit conversions defined by the language,
users can define their own, by adding appropriate members to the
class definition of the source or destination type. An implicit
conversion in the source type is defined by a type conversion operator
named after the destination type (e.g. <code>operator
bool()</code>). An implicit conversion in the destination
type is defined by a constructor that can take the source type as
its only argument (or only argument with no default value).</p>

<p>The <code>explicit</code> keyword can be applied to a constructor
or (since C++11) a conversion operator, to ensure that it can only be
used when the destination type is explicit at the point of use,
e.g. with a cast. This applies not only to implicit conversions, but to
C++11's list initialization syntax:</p>
<pre>class Foo {
  explicit Foo(int x, double y);
  ...
};

void Func(Foo f);
</pre>
<pre class="badcode">Func({42, 3.14});  // Error
</pre>
This kind of code isn't technically an implicit conversion, but the
language treats it as one as far as <code>explicit</code> is concerned.
</div>

<div class="pros">
<ul>
<li>Implicit conversions can make a type more usable and
    expressive by eliminating the need to explicitly name a type
    when it's obvious.</li>
<li>Implicit conversions can be a simpler alternative to
    overloading, such as when a single
    function with a <code>string_view</code> parameter takes the
    place of separate overloads for <code>string</code> and
    <code>const char*</code>.</li>
<li>List initialization syntax is a concise and expressive
    way of initializing objects.</li>
</ul>
</div>

<div class="cons">
<ul>
<li>Implicit conversions can hide type-mismatch bugs, where the
    destination type does not match the user's expectation, or
    the user is unaware that any conversion will take place.</li>

<li>Implicit conversions can make code harder to read, particularly
    in the presence of overloading, by making it less obvious what
    code is actually getting called.</li>

<li>Constructors that take a single argument may accidentally
    be usable as implicit type conversions, even if they are not
    intended to do so.</li>

<li>When a single-argument constructor is not marked
    <code>explicit</code>, there's no reliable way to tell whether
    it's intended to define an implicit conversion, or the author
    simply forgot to mark it.</li>

<li>It's not always clear which type should provide the conversion,
    and if they both do, the code becomes ambiguous.</li>

<li>List initialization can suffer from the same problems if
    the destination type is implicit, particularly if the
    list has only a single element.</li>
</ul>
</div>

<div class="decision">
<p>Type conversion operators, and constructors that are
callable with a single argument, must be marked
<code>explicit</code> in the class definition. As an
exception, copy and move constructors should not be
<code>explicit</code>, since they do not perform type
conversion. Implicit conversions can sometimes be necessary and
appropriate for types that are designed to transparently wrap other
types. In that case, contact 
your project leads to request
a waiver of this rule.</p>

<p>Constructors that cannot be called with a single argument
may omit <code>explicit</code>. Constructors that
take a single <code>std::initializer_list</code> parameter should
also omit <code>explicit</code>, in order to support copy-initialization
(e.g. <code>MyType m = {1, 2};</code>).</p>
</div>

</div> 

<h3 id="Copyable_Movable_Types">Copyable and Movable Types</h3>
<a id="Copy_Constructors"></a>
<div class="summary">
<p>A class's public API should make explicit whether the class is copyable,
move-only, or neither copyable nor movable. Support copying and/or
moving if these operations are clear and meaningful for your type.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>A movable type is one that can be initialized and assigned
from temporaries.</p>

<p>A copyable type is one that can be initialized or assigned from
any other object of the same type (so is also movable by definition), with the
stipulation that the value of the source does not change.
<code>std::unique_ptr&lt;int&gt;</code> is an example of a movable but not
copyable type (since the value of the source
<code>std::unique_ptr&lt;int&gt;</code> must be modified during assignment to
the destination). <code>int</code> and <code>string</code> are examples of
movable types that are also copyable. (For <code>int</code>, the move and copy
operations are the same; for <code>string</code>, there exists a move operation
that is less expensive than a copy.)</p>

<p>For user-defined types, the copy behavior is defined by the copy
constructor and the copy-assignment operator. Move behavior is defined by the
move constructor and the move-assignment operator, if they exist, or by the
copy constructor and the copy-assignment operator otherwise.</p>

<p>The copy/move constructors can be implicitly invoked by the compiler
in some situations, e.g. when passing objects by value.</p>
</div>

<div class="pros">
<p>Objects of copyable and movable types can be passed and returned by value,
which makes APIs simpler, safer, and more general. Unlike when passing objects
by pointer or reference, there's no risk of confusion over ownership,
lifetime, mutability, and similar issues, and no need to specify them in the
contract. It also prevents non-local interactions between the client and the
implementation, which makes them easier to understand, maintain, and optimize by
the compiler. Further, such objects can be used with generic APIs that
require pass-by-value, such as most containers, and they allow for additional
flexibility in e.g., type composition.</p>

<p>Copy/move constructors and assignment operators are usually
easier to define correctly than alternatives
like <code>Clone()</code>, <code>CopyFrom()</code> or <code>Swap()</code>,
because they can be generated by the compiler, either implicitly or
with <code>= default</code>.  They are concise, and ensure
that all data members are copied. Copy and move
constructors are also generally more efficient, because they don't
require heap allocation or separate initialization and assignment
steps, and they're eligible for optimizations such as

<a href="http://en.cppreference.com/w/cpp/language/copy_elision">
copy elision</a>.</p>

<p>Move operations allow the implicit and efficient transfer of
resources out of rvalue objects. This allows a plainer coding style
in some cases.</p>
</div>

<div class="cons">
<p>Some types do not need to be copyable, and providing copy
operations for such types can be confusing, nonsensical, or outright
incorrect. Types representing singleton objects (<code>Registerer</code>),
objects tied to a specific scope (<code>Cleanup</code>), or closely coupled to
object identity (<code>Mutex</code>) cannot be copied meaningfully.
Copy operations for base class types that are to be used
polymorphically are hazardous, because use of them can lead to
<a href="https://en.wikipedia.org/wiki/Object_slicing">object slicing</a>.
Defaulted or carelessly-implemented copy operations can be incorrect, and the
resulting bugs can be confusing and difficult to diagnose.</p>

<p>Copy constructors are invoked implicitly, which makes the
invocation easy to miss. This may cause confusion for programmers used to
languages where pass-by-reference is conventional or mandatory. It may also
encourage excessive copying, which can cause performance problems.</p>
</div>

<div class="decision">

<p>Every class's public interface should make explicit which copy and move
operations the class supports. This should usually take the form of explicitly
declaring and/or deleting the appropriate operations in the <code>public</code>
section of the declaration.</p>

<p>Specifically, a copyable class should explicitly declare the copy
operations, a move-only class should explicitly declare the move operations,
and a non-copyable/movable class should explicitly delete the copy operations.
Explicitly declaring or deleting all four copy/move operations is permitted,
but not required. If you provide a copy or move assignment operator, you
must also provide the corresponding constructor.</p>

<pre>class Copyable {
 public:
  Copyable(const Copyable&amp; rhs) = default;
  Copyable&amp; operator=(const Copyable&amp; rhs) = default;

  // The implicit move operations are suppressed by the declarations above.
};

class MoveOnly {
 public:
  MoveOnly(MoveOnly&amp;&amp; rhs);
  MoveOnly&amp; operator=(MoveOnly&amp;&amp; rhs);

  // The copy operations are implicitly deleted, but you can
  // spell that out explicitly if you want:
  MoveOnly(const MoveOnly&amp;) = delete;
  MoveOnly&amp; operator=(const MoveOnly&amp;) = delete;
};

class NotCopyableOrMovable {
 public:
  // Not copyable or movable
  NotCopyableOrMovable(const NotCopyableOrMovable&amp;) = delete;
  NotCopyableOrMovable&amp; operator=(const NotCopyableOrMovable&amp;)
      = delete;

  // The move operations are implicitly disabled, but you can
  // spell that out explicitly if you want:
  NotCopyableOrMovable(NotCopyableOrMovable&amp;&amp;) = delete;
  NotCopyableOrMovable&amp; operator=(NotCopyableOrMovable&amp;&amp;)
      = delete;
};
</pre>

<p>These declarations/deletions can be omitted only if they are obvious: for
example, if a base class isn't copyable or movable, derived classes naturally
won't be either. Similarly, a <a href="#Structs_vs._Classes">struct</a>'s
copyability/movability is normally determined by the copyability/movability
of its data members (this does not apply to classes because in Google code
their data members are not public). Note that if you explicitly declare or
delete any of the copy/move operations, the others are not obvious, and so
this paragraph does not apply (in particular, the rules in this section
that apply to "classes" also apply to structs that declare or delete any
copy/move operations).</p>

<p>A type should not be copyable/movable if the meaning of
copying/moving is unclear to a casual user, or if it incurs unexpected
costs. Move operations for copyable types are strictly a performance
optimization and are a potential source of bugs and complexity, so
avoid defining them unless they are significantly more efficient than
the corresponding copy operations.  If your type provides copy operations, it is
recommended that you design your class so that the default implementation of
those operations is correct. Remember to review the correctness of any
defaulted operations as you would any other code.</p>

<p>Due to the risk of slicing, prefer to avoid providing a public assignment
operator or copy/move constructor for a class that's
intended to be derived from (and prefer to avoid deriving from a class
with such members). If your base class needs to be
copyable, provide a public virtual <code>Clone()</code>
method, and a protected copy constructor that derived classes
can use to implement it.</p>



</div> 
</div> 

<h3 id="Structs_vs._Classes">Structs vs. Classes</h3>

<div class="summary">
<p>Use a <code>struct</code> only for passive objects that
      carry data; everything else is a <code>class</code>.</p>
</div>

<div class="stylebody">

<p>The <code>struct</code> and <code>class</code>
keywords behave almost identically in C++. We add our own
semantic meanings to each keyword, so you should use the
appropriate keyword for the data-type you're
defining.</p>

<p><code>structs</code> should be used for passive
objects that carry data, and may have associated
constants, but lack any functionality other than
access/setting the data members. The accessing/setting of
fields is done by directly accessing the fields rather
than through method invocations. Methods should not
provide behavior but should only be used to set up the
data members, e.g., constructor, destructor,
<code>Initialize()</code>, <code>Reset()</code>,
<code>Validate()</code>.</p>

<p>If more functionality is required, a
<code>class</code> is more appropriate. If in doubt, make
it a <code>class</code>.</p>

<p>For consistency with STL, you can use
<code>struct</code> instead of <code>class</code> for
functors and traits.</p>

<p>Note that member variables in structs and classes have
<a href="#Variable_Names">different naming rules</a>.</p>

</div> 

<h3 id="Inheritance">Inheritance</h3>

<div class="summary">
<p>Composition is often more appropriate than inheritance.
When using inheritance, make it <code>public</code>.</p>
</div>

<div class="stylebody">

<div class="definition">
<p> When a sub-class
inherits from a base class, it includes the definitions
of all the data and operations that the parent base class
defines. In practice, inheritance is used in two major
ways in C++: implementation inheritance, in which actual
code is inherited by the child, and
<a href="#Interfaces">interface inheritance</a>, in which
only method names are inherited.</p>
</div>

<div class="pros">
<p>Implementation inheritance reduces code size by re-using
the base class code as it specializes an existing type.
Because inheritance is a compile-time declaration, you
and the compiler can understand the operation and detect
errors. Interface inheritance can be used to
programmatically enforce that a class expose a particular
API. Again, the compiler can detect errors, in this case,
when a class does not define a necessary method of the
API.</p>
</div>

<div class="cons">
<p>For implementation inheritance, because the code
implementing a sub-class is spread between the base and
the sub-class, it can be more difficult to understand an
implementation. The sub-class cannot override functions
that are not virtual, so the sub-class cannot change
implementation.</p>
</div>

<div class="decision">

<p>All inheritance should be <code>public</code>. If you
want to do private inheritance, you should be including
an instance of the base class as a member instead.</p>

<p>Do not overuse implementation inheritance. Composition
is often more appropriate. Try to restrict use of
inheritance to the "is-a" case: <code>Bar</code>
subclasses <code>Foo</code> if it can reasonably be said
that <code>Bar</code> "is a kind of"
<code>Foo</code>.</p>

<p>Limit the use of <code>protected</code> to those
member functions that might need to be accessed from
subclasses. Note that <a href="#Access_Control">data
members should be private</a>.</p>

<p>Explicitly annotate overrides of virtual functions or virtual
destructors with exactly one of an <code>override</code> or (less
frequently) <code>final</code> specifier. Do not
use <code>virtual</code> when declaring an override.
Rationale: A function or destructor marked
<code>override</code> or <code>final</code> that is
not an override of a base class virtual function will
not compile, and this helps catch common errors. The
specifiers serve as documentation; if no specifier is
present, the reader has to check all ancestors of the
class in question to determine if the function or
destructor is virtual or not.</p>
</div>

</div> 

<h3 id="Multiple_Inheritance">Multiple Inheritance</h3>

<div class="summary">
<p>Only very rarely is multiple implementation inheritance
actually useful. We allow multiple inheritance only when at
most one of the base classes has an implementation; all
other base classes must be <a href="#Interfaces">pure
interface</a> classes tagged with the
<code>Interface</code> suffix.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>Multiple inheritance allows a sub-class to have more than
one base class. We distinguish between base classes that are
<em>pure interfaces</em> and those that have an
<em>implementation</em>.</p>
</div>

<div class="pros">
<p>Multiple implementation inheritance may let you re-use
even more code than single inheritance (see <a href="#Inheritance">Inheritance</a>).</p>
</div>

<div class="cons">
<p>Only very rarely is multiple <em>implementation</em>
inheritance actually useful. When multiple implementation
inheritance seems like the solution, you can usually find
a different, more explicit, and cleaner solution.</p>
</div>

<div class="decision">
<p> Multiple inheritance is allowed only when all
superclasses, with the possible exception of the first one,
are <a href="#Interfaces">pure interfaces</a>. In order to
ensure that they remain pure interfaces, they must end with
the <code>Interface</code> suffix.</p>
</div>

<div class="note">
<p>There is an <a href="#Windows_Code">exception</a> to
this rule on Windows.</p>
</div>

</div> 

<h3 id="Interfaces">Interfaces</h3>

<div class="summary">
<p>Classes that satisfy certain conditions are allowed, but
not required, to end with an <code>Interface</code> suffix.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>A class is a pure interface if it meets the following
requirements:</p>

<ul>
  <li>It has only public pure virtual ("<code>=
  0</code>") methods and static methods (but see below
  for destructor).</li>

  <li>It may not have non-static data members.</li>

  <li>It need not have any constructors defined. If a
  constructor is provided, it must take no arguments and
  it must be protected.</li>

  <li>If it is a subclass, it may only be derived from
  classes that satisfy these conditions and are tagged
  with the <code>Interface</code> suffix.</li>
</ul>

<p>An interface class can never be directly instantiated
because of the pure virtual method(s) it declares. To
make sure all implementations of the interface can be
destroyed correctly, the interface must also declare a
virtual destructor (in an exception to the first rule,
this should not be pure). See Stroustrup, <cite>The C++
Programming Language</cite>, 3rd edition, section 12.4
for details.</p>
</div>

<div class="pros">
<p>Tagging a class with the <code>Interface</code> suffix
lets others know that they must not add implemented
methods or non static data members. This is particularly
important in the case of <a href="#Multiple_Inheritance">multiple inheritance</a>.
Additionally, the interface concept is already
well-understood by Java programmers.</p>
</div>

<div class="cons">
<p>The <code>Interface</code> suffix lengthens the class
name, which can make it harder to read and understand.
Also, the interface property may be considered an
implementation detail that shouldn't be exposed to
clients.</p>
</div>

<div class="decision">
<p>A class may end
with <code>Interface</code> only if it meets the above
requirements. We do not require the converse, however:
classes that meet the above requirements are not required
to end with <code>Interface</code>.</p>
</div>

</div> 

<h3 id="Operator_Overloading">Operator Overloading</h3>

<div class="summary">
<p>Overload operators judiciously. Do not create user-defined literals.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>C++ permits user code to
<a href="http://en.cppreference.com/w/cpp/language/operators">declare
overloaded versions of the built-in operators</a> using the
<code>operator</code> keyword, so long as one of the parameters
is a user-defined type. The <code>operator</code> keyword also
permits user code to define new kinds of literals using
<code>operator""</code>, and to define type-conversion functions
such as <code>operator bool()</code>.</p>
</div>

<div class="pros">
<p>Operator overloading can make code more concise and
intuitive by enabling user-defined types to behave the same
as built-in types. Overloaded operators are the idiomatic names
for certain operations (e.g. <code>==</code>, <code>&lt;</code>,
<code>=</code>, and <code>&lt;&lt;</code>), and adhering to
those conventions can make user-defined types more readable
and enable them to interoperate with libraries that expect
those names.</p>

<p>User-defined literals are a very concise notation for
creating objects of user-defined types.</p>
</div>

<div class="cons">
<ul>
  <li>Providing a correct, consistent, and unsurprising
  set of operator overloads requires some care, and failure
  to do so can lead to confusion and bugs.</li>

  <li>Overuse of operators can lead to obfuscated code,
  particularly if the overloaded operator's semantics
  don't follow convention.</li>

  <li>The hazards of function overloading apply just as
  much to operator overloading, if not more so.</li>

  <li>Operator overloads can fool our intuition into
  thinking that expensive operations are cheap, built-in
  operations.</li>

  <li>Finding the call sites for overloaded operators may
  require a search tool that's aware of C++ syntax, rather
  than e.g. grep.</li>

  <li>If you get the argument type of an overloaded operator
  wrong, you may get a different overload rather than a
  compiler error. For example, <code>foo &lt; bar</code>
  may do one thing, while <code>&amp;foo &lt; &amp;bar</code>
  does something totally different.</li>

  <li>Certain operator overloads are inherently hazardous.
  Overloading unary <code>&amp;</code> can cause the same
  code to have different meanings depending on whether
  the overload declaration is visible. Overloads of
  <code>&amp;&amp;</code>, <code>||</code>, and <code>,</code>
  (comma) cannot match the evaluation-order semantics of the
  built-in operators.</li>

  <li>Operators are often defined outside the class,
  so there's a risk of different files introducing
  different definitions of the same operator. If both
  definitions are linked into the same binary, this results
  in undefined behavior, which can manifest as subtle
  run-time bugs.</li>

  <li>User-defined literals allow the creation of new
  syntactic forms that are unfamiliar even to experienced C++
  programmers.</li>
</ul>
</div>

<div class="decision">
<p>Define overloaded operators only if their meaning is
obvious, unsurprising, and consistent with the corresponding
built-in operators. For example, use <code>|</code> as a
bitwise- or logical-or, not as a shell-style pipe.</p>

<p>Define operators only on your own types. More precisely,
define them in the same headers, .cc files, and namespaces
as the types they operate on. That way, the operators are available
wherever the type is, minimizing the risk of multiple
definitions. If possible, avoid defining operators as templates,
because they must satisfy this rule for any possible template
arguments. If you define an operator, also define
any related operators that make sense, and make sure they
are defined consistently. For example, if you overload
<code>&lt;</code>, overload all the comparison operators,
and make sure <code>&lt;</code> and <code>&gt;</code> never
return true for the same arguments.</p>

<p>Prefer to define non-modifying binary operators as
non-member functions. If a binary operator is defined as a
class member, implicit conversions will apply to the
right-hand argument, but not the left-hand one. It will
confuse your users if <code>a &lt; b</code> compiles but
<code>b &lt; a</code> doesn't.</p>

<p>Don't go out of your way to avoid defining operator
overloads. For example, prefer to define <code>==</code>,
<code>=</code>, and <code>&lt;&lt;</code>, rather than
<code>Equals()</code>, <code>CopyFrom()</code>, and
<code>PrintTo()</code>. Conversely, don't define
operator overloads just because other libraries expect
them. For example, if your type doesn't have a natural
ordering, but you want to store it in a <code>std::set</code>,
use a custom comparator rather than overloading
<code>&lt;</code>.</p>

<p>Do not overload <code>&amp;&amp;</code>, <code>||</code>,
<code>,</code> (comma), or unary <code>&amp;</code>. Do not overload
<code>operator""</code>, i.e. do not introduce user-defined
literals.</p>

<p>Type conversion operators are covered in the section on
<a href="#Implicit_Conversions">implicit conversions</a>.
The <code>=</code> operator is covered in the section on
<a href="#Copy_Constructors">copy constructors</a>. Overloading
<code>&lt;&lt;</code> for use with streams is covered in the
section on <a href="#Streams">streams</a>. See also the rules on
<a href="#Function_Overloading">function overloading</a>, which
apply to operator overloading as well.</p>
</div>

</div> 

<h3 id="Access_Control">Access Control</h3>

<div class="summary">
<p> Make data members <code>private</code>, unless they are
<code>static const</code> (and follow the <a href="#Constant_Names">
naming convention for constants</a>).</p>
</div>

<div class="stylebody">

<p>For technical
reasons, we allow data members of a test fixture class to
be <code>protected</code> when using


<a href="https://github.com/google/googletest">Google
Test</a>).</p>

</div> 

<h3 id="Declaration_Order">Declaration Order</h3>

<div class="summary">
<p>Group similar declarations together, placing public parts
earlier.</p>
</div>

<div class="stylebody">

<p>A class definition should usually start with a
<code>public:</code> section, followed by
<code>protected:</code>, then <code>private:</code>.  Omit
sections that would be empty.</p>

<p>Within each section, generally prefer grouping similar
kinds of declarations together, and generally prefer the
following order: types (including <code>typedef</code>,
<code>using</code>, and nested structs and classes),
constants, factory functions, constructors, assignment
operators, destructor, all other methods, data members.</p>

<p>Do not put large method definitions inline in the
class definition. Usually, only trivial or
performance-critical, and very short, methods may be
defined inline. See <a href="#Inline_Functions">Inline
Functions</a> for more details.</p>

</div> 

<h2 id="Functions">Functions</h2>

<a id="Function_Parameter_Ordering"></a>
<h3 id="Output_Parameters">Output Parameters</h3>

<div class="summary">
<p>Prefer using return values rather than output parameters.
If output-only parameters are used they should appear after
input parameters.</p>
</div>

<div class="stylebody">
<p>The output of a C++ function is naturally provided via
a return value and sometimes via output parameters.</p>

<p>Prefer using return values instead of output parameters
since they improve readability and oftentimes provide the same
or better performance.</p>

<p>Parameters are either input to the function, output from the
function, or both. Input parameters are usually values or
<code>const</code> references, while output and input/output
parameters will be pointers to non-<code>const</code>.</p>

<p>When ordering function parameters, put all input-only
parameters before any output parameters. In particular,
do not add new parameters to the end of the function just
because they are new; place new input-only parameters before
the output parameters.</p>

<p>This is not a hard-and-fast rule. Parameters that are
both input and output (often classes/structs) muddy the
waters, and, as always, consistency with related
functions may require you to bend the rule.</p>

</div> 

<h3 id="Write_Short_Functions">Write Short Functions</h3>

<div class="summary">
<p>Prefer small and focused functions.</p>
</div>

<div class="stylebody">
<p>We recognize that long functions are sometimes
appropriate, so no hard limit is placed on functions
length. If a function exceeds about 40 lines, think about
whether it can be broken up without harming the structure
of the program.</p>

<p>Even if your long function works perfectly now,
someone modifying it in a few months may add new
behavior. This could result in bugs that are hard to
find. Keeping your functions short and simple makes it
easier for other people to read and modify your code.</p>

<p>You could find long and complicated functions when
working with 
some code. Do not be
intimidated by modifying existing code: if working with
such a function proves to be difficult, you find that
errors are hard to debug, or you want to use a piece of
it in several different contexts, consider breaking up
the function into smaller and more manageable pieces.</p>

</div> 

<h3 id="Reference_Arguments">Reference Arguments</h3>

<div class="summary">
<p>All parameters passed by reference must be labeled
<code>const</code>.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>In C, if a
function needs to modify a variable, the parameter must
use a pointer, eg <code>int foo(int *pval)</code>. In
C++, the function can alternatively declare a reference
parameter: <code>int foo(int &amp;val)</code>.</p>
</div>

<div class="pros">
<p>Defining a parameter as reference avoids ugly code like
<code>(*pval)++</code>. Necessary for some applications
like copy constructors. Makes it clear, unlike with
pointers, that a null pointer is not a possible
value.</p>
</div>

<div class="cons">
<p>References can be confusing, as they have value syntax
but pointer semantics.</p>
</div>

<div class="decision">
<p>Within function parameter lists all references must be
<code>const</code>:</p>

<pre>void Foo(const string &amp;in, string *out);
</pre>

<p>In fact it is a very strong convention in Google code
that input arguments are values or <code>const</code>
references while output arguments are pointers. Input
parameters may be <code>const</code> pointers, but we
never allow non-<code>const</code> reference parameters
except when required by convention, e.g.,
<code>swap()</code>.</p>

<p>However, there are some instances where using
<code>const T*</code> is preferable to <code>const
T&amp;</code> for input parameters. For example:</p>

<ul>
  <li>You want to pass in a null pointer.</li>

  <li>The function saves a pointer or reference to the
  input.</li>
</ul>

<p> Remember that most of the time input
parameters are going to be specified as <code>const
T&amp;</code>. Using <code>const T*</code> instead
communicates to the reader that the input is somehow
treated differently. So if you choose <code>const
T*</code> rather than <code>const T&amp;</code>, do so
for a concrete reason; otherwise it will likely confuse
readers by making them look for an explanation that
doesn't exist.</p>
</div>

</div> 

<h3 id="Function_Overloading">Function Overloading</h3>

<div class="summary">
<p>Use overloaded functions (including constructors) only if a
reader looking at a call site can get a good idea of what
is happening without having to first figure out exactly
which overload is being called.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>You may write a function that takes a <code>const
string&amp;</code> and overload it with another that
takes <code>const char*</code>. However, in this case consider
std::string_view
 instead.</p>

<pre>class MyClass {
 public:
  void Analyze(const string &amp;text);
  void Analyze(const char *text, size_t textlen);
};
</pre>
</div>

<div class="pros">
<p>Overloading can make code more intuitive by allowing an
identically-named function to take different arguments.
It may be necessary for templatized code, and it can be
convenient for Visitors.</p>
</div>

<div class="cons">
<p>If a function is overloaded by the argument types alone,
a reader may have to understand C++'s complex matching
rules in order to tell what's going on. Also many people
are confused by the semantics of inheritance if a derived
class overrides only some of the variants of a
function.</p>
</div>

<div class="decision">
<p>You may overload a function when there are no semantic
differences between variants, or when the differences are
clear at the callsite.</p>

<p>If you are overloading a function to support variable
number of arguments of the same type, consider making it
take a <code>std::vector</code> so that the user can use an
<a href="#Braced_Initializer_List">initializer list
</a> to specify the arguments.</p>
</div>

</div> 

<h3 id="Default_Arguments">Default Arguments</h3>

<div class="summary">
<p>Default arguments are allowed on non-virtual functions
when the default is guaranteed to always have the same
value. Follow the same restrictions as for <a href="#Function_Overloading">function overloading</a>, and
prefer overloaded functions if the readability gained with
default arguments doesn't outweigh the downsides below.</p>
</div>

<div class="stylebody">

<div class="pros">
<p>Often you have a function that uses default values, but
occasionally you want to override the defaults. Default
parameters allow an easy way to do this without having to
define many functions for the rare exceptions. Compared
to overloading the function, default arguments have a
cleaner syntax, with less boilerplate and a clearer
distinction between 'required' and 'optional'
arguments.</p>
</div>

<div class="cons">
<p>Defaulted arguments are another way to achieve the
semantics of overloaded functions, so all the <a href="#Function_Overloading">reasons not to overload
functions</a> apply.</p>

<p>The defaults for arguments in a virtual function call are
determined by the static type of the target object, and
there's no guarantee that all overrides of a given function
declare the same defaults.</p>

<p>Default parameters are re-evaluated at each call site,
which can bloat the generated code. Readers may also expect
the default's value to be fixed at the declaration instead
of varying at each call.</p>

<p>Function pointers are confusing in the presence of
default arguments, since the function signature often
doesn't match the call signature. Adding
function overloads avoids these problems.</p>
</div>

<div class="decision">
<p>Default arguments are banned on virtual functions, where
they don't work properly, and in cases where the specified
default might not evaluate to the same value depending on
when it was evaluated. (For example, don't write <code>void
f(int n = counter++);</code>.)</p>

<p>In some other cases, default arguments can improve the
readability of their function declarations enough to
overcome the downsides above, so they are allowed. When in
doubt, use overloads.</p>
</div>

</div> 

<h3 id="trailing_return">Trailing Return Type Syntax</h3>
<div class="summary">
<p>Use trailing return types only where using the ordinary syntax (leading
  return types) is impractical or much less readable.</p>
</div>

<div class="definition">
<p>C++ allows two different forms of function declarations. In the older
  form, the return type appears before the function name. For example:</p>
<pre>int foo(int x);
</pre>
<p>The new form, introduced in C++11, uses the <code>auto</code>
  keyword before the function name and a trailing return type after
  the argument list. For example, the declaration above could
  equivalently be written:</p>
<pre>auto foo(int x) -&gt; int;
</pre>
<p>The trailing return type is in the function's scope. This doesn't
  make a difference for a simple case like <code>int</code> but it matters
  for more complicated cases, like types declared in class scope or
  types written in terms of the function parameters.</p>
</div>

<div class="stylebody">
<div class="pros">
<p>Trailing return types are the only way to explicitly specify the
  return type of a <a href="#Lambda_expressions">lambda expression</a>.
  In some cases the compiler is able to deduce a lambda's return type,
  but not in all cases. Even when the compiler can deduce it automatically,
  sometimes specifying it explicitly would be clearer for readers.
</p>
<p>Sometimes it's easier and more readable to specify a return type
  after the function's parameter list has already appeared. This is
  particularly true when the return type depends on template parameters.
  For example:</p>
  <pre>    template &lt;typename T, typename U&gt;
    auto add(T t, U u) -&gt; decltype(t + u);
  </pre>
  versus
  <pre>    template &lt;typename T, typename U&gt;
    decltype(declval&lt;T&amp;&gt;() + declval&lt;U&amp;&gt;()) add(T t, U u);
  </pre>
</div>

<div class="cons">
<p>Trailing return type syntax is relatively new and it has no
  analogue in C++-like languages like C and Java, so some readers may
  find it unfamiliar.</p>
<p>Existing code bases have an enormous number of function
  declarations that aren't going to get changed to use the new syntax,
  so the realistic choices are using the old syntax only or using a mixture
  of the two. Using a single version is better for uniformity of style.</p>
</div>

<div class="decision">
<p>In most cases, continue to use the older style of function
  declaration where the return type goes before the function name.
  Use the new trailing-return-type form only in cases where it's
  required (such as lambdas) or where, by putting the type after the
  function's parameter list, it allows you to write the type in a much
  more readable way. The latter case should be rare; it's mostly an
  issue in fairly complicated template code, which is
  <a href="#Template_metaprogramming">discouraged in most cases</a>.</p>

</div> 
</div> 

<h2 id="Google-Specific_Magic">Google-Specific Magic</h2>



<p>There are various tricks and utilities that
we use to make C++ code more robust, and various ways we use
C++ that may differ from what you see elsewhere.</p>

 

<h3 id="Ownership_and_Smart_Pointers">Ownership and Smart Pointers</h3>

<div class="summary">
<p>Prefer to have single, fixed owners for dynamically
allocated objects. Prefer to transfer ownership with smart
pointers.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>"Ownership" is a bookkeeping technique for managing
dynamically allocated memory (and other resources). The
owner of a dynamically allocated object is an object or
function that is responsible for ensuring that it is
deleted when no longer needed. Ownership can sometimes be
shared, in which case the last owner is typically
responsible for deleting it. Even when ownership is not
shared, it can be transferred from one piece of code to
another.</p>

<p>"Smart" pointers are classes that act like pointers,
e.g. by overloading the <code>*</code> and
<code>-&gt;</code> operators. Some smart pointer types
can be used to automate ownership bookkeeping, to ensure
these responsibilities are met.
<a href="http://en.cppreference.com/w/cpp/memory/unique_ptr">
<code>std::unique_ptr</code></a> is a smart pointer type
introduced in C++11, which expresses exclusive ownership
of a dynamically allocated object; the object is deleted
when the <code>std::unique_ptr</code> goes out of scope.
It cannot be copied, but can be <em>moved</em> to
represent ownership transfer.
<a href="http://en.cppreference.com/w/cpp/memory/shared_ptr">
<code>std::shared_ptr</code></a> is a smart pointer type
that expresses shared ownership of
a dynamically allocated object. <code>std::shared_ptr</code>s
can be copied; ownership of the object is shared among
all copies, and the object is deleted when the last
<code>std::shared_ptr</code> is destroyed. </p>
</div>

<div class="pros">
<ul>
  <li>It's virtually impossible to manage dynamically
  allocated memory without some sort of ownership
  logic.</li>

  <li>Transferring ownership of an object can be cheaper
  than copying it (if copying it is even possible).</li>

  <li>Transferring ownership can be simpler than
  'borrowing' a pointer or reference, because it reduces
  the need to coordinate the lifetime of the object
  between the two users.</li>

  <li>Smart pointers can improve readability by making
  ownership logic explicit, self-documenting, and
  unambiguous.</li>

  <li>Smart pointers can eliminate manual ownership
  bookkeeping, simplifying the code and ruling out large
  classes of errors.</li>

  <li>For const objects, shared ownership can be a simple
  and efficient alternative to deep copying.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>Ownership must be represented and transferred via
  pointers (whether smart or plain). Pointer semantics
  are more complicated than value semantics, especially
  in APIs: you have to worry not just about ownership,
  but also aliasing, lifetime, and mutability, among
  other issues.</li>

  <li>The performance costs of value semantics are often
  overestimated, so the performance benefits of ownership
  transfer might not justify the readability and
  complexity costs.</li>

  <li>APIs that transfer ownership force their clients
  into a single memory management model.</li>

  <li>Code using smart pointers is less explicit about
  where the resource releases take place.</li>

  <li><code>std::unique_ptr</code> expresses ownership
  transfer using C++11's move semantics, which are
  relatively new and may confuse some programmers.</li>

  <li>Shared ownership can be a tempting alternative to
  careful ownership design, obfuscating the design of a
  system.</li>

  <li>Shared ownership requires explicit bookkeeping at
  run-time, which can be costly.</li>

  <li>In some cases (e.g. cyclic references), objects
  with shared ownership may never be deleted.</li>

  <li>Smart pointers are not perfect substitutes for
  plain pointers.</li>
</ul>
</div>

<div class="decision">
<p>If dynamic allocation is necessary, prefer to keep
ownership with the code that allocated it. If other code
needs access to the object, consider passing it a copy,
or passing a pointer or reference without transferring
ownership. Prefer to use <code>std::unique_ptr</code> to
make ownership transfer explicit. For example:</p>

<pre>std::unique_ptr&lt;Foo&gt; FooFactory();
void FooConsumer(std::unique_ptr&lt;Foo&gt; ptr);
</pre>



<p>Do not design your code to use shared ownership
without a very good reason. One such reason is to avoid
expensive copy operations, but you should only do this if
the performance benefits are significant, and the
underlying object is immutable (i.e.
<code>std::shared_ptr&lt;const Foo&gt;</code>).  If you
do use shared ownership, prefer to use
<code>std::shared_ptr</code>.</p>

<p>Never use <code>std::auto_ptr</code>. Instead, use
<code>std::unique_ptr</code>.</p>
</div> 

</div> 

<h3 id="cpplint">cpplint</h3>

<div class="summary">
<p>Use <code>cpplint.py</code> to detect style errors.</p>
</div>

<div class="stylebody">

<p><code>cpplint.py</code>
is a tool that reads a source file and identifies many
style errors. It is not perfect, and has both false
positives and false negatives, but it is still a valuable
tool. False positives can be ignored by putting <code>//
NOLINT</code> at the end of the line or
<code>// NOLINTNEXTLINE</code> in the previous line.</p>



<p>Some projects have instructions on
how to run <code>cpplint.py</code> from their project
tools. If the project you are contributing to does not,
you can download
<a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/cpplint/cpplint.py">
<code>cpplint.py</code></a> separately.</p>

</div> 

 

<h2 id="Other_C++_Features">Other C++ Features</h2>

<h3 id="Rvalue_references">Rvalue References</h3>

<div class="summary">
<p>Use rvalue references only to define move constructors and move assignment
operators, or for perfect forwarding.
</p>
</div>

<div class="stylebody">

<div class="definition">
<p> Rvalue references
are a type of reference that can only bind to temporary
objects. The syntax is similar to traditional reference
syntax. For example, <code>void f(string&amp;&amp;
s);</code> declares a function whose argument is an
rvalue reference to a string.</p>
</div>

<div class="pros">
<ul>
  <li>Defining a move constructor (a constructor taking
  an rvalue reference to the class type) makes it
  possible to move a value instead of copying it. If
  <code>v1</code> is a <code>std::vector&lt;string&gt;</code>,
  for example, then <code>auto v2(std::move(v1))</code>
  will probably just result in some simple pointer
  manipulation instead of copying a large amount of data.
  In some cases this can result in a major performance
  improvement.</li>

  <li>Rvalue references make it possible to write a
  generic function wrapper that forwards its arguments to
  another function, and works whether or not its
  arguments are temporary objects. (This is sometimes called
  "perfect forwarding".)</li>

  <li>Rvalue references make it possible to implement
  types that are movable but not copyable, which can be
  useful for types that have no sensible definition of
  copying but where you might still want to pass them as
  function arguments, put them in containers, etc.</li>

  <li><code>std::move</code> is necessary to make
  effective use of some standard-library types, such as
  <code>std::unique_ptr</code>.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>Rvalue references are a relatively new feature
  (introduced as part of C++11), and not yet widely
  understood. Rules like reference collapsing, and
  automatic synthesis of move constructors, are
  complicated.</li>
</ul>
</div>

<div class="decision">
  <p>Use rvalue references only to define move constructors and move assignment
  operators (as described in <a href="#Copyable_Movable_Types">Copyable and
  Movable Types</a>) and, in conjunction with <code><a href="http://en.cppreference.com/w/cpp/utility/forward">std::forward</a></code>,
to support perfect forwarding.  You may use <code>std::move</code> to express
moving a value from one object to another rather than copying it. </p>
</div>

</div> 

<h3 id="Friends">Friends</h3>

<div class="summary">
<p>We allow use of <code>friend</code> classes and functions,
within reason.</p>
</div>

<div class="stylebody">

<p>Friends should usually be defined in the same file so
that the reader does not have to look in another file to
find uses of the private members of a class. A common use
of <code>friend</code> is to have a
<code>FooBuilder</code> class be a friend of
<code>Foo</code> so that it can construct the inner state
of <code>Foo</code> correctly, without exposing this
state to the world. In some cases it may be useful to
make a unittest class a friend of the class it tests.</p>

<p>Friends extend, but do not break, the encapsulation
boundary of a class. In some cases this is better than
making a member public when you want to give only one
other class access to it. However, most classes should
interact with other classes solely through their public
members.</p>

</div> 

<h3 id="Exceptions">Exceptions</h3>

<div class="summary">
<p>We do not use C++ exceptions.</p>
</div>

<div class="stylebody">

<div class="pros">
<ul>
  <li>Exceptions allow higher levels of an application to
  decide how to handle "can't happen" failures in deeply
  nested functions, without the obscuring and error-prone
  bookkeeping of error codes.</li>

  

  <li>Exceptions are used by most other
  modern languages. Using them in C++ would make it more
  consistent with Python, Java, and the C++ that others
  are familiar with.</li>

  <li>Some third-party C++ libraries use exceptions, and
  turning them off internally makes it harder to
  integrate with those libraries.</li>

  <li>Exceptions are the only way for a constructor to
  fail. We can simulate this with a factory function or
  an <code>Init()</code> method, but these require heap
  allocation or a new "invalid" state, respectively.</li>

  <li>Exceptions are really handy in testing
  frameworks.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>When you add a <code>throw</code> statement to an
  existing function, you must examine all of its
  transitive callers. Either they must make at least the
  basic exception safety guarantee, or they must never
  catch the exception and be happy with the program
  terminating as a result. For instance, if
  <code>f()</code> calls <code>g()</code> calls
  <code>h()</code>, and <code>h</code> throws an
  exception that <code>f</code> catches, <code>g</code>
  has to be careful or it may not clean up properly.</li>

  <li>More generally, exceptions make the control flow of
  programs difficult to evaluate by looking at code:
  functions may return in places you don't expect. This
  causes maintainability and debugging difficulties. You
  can minimize this cost via some rules on how and where
  exceptions can be used, but at the cost of more that a
  developer needs to know and understand.</li>

  <li>Exception safety requires both RAII and different
  coding practices. Lots of supporting machinery is
  needed to make writing correct exception-safe code
  easy. Further, to avoid requiring readers to understand
  the entire call graph, exception-safe code must isolate
  logic that writes to persistent state into a "commit"
  phase. This will have both benefits and costs (perhaps
  where you're forced to obfuscate code to isolate the
  commit). Allowing exceptions would force us to always
  pay those costs even when they're not worth it.</li>

  <li>Turning on exceptions adds data to each binary
  produced, increasing compile time (probably slightly)
  and possibly increasing address space pressure.
  </li>

  <li>The availability of exceptions may encourage
  developers to throw them when they are not appropriate
  or recover from them when it's not safe to do so. For
  example, invalid user input should not cause exceptions
  to be thrown. We would need to make the style guide
  even longer to document these restrictions!</li>
</ul>
</div>

<div class="decision">
<p>On their face, the benefits of using exceptions
outweigh the costs, especially in new projects. However,
for existing code, the introduction of exceptions has
implications on all dependent code. If exceptions can be
propagated beyond a new project, it also becomes
problematic to integrate the new project into existing
exception-free code. Because most existing C++ code at
Google is not prepared to deal with exceptions, it is
comparatively difficult to adopt new code that generates
exceptions.</p>

<p>Given that Google's existing code is not
exception-tolerant, the costs of using exceptions are
somewhat greater than the costs in a new project. The
conversion process would be slow and error-prone. We
don't believe that the available alternatives to
exceptions, such as error codes and assertions, introduce
a significant burden. </p>

<p>Our advice against using exceptions is not predicated
on philosophical or moral grounds, but practical ones.
 Because we'd like to use our open-source
projects at Google and it's difficult to do so if those
projects use exceptions, we need to advise against
exceptions in Google open-source projects as well.
Things would probably be different if we had to do it all
over again from scratch.</p>

<p>This prohibition also applies to the exception handling related
features added in C++11, such as
<code>std::exception_ptr</code> and
<code>std::nested_exception</code>.</p>

<p>There is an <a href="#Windows_Code">exception</a> to
this rule (no pun intended) for Windows code.</p>

</div>

</div> 

<h3 id="noexcept"><code>noexcept</code></h3>

<div class="summary">
<p>Specify <code>noexcept</code> when it is useful and correct.</p>
</div>

<div class="stylebody">
<div class="definition">
<p>The <code>noexcept</code> specifier is used to specify whether
a function will throw exceptions or not. If an exception
escapes from a function marked <code>noexcept</code>, the program
crashes via <code>std::terminate</code>.</p>

<p>The <code>noexcept</code> operator performs a compile-time
check that returns true if an expression is declared to not
throw any exceptions.</p>

</div>

<div class="pros">
<ul>
  <li>Specifying move constructors as <code>noexcept</code>
  improves performance in some cases, e.g.
  <code>std::vector&lt;T&gt;::resize()</code> moves rather than
  copies the objects if T's move constructor is
  <code>noexcept</code>.</li>

  <li>Specifying <code>noexcept</code> on a function can
  trigger compiler optimizations in environments where
  exceptions are enabled, e.g. compiler does not have to
  generate extra code for stack-unwinding, if it knows
  that no exceptions can be thrown due to a
  <code>noexcept</code> specifier.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>
  
  In projects following this guide
  that have exceptions disabled it is hard
  to ensure that <code>noexcept</code>
  specifiers are correct, and hard to define what
  correctness even means.</li>

  <li>It's hard, if not impossible, to undo <code>noexcept</code>
  because it eliminates a guarantee that callers may be relying
  on, in ways that are hard to detect.</li>
</ul>
</div>

<div class="decision">
<p>You may use <code>noexcept</code> when it is useful for
performance if it accurately reflects the intended semantics
of your function, i.e. that if an exception is somehow thrown
from within the function body then it represents a fatal error.
You can assume that <code>noexcept</code> on move constructors
has a meaningful performance benefit. If you think
there is significant performance benefit from specifying
<code>noexcept</code> on some other function, please discuss it
with 
your project leads.</p>

<p>Prefer unconditional <code>noexcept</code> if exceptions are
completely disabled (i.e. most Google C++ environments).
Otherwise, use conditional <code>noexcept</code> specifiers
with simple conditions, in ways that evaluate false only in
the few cases where the function could potentially throw.
The tests might include type traits check on whether the
involved operation might throw (e.g.
<code>std::is_nothrow_move_constructible</code> for
move-constructing objects), or on whether allocation can throw
(e.g. <code>absl::default_allocator_is_nothrow</code> for
standard default allocation). Note in many cases the only
possible cause for an exception is allocation failure (we
believe move constructors should not throw except due to
allocation failure), and there are many applications where it&#8217;s
appropriate to treat memory exhaustion as a fatal error rather
than an exceptional condition that your program should attempt
to recover from.  Even for other
potential failures you should prioritize interface simplicity
over supporting all possible exception throwing scenarios:
instead of writing a complicated <code>noexcept</code> clause
that depends on whether a hash function can throw, for example,
simply document that your component doesn&#8217;t support hash
functions throwing and make it unconditionally
<code>noexcept</code>.</p>

</div>

</div> 

<h3 id="Run-Time_Type_Information__RTTI_">Run-Time Type
Information (RTTI)</h3>

<div class="summary">
<p>Avoid using Run Time Type Information (RTTI).</p>
</div>

<div class="stylebody">

<div class="definition">
<p> RTTI allows a
programmer to query the C++ class of an object at run
time. This is done by use of <code>typeid</code> or
<code>dynamic_cast</code>.</p>
</div>

<div class="cons">
<p>Querying the type of an object at run-time frequently
means a design problem. Needing to know the type of an
object at runtime is often an indication that the design
of your class hierarchy is flawed.</p>

<p>Undisciplined use of RTTI makes code hard to maintain.
It can lead to type-based decision trees or switch
statements scattered throughout the code, all of which
must be examined when making further changes.</p>
</div>

<div class="pros">
<p>The standard alternatives to RTTI (described below)
require modification or redesign of the class hierarchy
in question. Sometimes such modifications are infeasible
or undesirable, particularly in widely-used or mature
code.</p>

<p>RTTI can be useful in some unit tests. For example, it
is useful in tests of factory classes where the test has
to verify that a newly created object has the expected
dynamic type. It is also useful in managing the
relationship between objects and their mocks.</p>

<p>RTTI is useful when considering multiple abstract
objects. Consider</p>

<pre>bool Base::Equal(Base* other) = 0;
bool Derived::Equal(Base* other) {
  Derived* that = dynamic_cast&lt;Derived*&gt;(other);
  if (that == nullptr)
    return false;
  ...
}
</pre>
</div>

<div class="decision">
<p>RTTI has legitimate uses but is prone to abuse, so you
must be careful when using it. You may use it freely in
unittests, but avoid it when possible in other code. In
particular, think twice before using RTTI in new code. If
you find yourself needing to write code that behaves
differently based on the class of an object, consider one
of the following alternatives to querying the type:</p>

<ul>
  <li>Virtual methods are the preferred way of executing
  different code paths depending on a specific subclass
  type. This puts the work within the object itself.</li>

  <li>If the work belongs outside the object and instead
  in some processing code, consider a double-dispatch
  solution, such as the Visitor design pattern. This
  allows a facility outside the object itself to
  determine the type of class using the built-in type
  system.</li>
</ul>

<p>When the logic of a program guarantees that a given
instance of a base class is in fact an instance of a
particular derived class, then a
<code>dynamic_cast</code> may be used freely on the
object.  Usually one
can use a <code>static_cast</code> as an alternative in
such situations.</p>

<p>Decision trees based on type are a strong indication
that your code is on the wrong track.</p>

<pre class="badcode">if (typeid(*data) == typeid(D1)) {
  ...
} else if (typeid(*data) == typeid(D2)) {
  ...
} else if (typeid(*data) == typeid(D3)) {
...
</pre>

<p>Code such as this usually breaks when additional
subclasses are added to the class hierarchy. Moreover,
when properties of a subclass change, it is difficult to
find and modify all the affected code segments.</p>

<p>Do not hand-implement an RTTI-like workaround. The
arguments against RTTI apply just as much to workarounds
like class hierarchies with type tags. Moreover,
workarounds disguise your true intent.</p>
</div>

</div> 

<h3 id="Casting">Casting</h3>

<div class="summary">
<p>Use C++-style casts
like <code>static_cast&lt;float&gt;(double_value)</code>, or brace
initialization for conversion of arithmetic types like
<code>int64 y = int64{1} &lt;&lt; 42</code>. Do not use
cast formats like
<code>int y = (int)x</code> or <code>int y = int(x)</code> (but the latter
is okay when invoking a constructor of a class type).</p>
</div>

<div class="stylebody">

<div class="definition">
<p> C++ introduced a
different cast system from C that distinguishes the types
of cast operations.</p>
</div>

<div class="pros">
<p>The problem with C casts is the ambiguity of the operation;
sometimes you are doing a <em>conversion</em>
(e.g., <code>(int)3.5</code>) and sometimes you are doing
a <em>cast</em> (e.g., <code>(int)"hello"</code>). Brace
initialization and C++ casts can often help avoid this
ambiguity. Additionally, C++ casts are more visible when searching for
them.</p>
</div>

<div class="cons">
<p>The C++-style cast syntax is verbose and cumbersome.</p>
</div>

<div class="decision">
<p>Do not use C-style casts. Instead, use these C++-style casts when
explicit type conversion is necessary. </p>

<ul>
  <li>Use brace initialization to convert arithmetic types
  (e.g. <code>int64{x}</code>).  This is the safest approach because code
  will not compile if conversion can result in information loss.  The
  syntax is also concise.</li>

  

  <li>Use <code>static_cast</code> as the equivalent of a C-style cast
  that does value conversion, when you need to
  explicitly up-cast a pointer from a class to its superclass, or when
  you need to explicitly cast a pointer from a superclass to a
  subclass.  In this last case, you must be sure your object is
  actually an instance of the subclass.</li>

   

  <li>Use <code>const_cast</code> to remove the
  <code>const</code> qualifier (see <a href="#Use_of_const">const</a>).</li>

  <li>Use <code>reinterpret_cast</code> to do unsafe
  conversions of pointer types to and from integer and
  other pointer types. Use this only if you know what you
  are doing and you understand the aliasing issues.
  </li>

  
</ul>

<p>See the <a href="#Run-Time_Type_Information__RTTI_">
RTTI section</a> for guidance on the use of
<code>dynamic_cast</code>.</p>
</div>

</div> 

<h3 id="Streams">Streams</h3>

<div class="summary">
<p>Use streams where appropriate, and stick to "simple"
usages. Overload <code>&lt;&lt;</code> for streaming only for types
representing values, and write only the user-visible value, not any
implementation details.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>Streams are the standard I/O abstraction in C++, as
exemplified by the standard header <code>&lt;iostream&gt;</code>.
They are widely used in Google code, but only for debug logging
and test diagnostics.</p>
</div>

<div class="pros">
<p>The <code>&lt;&lt;</code> and <code>&gt;&gt;</code>
stream operators provide an API for formatted I/O that
is easily learned, portable, reusable, and extensible.
<code>printf</code>, by contrast, doesn't even support
<code>string</code>, to say nothing of user-defined types,
and is very difficult to use portably.
<code>printf</code> also obliges you to choose among the
numerous slightly different versions of that function,
and navigate the dozens of conversion specifiers.</p>

<p>Streams provide first-class support for console I/O
via <code>std::cin</code>, <code>std::cout</code>,
<code>std::cerr</code>, and <code>std::clog</code>.
The C APIs do as well, but are hampered by the need to
manually buffer the input. </p>
</div>

<div class="cons">
<ul>
<li>Stream formatting can be configured by mutating the
state of the stream. Such mutations are persistent, so
the behavior of your code can be affected by the entire
previous history of the stream, unless you go out of your
way to restore it to a known state every time other code
might have touched it. User code can not only modify the
built-in state, it can add new state variables and behaviors
through a registration system.</li>

<li>It is difficult to precisely control stream output, due
to the above issues, the way code and data are mixed in
streaming code, and the use of operator overloading (which
may select a different overload than you expect).</li>

<li>The practice of building up output through chains
of <code>&lt;&lt;</code> operators interferes with
internationalization, because it bakes word order into the
code, and streams' support for localization is <a href="http://www.boost.org/doc/libs/1_48_0/libs/locale/doc/html/rationale.html#rationale_why">
flawed</a>.</li>





<li>The streams API is subtle and complex, so programmers must
develop experience with it in order to use it effectively.</li>

<li>Resolving the many overloads of <code>&lt;&lt;</code> is
extremely costly for the compiler. When used pervasively in a
large code base, it can consume as much as 20% of the parsing
and semantic analysis time.</li>
</ul>
</div>

<div class="decision">
<p>Use streams only when they are the best tool for the job.
This is typically the case when the I/O is ad-hoc, local,
human-readable, and targeted at other developers rather than
end-users. Be consistent with the code around you, and with the
codebase as a whole; if there's an established tool for
your problem, use that tool instead.
In particular,
logging libraries are usually a better
choice than <code>std::cerr</code> or <code>std::clog</code>
for diagnostic output, and the libraries in

<code>absl/strings</code>
or the equivalent are usually a
better choice than <code>std::stringstream</code>.</p>

<p>Avoid using streams for I/O that faces external users or
handles untrusted data. Instead, find and use the appropriate
templating libraries to handle issues like internationalization,
localization, and security hardening.</p>

<p>If you do use streams, avoid the stateful parts of the
streams API (other than error state), such as <code>imbue()</code>,
<code>xalloc()</code>, and <code>register_callback()</code>.
Use explicit formatting functions (see e.g.

<code>absl/strings</code>)
rather than
stream manipulators or formatting flags to control formatting
details such as number base, precision, or padding.</p>

<p>Overload <code>&lt;&lt;</code> as a streaming operator
for your type only if your type represents a value, and
<code>&lt;&lt;</code> writes out a human-readable string
representation of that value. Avoid exposing implementation
details in the output of <code>&lt;&lt;</code>; if you need to print
object internals for debugging, use named functions instead
(a method named <code>DebugString()</code> is the most common
convention).</p>
</div>

</div> 

<h3 id="Preincrement_and_Predecrement">Preincrement and Predecrement</h3>

<div class="summary">
<p>Use prefix form (<code>++i</code>) of the increment and
decrement operators with iterators and other template
objects.</p>
</div>

<div class="stylebody">

<div class="definition">
<p> When a variable
is incremented (<code>++i</code> or <code>i++</code>) or
decremented (<code>--i</code> or <code>i--</code>) and
the value of the expression is not used, one must decide
whether to preincrement (decrement) or postincrement
(decrement).</p>
</div>

<div class="pros">
<p>When the return value is ignored, the "pre" form
(<code>++i</code>) is never less efficient than the
"post" form (<code>i++</code>), and is often more
efficient. This is because post-increment (or decrement)
requires a copy of <code>i</code> to be made, which is
the value of the expression. If <code>i</code> is an
iterator or other non-scalar type, copying <code>i</code>
could be expensive. Since the two types of increment
behave the same when the value is ignored, why not just
always pre-increment?</p>
</div>

<div class="cons">
<p>The tradition developed, in C, of using post-increment
when the expression value is not used, especially in
<code>for</code> loops. Some find post-increment easier
to read, since the "subject" (<code>i</code>) precedes
the "verb" (<code>++</code>), just like in English.</p>
</div>

<div class="decision">
<p> For simple scalar
(non-object) values there is no reason to prefer one form
and we allow either. For iterators and other template
types, use pre-increment.</p>
</div>

</div> 

<h3 id="Use_of_const">Use of const</h3>

<div class="summary">
<p>Use <code>const</code> whenever it makes sense. With C++11,
<code>constexpr</code> is a better choice for some uses of
const.</p>
</div>

<div class="stylebody">

<div class="definition">
<p> Declared variables and parameters can be preceded
by the keyword <code>const</code> to indicate the variables
are not changed (e.g., <code>const int foo</code>). Class
functions can have the <code>const</code> qualifier to
indicate the function does not change the state of the
class member variables (e.g., <code>class Foo { int
Bar(char c) const; };</code>).</p>
</div>

<div class="pros">
<p>Easier for people to understand how variables are being
used. Allows the compiler to do better type checking,
and, conceivably, generate better code. Helps people
convince themselves of program correctness because they
know the functions they call are limited in how they can
modify your variables. Helps people know what functions
are safe to use without locks in multi-threaded
programs.</p>
</div>

<div class="cons">
<p><code>const</code> is viral: if you pass a
<code>const</code> variable to a function, that function
must have <code>const</code> in its prototype (or the
variable will need a <code>const_cast</code>). This can
be a particular problem when calling library
functions.</p>
</div>

<div class="decision">
<p><code>const</code> variables, data members, methods
and arguments add a level of compile-time type checking;
it is better to detect errors as soon as possible.
Therefore we strongly recommend that you use
<code>const</code> whenever it makes sense to do so:</p>

<ul>
  <li>If a function guarantees that it will not modify an argument
  passed by reference or by pointer, the corresponding function parameter
  should be a reference-to-const (<code>const T&amp;</code>) or
  pointer-to-const (<code>const T*</code>), respectively.</li>

  <li>Declare methods to be <code>const</code> whenever
  possible. Accessors should almost always be
  <code>const</code>. Other methods should be const if
  they do not modify any data members, do not call any
  non-<code>const</code> methods, and do not return a
  non-<code>const</code> pointer or
  non-<code>const</code> reference to a data member.</li>

  <li>Consider making data members <code>const</code>
  whenever they do not need to be modified after
  construction.</li>
</ul>

<p>The <code>mutable</code> keyword is allowed but is
unsafe when used with threads, so thread safety should be
carefully considered first.</p>
</div>

<div class="stylepoint_subsection">
<h4>Where to put the const</h4>

<p>Some people favor the form <code>int const *foo</code>
to <code>const int* foo</code>. They argue that this is
more readable because it's more consistent: it keeps the
rule that <code>const</code> always follows the object
it's describing. However, this consistency argument
doesn't apply in codebases with few deeply-nested pointer
expressions since most <code>const</code> expressions
have only one <code>const</code>, and it applies to the
underlying value. In such cases, there's no consistency
to maintain. Putting the <code>const</code> first is
arguably more readable, since it follows English in
putting the "adjective" (<code>const</code>) before the
"noun" (<code>int</code>).</p>

<p>That said, while we encourage putting
<code>const</code> first, we do not require it. But be
consistent with the code around you!</p>
</div>

</div> 

<h3 id="Use_of_constexpr">Use of constexpr</h3>

<div class="summary">
<p>In C++11, use <code>constexpr</code> to define true
constants or to ensure constant initialization.</p>
</div>

<div class="stylebody">

<div class="definition">
<p> Some variables can be declared <code>constexpr</code>
to indicate the variables are true constants, i.e. fixed at
compilation/link time. Some functions and constructors
can be declared <code>constexpr</code> which enables them
to be used in defining a <code>constexpr</code>
variable.</p>
</div>

<div class="pros">
<p>Use of <code>constexpr</code> enables definition of
constants with floating-point expressions rather than
just literals; definition of constants of user-defined
types; and definition of constants with function
calls.</p>
</div>

<div class="cons">
<p>Prematurely marking something as constexpr may cause
migration problems if later on it has to be downgraded.
Current restrictions on what is allowed in constexpr
functions and constructors may invite obscure workarounds
in these definitions.</p>
</div>

<div class="decision">
<p><code>constexpr</code> definitions enable a more
robust specification of the constant parts of an
interface. Use <code>constexpr</code> to specify true
constants and the functions that support their
definitions. Avoid complexifying function definitions to
enable their use with <code>constexpr</code>. Do not use
<code>constexpr</code> to force inlining.</p>
</div>

</div> 

<h3 id="Integer_Types">Integer Types</h3>

<div class="summary">
<p>Of the built-in C++ integer types, the only one used
 is
<code>int</code>. If a program needs a variable of a
different size, use 
a precise-width integer type from
<code>&lt;stdint.h&gt;</code>, such as
<code>int16_t</code>. If your variable represents a
value that could ever be greater than or equal to 2^31
(2GiB), use a 64-bit type such as
<code>int64_t</code>.
Keep in mind that even if your value won't ever be too large
for an <code>int</code>, it may be used in intermediate
calculations which may require a larger type. When in doubt,
choose a larger type.</p>
</div>

<div class="stylebody">

<div class="definition">
<p> C++ does not specify the sizes of integer types
like <code>int</code>. Typically people assume
that <code>short</code> is 16 bits,
<code>int</code> is 32 bits, <code>long</code> is 32 bits
and <code>long long</code> is 64 bits.</p>
</div>

<div class="pros">
<p>Uniformity of declaration.</p>
</div>

<div class="cons">
<p>The sizes of integral types in C++ can vary based on
compiler and architecture.</p>
</div>

<div class="decision">

<p>
<code>&lt;stdint.h&gt;</code> defines types
like <code>int16_t</code>, <code>uint32_t</code>,
<code>int64_t</code>, etc. You should always use
those in preference to <code>short</code>, <code>unsigned
long long</code> and the like, when you need a guarantee
on the size of an integer. Of the C integer types, only
<code>int</code> should be used. When appropriate, you
are welcome to use standard types like
<code>size_t</code> and <code>ptrdiff_t</code>.</p>

<p>We use <code>int</code> very often, for integers we
know are not going to be too big, e.g., loop counters.
Use plain old <code>int</code> for such things. You
should assume that an <code>int</code> is

at least 32 bits, but don't
assume that it has more than 32 bits. If you need a 64-bit
integer type, use
<code>int64_t</code>
or
<code>uint64_t</code>.</p>

<p>For integers we know can be "big",
 use
<code>int64_t</code>.
</p>

<p>You should not use the unsigned integer types such as
<code>uint32_t</code>, unless there is a valid
reason such as representing a bit pattern rather than a
number, or you need defined overflow modulo 2^N. In
particular, do not use unsigned types to say a number
will never be negative. Instead, use 
assertions for this.</p>



<p>If your code is a container that returns a size, be
sure to use a type that will accommodate any possible
usage of your container. When in doubt, use a larger type
rather than a smaller type.</p>

<p>Use care when converting integer types. Integer conversions and
promotions can cause undefined behavior, leading to security bugs and
other problems.</p>
</div>

<div class="stylepoint_subsection">

<h4>On Unsigned Integers</h4>

<p>Unsigned integers are good for representing bitfields and modular
arithmetic. Because of historical accident, the C++ standard also uses
unsigned integers to represent the size of containers - many members
of the standards body believe this to be a mistake, but it is
effectively impossible to fix at this point. The fact that unsigned
arithmetic doesn't model the behavior of a simple integer, but is
instead defined by the standard to model modular arithmetic (wrapping
around on overflow/underflow), means that a significant class of bugs
cannot be diagnosed by the compiler. In other cases, the defined
behavior impedes optimization.</p>

<p>That said, mixing signedness of integer types is responsible for an
equally large class of problems. The best advice we can provide: try
to use iterators and containers rather than pointers and sizes, try
not to mix signedness, and try to avoid unsigned types (except for
representing bitfields or modular arithmetic). Do not use an unsigned
type merely to assert that a variable is non-negative.</p>
</div>

</div> 

<h3 id="64-bit_Portability">64-bit Portability</h3>

<div class="summary">
<p>Code should be 64-bit and 32-bit friendly. Bear in mind
problems of printing, comparisons, and structure alignment.</p>
</div>

<div class="stylebody">

<ul>
  <li>
  <p>Correct portable <code>printf()</code> conversion specifiers for
  some integral typedefs rely on macro expansions that we find unpleasant to
  use and impractical to require (the <code>PRI</code> macros from
  <code>&lt;cinttypes&gt;</code>). Unless there is no reasonable alternative
  for your particular case, try to avoid or even upgrade APIs that rely on the
  <code>printf</code> family. Instead use a library supporting typesafe numeric
  formatting, such as
    
    <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/str_cat.h"><code>StrCat</code></a>
    or
    
    <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/substitute.h"><code>Substitute</code></a>
    for fast simple conversions,
  
  or <a href="#Streams"><code>std::ostream</code></a>.</p>

  <p>Unfortunately, the <code>PRI</code> macros are the only portable way to
  specify a conversion for the standard bitwidth typedefs (e.g.
  <code>int64_t</code>, <code>uint64_t</code>, <code>int32_t</code>,
  <code>uint32_t</code>, etc).
  
  Where possible, avoid passing arguments of types specified by bitwidth
  typedefs to <code>printf</code>-based APIs. Note that it is acceptable
  to use typedefs for which printf has dedicated length modifiers, such as
  <code>size_t</code> (<code>z</code>),
  <code>ptrdiff_t</code> (<code>t</code>), and
  <code>maxint_t</code> (<code>j</code>).</p>
  </li>

  <li>Remember that <code>sizeof(void *)</code> !=
  <code>sizeof(int)</code>. Use <code>intptr_t</code> if
  you want a pointer-sized integer.</li>

  <li>You may need to be careful with structure
  alignments, particularly for structures being stored on
  disk. Any class/structure with a 
  <code>int64_t</code>/<code>uint64_t</code>
  member will by default end up being 8-byte aligned on a
  64-bit system. If you have such structures being shared
  on disk between 32-bit and 64-bit code, you will need
  to ensure that they are packed the same on both
  architectures. 
  Most compilers offer a way to
  alter structure alignment. For gcc, you can use
  <code>__attribute__((packed))</code>. MSVC offers
  <code>#pragma pack()</code> and
  <code>__declspec(align())</code>.</li>

  <li>
  <p>Use <a href="#Casting">braced-initialization</a> as needed to create
  64-bit constants. For example:</p>


<pre>int64_t my_value{0x123456789};
uint64_t my_mask{3ULL &lt;&lt; 48};
</pre>
  </li>
</ul>

</div> 

<h3 id="Preprocessor_Macros">Preprocessor Macros</h3>

<div class="summary">
<p>Avoid defining macros, especially in headers; prefer
inline functions, enums, and <code>const</code> variables.
Name macros with a project-specific prefix. Do not use
macros to define pieces of a C++ API.</p>
</div>

<div class="stylebody">

<p>Macros mean that the code you see is not the same as
the code the compiler sees. This can introduce unexpected
behavior, especially since macros have global scope.</p>

<p>The problems introduced by macros are especially severe
when they are used to define pieces of a C++ API,
and still more so for public APIs. Every error message from
the compiler when developers incorrectly use that interface
now must explain how the macros formed the interface.
Refactoring and analysis tools have a dramatically harder
time updating the interface. As a consequence, we
specifically disallow using macros in this way.
For example, avoid patterns like:</p>

<pre class="badcode">class WOMBAT_TYPE(Foo) {
  // ...

 public:
  EXPAND_PUBLIC_WOMBAT_API(Foo)

  EXPAND_WOMBAT_COMPARISONS(Foo, ==, &lt;)
};
</pre>

<p>Luckily, macros are not nearly as necessary in C++ as
they are in C. Instead of using a macro to inline
performance-critical code, use an inline function.
Instead of using a macro to store a constant, use a
<code>const</code> variable. Instead of using a macro to
"abbreviate" a long variable name, use a reference.
Instead of using a macro to conditionally compile code
... well, don't do that at all (except, of course, for
the <code>#define</code> guards to prevent double
inclusion of header files). It makes testing much more
difficult.</p>

<p>Macros can do things these other techniques cannot,
and you do see them in the codebase, especially in the
lower-level libraries. And some of their special features
(like stringifying, concatenation, and so forth) are not
available through the language proper. But before using a
macro, consider carefully whether there's a non-macro way
to achieve the same result. If you need to use a macro to
define an interface, contact 
your project leads to request
a waiver of this rule.</p>

<p>The following usage pattern will avoid many problems
with macros; if you use macros, follow it whenever
possible:</p>

<ul>
  <li>Don't define macros in a <code>.h</code> file.</li>

  <li><code>#define</code> macros right before you use
  them, and <code>#undef</code> them right after.</li>

  <li>Do not just <code>#undef</code> an existing macro
  before replacing it with your own; instead, pick a name
  that's likely to be unique.</li>

  <li>Try not to use macros that expand to unbalanced C++
  constructs, or at least document that behavior
  well.</li>

  <li>Prefer not using <code>##</code> to generate
  function/class/variable names.</li>
</ul>

<p>Exporting macros from headers (i.e. defining them in a header
without <code>#undef</code>ing them before the end of the header)
is extremely strongly discouraged. If you do export a macro from a
header, it must have a globally unique name. To achieve this, it
must be named with a prefix consisting of your project's namespace
name (but upper case). </p>

</div> 

<h3 id="0_and_nullptr/NULL">0 and nullptr/NULL</h3>

<div class="summary">
<p>Use <code>0</code> for integers, <code>0.0</code> for reals,
<code>nullptr</code> for pointers, and <code>'\0'</code> for chars.</p>
</div>

<div class="stylebody">

<p>Use <code>0</code> for integers and <code>0.0</code> for reals.</p>

<p>For pointers (address values), there is a choice between <code>0</code>,
<code>NULL</code>, and <code>nullptr</code>. For projects that allow C++11
features, use <code>nullptr</code>, as this provides type-safety.</p>

<p>For C++03 projects, prefer <code>NULL</code> to <code>0</code>. While the
values are equivalent, <code>NULL</code> looks more like a pointer to the
reader, and some C++ compilers provide special definitions of <code>NULL</code>
which enable them to give useful warnings.</p>

<p>Use <code>'\0'</code> for the null character. Using the correct type makes
the code more readable.</p>

</div> 

<h3 id="sizeof">sizeof</h3>

<div class="summary">
<p>Prefer <code>sizeof(<var>varname</var>)</code> to
<code>sizeof(<var>type</var>)</code>.</p>
</div>

<div class="stylebody">

<p>Use <code>sizeof(<var>varname</var>)</code> when you
take the size of a particular variable.
<code>sizeof(<var>varname</var>)</code> will update
appropriately if someone changes the variable type either
now or later. You may use
<code>sizeof(<var>type</var>)</code> for code unrelated
to any particular variable, such as code that manages an
external or internal data format where a variable of an
appropriate C++ type is not convenient.</p>

<pre>Struct data;
memset(&amp;data, 0, sizeof(data));
</pre>

<pre class="badcode">memset(&amp;data, 0, sizeof(Struct));
</pre>

<pre>if (raw_size &lt; sizeof(int)) {
  LOG(ERROR) &lt;&lt; "compressed record not big enough for count: " &lt;&lt; raw_size;
  return false;
}
</pre>

</div> 

<h3 id="auto">auto</h3>

<div class="summary">
<p>Use <code>auto</code> to avoid type names that are noisy, obvious,
or unimportant - cases where the type doesn't aid in clarity for the
reader. Continue to use manifest type declarations when it helps
readability.</p>
</div>

<div class="stylebody">

<div class="pros">

<ul>
<li>C++ type names can be long and cumbersome, especially when they
involve templates or namespaces.</li>
<li>When a C++ type name is repeated within a single declaration or a
small code region, the repetition may not be aiding readability.</li>
<li>It is sometimes safer to let the type be specified by the type of
the initialization expression, since that avoids the possibility of
unintended copies or type conversions.</li>
</ul>
</div>
<div class="cons">

<p>Sometimes code is clearer when types are manifest,
especially when a variable's initialization depends on
things that were declared far away. In expressions
like:</p>

<pre class="badcode">auto foo = x.add_foo();
auto i = y.Find(key);
</pre>

<p>it may not be obvious what the resulting types are if the type
of <code>y</code> isn't very well known, or if <code>y</code> was
declared many lines earlier.</p>

<p>Programmers have to understand the difference between
<code>auto</code> and <code>const auto&amp;</code> or
they'll get copies when they didn't mean to.</p>

<p>If an <code>auto</code> variable is used as part of an
interface, e.g. as a constant in a header, then a
programmer might change its type while only intending to
change its value, leading to a more radical API change
than intended.</p>
</div>

<div class="decision">

<p><code>auto</code> is permitted when it increases readability,
particularly as described below. Never initialize an <code>auto</code>-typed
variable with a braced initializer list.</p>

<p>Specific cases where <code>auto</code> is allowed or encouraged:
</p><ul>
<li>(Encouraged) For iterators and other long/cluttery type names, particularly
when the type is clear from context (calls
to <code>find</code>, <code>begin</code>, or <code>end</code> for
instance).</li>
<li>(Allowed) When the type is clear from local context (in the same expression
or within a few lines).  Initialization of a pointer or smart pointer
with calls
to <code>new</code> and 
<code>std::make_unique</code>
commonly falls into this category, as does use of <code>auto</code> in
a range-based loop over a container whose type is spelled out
nearby.</li>
<li>(Allowed) When the type doesn't matter because it isn't being used for
anything other than equality comparison.</li>
<li>(Encouraged) When iterating over a map with a range-based loop
(because it is often assumed that the correct type
is <code>std::pair&lt;KeyType, ValueType&gt;</code> whereas it is actually
<code>std::pair&lt;const KeyType, ValueType&gt;</code>). This is
particularly well paired with local <code>key</code>
and <code>value</code> aliases for <code>.first</code>
and <code>.second</code> (often const-ref).
<pre class="code">for (const auto&amp; item : some_map) {
  const KeyType&amp; key = item.first;
  const ValType&amp; value = item.second;
  // The rest of the loop can now just refer to key and value,
  // a reader can see the types in question, and we've avoided
  // the too-common case of extra copies in this iteration.
}
</pre>
</li>
</ul>

</div>

</div> 

<h3 id="Braced_Initializer_List">Braced Initializer List</h3>

<div class="summary">
<p>You may use braced initializer lists.</p>
</div>

<div class="stylebody">

<p>In C++03, aggregate types (arrays and structs with no
constructor) could be initialized with braced initializer lists.</p>

<pre>struct Point { int x; int y; };
Point p = {1, 2};
</pre>

<p>In C++11, this syntax was generalized, and any object type can now
be created with a braced initializer list, known as a
<i>braced-init-list</i> in the C++ grammar. Here are a few examples
of its use.</p>

<pre>// Vector takes a braced-init-list of elements.
std::vector&lt;string&gt; v{"foo", "bar"};

// Basically the same, ignoring some small technicalities.
// You may choose to use either form.
std::vector&lt;string&gt; v = {"foo", "bar"};

// Usable with 'new' expressions.
auto p = new std::vector&lt;string&gt;{"foo", "bar"};

// A map can take a list of pairs. Nested braced-init-lists work.
std::map&lt;int, string&gt; m = {{1, "one"}, {2, "2"}};

// A braced-init-list can be implicitly converted to a return type.
std::vector&lt;int&gt; test_function() { return {1, 2, 3}; }

// Iterate over a braced-init-list.
for (int i : {-1, -2, -3}) {}

// Call a function using a braced-init-list.
void TestFunction2(std::vector&lt;int&gt; v) {}
TestFunction2({1, 2, 3});
</pre>

<p>A user-defined type can also define a constructor and/or assignment operator
that take <code>std::initializer_list&lt;T&gt;</code>, which is automatically
created from <i>braced-init-list</i>:</p>

<pre>class MyType {
 public:
  // std::initializer_list references the underlying init list.
  // It should be passed by value.
  MyType(std::initializer_list&lt;int&gt; init_list) {
    for (int i : init_list) append(i);
  }
  MyType&amp; operator=(std::initializer_list&lt;int&gt; init_list) {
    clear();
    for (int i : init_list) append(i);
  }
};
MyType m{2, 3, 5, 7};
</pre>

<p>Finally, brace initialization can also call ordinary
constructors of data types, even if they do not have
<code>std::initializer_list&lt;T&gt;</code> constructors.</p>

<pre>double d{1.23};
// Calls ordinary constructor as long as MyOtherType has no
// std::initializer_list constructor.
class MyOtherType {
 public:
  explicit MyOtherType(string);
  MyOtherType(int, string);
};
MyOtherType m = {1, "b"};
// If the constructor is explicit, you can't use the "= {}" form.
MyOtherType m{"b"};
</pre>

<p>Never assign a <i>braced-init-list</i> to an auto
local variable. In the single element case, what this
means can be confusing.</p>

<pre class="badcode">auto d = {1.23};        // d is a std::initializer_list&lt;double&gt;
</pre>

<pre>auto d = double{1.23};  // Good -- d is a double, not a std::initializer_list.
</pre>

<p>See <a href="#Braced_Initializer_List_Format">Braced_Initializer_List_Format</a> for formatting.</p>

</div> 

<h3 id="Lambda_expressions">Lambda expressions</h3>

<div class="summary">
<p>Use lambda expressions where appropriate. Prefer explicit captures
when the lambda will escape the current scope.</p>
</div>

<div class="stylebody">

<div class="definition">

<p> Lambda expressions are a concise way of creating anonymous
function objects. They're often useful when passing
functions as arguments. For example:</p>

<pre>std::sort(v.begin(), v.end(), [](int x, int y) {
  return Weight(x) &lt; Weight(y);
});
</pre>

<p> They further allow capturing variables from the enclosing scope either
explicitly by name, or implicitly using a default capture. Explicit captures
require each variable to be listed, as
either a value or reference capture:</p>

<pre>int weight = 3;
int sum = 0;
// Captures `weight` by value and `sum` by reference.
std::for_each(v.begin(), v.end(), [weight, &amp;sum](int x) {
  sum += weight * x;
});
</pre>


Default captures implicitly capture any variable referenced in the
lambda body, including <code>this</code> if any members are used:

<pre>const std::vector&lt;int&gt; lookup_table = ...;
std::vector&lt;int&gt; indices = ...;
// Captures `lookup_table` by reference, sorts `indices` by the value
// of the associated element in `lookup_table`.
std::sort(indices.begin(), indices.end(), [&amp;](int a, int b) {
  return lookup_table[a] &lt; lookup_table[b];
});
</pre>

<p>Lambdas were introduced in C++11 along with a set of utilities
for working with function objects, such as the polymorphic
wrapper <code>std::function</code>.
</p>
</div>

<div class="pros">
<ul>
  <li>Lambdas are much more concise than other ways of
   defining function objects to be passed to STL
   algorithms, which can be a readability
   improvement.</li>

  <li>Appropriate use of default captures can remove
    redundancy and highlight important exceptions from
    the default.</li>

   <li>Lambdas, <code>std::function</code>, and
   <code>std::bind</code> can be used in combination as a
   general purpose callback mechanism; they make it easy
   to write functions that take bound functions as
   arguments.</li>
</ul>
</div>

<div class="cons">
<ul>
  <li>Variable capture in lambdas can be a source of dangling-pointer
  bugs, particularly if a lambda escapes the current scope.</li>

  <li>Default captures by value can be misleading because they do not prevent
  dangling-pointer bugs. Capturing a pointer by value doesn't cause a deep
  copy, so it often has the same lifetime issues as capture by reference.
  This is especially confusing when capturing 'this' by value, since the use
  of 'this' is often implicit.</li>

  <li>It's possible for use of lambdas to get out of
  hand; very long nested anonymous functions can make
  code harder to understand.</li>

</ul>
</div>

<div class="decision">
<ul>
<li>Use lambda expressions where appropriate, with formatting as
described <a href="#Formatting_Lambda_Expressions">below</a>.</li>
<li>Prefer explicit captures if the lambda may escape the current scope.
For example, instead of:
<pre class="badcode">{
  Foo foo;
  ...
  executor-&gt;Schedule([&amp;] { Frobnicate(foo); })
  ...
}
// BAD! The fact that the lambda makes use of a reference to `foo` and
// possibly `this` (if `Frobnicate` is a member function) may not be
// apparent on a cursory inspection. If the lambda is invoked after
// the function returns, that would be bad, because both `foo`
// and the enclosing object could have been destroyed.
</pre>
prefer to write:
<pre>{
  Foo foo;
  ...
  executor-&gt;Schedule([&amp;foo] { Frobnicate(foo); })
  ...
}
// BETTER - The compile will fail if `Frobnicate` is a member
// function, and it's clearer that `foo` is dangerously captured by
// reference.
</pre>
</li>
<li>Use default capture by reference ([&amp;]) only when the
lifetime of the lambda is obviously shorter than any potential
captures.
</li>
<li>Use default capture by value ([=]) only as a means of binding a
few variables for a short lambda, where the set of captured
variables is obvious at a glance. Prefer not to write long or
complex lambdas with default capture by value.
</li>
<li>Keep unnamed lambdas short.  If a lambda body is more than
maybe five lines long, prefer to give the lambda a name, or to
use a named function instead of a lambda.</li>
<li>Specify the return type of the lambda explicitly if that will
make it more obvious to readers, as with
<a href="#auto"><code>auto</code></a>.</li>

</ul>
</div>

</div> 

<h3 id="Template_metaprogramming">Template metaprogramming</h3>
<div class="summary">
<p>Avoid complicated template programming.</p>
</div>

<div class="stylebody">

<div class="definition">
<p>Template metaprogramming refers to a family of techniques that
exploit the fact that the C++ template instantiation mechanism is
Turing complete and can be used to perform arbitrary compile-time
computation in the type domain.</p>
</div>

<div class="pros">
<p>Template metaprogramming allows extremely flexible interfaces that
are type safe and high performance. Facilities like

<a href="https://code.google.com/p/googletest/">Google Test</a>,
<code>std::tuple</code>, <code>std::function</code>, and
Boost.Spirit would be impossible without it.</p>
</div>

<div class="cons">
<p>The techniques used in template metaprogramming are often obscure
to anyone but language experts. Code that uses templates in
complicated ways is often unreadable, and is hard to debug or
maintain.</p>

<p>Template metaprogramming often leads to extremely poor compiler
time error messages: even if an interface is simple, the complicated
implementation details become visible when the user does something
wrong.</p>

<p>Template metaprogramming interferes with large scale refactoring by
making the job of refactoring tools harder. First, the template code
is expanded in multiple contexts, and it's hard to verify that the
transformation makes sense in all of them. Second, some refactoring
tools work with an AST that only represents the structure of the code
after template expansion. It can be difficult to automatically work
back to the original source construct that needs to be
rewritten.</p>
</div>

<div class="decision">
<p>Template metaprogramming sometimes allows cleaner and easier-to-use
interfaces than would be possible without it, but it's also often a
temptation to be overly clever. It's best used in a small number of
low level components where the extra maintenance burden is spread out
over a large number of uses.</p>

<p>Think twice before using template metaprogramming or other
complicated template techniques; think about whether the average
member of your team will be able to understand your code well enough
to maintain it after you switch to another project, or whether a
non-C++ programmer or someone casually browsing the code base will be
able to understand the error messages or trace the flow of a function
they want to call.  If you're using recursive template instantiations
or type lists or metafunctions or expression templates, or relying on
SFINAE or on the <code>sizeof</code> trick for detecting function
overload resolution, then there's a good chance you've gone too
far.</p>

<p>If you use template metaprogramming, you should expect to put
considerable effort into minimizing and isolating the complexity. You
should hide metaprogramming as an implementation detail whenever
possible, so that user-facing headers are readable, and you should
make sure that tricky code is especially well commented. You should
carefully document how the code is used, and you should say something
about what the "generated" code looks like. Pay extra attention to the
error messages that the compiler emits when users make mistakes.  The
error messages are part of your user interface, and your code should
be tweaked as necessary so that the error messages are understandable
and actionable from a user point of view.</p>

</div> 
</div> 


<h3 id="Boost">Boost</h3>

<div class="summary">
<p>Use only approved libraries from the Boost library
collection.</p>
</div>

<div class="stylebody">

<div class="definition">
<p> The
<a href="https://www.boost.org/">
Boost library collection</a> is a popular collection of
peer-reviewed, free, open-source C++ libraries.</p>
</div>

<div class="pros">
<p>Boost code is generally very high-quality, is widely
portable, and fills many important gaps in the C++
standard library, such as type traits and better binders.</p>
</div>

<div class="cons">
<p>Some Boost libraries encourage coding practices which can
hamper readability, such as metaprogramming and other
advanced template techniques, and an excessively
"functional" style of programming. </p>
</div>

<div class="decision">

 

<div>
<p>In order to maintain a high level of readability for
all contributors who might read and maintain code, we
only allow an approved subset of Boost features.
Currently, the following libraries are permitted:</p>

<ul>
  <li>
  <a href="https://www.boost.org/libs/utility/call_traits.htm">
  Call Traits</a> from <code>boost/call_traits.hpp</code></li>

  <li><a href="https://www.boost.org/libs/utility/compressed_pair.htm">
  Compressed Pair</a> from  <code>boost/compressed_pair.hpp</code></li>

  <li><a href="https://www.boost.org/libs/graph/">
  The Boost Graph Library (BGL)</a> from <code>boost/graph</code>,
  except serialization (<code>adj_list_serialize.hpp</code>) and
   parallel/distributed algorithms and data structures
   (<code>boost/graph/parallel/*</code> and
   <code>boost/graph/distributed/*</code>).</li>

  <li><a href="https://www.boost.org/libs/property_map/">
  Property Map</a> from <code>boost/property_map</code>, except
  parallel/distributed property maps (<code>boost/property_map/parallel/*</code>).</li>

  <li><a href="https://www.boost.org/libs/iterator/">
  Iterator</a> from <code>boost/iterator</code></li>

  <li>The part of <a href="https://www.boost.org/libs/polygon/">
  Polygon</a> that deals with Voronoi diagram
  construction and doesn't depend on the rest of
  Polygon:
  <code>boost/polygon/voronoi_builder.hpp</code>,
  <code>boost/polygon/voronoi_diagram.hpp</code>, and
  <code>boost/polygon/voronoi_geometry_type.hpp</code></li>

  <li><a href="https://www.boost.org/libs/bimap/">
  Bimap</a> from <code>boost/bimap</code></li>

  <li><a href="https://www.boost.org/libs/math/doc/html/dist.html">
  Statistical Distributions and Functions</a> from
  <code>boost/math/distributions</code></li>

  <li><a href="https://www.boost.org/libs/math/doc/html/special.html">
  Special Functions</a> from <code>boost/math/special_functions</code></li>

  <li><a href="https://www.boost.org/libs/multi_index/">
  Multi-index</a> from <code>boost/multi_index</code></li>

  <li><a href="https://www.boost.org/libs/heap/">
  Heap</a> from <code>boost/heap</code></li>

  <li>The flat containers from
  <a href="https://www.boost.org/libs/container/">Container</a>:
  <code>boost/container/flat_map</code>, and
  <code>boost/container/flat_set</code></li>

  <li><a href="https://www.boost.org/libs/intrusive/">Intrusive</a>
  from <code>boost/intrusive</code>.</li>

  <li><a href="https://www.boost.org/libs/sort/">The
  <code>boost/sort</code> library</a>.</li>

  <li><a href="https://www.boost.org/libs/preprocessor/">Preprocessor</a>
  from <code>boost/preprocessor</code>.</li>
</ul>

<p>We are actively considering adding other Boost
features to the list, so this list may be expanded in
the future.</p>
</div> 

<p>The following libraries are permitted, but their use
is discouraged because they've been superseded by
standard libraries in C++11:</p>

<ul>
  <li><a href="https://www.boost.org/libs/array/">
  Array</a> from <code>boost/array.hpp</code>: use
  <a href="http://en.cppreference.com/w/cpp/container/array">
   <code>std::array</code></a> instead.</li>

   <li><a href="https://www.boost.org/libs/ptr_container/">
   Pointer Container</a> from <code>boost/ptr_container</code>: use containers of
   <a href="http://en.cppreference.com/w/cpp/memory/unique_ptr">
   <code>std::unique_ptr</code></a> instead.</li>
</ul>
</div> 

</div> 

 

<h3 id="std_hash">std::hash</h3>

<div class="summary">
<p>Do not define specializations of <code>std::hash</code>.</p>
</div>

<div class="stylebody">

<div class="definition">
<p><code>std::hash&lt;T&gt;</code> is the function object that the
C++11 hash containers use to hash keys of type <code>T</code>,
unless the user explicitly specifies a different hash function. For
example, <code>std::unordered_map&lt;int, string&gt;</code> is a hash
map that uses <code>std::hash&lt;int&gt;</code> to hash its keys,
whereas <code>std::unordered_map&lt;int, string, MyIntHash&gt;</code>
uses <code>MyIntHash</code>.</p>

<p><code>std::hash</code> is defined for all integral, floating-point,
pointer, and <code>enum</code> types, as well as some standard library
types such as <code>string</code> and <code>unique_ptr</code>. Users
can enable it to work for their own types by defining specializations
of it for those types.</p>
</div>

<div class="pros">
<p><code>std::hash</code> is easy to use, and simplifies the code
since you don't have to name it explicitly. Specializing
<code>std::hash</code> is the standard way of specifying how to
hash a type, so it's what outside resources will teach, and what
new engineers will expect.</p>
</div>

<div class="cons">
<p><code>std::hash</code> is hard to specialize. It requires a lot
of boilerplate code, and more importantly, it combines responsibility
for identifying the hash inputs with responsibility for executing the
hashing algorithm itself. The type author has to be responsible for
the former, but the latter requires expertise that a type author
usually doesn't have, and shouldn't need. The stakes here are high
because low-quality hash functions can be security vulnerabilities,
due to the emergence of
<a href="https://emboss.github.io/blog/2012/12/14/breaking-murmur-hash-flooding-dos-reloaded/">
hash flooding attacks</a>.</p>

<p>Even for experts, <code>std::hash</code> specializations are
inordinately difficult to implement correctly for compound types,
because the implementation cannot recursively call <code>std::hash</code>
on data members. High-quality hash algorithms maintain large
amounts of internal state, and reducing that state to the
<code>size_t</code> bytes that <code>std::hash</code>
returns is usually the slowest part of the computation, so it
should not be done more than once.</p>

<p>Due to exactly that issue, <code>std::hash</code> does not work
with <code>std::pair</code> or <code>std::tuple</code>, and the
language does not allow us to extend it to support them.</p>
</div>

<div class="decision">
<p>You can use <code>std::hash</code> with the types that it supports
"out of the box", but do not specialize it to support additional types.
If you need a hash table with a key type that <code>std::hash</code>
does not support, consider using legacy hash containers (e.g.
<code>hash_map</code>) for now; they use a different default hasher,
which is unaffected by this prohibition.</p>

<p>If you want to use the standard hash containers anyway, you will
need to specify a custom hasher for the key type, e.g.</p>
<pre>std::unordered_map&lt;MyKeyType, Value, MyKeyTypeHasher&gt; my_map;
</pre><p>
Consult with the type's owners to see if there is an existing hasher
that you can use; otherwise work with them to provide one,
 or roll your own.</p>

<p>We are planning to provide a hash function that can work with any type,
using a new customization mechanism that doesn't have the drawbacks of
<code>std::hash</code>.</p>
</div>

</div>  

<h3 id="C++11">C++11</h3>

<div class="summary">
<p>Use libraries and language extensions from C++11 when appropriate.
Consider portability to other environments
before using C++11 features in your
project. </p>

</div>

<div class="stylebody">

<div class="definition">
<p> C++11 contains <a href="https://en.wikipedia.org/wiki/C%2B%2B11">
significant changes</a> both to the language and
libraries. </p>
</div>

<div class="pros">
<p>C++11 was the official standard until august 2014, and
is supported by most C++ compilers. It standardizes
some common C++ extensions that we use already, allows
shorthands for some operations, and has some performance
and safety improvements.</p>
</div>

<div class="cons">
<p>The C++11 standard is substantially more complex than
its predecessor (1,300 pages versus 800 pages), and is
unfamiliar to many developers. The long-term effects of
some features on code readability and maintenance are
unknown. We cannot predict when its various features will
be implemented uniformly by tools that may be of
interest, particularly in the case of projects that are
forced to use older versions of tools.</p>

<p>As with <a href="#Boost">Boost</a>, some C++11
extensions encourage coding practices that hamper
readability&#8212;for example by removing
checked redundancy (such as type names) that may be
helpful to readers, or by encouraging template
metaprogramming. Other extensions duplicate functionality
available through existing mechanisms, which may lead to confusion
and conversion costs.</p>


</div>

<div class="decision">

<p>C++11 features may be used unless specified otherwise.
In addition to what's described in the rest of the style
guide, the following C++11 features may not be used:</p>

<ul>
  

  

  

  

  <li>Compile-time rational numbers
  (<code>&lt;ratio&gt;</code>), because of concerns that
  it's tied to a more template-heavy interface
  style.</li>

  <li>The <code>&lt;cfenv&gt;</code> and
  <code>&lt;fenv.h&gt;</code> headers, because many
  compilers do not support those features reliably.</li>

  <li>Ref-qualifiers on member functions, such as <code>void X::Foo()
    &amp;</code> or <code>void X::Foo() &amp;&amp;</code>, because of concerns
    that they're an overly obscure feature.</li>

  

  
</ul>
</div>

</div> 

<h3 id="Nonstandard_Extensions">Nonstandard Extensions</h3>

<div class="summary">
<p>Nonstandard extensions to C++ may not be used unless otherwise specified.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>Compilers support various extensions that are not part of standard C++. Such
  extensions include GCC's <code>__attribute__</code>, intrinsic functions such
  as <code>__builtin_prefetch</code>, designated initializers (e.g.
  <code>Foo f = {.field = 3}</code>), inline assembly, <code>__COUNTER__</code>,
  <code>__PRETTY_FUNCTION__</code>, compound statement expressions (e.g.
  <code>foo = ({ int x; Bar(&amp;x); x })</code>, variable-length arrays and
  <code>alloca()</code>, and the "<a href="https://en.wikipedia.org/wiki/Elvis_operator">Elvis Operator</a>"
  <code>a?:b</code>.</p>
</div>

<div class="pros">
  <ul>
    <li>Nonstandard extensions may provide useful features that do not exist
      in standard C++. For example, some people think that designated
      initializers are more readable than standard C++ features like
      constructors.</li>
    <li>Important performance guidance to the compiler can only be specified
      using extensions.</li>
  </ul>
</div>

<div class="cons">
  <ul>
    <li>Nonstandard extensions do not work in all compilers. Use of nonstandard
      extensions reduces portability of code.</li>
    <li>Even if they are supported in all targeted compilers, the extensions
      are often not well-specified, and there may be subtle behavior differences
      between compilers.</li>
    <li>Nonstandard extensions add to the language features that a reader must
      know to understand the code.</li>
  </ul>
</div>

<div class="decision">
<p>Do not use nonstandard extensions. You may use portability wrappers that
  are implemented using nonstandard extensions, so long as those wrappers
  
  are provided by a designated project-wide
  portability header.</p>
</div>
</div> 

<h3 id="Aliases">Aliases</h3>

<div class="summary">
<p>Public aliases are for the benefit of an API's user, and should be clearly documented.</p>
</div>
<div class="stylebody">
<div class="definition">
<p>There are several ways to create names that are aliases of other entities:</p>
<pre>typedef Foo Bar;
using Bar = Foo;
using other_namespace::Foo;
</pre>

  <p>In new code, <code>using</code> is preferable to <code>typedef</code>,
  because it provides a more consistent syntax with the rest of C++ and works
  with templates.</p>

  <p>Like other declarations, aliases declared in a header file are part of that
  header's public API unless they're in a function definition, in the private portion of a class,
  or in an explicitly-marked internal namespace. Aliases in such areas or in .cc files are
  implementation details (because client code can't refer to them), and are not restricted by this
  rule.</p>
</div>

<div class="pros">
  <ul>
    <li>Aliases can improve readability by simplifying a long or complicated name.</li>
    <li>Aliases can reduce duplication by naming in one place a type used repeatedly in an API,
      which <em>might</em> make it easier to change the type later.
    </li>
  </ul>
</div>

<div class="cons">
  <ul>
    <li>When placed in a header where client code can refer to them, aliases increase the
      number of entities in that header's API, increasing its complexity.</li>
    <li>Clients can easily rely on unintended details of public aliases, making
      changes difficult.</li>
    <li>It can be tempting to create a public alias that is only intended for use
      in the implementation, without considering its impact on the API, or on maintainability.</li>
    <li>Aliases can create risk of name collisions</li>
    <li>Aliases can reduce readability by giving a familiar construct an unfamiliar name</li>
    <li>Type aliases can create an unclear API contract:
      it is unclear whether the alias is guaranteed to be identical to the type it aliases,
      to have the same API, or only to be usable in specified narrow ways</li>
  </ul>
</div>

<div class="decision">
<p>Don't put an alias in your public API just to save typing in the implementation;
  do so only if you intend it to be used by your clients.</p>
<p>When defining a public alias, document the intent of
the new name, including whether it is guaranteed to always be the same as the type
it's currently aliased to, or whether a more limited compatibility is
intended. This lets the user know whether they can treat the types as
substitutable or whether more specific rules must be followed, and can help the
implementation retain some degree of freedom to change the alias.</p>
<p>Don't put namespace aliases in your public API. (See also <a href="#Namespaces">Namespaces</a>).
</p>

<p>For example, these aliases document how they are intended to be used in client code:</p>
<pre>namespace mynamespace {
// Used to store field measurements. DataPoint may change from Bar* to some internal type.
// Client code should treat it as an opaque pointer.
using DataPoint = foo::Bar*;

// A set of measurements. Just an alias for user convenience.
using TimeSeries = std::unordered_set&lt;DataPoint, std::hash&lt;DataPoint&gt;, DataPointComparator&gt;;
}  // namespace mynamespace
</pre>

<p>These aliases don't document intended use, and half of them aren't meant for client use:</p>

<pre class="badcode">namespace mynamespace {
// Bad: none of these say how they should be used.
using DataPoint = foo::Bar*;
using std::unordered_set;  // Bad: just for local convenience
using std::hash;           // Bad: just for local convenience
typedef unordered_set&lt;DataPoint, hash&lt;DataPoint&gt;, DataPointComparator&gt; TimeSeries;
}  // namespace mynamespace
</pre>

<p>However, local convenience aliases are fine in function definitions, private sections of
  classes, explicitly marked internal namespaces, and in .cc files:</p>

<pre>// In a .cc file
using foo::Bar;
</pre>

</div>
</div> 

<h2 id="Naming">Naming</h2>

<p>The most important consistency rules are those that govern
naming. The style of a name immediately informs us what sort of
thing the named entity is: a type, a variable, a function, a
constant, a macro, etc., without requiring us to search for the
declaration of that entity. The pattern-matching engine in our
brains relies a great deal on these naming rules.
</p>

<p>Naming rules are pretty arbitrary, but
 we feel that
consistency is more important than individual preferences in this
area, so regardless of whether you find them sensible or not,
the rules are the rules.</p>

<h3 id="General_Naming_Rules">General Naming Rules</h3>

<div class="summary">
<p>Names should be descriptive; avoid abbreviation.</p>
</div>

<div class="stylebody">
<p>Give as descriptive a name as possible, within reason.
Do not worry about saving horizontal space as it is far
more important to make your code immediately
understandable by a new reader. Do not use abbreviations
that are ambiguous or unfamiliar to readers outside your
project, and do not abbreviate by deleting letters within
a word. Abbreviations that would be familiar to someone
outside your project with relevant domain knowledge are OK.
As a rule of thumb, an abbreviation is probably OK if it's listed
in

Wikipedia.</p>

<pre>int price_count_reader;    // No abbreviation.
int num_errors;            // "num" is a widespread convention.
int num_dns_connections;   // Most people know what "DNS" stands for.
int lstm_size;             // "LSTM" is a common machine learning abbreviation.
</pre>

<pre class="badcode">int n;                     // Meaningless.
int nerr;                  // Ambiguous abbreviation.
int n_comp_conns;          // Ambiguous abbreviation.
int wgc_connections;       // Only your group knows what this stands for.
int pc_reader;             // Lots of things can be abbreviated "pc".
int cstmr_id;              // Deletes internal letters.
FooBarRequestInfo fbri;    // Not even a word.
</pre>

<p>Note that certain universally-known abbreviations are OK, such as
<code>i</code> for an iteration variable and <code>T</code> for a
template parameter.</p>

<p>For some symbols, this style guide recommends names to start with a capital
letter and to have a capital letter for each new word (a.k.a.
"<a href="https://en.wikipedia.org/wiki/Camel_case">Camel Case</a>"
or "Pascal case"). When abbreviations appear in such names, prefer to
capitalize the abbreviations as single words (i.e. <code>StartRpc()</code>,
not <code>StartRPC()</code>).</p>

<p>Template parameters should follow the naming style for their
category: type template parameters should follow the rules for
<a href="#Type_Names">type names</a>, and non-type template
parameters should follow the rules for <a href="#Variable_Names">
variable names</a>.

</p></div> 

<h3 id="File_Names">File Names</h3>

<div class="summary">
<p>Filenames should be all lowercase and can include
underscores (<code>_</code>) or dashes (<code>-</code>).
Follow the convention that your
 
project uses. If there is no consistent
local pattern to follow, prefer "_".</p>
</div>

<div class="stylebody">

<p>Examples of acceptable file names:</p>

<ul>
  <li><code>my_useful_class.cc</code></li>
  <li><code>my-useful-class.cc</code></li>
  <li><code>myusefulclass.cc</code></li>
  <li><code>myusefulclass_test.cc // _unittest and _regtest are deprecated.</code></li>
</ul>

<p>C++ files should end in <code>.cc</code> and header files should end in
<code>.h</code>. Files that rely on being textually included at specific points
should end in <code>.inc</code> (see also the section on
<a href="#Self_contained_Headers">self-contained headers</a>).</p>

<p>Do not use filenames that already exist in
<code>/usr/include</code>, such as <code>db.h</code>.</p>

<p>In general, make your filenames very specific. For
example, use <code>http_server_logs.h</code> rather than
<code>logs.h</code>. A very common case is to have a pair
of files called, e.g., <code>foo_bar.h</code> and
<code>foo_bar.cc</code>, defining a class called
<code>FooBar</code>.</p>

<p>Inline functions must be in a <code>.h</code> file. If
your inline functions are very short, they should go
directly into your <code>.h</code> file. </p>

</div> 

<h3 id="Type_Names">Type Names</h3>

<div class="summary">
<p>Type names start with a capital letter and have a capital
letter for each new word, with no underscores:
<code>MyExcitingClass</code>, <code>MyExcitingEnum</code>.</p>
</div>

<div class="stylebody">

<p>The names of all types &#8212; classes, structs, type aliases,
enums, and type template parameters &#8212; have the same naming convention.
Type names should start with a capital letter and have a capital letter
for each new word. No underscores. For example:</p>

<pre>// classes and structs
class UrlTable { ...
class UrlTableTester { ...
struct UrlTableProperties { ...

// typedefs
typedef hash_map&lt;UrlTableProperties *, string&gt; PropertiesMap;

// using aliases
using PropertiesMap = hash_map&lt;UrlTableProperties *, string&gt;;

// enums
enum UrlTableErrors { ...
</pre>

</div> 

<h3 id="Variable_Names">Variable Names</h3>

<div class="summary">
<p>The names of variables (including function parameters) and data members are
all lowercase, with underscores between words. Data members of classes (but not
structs) additionally have trailing underscores. For instance:
<code>a_local_variable</code>, <code>a_struct_data_member</code>,
<code>a_class_data_member_</code>.</p>
</div>

<div class="stylebody">

<h4 class="stylepoint_subsection">Common Variable names</h4>

<p>For example:</p>

<pre>string table_name;  // OK - uses underscore.
string tablename;   // OK - all lowercase.
</pre>

<pre class="badcode">string tableName;   // Bad - mixed case.
</pre>

<h4 class="stylepoint_subsection">Class Data Members</h4>

<p>Data members of classes, both static and non-static, are
named like ordinary nonmember variables, but with a
trailing underscore.</p>

<pre>class TableInfo {
  ...
 private:
  string table_name_;  // OK - underscore at end.
  string tablename_;   // OK.
  static Pool&lt;TableInfo&gt;* pool_;  // OK.
};
</pre>

<h4 class="stylepoint_subsection">Struct Data Members</h4>

<p>Data members of structs, both static and non-static,
are named like ordinary nonmember variables. They do not have
the trailing underscores that data members in classes have.</p>

<pre>struct UrlTableProperties {
  string name;
  int num_entries;
  static Pool&lt;UrlTableProperties&gt;* pool;
};
</pre>


<p>See <a href="#Structs_vs._Classes">Structs vs.
Classes</a> for a discussion of when to use a struct
versus a class.</p>

</div> 

<h3 id="Constant_Names">Constant Names</h3>

<div class="summary">
  <p>Variables declared constexpr or const, and whose value is fixed for
  the duration of the program, are named with a leading "k" followed
  by mixed case.  For example:</p>
</div>

<pre>const int kDaysInAWeek = 7;
</pre>

<div class="stylebody">

  <p>All such variables with static storage duration (i.e. statics and globals,
  see <a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration">
    Storage Duration</a> for details) should be named this way.  This
  convention is optional for variables of other storage classes, e.g. automatic
  variables, otherwise the usual variable naming rules apply.</p>

</div> 

<h3 id="Function_Names">Function Names</h3>

<div class="summary">
<p>Regular functions have mixed case; accessors and mutators may be named
like variables.</p>
</div>

<div class="stylebody">

<p>Ordinarily, functions should start with a capital letter and have a
capital letter for each new word.</p>

<pre>AddTableEntry()
DeleteUrl()
OpenFileOrDie()
</pre>

<p>(The same naming rule applies to class- and namespace-scope
constants that are exposed as part of an API and that are intended to look
like functions, because the fact that they're objects rather than functions
is an unimportant implementation detail.)</p>

<p>Accessors and mutators (get and set functions) may be named like
variables. These often correspond to actual member variables, but this is
not required. For example, <code>int count()</code> and <code>void
set_count(int count)</code>.</p>

</div> 

<h3 id="Namespace_Names">Namespace Names</h3>

<div class="summary">
Namespace names are all lower-case. Top-level namespace names are
based on the project name
. Avoid collisions
between nested namespaces and well-known top-level namespaces.
</div>

<div class="stylebody">
<p>The name of a top-level namespace should usually be the
name of the project or team whose code is contained in that
namespace. The code in that namespace should usually be in
a directory whose basename matches the namespace name (or in
subdirectories thereof).</p>





<p>Keep in mind that the <a href="#General_Naming_Rules">rule
against abbreviated names</a> applies to namespaces just as much
as variable names. Code inside the namespace seldom needs to
mention the namespace name, so there's usually no particular need
for abbreviation anyway.</p>

<p>Avoid nested namespaces that match well-known top-level
namespaces. Collisions between namespace names can lead to surprising
build breaks because of name lookup rules. In particular, do not
create any nested <code>std</code> namespaces. Prefer unique project
identifiers
(<code>websearch::index</code>, <code>websearch::index_util</code>)
over collision-prone names like <code>websearch::util</code>.</p>

<p>For <code>internal</code> namespaces, be wary of other code being
added to the same <code>internal</code> namespace causing a collision
(internal helpers within a team tend to be related and may lead to
collisions). In such a situation, using the filename to make a unique
internal name is helpful
(<code>websearch::index::frobber_internal</code> for use
in <code>frobber.h</code>)</p>

</div> 

<h3 id="Enumerator_Names">Enumerator Names</h3>

<div class="summary">
<p>Enumerators (for both scoped and unscoped enums) should be named <i>either</i> like
<a href="#Constant_Names">constants</a> or like
<a href="#Macro_Names">macros</a>: either <code>kEnumName</code> or
<code>ENUM_NAME</code>.</p>
</div>

<div class="stylebody">

<p>Preferably, the individual enumerators should be named
like <a href="#Constant_Names">constants</a>. However, it
is also acceptable to name them like
<a href="#Macro_Names">macros</a>.  The enumeration name,
<code>UrlTableErrors</code> (and
<code>AlternateUrlTableErrors</code>), is a type, and
therefore mixed case.</p>

<pre>enum UrlTableErrors {
  kOK = 0,
  kErrorOutOfMemory,
  kErrorMalformedInput,
};
enum AlternateUrlTableErrors {
  OK = 0,
  OUT_OF_MEMORY = 1,
  MALFORMED_INPUT = 2,
};
</pre>

<p>Until January 2009, the style was to name enum values
like <a href="#Macro_Names">macros</a>. This caused
problems with name collisions between enum values and
macros. Hence, the change to prefer constant-style naming
was put in place. New code should prefer constant-style
naming if possible. However, there is no reason to change
old code to use constant-style names, unless the old
names are actually causing a compile-time problem.</p>



</div> 

<h3 id="Macro_Names">Macro Names</h3>

<div class="summary">
<p>You're not really going to <a href="#Preprocessor_Macros">
define a macro</a>, are you? If you do, they're like this:
<code>MY_MACRO_THAT_SCARES_SMALL_CHILDREN_AND_ADULTS_ALIKE</code>.
</p>
</div>

<div class="stylebody">

<p>Please see the <a href="#Preprocessor_Macros">description
of macros</a>; in general macros should <em>not</em> be used.
However, if they are absolutely needed, then they should be
named with all capitals and underscores.</p>

<pre>#define ROUND(x) ...
#define PI_ROUNDED 3.0
</pre>

</div> 

<h3 id="Exceptions_to_Naming_Rules">Exceptions to Naming Rules</h3>

<div class="summary">
<p>If you are naming something that is analogous to an
existing C or C++ entity then you can follow the existing
naming convention scheme.</p>
</div>

<div class="stylebody">

<dl>
  <dt><code>bigopen()</code></dt>
  <dd>function name, follows form of <code>open()</code></dd>

  <dt><code>uint</code></dt>
  <dd><code>typedef</code></dd>

  <dt><code>bigpos</code></dt>
  <dd><code>struct</code> or <code>class</code>, follows
  form of <code>pos</code></dd>

  <dt><code>sparse_hash_map</code></dt>
  <dd>STL-like entity; follows STL naming conventions</dd>

  <dt><code>LONGLONG_MAX</code></dt>
  <dd>a constant, as in <code>INT_MAX</code></dd>
</dl>

</div> 

<h2 id="Comments">Comments</h2>

<p>Though a pain to write, comments are absolutely vital to
keeping our code readable. The following rules describe what
you should comment and where. But remember: while comments are
very important, the best code is self-documenting. Giving
sensible names to types and variables is much better than using
obscure names that you must then explain through comments.</p>

<p>When writing your comments, write for your audience: the
next 
contributor who will need to
understand your code. Be generous &#8212; the next
one may be you!</p>

<h3 id="Comment_Style">Comment Style</h3>

<div class="summary">
<p>Use either the <code>//</code> or <code>/* */</code>
syntax, as long as you are consistent.</p>
</div>

<div class="stylebody">

<p>You can use either the <code>//</code> or the <code>/*
*/</code> syntax; however, <code>//</code> is
<em>much</em> more common. Be consistent with how you
comment and what style you use where.</p>

</div> 

<h3 id="File_Comments">File Comments</h3>

<div class="summary">
<p>Start each file with license boilerplate.</p>

<p>File comments describe the contents of a file. If a file declares,
implements, or tests exactly one abstraction that is documented by a comment
at the point of declaration, file comments are not required. All other files
must have file comments.</p>

</div>

<div class="stylebody">

<h4 class="stylepoint_subsection">Legal Notice and Author
Line</h4>



<p>Every file should contain license
boilerplate. Choose the appropriate boilerplate for the
license used by the project (for example, Apache 2.0,
BSD, LGPL, GPL).</p>

<p>If you make significant changes to a file with an
author line, consider deleting the author line.
New files should usually not contain copyright notice or
author line.</p>

<h4 class="stylepoint_subsection">File Contents</h4>

<p>If a <code>.h</code> declares multiple abstractions, the file-level comment
should broadly describe the contents of the file, and how the abstractions are
related. A 1 or 2 sentence file-level comment may be sufficient. The detailed
documentation about individual abstractions belongs with those abstractions,
not at the file level.</p>

<p>Do not duplicate comments in both the <code>.h</code> and the
<code>.cc</code>. Duplicated comments diverge.</p>

</div> 

<h3 id="Class_Comments">Class Comments</h3>

<div class="summary">
<p>Every non-obvious class declaration should have an accompanying
comment that describes what it is for and how it should be used.</p>
</div>

<div class="stylebody">

<pre>// Iterates over the contents of a GargantuanTable.
// Example:
//    GargantuanTableIterator* iter = table-&gt;NewIterator();
//    for (iter-&gt;Seek("foo"); !iter-&gt;done(); iter-&gt;Next()) {
//      process(iter-&gt;key(), iter-&gt;value());
//    }
//    delete iter;
class GargantuanTableIterator {
  ...
};
</pre>

<p>The class comment should provide the reader with enough information to know
how and when to use the class, as well as any additional considerations
necessary to correctly use the class. Document the synchronization assumptions
the class makes, if any. If an instance of the class can be accessed by
multiple threads, take extra care to document the rules and invariants
surrounding multithreaded use.</p>

<p>The class comment is often a good place for a small example code snippet
demonstrating a simple and focused usage of the class.</p>

<p>When sufficiently separated (e.g. <code>.h</code> and <code>.cc</code>
files), comments describing the use of the class should go together with its
interface definition; comments about the class operation and implementation
should accompany the implementation of the class's methods.</p>

</div> 

<h3 id="Function_Comments">Function Comments</h3>

<div class="summary">
<p>Declaration comments describe use of the function (when it is
non-obvious); comments at the definition of a function describe
operation.</p>
</div>

<div class="stylebody">

<h4 class="stylepoint_subsection">Function Declarations</h4>

<p>Almost every function declaration should have comments immediately
preceding it that describe what the function does and how to use
it. These comments may be omitted only if the function is simple and
obvious (e.g. simple accessors for obvious properties of the
class).  These comments should be descriptive ("Opens the file")
rather than imperative ("Open the file"); the comment describes the
function, it does not tell the function what to do. In general, these
comments do not describe how the function performs its task. Instead,
that should be left to comments in the function definition.</p>

<p>Types of things to mention in comments at the function
declaration:</p>

<ul>
  <li>What the inputs and outputs are.</li>

  <li>For class member functions: whether the object
  remembers reference arguments beyond the duration of
  the method call, and whether it will free them or
  not.</li>

  <li>If the function allocates memory that the caller
  must free.</li>

  <li>Whether any of the arguments can be a null
  pointer.</li>

  <li>If there are any performance implications of how a
  function is used.</li>

  <li>If the function is re-entrant. What are its
  synchronization assumptions?</li>
 </ul>

<p>Here is an example:</p>

<pre>// Returns an iterator for this table.  It is the client's
// responsibility to delete the iterator when it is done with it,
// and it must not use the iterator once the GargantuanTable object
// on which the iterator was created has been deleted.
//
// The iterator is initially positioned at the beginning of the table.
//
// This method is equivalent to:
//    Iterator* iter = table-&gt;NewIterator();
//    iter-&gt;Seek("");
//    return iter;
// If you are going to immediately seek to another place in the
// returned iterator, it will be faster to use NewIterator()
// and avoid the extra seek.
Iterator* GetIterator() const;
</pre>

<p>However, do not be unnecessarily verbose or state the
completely obvious.</p>

<p>When documenting function overrides, focus on the
specifics of the override itself, rather than repeating
the comment from the overridden function.  In many of these
cases, the override needs no additional documentation and
thus no comment is required.</p>

<p>When commenting constructors and destructors, remember
that the person reading your code knows what constructors
and destructors are for, so comments that just say
something like "destroys this object" are not useful.
Document what constructors do with their arguments (for
example, if they take ownership of pointers), and what
cleanup the destructor does. If this is trivial, just
skip the comment. It is quite common for destructors not
to have a header comment.</p>

<h4 class="stylepoint_subsection">Function Definitions</h4>

<p>If there is anything tricky about how a function does
its job, the function definition should have an
explanatory comment. For example, in the definition
comment you might describe any coding tricks you use,
give an overview of the steps you go through, or explain
why you chose to implement the function in the way you
did rather than using a viable alternative. For instance,
you might mention why it must acquire a lock for the
first half of the function but why it is not needed for
the second half.</p>

<p>Note you should <em>not</em> just repeat the comments
given with the function declaration, in the
<code>.h</code> file or wherever. It's okay to
recapitulate briefly what the function does, but the
focus of the comments should be on how it does it.</p>

</div> 

<h3 id="Variable_Comments">Variable Comments</h3>

<div class="summary">
<p>In general the actual name of the variable should be
descriptive enough to give a good idea of what the variable
is used for. In certain cases, more comments are required.</p>
</div>

<div class="stylebody">

<h4 class="stylepoint_subsection">Class Data Members</h4>

<p>The purpose of each class data member (also called an instance
variable or member variable) must be clear. If there are any
invariants (special values, relationships between members, lifetime
requirements) not clearly expressed by the type and name, they must be
commented. However, if the type and name suffice (<code>int
num_events_;</code>), no comment is needed.</p>

<p>In particular, add comments to describe the existence and meaning
of sentinel values, such as nullptr or -1, when they are not
obvious. For example:</p>

<pre>private:
 // Used to bounds-check table accesses. -1 means
 // that we don't yet know how many entries the table has.
 int num_total_entries_;
</pre>

<h4 class="stylepoint_subsection">Global Variables</h4>

<p>All global variables should have a comment describing what they
are, what they are used for, and (if unclear) why it needs to be
global. For example:</p>

<pre>// The total number of tests cases that we run through in this regression test.
const int kNumTestCases = 6;
</pre>

</div> 

<h3 id="Implementation_Comments">Implementation Comments</h3>

<div class="summary">
<p>In your implementation you should have comments in tricky,
non-obvious, interesting, or important parts of your code.</p>
</div>

<div class="stylebody">

<h4 class="stylepoint_subsection">Explanatory Comments</h4>

<p>Tricky or complicated code blocks should have comments
before them. Example:</p>

<pre>// Divide result by two, taking into account that x
// contains the carry from the add.
for (int i = 0; i &lt; result-&gt;size(); i++) {
  x = (x &lt;&lt; 8) + (*result)[i];
  (*result)[i] = x &gt;&gt; 1;
  x &amp;= 1;
}
</pre>

<h4 class="stylepoint_subsection">Line Comments</h4>

<p>Also, lines that are non-obvious should get a comment
at the end of the line. These end-of-line comments should
be separated from the code by 2 spaces. Example:</p>

<pre>// If we have enough memory, mmap the data portion too.
mmap_budget = max&lt;int64&gt;(0, mmap_budget - index_-&gt;length());
if (mmap_budget &gt;= data_size_ &amp;&amp; !MmapData(mmap_chunk_bytes, mlock))
  return;  // Error already logged.
</pre>

<p>Note that there are both comments that describe what
the code is doing, and comments that mention that an
error has already been logged when the function
returns.</p>

<p>If you have several comments on subsequent lines, it
can often be more readable to line them up:</p>

<pre>DoSomething();                  // Comment here so the comments line up.
DoSomethingElseThatIsLonger();  // Two spaces between the code and the comment.
{ // One space before comment when opening a new scope is allowed,
  // thus the comment lines up with the following comments and code.
  DoSomethingElse();  // Two spaces before line comments normally.
}
std::vector&lt;string&gt; list{
                    // Comments in braced lists describe the next element...
                    "First item",
                    // .. and should be aligned appropriately.
                    "Second item"};
DoSomething(); /* For trailing block comments, one space is fine. */
</pre>

<h4 class="stylepoint_subsection">Function Argument Comments</h4>

<p>When the meaning of a function argument is nonobvious, consider
one of the following remedies:</p>

<ul>
  <li>If the argument is a literal constant, and the same constant is
  used in multiple function calls in a way that tacitly assumes they're
  the same, you should use a named constant to make that constraint
  explicit, and to guarantee that it holds.</li>

  <li>Consider changing the function signature to replace a <code>bool</code>
  argument with an <code>enum</code> argument. This will make the argument
  values self-describing.</li>

  <li>For functions that have several configuration options, consider
  defining a single class or struct to hold all the options
  ,
  and pass an instance of that.
  This approach has several advantages. Options are referenced by name
  at the call site, which clarifies their meaning. It also reduces
  function argument count, which makes function calls easier to read and
  write. As an added benefit, you don't have to change call sites when
  you add another option.
  </li>

  <li>Replace large or complex nested expressions with named variables.</li>

  <li>As a last resort, use comments to clarify argument meanings at the
  call site. </li>
</ul>

Consider the following example:

<pre class="badcode">// What are these arguments?
const DecimalNumber product = CalculateProduct(values, 7, false, nullptr);
</pre>

<p>versus:</p>

<pre>ProductOptions options;
options.set_precision_decimals(7);
options.set_use_cache(ProductOptions::kDontUseCache);
const DecimalNumber product =
    CalculateProduct(values, options, /*completion_callback=*/nullptr);
</pre>

<h4 class="stylepoint_subsection">Don'ts</h4>

<p>Do not state the obvious. In particular, don't literally describe what
code does, unless the behavior is nonobvious to a reader who understands
C++ well. Instead, provide higher level comments that describe <i>why</i>
the code does what it does, or make the code self describing.</p>

Compare this:

<pre class="badcode">// Find the element in the vector.  &lt;-- Bad: obvious!
auto iter = std::find(v.begin(), v.end(), element);
if (iter != v.end()) {
  Process(element);
}
</pre>

To this:

<pre>// Process "element" unless it was already processed.
auto iter = std::find(v.begin(), v.end(), element);
if (iter != v.end()) {
  Process(element);
}
</pre>

Self-describing code doesn't need a comment. The comment from
the example above would be obvious:

<pre>if (!IsAlreadyProcessed(element)) {
  Process(element);
}
</pre>

</div> 

<h3 id="Punctuation,_Spelling_and_Grammar">Punctuation, Spelling and Grammar</h3>

<div class="summary">
<p>Pay attention to punctuation, spelling, and grammar; it is
easier to read well-written comments than badly written
ones.</p>
</div>

<div class="stylebody">

<p>Comments should be as readable as narrative text, with
proper capitalization and punctuation. In many cases,
complete sentences are more readable than sentence
fragments. Shorter comments, such as comments at the end
of a line of code, can sometimes be less formal, but you
should be consistent with your style.</p>

<p>Although it can be frustrating to have a code reviewer
point out that you are using a comma when you should be
using a semicolon, it is very important that source code
maintain a high level of clarity and readability. Proper
punctuation, spelling, and grammar help with that
goal.</p>

</div> 

<h3 id="TODO_Comments">TODO Comments</h3>

<div class="summary">
<p>Use <code>TODO</code> comments for code that is temporary,
a short-term solution, or good-enough but not perfect.</p>
</div>

<div class="stylebody">

<p><code>TODO</code>s should include the string
<code>TODO</code> in all caps, followed by the

name, e-mail address, bug ID, or other
identifier
of the person or issue with the best context
about the problem referenced by the <code>TODO</code>. The
main purpose is to have a consistent <code>TODO</code> that
can be searched to find out how to get more details upon
request. A <code>TODO</code> is not a commitment that the
person referenced will fix the problem. Thus when you create
a <code>TODO</code> with a name, it is almost always your
name that is given.</p>



<div>
<pre>// TODO(kl@gmail.com): Use a "*" here for concatenation operator.
// TODO(Zeke) change this to use relations.
// TODO(bug 12345): remove the "Last visitors" feature
</pre>
</div>

<p>If your <code>TODO</code> is of the form "At a future
date do something" make sure that you either include a
very specific date ("Fix by November 2005") or a very
specific event ("Remove this code when all clients can
handle XML responses.").</p>

</div> 

<h3 id="Deprecation_Comments">Deprecation Comments</h3>

<div class="summary">
<p>Mark deprecated interface points with <code>DEPRECATED</code>
comments.</p>
</div>

<div class="stylebody">

<p>You can mark an interface as deprecated by writing a
comment containing the word <code>DEPRECATED</code> in
all caps. The comment goes either before the declaration
of the interface or on the same line as the
declaration.</p>



<p>After the word
<code>DEPRECATED</code>, write your name, e-mail address,
or other identifier in parentheses.</p>

<p>A deprecation comment must include simple, clear
directions for people to fix their callsites. In C++, you
can implement a deprecated function as an inline function
that calls the new interface point.</p>

<p>Marking an interface point <code>DEPRECATED</code>
will not magically cause any callsites to change. If you
want people to actually stop using the deprecated
facility, you will have to fix the callsites yourself or
recruit a crew to help you.</p>

<p>New code should not contain calls to deprecated
interface points. Use the new interface point instead. If
you cannot understand the directions, find the person who
created the deprecation and ask them for help using the
new interface point.</p>



</div> 

<h2 id="Formatting">Formatting</h2>

<p>Coding style and formatting are pretty arbitrary, but a

project is much easier to follow
if everyone uses the same style. Individuals may not agree with every
aspect of the formatting rules, and some of the rules may take
some getting used to, but it is important that all

project contributors follow the
style rules so that 
they can all read and understand
everyone's code easily.</p>



<p>To help you format code correctly, we've
created a
<a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/google-c-style.el">
settings file for emacs</a>.</p>

<h3 id="Line_Length">Line Length</h3>

<div class="summary">
<p>Each line of text in your code should be at most 80
characters long.</p>
</div>

<div class="stylebody">



 <p>We recognize that this rule is
controversial, but so much existing code already adheres
to it, and we feel that consistency is important.</p>

<div class="pros">
<p>Those who favor  this rule
argue that it is rude to force them to resize
their windows and there is no need for anything longer.
Some folks are used to having several code windows
side-by-side, and thus don't have room to widen their
windows in any case. People set up their work environment
assuming a particular maximum window width, and 80
columns has been the traditional standard. Why change
it?</p>
</div>

<div class="cons">
<p>Proponents of change argue that a wider line can make
code more readable. The 80-column limit is an hidebound
throwback to 1960s mainframes;  modern equipment has wide screens that
can easily show longer lines.</p>
</div>

<div class="decision">
<p> 80 characters is the maximum.</p>

<p class="exception">Comment lines can be longer than 80
characters if it is not feasible to split them without
harming readability, ease of cut and paste or auto-linking
-- e.g. if a line contains an example command or a literal
URL longer than 80 characters.</p>

<p class="exception">A raw-string literal may have content
that exceeds 80 characters.  Except for test code, such literals
should appear near the top of a file.</p>

<p class="exception">An <code>#include</code> statement with a
long path may exceed 80 columns.</p>

<p class="exception">You needn't be concerned about
<a href="#The__define_Guard">header guards</a> that exceed
the maximum length. </p>
</div>

</div> 

<h3 id="Non-ASCII_Characters">Non-ASCII Characters</h3>

<div class="summary">
<p>Non-ASCII characters should be rare, and must use UTF-8
formatting.</p>
</div>

<div class="stylebody">

<p>You shouldn't hard-code user-facing text in source,
even English, so use of non-ASCII characters should be
rare. However, in certain cases it is appropriate to
include such words in your code. For example, if your
code parses data files from foreign sources, it may be
appropriate to hard-code the non-ASCII string(s) used in
those data files as delimiters. More commonly, unittest
code (which does not  need to be localized) might
contain non-ASCII strings. In such cases, you should use
UTF-8, since that is  an encoding
understood by most tools able to handle more than just
ASCII.</p>

<p>Hex encoding is also OK, and encouraged where it
enhances readability &#8212; for example,
<code>"\xEF\xBB\xBF"</code>, or, even more simply,
<code>u8"\uFEFF"</code>, is the Unicode zero-width
no-break space character, which would be invisible if
included in the source as straight UTF-8.</p>

<p>Use the <code>u8</code> prefix
to guarantee that a string literal containing
<code>\uXXXX</code> escape sequences is encoded as UTF-8.
Do not use it for strings containing non-ASCII characters
encoded as UTF-8, because that will produce incorrect
output if the compiler does not interpret the source file
as UTF-8. </p>

<p>You shouldn't use the C++11 <code>char16_t</code> and
<code>char32_t</code> character types, since they're for
non-UTF-8 text. For similar reasons you also shouldn't
use <code>wchar_t</code> (unless you're writing code that
interacts with the Windows API, which uses
<code>wchar_t</code> extensively).</p>

</div> 

<h3 id="Spaces_vs._Tabs">Spaces vs. Tabs</h3>

<div class="summary">
<p>Use only spaces, and indent 2 spaces at a time.</p>
</div>

<div class="stylebody">

<p>We use spaces for indentation. Do not use tabs in your
code. You should set your editor to emit spaces when you
hit the tab key.</p>

</div> 

<h3 id="Function_Declarations_and_Definitions">Function Declarations and Definitions</h3>

<div class="summary">
<p>Return type on the same line as function name, parameters
on the same line if they fit. Wrap parameter lists which do
not fit on a single line as you would wrap arguments in a
<a href="#Function_Calls">function call</a>.</p>
</div>

<div class="stylebody">

<p>Functions look like this:</p>


<pre>ReturnType ClassName::FunctionName(Type par_name1, Type par_name2) {
  DoSomething();
  ...
}
</pre>

<p>If you have too much text to fit on one line:</p>

<pre>ReturnType ClassName::ReallyLongFunctionName(Type par_name1, Type par_name2,
                                             Type par_name3) {
  DoSomething();
  ...
}
</pre>

<p>or if you cannot fit even the first parameter:</p>

<pre>ReturnType LongClassName::ReallyReallyReallyLongFunctionName(
    Type par_name1,  // 4 space indent
    Type par_name2,
    Type par_name3) {
  DoSomething();  // 2 space indent
  ...
}
</pre>

<p>Some points to note:</p>

<ul>
  <li>Choose good parameter names.</li>

  <li>A parameter name may be omitted only if the parameter is not used in the
  function's definition.</li>

  <li>If you cannot fit the return type and the function
  name on a single line, break between them.</li>

  <li>If you break after the return type of a function
  declaration or definition, do not indent.</li>

  <li>The open parenthesis is always on the same line as
  the function name.</li>

  <li>There is never a space between the function name
  and the open parenthesis.</li>

  <li>There is never a space between the parentheses and
  the parameters.</li>

  <li>The open curly brace is always on the end of the last line of the function
  declaration, not the start of the next line.</li>

  <li>The close curly brace is either on the last line by
  itself or on the same line as the open curly brace.</li>

  <li>There should be a space between the close
  parenthesis and the open curly brace.</li>

  <li>All parameters should be aligned if possible.</li>

  <li>Default indentation is 2 spaces.</li>

  <li>Wrapped parameters have a 4 space indent.</li>
</ul>

<p>Unused parameters that are obvious from context may be omitted:</p>

<pre>class Foo {
 public:
  Foo(Foo&amp;&amp;);
  Foo(const Foo&amp;);
  Foo&amp; operator=(Foo&amp;&amp;);
  Foo&amp; operator=(const Foo&amp;);
};
</pre>

<p>Unused parameters that might not be obvious should comment out the variable
name in the function definition:</p>

<pre>class Shape {
 public:
  virtual void Rotate(double radians) = 0;
};

class Circle : public Shape {
 public:
  void Rotate(double radians) override;
};

void Circle::Rotate(double /*radians*/) {}
</pre>

<pre class="badcode">// Bad - if someone wants to implement later, it's not clear what the
// variable means.
void Circle::Rotate(double) {}
</pre>

<p>Attributes, and macros that expand to attributes, appear at the very
beginning of the function declaration or definition, before the
return type:</p>
<pre>MUST_USE_RESULT bool IsOK();
</pre>

</div> 

<h3 id="Formatting_Lambda_Expressions">Lambda Expressions</h3>

<div class="summary">
<p>Format parameters and bodies as for any other function, and capture
lists like other comma-separated lists.</p>
</div>

<div class="stylebody">
<p>For by-reference captures, do not leave a space between the
ampersand (&amp;) and the variable name.</p>
<pre>int x = 0;
auto x_plus_n = [&amp;x](int n) -&gt; int { return x + n; }
</pre>
<p>Short lambdas may be written inline as function arguments.</p>
<pre>std::set&lt;int&gt; blacklist = {7, 8, 9};
std::vector&lt;int&gt; digits = {3, 9, 1, 8, 4, 7, 1};
digits.erase(std::remove_if(digits.begin(), digits.end(), [&amp;blacklist](int i) {
               return blacklist.find(i) != blacklist.end();
             }),
             digits.end());
</pre>

</div> 

<h3 id="Function_Calls">Function Calls</h3>

<div class="summary">
<p>Either write the call all on a single line, wrap the
arguments at the parenthesis, or start the arguments on a new
line indented by four spaces and continue at that 4 space
indent. In the absence of other considerations, use the
minimum number of lines, including placing multiple arguments
on each line where appropriate.</p>
</div>

<div class="stylebody">

<p>Function calls have the following format:</p>
<pre>bool result = DoSomething(argument1, argument2, argument3);
</pre>

<p>If the arguments do not all fit on one line, they
should be broken up onto multiple lines, with each
subsequent line aligned with the first argument. Do not
add spaces after the open paren or before the close
paren:</p>
<pre>bool result = DoSomething(averyveryveryverylongargument1,
                          argument2, argument3);
</pre>

<p>Arguments may optionally all be placed on subsequent
lines with a four space indent:</p>
<pre>if (...) {
  ...
  ...
  if (...) {
    bool result = DoSomething(
        argument1, argument2,  // 4 space indent
        argument3, argument4);
    ...
  }
</pre>

<p>Put multiple arguments on a single line to reduce the
number of lines necessary for calling a function unless
there is a specific readability problem. Some find that
formatting with strictly one argument on each line is
more readable and simplifies editing of the arguments.
However, we prioritize for the reader over the ease of
editing arguments, and most readability problems are
better addressed with the following techniques.</p>

<p>If having multiple arguments in a single line decreases
readability due to the complexity or confusing nature of the
expressions that make up some arguments, try creating
variables that capture those arguments in a descriptive name:</p>
<pre>int my_heuristic = scores[x] * y + bases[x];
bool result = DoSomething(my_heuristic, x, y, z);
</pre>

<p>Or put the confusing argument on its own line with
an explanatory comment:</p>
<pre>bool result = DoSomething(scores[x] * y + bases[x],  // Score heuristic.
                          x, y, z);
</pre>

<p>If there is still a case where one argument is
significantly more readable on its own line, then put it on
its own line. The decision should be specific to the argument
which is made more readable rather than a general policy.</p>

<p>Sometimes arguments form a structure that is important
for readability. In those cases, feel free to format the
arguments according to that structure:</p>
<pre>// Transform the widget by a 3x3 matrix.
my_widget.Transform(x1, x2, x3,
                    y1, y2, y3,
                    z1, z2, z3);
</pre>

</div> 

<h3 id="Braced_Initializer_List_Format">Braced Initializer List Format</h3>

<div class="summary">
<p>Format a <a href="#Braced_Initializer_List">braced initializer list</a>
exactly like you would format a function call in its place.</p>
</div>

<div class="stylebody">

<p>If the braced list follows a name (e.g. a type or
variable name), format as if the <code>{}</code> were the
parentheses of a function call with that name. If there
is no name, assume a zero-length name.</p>

<pre>// Examples of braced init list on a single line.
return {foo, bar};
functioncall({foo, bar});
std::pair&lt;int, int&gt; p{foo, bar};

// When you have to wrap.
SomeFunction(
    {"assume a zero-length name before {"},
    some_other_function_parameter);
SomeType variable{
    some, other, values,
    {"assume a zero-length name before {"},
    SomeOtherType{
        "Very long string requiring the surrounding breaks.",
        some, other values},
    SomeOtherType{"Slightly shorter string",
                  some, other, values}};
SomeType variable{
    "This is too long to fit all in one line"};
MyType m = {  // Here, you could also break before {.
    superlongvariablename1,
    superlongvariablename2,
    {short, interior, list},
    {interiorwrappinglist,
     interiorwrappinglist2}};
</pre>

</div> 

<h3 id="Conditionals">Conditionals</h3>

<div class="summary">
<p>Prefer no spaces inside parentheses. The <code>if</code>
and <code>else</code> keywords belong on separate lines.</p>
</div>

<div class="stylebody">

<p>There are two acceptable formats for a basic
conditional statement. One includes spaces between the
parentheses and the condition, and one does not.</p>

<p>The most common form is without spaces. Either is
fine, but <em>be consistent</em>. If you are modifying a
file, use the format that is already present. If you are
writing new code, use the format that the other files in
that directory or project use. If in doubt and you have
no personal preference, do not add the spaces.</p>

<pre>if (condition) {  // no spaces inside parentheses
  ...  // 2 space indent.
} else if (...) {  // The else goes on the same line as the closing brace.
  ...
} else {
  ...
}
</pre>

<p>If you prefer you may add spaces inside the
parentheses:</p>

<pre>if ( condition ) {  // spaces inside parentheses - rare
  ...  // 2 space indent.
} else {  // The else goes on the same line as the closing brace.
  ...
}
</pre>

<p>Note that in all cases you must have a space between
the <code>if</code> and the open parenthesis. You must
also have a space between the close parenthesis and the
curly brace, if you're using one.</p>

<pre class="badcode">if(condition) {   // Bad - space missing after IF.
if (condition){   // Bad - space missing before {.
if(condition){    // Doubly bad.
</pre>

<pre>if (condition) {  // Good - proper space after IF and before {.
</pre>

<p>Short conditional statements may be written on one
line if this enhances readability. You may use this only
when the line is brief and the statement does not use the
<code>else</code> clause.</p>

<pre>if (x == kFoo) return new Foo();
if (x == kBar) return new Bar();
</pre>

<p>This is not allowed when the if statement has an
<code>else</code>:</p>

<pre class="badcode">// Not allowed - IF statement on one line when there is an ELSE clause
if (x) DoThis();
else DoThat();
</pre>

<p>In general, curly braces are not required for
single-line statements, but they are allowed if you like
them; conditional or loop statements with complex
conditions or statements may be more readable with curly
braces. Some 
projects require that an
<code>if</code> must always have an accompanying
brace.</p>

<pre>if (condition)
  DoSomething();  // 2 space indent.

if (condition) {
  DoSomething();  // 2 space indent.
}
</pre>

<p>However, if one part of an
<code>if</code>-<code>else</code> statement uses curly
braces, the other part must too:</p>

<pre class="badcode">// Not allowed - curly on IF but not ELSE
if (condition) {
  foo;
} else
  bar;

// Not allowed - curly on ELSE but not IF
if (condition)
  foo;
else {
  bar;
}
</pre>

<pre>// Curly braces around both IF and ELSE required because
// one of the clauses used braces.
if (condition) {
  foo;
} else {
  bar;
}
</pre>

</div> 

<h3 id="Loops_and_Switch_Statements">Loops and Switch Statements</h3>

<div class="summary">
<p>Switch statements may use braces for blocks. Annotate
non-trivial fall-through between cases.
Braces are optional for single-statement loops.
Empty loop bodies should use either empty braces or <code>continue</code>.</p>
</div>

<div class="stylebody">

<p><code>case</code> blocks in <code>switch</code>
statements can have curly braces or not, depending on
your preference. If you do include curly braces they
should be placed as shown below.</p>

<p>If not conditional on an enumerated value, switch
statements should always have a <code>default</code> case
(in the case of an enumerated value, the compiler will
warn you if any values are not handled). If the default
case should never execute, treat this as an error. For example:

</p> 

<div>
<pre>switch (var) {
  case 0: {  // 2 space indent
    ...      // 4 space indent
    break;
  }
  case 1: {
    ...
    break;
  }
  default: {
    assert(false);
  }
}
</pre>
</div> 

<p>Fall-through from one case label to
another must be annotated using the
<code>ABSL_FALLTHROUGH_INTENDED;</code> macro (defined in

<code>absl/base/macros.h</code>).
<code>ABSL_FALLTHROUGH_INTENDED;</code> should be placed at a
point of execution where a fall-through to the next case
label occurs. A common exception is consecutive case
labels without intervening code, in which case no
annotation is needed.</p>

<div>
<pre>switch (x) {
  case 41:  // No annotation needed here.
  case 43:
    if (dont_be_picky) {
      // Use this instead of or along with annotations in comments.
      ABSL_FALLTHROUGH_INTENDED;
    } else {
      CloseButNoCigar();
      break;
    }
  case 42:
    DoSomethingSpecial();
    ABSL_FALLTHROUGH_INTENDED;
  default:
    DoSomethingGeneric();
    break;
}
</pre>
</div>

<p> Braces are optional for single-statement loops.</p>

<pre>for (int i = 0; i &lt; kSomeNumber; ++i)
  printf("I love you\n");

for (int i = 0; i &lt; kSomeNumber; ++i) {
  printf("I take it back\n");
}
</pre>


<p>Empty loop bodies should use either an empty pair of braces or
<code>continue</code> with no braces, rather than a single semicolon.</p>

<pre>while (condition) {
  // Repeat test until it returns false.
}
for (int i = 0; i &lt; kSomeNumber; ++i) {}  // Good - one newline is also OK.
while (condition) continue;  // Good - continue indicates no logic.
</pre>

<pre class="badcode">while (condition);  // Bad - looks like part of do/while loop.
</pre>

</div> 

<h3 id="Pointer_and_Reference_Expressions">Pointer and Reference Expressions</h3>

<div class="summary">
<p>No spaces around period or arrow. Pointer operators do not
have trailing spaces.</p>
</div>

<div class="stylebody">

<p>The following are examples of correctly-formatted
pointer and reference expressions:</p>

<pre>x = *p;
p = &amp;x;
x = r.y;
x = r-&gt;y;
</pre>

<p>Note that:</p>

<ul>
  <li>There are no spaces around the period or arrow when
  accessing a member.</li>

   <li>Pointer operators have no space after the
   <code>*</code> or <code>&amp;</code>.</li>
</ul>

<p>When declaring a pointer variable or argument, you may
place the asterisk adjacent to either the type or to the
variable name:</p>

<pre>// These are fine, space preceding.
char *c;
const string &amp;str;

// These are fine, space following.
char* c;
const string&amp; str;
</pre>

<p>You should do this consistently within a single
file,
so, when modifying an existing file, use the style in
that file.</p>

It is allowed (if unusual) to declare multiple variables in the same
declaration, but it is disallowed if any of those have pointer or
reference decorations. Such declarations are easily misread.
<pre>// Fine if helpful for readability.
int x, y;
</pre>
<pre class="badcode">int x, *y;  // Disallowed - no &amp; or * in multiple declaration
char * c;  // Bad - spaces on both sides of *
const string &amp; str;  // Bad - spaces on both sides of &amp;
</pre>

</div> 

<h3 id="Boolean_Expressions">Boolean Expressions</h3>

<div class="summary">
<p>When you have a boolean expression that is longer than the
<a href="#Line_Length">standard line length</a>, be
consistent in how you break up the lines.</p>
</div>

<div class="stylebody">

<p>In this example, the logical AND operator is always at
the end of the lines:</p>

<pre>if (this_one_thing &gt; this_other_thing &amp;&amp;
    a_third_thing == a_fourth_thing &amp;&amp;
    yet_another &amp;&amp; last_one) {
  ...
}
</pre>

<p>Note that when the code wraps in this example, both of
the <code>&amp;&amp;</code> logical AND operators are at
the end of the line. This is more common in Google code,
though wrapping all operators at the beginning of the
line is also allowed. Feel free to insert extra
parentheses judiciously because they can be very helpful
in increasing readability when used
appropriately. Also note that you should always use
the punctuation operators, such as
<code>&amp;&amp;</code> and <code>~</code>, rather than
the word operators, such as <code>and</code> and
<code>compl</code>.</p>

</div> 

<h3 id="Return_Values">Return Values</h3>

<div class="summary">
<p>Do not needlessly surround the <code>return</code>
expression with parentheses.</p>
</div>

<div class="stylebody">

<p>Use parentheses in <code>return expr;</code> only
where you would use them in <code>x = expr;</code>.</p>

<pre>return result;                  // No parentheses in the simple case.
// Parentheses OK to make a complex expression more readable.
return (some_long_condition &amp;&amp;
        another_condition);
</pre>

<pre class="badcode">return (value);                // You wouldn't write var = (value);
return(result);                // return is not a function!
</pre>

</div> 

 

<h3 id="Variable_and_Array_Initialization">Variable and Array Initialization</h3>

<div class="summary">
<p>Your choice of <code>=</code>, <code>()</code>, or
<code>{}</code>.</p>
</div>

<div class="stylebody">

<p>You may choose between <code>=</code>,
<code>()</code>, and <code>{}</code>; the following are
all correct:</p>

<pre>int x = 3;
int x(3);
int x{3};
string name = "Some Name";
string name("Some Name");
string name{"Some Name"};
</pre>

<p>Be careful when using a braced initialization list <code>{...}</code>
on a type with an <code>std::initializer_list</code> constructor.
A nonempty <i>braced-init-list</i> prefers the
<code>std::initializer_list</code> constructor whenever
possible. Note that empty braces <code>{}</code> are special, and
will call a default constructor if available. To force the
non-<code>std::initializer_list</code> constructor, use parentheses
instead of braces.</p>

<pre>std::vector&lt;int&gt; v(100, 1);  // A vector containing 100 items: All 1s.
std::vector&lt;int&gt; v{100, 1};  // A vector containing 2 items: 100 and 1.
</pre>

<p>Also, the brace form prevents narrowing of integral
types. This can prevent some types of programming
errors.</p>

<pre>int pi(3.14);  // OK -- pi == 3.
int pi{3.14};  // Compile error: narrowing conversion.
</pre>

</div> 

<h3 id="Preprocessor_Directives">Preprocessor Directives</h3>

<div class="summary">
<p>The hash mark that starts a preprocessor directive should
always be at the beginning of the line.</p>
</div>

<div class="stylebody">

<p>Even when preprocessor directives are within the body
of indented code, the directives should start at the
beginning of the line.</p>

<pre>// Good - directives at beginning of line
  if (lopsided_score) {
#if DISASTER_PENDING      // Correct -- Starts at beginning of line
    DropEverything();
# if NOTIFY               // OK but not required -- Spaces after #
    NotifyClient();
# endif
#endif
    BackToNormal();
  }
</pre>

<pre class="badcode">// Bad - indented directives
  if (lopsided_score) {
    #if DISASTER_PENDING  // Wrong!  The "#if" should be at beginning of line
    DropEverything();
    #endif                // Wrong!  Do not indent "#endif"
    BackToNormal();
  }
</pre>

</div> 

<h3 id="Class_Format">Class Format</h3>

<div class="summary">
<p>Sections in <code>public</code>, <code>protected</code> and
<code>private</code> order, each indented one space.</p>
</div>

<div class="stylebody">

<p>The basic format for a class definition (lacking the
comments, see <a href="#Class_Comments">Class
Comments</a> for a discussion of what comments are
needed) is:</p>

<pre>class MyClass : public OtherClass {
 public:      // Note the 1 space indent!
  MyClass();  // Regular 2 space indent.
  explicit MyClass(int var);
  ~MyClass() {}

  void SomeFunction();
  void SomeFunctionThatDoesNothing() {
  }

  void set_some_var(int var) { some_var_ = var; }
  int some_var() const { return some_var_; }

 private:
  bool SomeInternalFunction();

  int some_var_;
  int some_other_var_;
};
</pre>

<p>Things to note:</p>

<ul>
  <li>Any base class name should be on the same line as
  the subclass name, subject to the 80-column limit.</li>

  <li>The <code>public:</code>, <code>protected:</code>,
  and <code>private:</code> keywords should be indented
  one space.</li>

  <li>Except for the first instance, these keywords
  should be preceded by a blank line. This rule is
  optional in small classes.</li>

  <li>Do not leave a blank line after these
  keywords.</li>

  <li>The <code>public</code> section should be first,
  followed by the <code>protected</code> and finally the
  <code>private</code> section.</li>

  <li>See <a href="#Declaration_Order">Declaration
  Order</a> for rules on ordering declarations within
  each of these sections.</li>
</ul>

</div> 

<h3 id="Constructor_Initializer_Lists">Constructor Initializer Lists</h3>

<div class="summary">
<p>Constructor initializer lists can be all on one line or
with subsequent lines indented four spaces.</p>
</div>

<div class="stylebody">

<p>The acceptable formats for initializer lists are:</p>

<pre>// When everything fits on one line:
MyClass::MyClass(int var) : some_var_(var) {
  DoSomething();
}

// If the signature and initializer list are not all on one line,
// you must wrap before the colon and indent 4 spaces:
MyClass::MyClass(int var)
    : some_var_(var), some_other_var_(var + 1) {
  DoSomething();
}

// When the list spans multiple lines, put each member on its own line
// and align them:
MyClass::MyClass(int var)
    : some_var_(var),             // 4 space indent
      some_other_var_(var + 1) {  // lined up
  DoSomething();
}

// As with any other code block, the close curly can be on the same
// line as the open curly, if it fits.
MyClass::MyClass(int var)
    : some_var_(var) {}
</pre>

</div> 

<h3 id="Namespace_Formatting">Namespace Formatting</h3>

<div class="summary">
<p>The contents of namespaces are not indented.</p>
</div>

<div class="stylebody">

<p><a href="#Namespaces">Namespaces</a> do not add an
extra level of indentation. For example, use:</p>

<pre>namespace {

void foo() {  // Correct.  No extra indentation within namespace.
  ...
}

}  // namespace
</pre>

<p>Do not indent within a namespace:</p>

<pre class="badcode">namespace {

  // Wrong!  Indented when it should not be.
  void foo() {
    ...
  }

}  // namespace
</pre>

<p>When declaring nested namespaces, put each namespace
on its own line.</p>

<pre>namespace foo {
namespace bar {
</pre>

</div> 

<h3 id="Horizontal_Whitespace">Horizontal Whitespace</h3>

<div class="summary">
<p>Use of horizontal whitespace depends on location. Never put
trailing whitespace at the end of a line.</p>
</div>

<div class="stylebody">

<h4 class="stylepoint_subsection">General</h4>

<pre>void f(bool b) {  // Open braces should always have a space before them.
  ...
int i = 0;  // Semicolons usually have no space before them.
// Spaces inside braces for braced-init-list are optional.  If you use them,
// put them on both sides!
int x[] = { 0 };
int x[] = {0};

// Spaces around the colon in inheritance and initializer lists.
class Foo : public Bar {
 public:
  // For inline function implementations, put spaces between the braces
  // and the implementation itself.
  Foo(int b) : Bar(), baz_(b) {}  // No spaces inside empty braces.
  void Reset() { baz_ = 0; }  // Spaces separating braces from implementation.
  ...
</pre>

<p>Adding trailing whitespace can cause extra work for
others editing the same file, when they merge, as can
removing existing trailing whitespace. So: Don't
introduce trailing whitespace. Remove it if you're
already changing that line, or do it in a separate
clean-up 
operation (preferably when no-one
else is working on the file).</p>

<h4 class="stylepoint_subsection">Loops and Conditionals</h4>

<pre>if (b) {          // Space after the keyword in conditions and loops.
} else {          // Spaces around else.
}
while (test) {}   // There is usually no space inside parentheses.
switch (i) {
for (int i = 0; i &lt; 5; ++i) {
// Loops and conditions may have spaces inside parentheses, but this
// is rare.  Be consistent.
switch ( i ) {
if ( test ) {
for ( int i = 0; i &lt; 5; ++i ) {
// For loops always have a space after the semicolon.  They may have a space
// before the semicolon, but this is rare.
for ( ; i &lt; 5 ; ++i) {
  ...

// Range-based for loops always have a space before and after the colon.
for (auto x : counts) {
  ...
}
switch (i) {
  case 1:         // No space before colon in a switch case.
    ...
  case 2: break;  // Use a space after a colon if there's code after it.
</pre>

<h4 class="stylepoint_subsection">Operators</h4>

<pre>// Assignment operators always have spaces around them.
x = 0;

// Other binary operators usually have spaces around them, but it's
// OK to remove spaces around factors.  Parentheses should have no
// internal padding.
v = w * x + y / z;
v = w*x + y/z;
v = w * (x + z);

// No spaces separating unary operators and their arguments.
x = -5;
++x;
if (x &amp;&amp; !y)
  ...
</pre>

<h4 class="stylepoint_subsection">Templates and Casts</h4>

<pre>// No spaces inside the angle brackets (&lt; and &gt;), before
// &lt;, or between &gt;( in a cast
std::vector&lt;string&gt; x;
y = static_cast&lt;char*&gt;(x);

// Spaces between type and pointer are OK, but be consistent.
std::vector&lt;char *&gt; x;
</pre>

</div> 

<h3 id="Vertical_Whitespace">Vertical Whitespace</h3>

<div class="summary">
<p>Minimize use of vertical whitespace.</p>
</div>

<div class="stylebody">

<p>This is more a principle than a rule: don't use blank
lines when you don't have to. In particular, don't put
more than one or two blank lines between functions,
resist starting functions with a blank line, don't end
functions with a blank line, and be discriminating with
your use of blank lines inside functions.</p>

<p>The basic principle is: The more code that fits on one
screen, the easier it is to follow and understand the
control flow of the program. Of course, readability can
suffer from code being too dense as well as too spread
out, so use your judgement. But in general, minimize use
of vertical whitespace.</p>

<p>Some rules of thumb to help when blank lines may be
useful:</p>

<ul>
  <li>Blank lines at the beginning or end of a function
  very rarely help readability.</li>

  <li>Blank lines inside a chain of if-else blocks may
  well help readability.</li>
</ul>

</div> 

<h2 id="Exceptions_to_the_Rules">Exceptions to the Rules</h2>

<p>The coding conventions described above are mandatory.
However, like all good rules, these sometimes have exceptions,
which we discuss here.</p>

 

<div>
<h3 id="Existing_Non-conformant_Code">Existing Non-conformant Code</h3>

<div class="summary">
<p>You may diverge from the rules when dealing with code that
does not conform to this style guide.</p>
</div>

<div class="stylebody">

<p>If you find yourself modifying code that was written
to specifications other than those presented by this
guide, you may have to diverge from these rules in order
to stay consistent with the local conventions in that
code. If you are in doubt about how to do this, ask the
original author or the person currently responsible for
the code. Remember that <em>consistency</em> includes
local consistency, too.</p>

</div> 
</div> 

 

<h3 id="Windows_Code">Windows Code</h3>

<div class="summary">
<p> Windows
programmers have developed their own set of coding
conventions, mainly derived from the conventions in Windows
headers and other Microsoft code. We want to make it easy
for anyone to understand your code, so we have a single set
of guidelines for everyone writing C++ on any platform.</p>
</div>

<div class="stylebody">
<p>It is worth reiterating a few of the guidelines that
you might forget if you are used to the prevalent Windows
style:</p>

<ul>
  <li>Do not use Hungarian notation (for example, naming
  an integer <code>iNum</code>). Use the Google naming
  conventions, including the <code>.cc</code> extension
  for source files.</li>

  <li>Windows defines many of its own synonyms for
  primitive types, such as <code>DWORD</code>,
  <code>HANDLE</code>, etc. It is perfectly acceptable,
  and encouraged, that you use these types when calling
  Windows API functions. Even so, keep as close as you
  can to the underlying C++ types. For example, use
  <code>const TCHAR *</code> instead of
  <code>LPCTSTR</code>.</li>

  <li>When compiling with Microsoft Visual C++, set the
  compiler to warning level 3 or higher, and treat all
  warnings as errors.</li>

  <li>Do not use <code>#pragma once</code>; instead use
  the standard Google include guards. The path in the
  include guards should be relative to the top of your
  project tree.</li>

  <li>In fact, do not use any nonstandard extensions,
  like <code>#pragma</code> and <code>__declspec</code>,
  unless you absolutely must. Using
  <code>__declspec(dllimport)</code> and
  <code>__declspec(dllexport)</code> is allowed; however,
  you must use them through macros such as
  <code>DLLIMPORT</code> and <code>DLLEXPORT</code>, so
  that someone can easily disable the extensions if they
  share the code.</li>
</ul>

<p>However, there are just a few rules that we
occasionally need to break on Windows:</p>

<ul>
  <li>Normally we <a href="#Multiple_Inheritance">forbid
  the use of multiple implementation inheritance</a>;
  however, it is required when using COM and some ATL/WTL
  classes. You may use multiple implementation
  inheritance to implement COM or ATL/WTL classes and
  interfaces.</li>

  <li>Although you should not use exceptions in your own
  code, they are used extensively in the ATL and some
  STLs, including the one that comes with Visual C++.
  When using the ATL, you should define
  <code>_ATL_NO_EXCEPTIONS</code> to disable exceptions.
  You should investigate whether you can also disable
  exceptions in your STL, but if not, it is OK to turn on
  exceptions in the compiler. (Note that this is only to
  get the STL to compile. You should still not write
  exception handling code yourself.)</li>

  <li>The usual way of working with precompiled headers
  is to include a header file at the top of each source
  file, typically with a name like <code>StdAfx.h</code>
  or <code>precompile.h</code>. To make your code easier
  to share with other projects, avoid including this file
  explicitly (except in <code>precompile.cc</code>), and
  use the <code>/FI</code> compiler option to include the
  file automatically.</li>

  <li>Resource headers, which are usually named
  <code>resource.h</code> and contain only macros, do not
  need to conform to these style guidelines.</li>
</ul>

</div> 

<h2 id="Parting_Words">Parting Words</h2>

<p>Use common sense and <em>BE CONSISTENT</em>.</p>

<p>If you are editing code, take a few minutes to look at the
code around you and determine its style. If they use spaces
around their <code>if</code> clauses, you should, too. If their
comments have little boxes of stars around them, make your
comments have little boxes of stars around them too.</p>

<p>The point of having style guidelines is to have a common
vocabulary of coding so people can concentrate on what you are
saying, rather than on how you are saying it. We present global
style rules here so people know the vocabulary. But local style
is also important. If code you add to a file looks drastically
different from the existing code around it, the discontinuity
throws readers out of their rhythm when they go to read it. Try
to avoid this.</p>



<p>OK, enough writing about writing code; the code itself is much
more interesting. Have fun!</p>

<hr>

</div> 
</div>
</body>
</html>