cppguide.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Google C++ Style Guide</title>
<link rel="stylesheet" href="include/styleguide.css">
<script src="include/styleguide.js"></script>
<link rel="shortcut icon" href="https://www.google.com/favicon.ico">
</head>
<body onload="initStyleGuide();">
<div id="content">
<h1>Google C++ Style Guide</h1>
<div class="horizontal_toc" id="tocDiv"></div>
<div class="main_body">

<h2 id="Background" class="ignoreLink">Background</h2>

<p>C++ is one of the main development languages  used by
many of Google's open-source projects. As every C++
programmer knows, the language has many powerful features, but
this power brings with it complexity, which in turn can make
code more bug-prone and harder to read and maintain.</p>

<p>The goal of this guide is to manage this complexity by
describing in detail the dos and don'ts of writing C++ code
. These rules exist to
keep  the code base manageable while still allowing
coders to use C++ language features productively.</p>

<p><em>Style</em>, also known as readability, is what we call
the conventions that govern our C++ code. The term Style is a
bit of a misnomer, since these conventions cover far more than
just source file formatting.</p>

<p>
Most open-source projects developed by
Google conform to the requirements in this guide.
</p>



<p>Note that this guide is not a C++ tutorial: we assume that
the reader is familiar with the language. </p>

<h3 id="Goals">Goals of the Style Guide</h3>

<p>Why do we have this document?</p>

<p>There are a few core goals that we believe this guide should
serve. These are the fundamental <b>why</b>s that
underlie all of the individual rules. By bringing these ideas to
the fore, we hope to ground discussions and make it clearer to our
broader community why the rules are in place and why particular
decisions have been made. If you understand what goals each rule is
serving, it should be clearer to everyone when a rule may be waived
(some can be), and what sort of argument or alternative would be
necessary to change a rule in the guide.</p>

<p>The goals of the style guide as we currently see them are as follows:</p>
<dl>
<dt>Style rules should pull their weight</dt>
<dd>The benefit of a style rule
must be large enough to justify asking all of our engineers to
remember it. The benefit is measured relative to the codebase we would
get without the rule, so a rule against a very harmful practice may
still have a small benefit if people are unlikely to do it
anyway. This principle mostly explains the rules we don&#8217;t have, rather
than the rules we do: for example, <code>goto</code> contravenes many
of the following principles, but is already vanishingly rare, so the Style
Guide doesn&#8217;t discuss it.</dd>

<dt>Optimize for the reader, not the writer</dt>
<dd>Our codebase (and most individual components submitted to it) is
expected to continue for quite some time. As a result, more time will
be spent reading most of our code than writing it. We explicitly
choose to optimize for the experience of our average software engineer
reading, maintaining, and debugging code in our codebase rather than
ease when writing said code.  "Leave a trace for the reader" is a
particularly common sub-point of this principle: When something
surprising or unusual is happening in a snippet of code (for example,
transfer of pointer ownership), leaving textual hints for the reader
at the point of use is valuable (<code>std::unique_ptr</code>
demonstrates the ownership transfer unambiguously at the call
site). </dd>

<dt>Be consistent with existing code</dt>
<dd>Using one style consistently through our codebase lets us focus on
other (more important) issues. Consistency also allows for
automation: tools that format your code or adjust
your <code>#include</code>s only work properly when your code is
consistent with the expectations of the tooling. In many cases, rules
that are attributed to "Be Consistent" boil down to "Just pick one and
stop worrying about it"; the potential value of allowing flexibility
on these points is outweighed by the cost of having people argue over
them. </dd>

<dt>Be consistent with the broader C++ community when appropriate</dt>
<dd>Consistency with the way other organizations use C++ has value for
the same reasons as consistency within our code base. If a feature in
the C++ standard solves a problem, or if some idiom is widely known
and accepted, that's an argument for using it. However, sometimes
standard features and idioms are flawed, or were just designed without
our codebase's needs in mind. In those cases (as described below) it's
appropriate to constrain or ban standard features.  In some cases we
prefer a homegrown or third-party library over a library defined in
the C++ Standard, either out of perceived superiority or insufficient
value to transition the codebase to the standard interface.</dd>

<dt>Avoid surprising or dangerous constructs</dt>
<dd>C++ has features that are more surprising or dangerous than one
might think at a glance. Some style guide restrictions are in place to
prevent falling into these pitfalls. There is a high bar for style
guide waivers on such restrictions, because waiving such rules often
directly risks compromising program correctness.
</dd>

<dt>Avoid constructs that our average C++ programmer would find tricky
or hard to maintain</dt>
<dd>C++ has features that may not be generally appropriate because of
the complexity they introduce to the code. In widely used
code, it may be more acceptable to use
trickier language constructs, because any benefits of more complex
implementation are multiplied widely by usage, and the cost in understanding
the complexity does not need to be paid again when working with new
portions of the codebase. When in doubt, waivers to rules of this type
can be sought by asking
your project leads. This is specifically
important for our codebase because code ownership and team membership
changes over time: even if everyone that works with some piece of code
currently understands it, such understanding is not guaranteed to hold a
few years from now.</dd>

<dt>Be mindful of our scale</dt>
<dd>With a codebase of 100+ million lines and thousands of engineers,
some mistakes and simplifications for one engineer can become costly
for many. For instance it's particularly important to
avoid polluting the global namespace: name collisions across a
codebase of hundreds of millions of lines are difficult to work with
and hard to avoid if everyone puts things into the global
namespace.</dd>

<dt>Concede to optimization when necessary</dt>
<dd>Performance optimizations can sometimes be necessary and
appropriate, even when they conflict with the other principles of this
document.</dd>
</dl>

<p>The intent of this document is to provide maximal guidance with
reasonable restriction. As always, common sense and good taste should
prevail. By this we specifically refer to the established conventions
of the entire Google C++ community, not just your personal preferences
or those of your team. Be skeptical about and reluctant to use
clever or unusual constructs: the absence of a prohibition is not the
same as a license to proceed.  Use your judgment, and if you are
unsure, please don't hesitate to ask your project leads to get additional
input.</p>



<h2 id="C++_Version">C++ Version</h2>

<p>Currently, code should target C++17, i.e., should not use C++2x
  features. The C++ version targeted by this guide will advance
  (aggressively) over time.</p>



<p>Do not use
  <a href="#Nonstandard_Extensions">non-standard extensions</a>.</p>

  <div>Consider portability to other environments
before using features from C++14 and C++17 in your project.
</div>

<h2 id="Header_Files">Header Files</h2>

<p>In general, every <code>.cc</code> file should have an
associated <code>.h</code> file. There are some common
exceptions, such as  unittests and
small <code>.cc</code> files containing just a
<code>main()</code> function.</p>

<p>Correct use of header files can make a huge difference to
the readability, size and performance of your code.</p>

<p>The following rules will guide you through the various
pitfalls of using header files.</p>

<a id="The_-inl.h_Files"></a>
<h3 id="Self_contained_Headers">Self-contained Headers</h3>

<p>Header files should be self-contained (compile on their own) and
end in <code>.h</code>.  Non-header files that are meant for inclusion
should end in <code>.inc</code> and be used sparingly.</p>

<p>All header files should be self-contained. Users and refactoring
tools should not have to adhere to special conditions to include the
header. Specifically, a header should
have <a href="#The__define_Guard">header guards</a> and include all
other headers it needs.</p>

<p>Prefer placing the definitions for template and inline functions in
the same file as their declarations.  The definitions of these
constructs must be included into every <code>.cc</code> file that uses
them, or the program may fail to link in some build configurations.  If
declarations and definitions are in different files, including the
former should transitively include the latter.  Do not move these
definitions to separately included header files (<code>-inl.h</code>);
this practice was common in the past, but is no longer allowed.</p>

<p>As an exception, a template that is explicitly instantiated for
all relevant sets of template arguments, or that is a private
implementation detail of a class, is allowed to be defined in the one
and only <code>.cc</code> file that instantiates the template.</p>

<p>There are rare cases where a file designed to be included is not
self-contained.  These are typically intended to be included at unusual
locations, such as the middle of another file.  They might not
use <a href="#The__define_Guard">header guards</a>, and might not include
their prerequisites.  Name such files with the <code>.inc</code>
extension.  Use sparingly, and prefer self-contained headers when
possible.</p>

<h3 id="The__define_Guard">The #define Guard</h3>

<p>All header files should have <code>#define</code> guards to
prevent multiple inclusion. The format of the symbol name
should be

<code><i>&lt;PROJECT&gt;</i>_<i>&lt;PATH&gt;</i>_<i>&lt;FILE&gt;</i>_H_</code>.</p>



<div>
<p>To guarantee uniqueness, they should
be based on the full path in a project's source tree. For
example, the file <code>foo/src/bar/baz.h</code> in
project <code>foo</code> should have the following
guard:</p>
</div>

<pre>#ifndef FOO_BAR_BAZ_H_
#define FOO_BAR_BAZ_H_

...

#endif  // FOO_BAR_BAZ_H_
</pre>



<h3 id="Forward_Declarations">Forward Declarations</h3>

<p>Avoid using forward declarations where possible.
Instead, <code>#include</code> the headers you need.</p>

<p class="definition"></p>
<p>A "forward declaration" is a declaration of a class,
function, or template without an associated definition.</p>

<p class="pros"></p>
<ul>
  <li>Forward declarations can save compile time, as
  <code>#include</code>s force the compiler to open
  more files and process more input.</li>

  <li>Forward declarations can save on unnecessary
  recompilation. <code>#include</code>s can force
  your code to be recompiled more often, due to unrelated
  changes in the header.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>Forward declarations can hide a dependency, allowing
  user code to skip necessary recompilation when headers
  change.</li>

  <li>A forward declaration may be broken by subsequent
  changes to the library. Forward declarations of functions
  and templates can prevent the header owners from making
  otherwise-compatible changes to their APIs, such as
  widening a parameter type, adding a template parameter
  with a default value, or migrating to a new namespace.</li>

  <li>Forward declaring symbols from namespace
  <code>std::</code> yields undefined behavior.</li>

  <li>It can be difficult to determine whether a forward
  declaration or a full <code>#include</code> is needed.
  Replacing an <code>#include</code> with a forward
  declaration can silently change the meaning of
  code:
      <pre>      // b.h:
      struct B {};
      struct D : B {};

      // good_user.cc:
      #include "b.h"
      void f(B*);
      void f(void*);
      void test(D* x) { f(x); }  // calls f(B*)
      </pre>
  If the <code>#include</code> was replaced with forward
  decls for <code>B</code> and <code>D</code>,
  <code>test()</code> would call <code>f(void*)</code>.
  </li>

  <li>Forward declaring multiple symbols from a header
  can be more verbose than simply
  <code>#include</code>ing the header.</li>

  <li>Structuring code to enable forward declarations
  (e.g. using pointer members instead of object members)
  can make the code slower and more complex.</li>


</ul>

<p class="decision"></p>
<ul>
  <li>Try to avoid forward declarations of entities
  defined in another project.</li>

  <li>When using a function declared in a header file,
  always <code>#include</code> that header.</li>

  <li>When using a class template, prefer to
  <code>#include</code> its header file.</li>
</ul>

<p>Please see <a href="#Names_and_Order_of_Includes">Names and Order
of Includes</a> for rules about when to #include a header.</p>

<h3 id="Inline_Functions">Inline Functions</h3>

<p>Define functions inline only when they are small, say, 10
lines or fewer.</p>

<p class="definition"></p>
<p>You can declare functions in a way that allows the compiler to expand
them inline rather than calling them through the usual
function call mechanism.</p>

<p class="pros"></p>
<p>Inlining a function can generate more efficient object
code, as long as the inlined function is small. Feel free
to inline accessors and mutators, and other short,
performance-critical functions.</p>

<p class="cons"></p>
<p>Overuse of inlining can actually make programs slower.
Depending on a function's size, inlining it can cause the
code size to increase or decrease. Inlining a very small
accessor function will usually decrease code size while
inlining a very large function can dramatically increase
code size. On modern processors smaller code usually runs
faster due to better use of the instruction cache.</p>

<p class="decision"></p>
<p>A decent rule of thumb is to not inline a function if
it is more than 10 lines long. Beware of destructors,
which are often longer than they appear because of
implicit member- and base-destructor calls!</p>

<p>Another useful rule of thumb: it's typically not cost
effective to inline functions with loops or switch
statements (unless, in the common case, the loop or
switch statement is never executed).</p>

<p>It is important to know that functions are not always
inlined even if they are declared as such; for example,
virtual and recursive functions are not normally inlined.
Usually recursive functions should not be inline. The
main reason for making a virtual function inline is to
place its definition in the class, either for convenience
or to document its behavior, e.g., for accessors and
mutators.</p>

<h3 id="Names_and_Order_of_Includes">Names and Order of Includes</h3>

<p>Include headers in the following order: Related header, C system headers,
C++ standard library headers,
other libraries' headers, your project's
headers.</p>

<p>
All of a project's header files should be
listed as descendants of the project's source
directory without use of UNIX directory aliases
<code>.</code> (the current directory) or <code>..</code>
(the parent directory). For example,

<code>google-awesome-project/src/base/logging.h</code>
should be included as:</p>

<pre>#include "base/logging.h"
</pre>

<p>In <code><var>dir/foo</var>.cc</code> or
<code><var>dir/foo_test</var>.cc</code>, whose main
purpose is to implement or test the stuff in
<code><var>dir2/foo2</var>.h</code>, order your includes
as follows:</p>

<ol>
  <li><code><var>dir2/foo2</var>.h</code>.</li>

  <li>A blank line</li>

  <li>C system headers (more precisely: headers in angle brackets with the
    <code>.h</code> extension), e.g. <code>&lt;unistd.h&gt;</code>,
    <code>&lt;stdlib.h&gt;</code>.</li>

  <li>A blank line</li>

  <li>C++ standard library headers (without file extension), e.g.
    <code>&lt;algorithm&gt;</code>, <code>&lt;cstddef&gt;</code>.</li>

  <li>A blank line</li>

  <div>
  <li>Other libraries' <code>.h</code> files.</li>
  </div>

  <li>
  Your project's <code>.h</code>
  files.</li>
</ol>

<p>Separate each non-empty group with one blank line.</p>

<p>With the preferred ordering, if the related header
<code><var>dir2/foo2</var>.h</code> omits any necessary
includes, the build of <code><var>dir/foo</var>.cc</code>
or <code><var>dir/foo</var>_test.cc</code> will break.
Thus, this rule ensures that build breaks show up first
for the people working on these files, not for innocent
people in other packages.</p>

<p><code><var>dir/foo</var>.cc</code> and
<code><var>dir2/foo2</var>.h</code> are usually in the same
directory (e.g. <code>base/basictypes_test.cc</code> and
<code>base/basictypes.h</code>), but may sometimes be in different
directories too.</p>



<p>Note that the C headers such as <code>stddef.h</code>
are essentially interchangeable with their C++ counterparts
(<code>cstddef</code>).
Either style is acceptable, but prefer consistency with existing code.</p>

<p>Within each section the includes should be ordered
alphabetically. Note that older code might not conform to
this rule and should be fixed when convenient.</p>

<p>You should include all the headers that define the symbols you rely
upon, except in the unusual case of <a href="#Forward_Declarations">forward
declaration</a>. If you rely on symbols from <code>bar.h</code>,
don't count on the fact that you included <code>foo.h</code> which
(currently) includes <code>bar.h</code>: include <code>bar.h</code>
yourself, unless <code>foo.h</code> explicitly demonstrates its intent
to provide you the symbols of <code>bar.h</code>.</p>

<p>For example, the includes in

<code>google-awesome-project/src/foo/internal/fooserver.cc</code>
might look like this:</p>

<pre>#include "foo/server/fooserver.h"

#include &lt;sys/types.h&gt;
#include &lt;unistd.h&gt;

#include &lt;string&gt;
#include &lt;vector&gt;

#include "base/basictypes.h"
#include "base/commandlineflags.h"
#include "foo/server/bar.h"
</pre>

<p><b>Exception:</b></p>

<p>Sometimes, system-specific code needs
conditional includes. Such code can put conditional
includes after other includes. Of course, keep your
system-specific code small and localized. Example:</p>

<pre>#include "foo/public/fooserver.h"

#include "base/port.h"  // For LANG_CXX11.

#ifdef LANG_CXX11
#include &lt;initializer_list&gt;
#endif  // LANG_CXX11
</pre>

<h2 id="Scoping">Scoping</h2>

<h3 id="Namespaces">Namespaces</h3>

<p>With few exceptions, place code in a namespace. Namespaces
should have unique names based on the project name, and possibly
its path. Do not use <i>using-directives</i> (e.g.
<code>using namespace foo</code>). Do not use
inline namespaces. For unnamed namespaces, see
<a href="#Unnamed_Namespaces_and_Static_Variables">Unnamed Namespaces and
Static Variables</a>.

</p><p class="definition"></p>
<p>Namespaces subdivide the global scope
into distinct, named scopes, and so are useful for preventing
name collisions in the global scope.</p>

<p class="pros"></p>

<p>Namespaces provide a method for preventing name conflicts
in large programs while allowing most code to use reasonably
short names.</p>

<p>For example, if two different projects have a class
<code>Foo</code> in the global scope, these symbols may
collide at compile time or at runtime. If each project
places their code in a namespace, <code>project1::Foo</code>
and <code>project2::Foo</code> are now distinct symbols that
do not collide, and code within each project's namespace
can continue to refer to <code>Foo</code> without the prefix.</p>

<p>Inline namespaces automatically place their names in
the enclosing scope. Consider the following snippet, for
example:</p>

<pre class="neutralcode">namespace outer {
inline namespace inner {
  void foo();
}  // namespace inner
}  // namespace outer
</pre>

<p>The expressions <code>outer::inner::foo()</code> and
<code>outer::foo()</code> are interchangeable. Inline
namespaces are primarily intended for ABI compatibility
across versions.</p>

<p class="cons"></p>

<p>Namespaces can be confusing, because they complicate
the mechanics of figuring out what definition a name refers
to.</p>

<p>Inline namespaces, in particular, can be confusing
because names aren't actually restricted to the namespace
where they are declared. They are only useful as part of
some larger versioning policy.</p>

<p>In some contexts, it's necessary to repeatedly refer to
symbols by their fully-qualified names. For deeply-nested
namespaces, this can add a lot of clutter.</p>

<p class="decision"></p>

<p>Namespaces should be used as follows:</p>

<ul>
  <li>Follow the rules on <a href="#Namespace_Names">Namespace Names</a>.
  </li><li>Terminate namespaces with comments as shown in the given examples.
  </li><li>

  <p>Namespaces wrap the entire source file after
  includes,
  <a href="https://gflags.github.io/gflags/">
  gflags</a> definitions/declarations
  and forward declarations of classes from other namespaces.</p>

<pre>// In the .h file
namespace mynamespace {

// All declarations are within the namespace scope.
// Notice the lack of indentation.
class MyClass {
 public:
  ...
  void Foo();
};

}  // namespace mynamespace
</pre>

<pre>// In the .cc file
namespace mynamespace {

// Definition of functions is within scope of the namespace.
void MyClass::Foo() {
  ...
}

}  // namespace mynamespace
</pre>

  <p>More complex <code>.cc</code> files might have additional details,
  like flags or using-declarations.</p>

<pre>#include "a.h"

ABSL_FLAG(bool, someflag, false, "dummy flag");

namespace mynamespace {

using ::foo::Bar;

...code for mynamespace...    // Code goes against the left margin.

}  // namespace mynamespace
</pre>
  </li>

  <li>To place generated protocol
  message code in a namespace, use the
  <code>package</code> specifier in the
  <code>.proto</code> file. See


  <a href="https://developers.google.com/protocol-buffers/docs/reference/cpp-generated#package">
  Protocol Buffer Packages</a>
  for details.</li>

  <li>Do not declare anything in namespace
  <code>std</code>, including forward declarations of
  standard library classes. Declaring entities in
  namespace <code>std</code> is undefined behavior, i.e.,
  not portable. To declare entities from the standard
  library, include the appropriate header file.</li>

  <li><p>You may not use a <i>using-directive</i>
  to make all names from a namespace available.</p>

<pre class="badcode">// Forbidden -- This pollutes the namespace.
using namespace foo;
</pre>
  </li>

  <li><p>Do not use <i>Namespace aliases</i> at namespace scope
  in header files except in explicitly marked
  internal-only namespaces, because anything imported into a namespace
  in a header file becomes part of the public
  API exported by that file.</p>

<pre>// Shorten access to some commonly used names in .cc files.
namespace baz = ::foo::bar::baz;
</pre>

<pre>// Shorten access to some commonly used names (in a .h file).
namespace librarian {
namespace impl {  // Internal, not part of the API.
namespace sidetable = ::pipeline_diagnostics::sidetable;
}  // namespace impl

inline void my_inline_function() {
  // namespace alias local to a function (or method).
  namespace baz = ::foo::bar::baz;
  ...
}
}  // namespace librarian
</pre>

  </li><li>Do not use inline namespaces.</li>
</ul>

<h3 id="Unnamed_Namespaces_and_Static_Variables">Unnamed Namespaces and Static
Variables</h3>

<p>When definitions in a <code>.cc</code> file do not need to be
referenced outside that file, place them in an unnamed
namespace or declare them <code>static</code>. Do not use either
of these constructs in <code>.h</code> files.

</p><p class="definition"></p>
<p>All declarations can be given internal linkage by placing them in unnamed
namespaces. Functions and variables can also be given internal linkage by
declaring them <code>static</code>. This means that anything you're declaring
can't be accessed from another file. If a different file declares something with
the same name, then the two entities are completely independent.</p>

<p class="decision"></p>

<p>Use of internal linkage in <code>.cc</code> files is encouraged
for all code that does not need to be referenced elsewhere.
Do not use internal linkage in <code>.h</code> files.</p>

<p>Format unnamed namespaces like named namespaces. In the
  terminating comment, leave the namespace name empty:</p>

<pre>namespace {
...
}  // namespace
</pre>

<h3 id="Nonmember,_Static_Member,_and_Global_Functions">Nonmember, Static Member, and Global Functions</h3>

<p>Prefer placing nonmember functions in a namespace; use completely global
functions rarely. Do not use a class simply to group static functions. Static
methods of a class should generally be closely related to instances of the
class or the class's static data.</p>


<p class="pros"></p>
<p>Nonmember and static member functions can be useful in
some situations. Putting nonmember functions in a
namespace avoids polluting the global namespace.</p>

<p class="cons"></p>
<p>Nonmember and static member functions may make more sense
as members of a new class, especially if they access
external resources or have significant dependencies.</p>

<p class="decision"></p>
<p>Sometimes it is useful to define a
function not bound to a class instance. Such a function
can be either a static member or a nonmember function.
Nonmember functions should not depend on external
variables, and should nearly always exist in a namespace.
Do not create classes only to group static member functions;
this is no different than just giving the function names a
common prefix, and such grouping is usually unnecessary anyway.</p>

<p>If you define a nonmember function and it is only
needed in its <code>.cc</code> file, use
<a href="#Unnamed_Namespaces_and_Static_Variables">internal linkage</a> to limit
its scope.</p>

<h3 id="Local_Variables">Local Variables</h3>

<p>Place a function's variables in the narrowest scope
possible, and initialize variables in the declaration.</p>

<p>C++ allows you to declare variables anywhere in a
function. We encourage you to declare them in as local a
scope as possible, and as close to the first use as
possible. This makes it easier for the reader to find the
declaration and see what type the variable is and what it
was initialized to. In particular, initialization should
be used instead of declaration and assignment, e.g.:</p>

<pre class="badcode">int i;
i = f();      // Bad -- initialization separate from declaration.
</pre>

<pre>int j = g();  // Good -- declaration has initialization.
</pre>

<pre class="badcode">std::vector&lt;int&gt; v;
v.push_back(1);  // Prefer initializing using brace initialization.
v.push_back(2);
</pre>

<pre>std::vector&lt;int&gt; v = {1, 2};  // Good -- v starts initialized.
</pre>

<p>Variables needed for <code>if</code>, <code>while</code>
and <code>for</code> statements should normally be declared
within those statements, so that such variables are confined
to those scopes.  E.g.:</p>

<pre>while (const char* p = strchr(str, '/')) str = p + 1;
</pre>

<p>There is one caveat: if the variable is an object, its
constructor is invoked every time it enters scope and is
created, and its destructor is invoked every time it goes
out of scope.</p>

<pre class="badcode">// Inefficient implementation:
for (int i = 0; i &lt; 1000000; ++i) {
  Foo f;  // My ctor and dtor get called 1000000 times each.
  f.DoSomething(i);
}
</pre>

<p>It may be more efficient to declare such a variable
used in a loop outside that loop:</p>

<pre>Foo f;  // My ctor and dtor get called once each.
for (int i = 0; i &lt; 1000000; ++i) {
  f.DoSomething(i);
}
</pre>

<h3 id="Static_and_Global_Variables">Static and Global Variables</h3>

<p>Objects with
<a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration">
static storage duration</a> are forbidden unless they are
<a href="http://en.cppreference.com/w/cpp/types/is_destructible">trivially
destructible</a>. Informally this means that the destructor does not do
anything, even taking member and base destructors into account. More formally it
means that the type has no user-defined or virtual destructor and that all bases
and non-static members are trivially destructible.
Static function-local variables may use dynamic initialization.
Use of dynamic initialization for static class member variables or variables at
namespace scope is discouraged, but allowed in limited circumstances; see below
for details.</p>

<p>As a rule of thumb: a global variable satisfies these requirements if its
declaration, considered in isolation, could be <code>constexpr</code>.</p>

<p class="definition"></p>
<p>Every object has a <dfn>storage duration</dfn>, which correlates with its
lifetime. Objects with static storage duration live from the point of their
initialization until the end of the program. Such objects appear as variables at
namespace scope ("global variables"), as static data members of classes, or as
function-local variables that are declared with the <code>static</code>
specifier. Function-local static variables are initialized when control first
passes through their declaration; all other objects with static storage duration
are initialized as part of program start-up. All objects with static storage
duration are destroyed at program exit (which happens before unjoined threads
are terminated).</p>

<p>Initialization may be <dfn>dynamic</dfn>, which means that something
non-trivial happens during initialization. (For example, consider a constructor
that allocates memory, or a variable that is initialized with the current
process ID.) The other kind of initialization is <dfn>static</dfn>
initialization. The two aren't quite opposites, though: static
initialization <em>always</em> happens to objects with static storage duration
(initializing the object either to a given constant or to a representation
consisting of all bytes set to zero), whereas dynamic initialization happens
after that, if required.</p>

<p class="pros"></p>
<p>Global and static variables are very useful for a large number of
applications: named constants, auxiliary data structures internal to some
translation unit, command-line flags, logging, registration mechanisms,
background infrastructure, etc.</p>

<p class="cons"></p>
<p>Global and static variables that use dynamic initialization or have
non-trivial destructors create complexity that can easily lead to hard-to-find
bugs. Dynamic initialization is not ordered across translation units, and
neither is destruction (except that destruction
happens in reverse order of initialization). When one initialization refers to
another variable with static storage duration, it is possible that this causes
an object to be accessed before its lifetime has begun (or after its lifetime
has ended). Moreover, when a program starts threads that are not joined at exit,
those threads may attempt to access objects after their lifetime has ended if
their destructor has already run.</p>

<p class="decision"></p>
<h4>Decision on destruction</h4>

<p>When destructors are trivial, their execution is not subject to ordering at
all (they are effectively not "run"); otherwise we are exposed to the risk of
accessing objects after the end of their lifetime. Therefore, we only allow
objects with static storage duration if they are trivially destructible.
Fundamental types (like pointers and <code>int</code>) are trivially
destructible, as are arrays of trivially destructible types. Note that
variables marked with <code>constexpr</code> are trivially destructible.</p>
<pre>const int kNum = 10;  // allowed

struct X { int n; };
const X kX[] = {{1}, {2}, {3}};  // allowed

void foo() {
  static const char* const kMessages[] = {"hello", "world"};  // allowed
}

// allowed: constexpr guarantees trivial destructor
constexpr std::array&lt;int, 3&gt; kArray = {{1, 2, 3}};</pre>
<pre class="badcode">// bad: non-trivial destructor
const std::string kFoo = "foo";

// bad for the same reason, even though kBar is a reference (the
// rule also applies to lifetime-extended temporary objects)
const std::string&amp; kBar = StrCat("a", "b", "c");

void bar() {
  // bad: non-trivial destructor
  static std::map&lt;int, int&gt; kData = {{1, 0}, {2, 0}, {3, 0}};
}</pre>

<p>Note that references are not objects, and thus they are not subject to the
constraints on destructibility. The constraint on dynamic initialization still
applies, though. In particular, a function-local static reference of the form
<code>static T&amp; t = *new T;</code> is allowed.</p>

<h4>Decision on initialization</h4>

<p>Initialization is a more complex topic. This is because we must not only
consider whether class constructors execute, but we must also consider the
evaluation of the initializer:</p>
<pre class="neutralcode">int n = 5;    // fine
int m = f();  // ? (depends on f)
Foo x;        // ? (depends on Foo::Foo)
Bar y = g();  // ? (depends on g and on Bar::Bar)
</pre>

<p>All but the first statement expose us to indeterminate initialization
ordering.</p>

<p>The concept we are looking for is called <em>constant initialization</em> in
the formal language of the C++ standard. It means that the initializing
expression is a constant expression, and if the object is initialized by a
constructor call, then the constructor must be specified as
<code>constexpr</code>, too:</p>
<pre>struct Foo { constexpr Foo(int) {} };

int n = 5;  // fine, 5 is a constant expression
Foo x(2);   // fine, 2 is a constant expression and the chosen constructor is constexpr
Foo a[] = { Foo(1), Foo(2), Foo(3) };  // fine</pre>

<p>Constant initialization is always allowed. Constant initialization of
static storage duration variables should be marked with <code>constexpr</code>
or where possible the


<a href="https://github.com/abseil/abseil-cpp/blob/03c1513538584f4a04d666be5eb469e3979febba/absl/base/attributes.h#L540">
<code>ABSL_CONST_INIT</code></a>
attribute. Any non-local static storage
duration variable that is not so marked should be presumed to have
dynamic initialization, and reviewed very carefully.</p>

<p>By contrast, the following initializations are problematic:</p>

<pre class="badcode">// Some declarations used below.
time_t time(time_t*);      // not constexpr!
int f();                   // not constexpr!
struct Bar { Bar() {} };

// Problematic initializations.
time_t m = time(nullptr);  // initializing expression not a constant expression
Foo y(f());                // ditto
Bar b;                     // chosen constructor Bar::Bar() not constexpr</pre>

<p>Dynamic initialization of nonlocal variables is discouraged, and in general
it is forbidden. However, we do permit it if no aspect of the program depends
on the sequencing of this initialization with respect to all other
initializations. Under those restrictions, the ordering of the initialization
does not make an observable difference. For example:</p>
<pre>int p = getpid();  // allowed, as long as no other static variable
                   // uses p in its own initialization</pre>

<p>Dynamic initialization of static local variables is allowed (and common).</p>



<h4>Common patterns</h4>

<ul>
  <li>Global strings: if you require a global or static string constant,
    consider using a simple character array, or a char pointer to the first
    element of a string literal. String literals have static storage duration
    already and are usually sufficient.</li>
  <li>Maps, sets, and other dynamic containers: if you require a static, fixed
    collection, such as a set to search against or a lookup table, you cannot
    use the dynamic containers from the standard library as a static variable,
    since they have non-trivial destructors. Instead, consider a simple array of
    trivial types, e.g. an array of arrays of ints (for a "map from int to
    int"), or an array of pairs (e.g. pairs of <code>int</code> and <code>const
    char*</code>). For small collections, linear search is entirely sufficient
    (and efficient, due to memory locality); consider using the facilities from

    <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/algorithm/container.h">absl/algorithm/container.h</a>


    for the standard operations. If necessary, keep the collection in sorted
    order and use a binary search algorithm. If you do really prefer a dynamic
    container from the standard library, consider using a function-local static
    pointer, as described below.</li>
  <li>Smart pointers (<code>unique_ptr</code>, <code>shared_ptr</code>): smart
    pointers execute cleanup during destruction and are therefore forbidden.
    Consider whether your use case fits into one of the other patterns described
    in this section. One simple solution is to use a plain pointer to a
    dynamically allocated object and never delete it (see last item).</li>
  <li>Static variables of custom types: if you require static, constant data of
    a type that you need to define yourself, give the type a trivial destructor
    and a <code>constexpr</code> constructor.</li>
  <li>If all else fails, you can create an object dynamically and never delete
    it by using a function-local static pointer or reference (e.g. <code>static
    const auto&amp; impl = *new T(args...);</code>).</li>
</ul>

<h3 id="thread_local">thread_local Variables</h3>

<p><code>thread_local</code> variables that aren't declared inside a function
must be initialized with a true compile-time constant,
and this must be enforced by using the


<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h">
<code>ABSL_CONST_INIT</code></a>
attribute. Prefer
<code>thread_local</code> over other ways of defining thread-local data.</p>

<p class="definition"></p>
<p>Starting with C++11, variables can be declared with the
<code>thread_local</code> specifier:</p>
<pre>thread_local Foo foo = ...;
</pre>
<p>Such a variable is actually a collection of objects, so that when different
threads access it, they are actually accessing different objects.
<code>thread_local</code> variables are much like
<a href="#Static_and_Global_Variables">static storage duration variables</a>
in many respects. For instance, they can be declared at namespace scope,
inside functions, or as static class members, but not as ordinary class
members.</p>

<p><code>thread_local</code> variable instances are initialized much like
static variables, except that they must be initialized separately for each
thread, rather than once at program startup. This means that
<code>thread_local</code> variables declared within a function are safe, but
other <code>thread_local</code> variables are subject to the same
initialization-order issues as static variables (and more besides).</p>

<p><code>thread_local</code> variable instances are destroyed when their thread
terminates, so they do not have the destruction-order issues of static
variables.</p>

<p class="pros"></p>
<ul>
  <li>Thread-local data is inherently safe from races (because only one thread
    can ordinarily access it), which makes <code>thread_local</code> useful for
    concurrent programming.</li>
  <li><code>thread_local</code> is the only standard-supported way of creating
    thread-local data.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>Accessing a <code>thread_local</code> variable may trigger execution of
    an unpredictable and uncontrollable amount of other code.</li>
  <li><code>thread_local</code> variables are effectively global variables,
    and have all the drawbacks of global variables other than lack of
    thread-safety.</li>
  <li>The memory consumed by a <code>thread_local</code> variable scales with
    the number of running threads (in the worst case), which can be quite large
    in a  program.</li>
  <li>An ordinary class member cannot be <code>thread_local</code>.</li>
  <li><code>thread_local</code> may not be as efficient as certain compiler
    intrinsics.</li>
</ul>

<p class="decision"></p>
  <p><code>thread_local</code> variables inside a function have no safety
    concerns, so they can be used without restriction. Note that you can use
    a function-scope <code>thread_local</code> to simulate a class- or
    namespace-scope <code>thread_local</code> by defining a function or
    static method that exposes it:</p>

<pre>Foo&amp; MyThreadLocalFoo() {
  thread_local Foo result = ComplicatedInitialization();
  return result;
}
</pre>

<p><code>thread_local</code> variables at class or namespace scope must be
initialized with a true compile-time constant (i.e. they must have no
dynamic initialization). To enforce this, <code>thread_local</code> variables
at class or namespace scope must be annotated with


<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/attributes.h">
<code>ABSL_CONST_INIT</code></a>
(or <code>constexpr</code>, but that should be rare):</p>

<pre>ABSL_CONST_INIT thread_local Foo foo = ...;
</pre>

<p><code>thread_local</code> should be preferred over other mechanisms for
defining thread-local data.</p>

<h2 id="Classes">Classes</h2>

<p>Classes are the fundamental unit of code in C++. Naturally,
we use them extensively. This section lists the main dos and
don'ts you should follow when writing a class.</p>

<h3 id="Doing_Work_in_Constructors">Doing Work in Constructors</h3>

<p>Avoid virtual method calls in constructors, and avoid
initialization that can fail if you can't signal an error.</p>

<p class="definition"></p>
<p>It is possible to perform arbitrary initialization in the body
of the constructor.</p>

<p class="pros"></p>
<ul>
  <li>No need to worry about whether the class has been initialized or
  not.</li>

  <li>Objects that are fully initialized by constructor call can
  be <code>const</code> and may also be easier to use with standard containers
  or algorithms.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>If the work calls virtual functions, these calls
  will not get dispatched to the subclass
  implementations. Future modification to your class can
  quietly introduce this problem even if your class is
  not currently subclassed, causing much confusion.</li>

  <li>There is no easy way for constructors to signal errors, short of
  crashing the program (not always appropriate) or using exceptions
  (which are <a href="#Exceptions">forbidden</a>).</li>

  <li>If the work fails, we now have an object whose initialization
  code failed, so it may be an unusual state requiring a <code>bool
  IsValid()</code> state checking mechanism (or similar) which is easy
  to forget to call.</li>

  <li>You cannot take the address of a constructor, so whatever work
  is done in the constructor cannot easily be handed off to, for
  example, another thread.</li>
</ul>

<p class="decision"></p>
<p>Constructors should never call virtual functions. If appropriate
for your code ,
terminating the program may be an appropriate error handling
response. Otherwise, consider a factory function
or <code>Init()</code> method as described in
<a href="https://abseil.io/tips/42">TotW #42</a>
.
Avoid <code>Init()</code> methods on objects with
no other states that affect which public methods may be called
(semi-constructed objects of this form are particularly hard to work
with correctly).</p>

<a id="Explicit_Constructors"></a>
<h3 id="Implicit_Conversions">Implicit Conversions</h3>

<p>Do not define implicit conversions. Use the <code>explicit</code>
keyword for conversion operators and single-argument
constructors.</p>

<p class="definition"></p>
<p>Implicit conversions allow an
object of one type (called the <dfn>source type</dfn>) to
be used where a different type (called the <dfn>destination
type</dfn>) is expected, such as when passing an
<code>int</code> argument to a function that takes a
<code>double</code> parameter.</p>

<p>In addition to the implicit conversions defined by the language,
users can define their own, by adding appropriate members to the
class definition of the source or destination type. An implicit
conversion in the source type is defined by a type conversion operator
named after the destination type (e.g. <code>operator
bool()</code>). An implicit conversion in the destination
type is defined by a constructor that can take the source type as
its only argument (or only argument with no default value).</p>

<p>The <code>explicit</code> keyword can be applied to a constructor
or (since C++11) a conversion operator, to ensure that it can only be
used when the destination type is explicit at the point of use,
e.g. with a cast. This applies not only to implicit conversions, but to
C++11's list initialization syntax:</p>
<pre>class Foo {
  explicit Foo(int x, double y);
  ...
};

void Func(Foo f);
</pre>
<pre class="badcode">Func({42, 3.14});  // Error
</pre>
This kind of code isn't technically an implicit conversion, but the
language treats it as one as far as <code>explicit</code> is concerned.

<p class="pros"></p>
<ul>
<li>Implicit conversions can make a type more usable and
    expressive by eliminating the need to explicitly name a type
    when it's obvious.</li>
<li>Implicit conversions can be a simpler alternative to
    overloading, such as when a single
    function with a <code>string_view</code> parameter takes the
    place of separate overloads for <code>std::string</code> and
    <code>const char*</code>.</li>
<li>List initialization syntax is a concise and expressive
    way of initializing objects.</li>
</ul>

<p class="cons"></p>
<ul>
<li>Implicit conversions can hide type-mismatch bugs, where the
    destination type does not match the user's expectation, or
    the user is unaware that any conversion will take place.</li>

<li>Implicit conversions can make code harder to read, particularly
    in the presence of overloading, by making it less obvious what
    code is actually getting called.</li>

<li>Constructors that take a single argument may accidentally
    be usable as implicit type conversions, even if they are not
    intended to do so.</li>

<li>When a single-argument constructor is not marked
    <code>explicit</code>, there's no reliable way to tell whether
    it's intended to define an implicit conversion, or the author
    simply forgot to mark it.</li>

<li>It's not always clear which type should provide the conversion,
    and if they both do, the code becomes ambiguous.</li>

<li>List initialization can suffer from the same problems if
    the destination type is implicit, particularly if the
    list has only a single element.</li>
</ul>

<p class="decision"></p>
<p>Type conversion operators, and constructors that are
callable with a single argument, must be marked
<code>explicit</code> in the class definition. As an
exception, copy and move constructors should not be
<code>explicit</code>, since they do not perform type
conversion. Implicit conversions can sometimes be necessary and
appropriate for types that are designed to transparently wrap other
types. In that case, contact
your project leads to request
a waiver of this rule.</p>

<p>Constructors that cannot be called with a single argument
may omit <code>explicit</code>. Constructors that
take a single <code>std::initializer_list</code> parameter should
also omit <code>explicit</code>, in order to support copy-initialization
(e.g. <code>MyType m = {1, 2};</code>).</p>

<h3 id="Copyable_Movable_Types">Copyable and Movable Types</h3>
<a id="Copy_Constructors"></a>

<p>A class's public API must make clear whether the class is copyable,
move-only, or neither copyable nor movable. Support copying and/or
moving if these operations are clear and meaningful for your type.</p>

<p class="definition"></p>
<p>A movable type is one that can be initialized and assigned
from temporaries.</p>

<p>A copyable type is one that can be initialized or assigned from
any other object of the same type (so is also movable by definition), with the
stipulation that the value of the source does not change.
<code>std::unique_ptr&lt;int&gt;</code> is an example of a movable but not
copyable type (since the value of the source
<code>std::unique_ptr&lt;int&gt;</code> must be modified during assignment to
the destination). <code>int</code> and <code>std::string</code> are examples of
movable types that are also copyable. (For <code>int</code>, the move and copy
operations are the same; for <code>std::string</code>, there exists a move operation
that is less expensive than a copy.)</p>

<p>For user-defined types, the copy behavior is defined by the copy
constructor and the copy-assignment operator. Move behavior is defined by the
move constructor and the move-assignment operator, if they exist, or by the
copy constructor and the copy-assignment operator otherwise.</p>

<p>The copy/move constructors can be implicitly invoked by the compiler
in some situations, e.g. when passing objects by value.</p>

<p class="pros"></p>
<p>Objects of copyable and movable types can be passed and returned by value,
which makes APIs simpler, safer, and more general. Unlike when passing objects
by pointer or reference, there's no risk of confusion over ownership,
lifetime, mutability, and similar issues, and no need to specify them in the
contract. It also prevents non-local interactions between the client and the
implementation, which makes them easier to understand, maintain, and optimize by
the compiler. Further, such objects can be used with generic APIs that
require pass-by-value, such as most containers, and they allow for additional
flexibility in e.g., type composition.</p>

<p>Copy/move constructors and assignment operators are usually
easier to define correctly than alternatives
like <code>Clone()</code>, <code>CopyFrom()</code> or <code>Swap()</code>,
because they can be generated by the compiler, either implicitly or
with <code>= default</code>.  They are concise, and ensure
that all data members are copied. Copy and move
constructors are also generally more efficient, because they don't
require heap allocation or separate initialization and assignment
steps, and they're eligible for optimizations such as

<a href="http://en.cppreference.com/w/cpp/language/copy_elision">
copy elision</a>.</p>

<p>Move operations allow the implicit and efficient transfer of
resources out of rvalue objects. This allows a plainer coding style
in some cases.</p>

<p class="cons"></p>
<p>Some types do not need to be copyable, and providing copy
operations for such types can be confusing, nonsensical, or outright
incorrect. Types representing singleton objects (<code>Registerer</code>),
objects tied to a specific scope (<code>Cleanup</code>), or closely coupled to
object identity (<code>Mutex</code>) cannot be copied meaningfully.
Copy operations for base class types that are to be used
polymorphically are hazardous, because use of them can lead to
<a href="https://en.wikipedia.org/wiki/Object_slicing">object slicing</a>.
Defaulted or carelessly-implemented copy operations can be incorrect, and the
resulting bugs can be confusing and difficult to diagnose.</p>

<p>Copy constructors are invoked implicitly, which makes the
invocation easy to miss. This may cause confusion for programmers used to
languages where pass-by-reference is conventional or mandatory. It may also
encourage excessive copying, which can cause performance problems.</p>

<p class="decision"></p>

<p>Every class's public interface must make clear which copy and move
operations the class supports. This should usually take the form of explicitly
declaring and/or deleting the appropriate operations in the <code>public</code>
section of the declaration.</p>

<p>Specifically, a copyable class should explicitly declare the copy
operations, a move-only class should explicitly declare the move operations,
and a non-copyable/movable class should explicitly delete the copy operations.
Explicitly declaring or deleting all four copy/move operations is permitted,
but not required. If you provide a copy or move assignment operator, you
must also provide the corresponding constructor.</p>

<pre>class Copyable {
 public:
  Copyable(const Copyable&amp; other) = default;
  Copyable&amp; operator=(const Copyable&amp; other) = default;

  // The implicit move operations are suppressed by the declarations above.
};

class MoveOnly {
 public:
  MoveOnly(MoveOnly&amp;&amp; other);
  MoveOnly&amp; operator=(MoveOnly&amp;&amp; other);

  // The copy operations are implicitly deleted, but you can
  // spell that out explicitly if you want:
  MoveOnly(const MoveOnly&amp;) = delete;
  MoveOnly&amp; operator=(const MoveOnly&amp;) = delete;
};

class NotCopyableOrMovable {
 public:
  // Not copyable or movable
  NotCopyableOrMovable(const NotCopyableOrMovable&amp;) = delete;
  NotCopyableOrMovable&amp; operator=(const NotCopyableOrMovable&amp;)
      = delete;

  // The move operations are implicitly disabled, but you can
  // spell that out explicitly if you want:
  NotCopyableOrMovable(NotCopyableOrMovable&amp;&amp;) = delete;
  NotCopyableOrMovable&amp; operator=(NotCopyableOrMovable&amp;&amp;)
      = delete;
};
</pre>

<p>These declarations/deletions can be omitted only if they are obvious:
</p><ul>
<li>If the class has no <code>private</code> section, like a
    <a href="#Structs_vs._Classes">struct</a> or an interface-only base class,
    then the copyability/movability can be determined by the
    copyability/movability of any public data members.
</li><li>If a base class clearly isn't copyable or movable, derived classes
    naturally won't be either.  An interface-only base class that leaves these
    operations implicit is not sufficient to make concrete subclasses clear.
</li><li>Note that if you explicitly declare or delete either the constructor or
    assignment operation for copy, the other copy operation is not obvious and
    must be declared or deleted.  Likewise for move operations.
</li></ul>

<p>A type should not be copyable/movable if the meaning of
copying/moving is unclear to a casual user, or if it incurs unexpected
costs. Move operations for copyable types are strictly a performance
optimization and are a potential source of bugs and complexity, so
avoid defining them unless they are significantly more efficient than
the corresponding copy operations.  If your type provides copy operations, it is
recommended that you design your class so that the default implementation of
those operations is correct. Remember to review the correctness of any
defaulted operations as you would any other code.</p>

<p>Due to the risk of slicing, prefer to avoid providing a public assignment
operator or copy/move constructor for a class that's
intended to be derived from (and prefer to avoid deriving from a class
with such members). If your base class needs to be
copyable, provide a public virtual <code>Clone()</code>
method, and a protected copy constructor that derived classes
can use to implement it.</p>



<h3 id="Structs_vs._Classes">Structs vs. Classes</h3>

<p>Use a <code>struct</code> only for passive objects that
      carry data; everything else is a <code>class</code>.</p>

<p>The <code>struct</code> and <code>class</code>
keywords behave almost identically in C++. We add our own
semantic meanings to each keyword, so you should use the
appropriate keyword for the data-type you're
defining.</p>

<p><code>structs</code> should be used for passive objects that carry
data, and may have associated constants, but lack any functionality
other than access/setting the data members. All fields must be public,
and accessed directly rather than through getter/setter methods. The
struct must not have invariants that imply relationships between
different fields, since direct user access to those fields may break
those invariants. Methods should not provide behavior but should only
be used to set up the data members, e.g., constructor, destructor,
<code>Initialize()</code>, <code>Reset()</code>.</p>

<p>If more functionality or invariants are required, a
<code>class</code> is more appropriate. If in doubt, make
it a <code>class</code>.</p>

<p>For consistency with STL, you can use
<code>struct</code> instead of <code>class</code> for
stateless types, such as traits,
<a href="#Template_metaprogramming">template metafunctions</a>,
and some functors.</p>

<p>Note that member variables in structs and classes have
<a href="#Variable_Names">different naming rules</a>.</p>

<h3 id="Structs_vs._Tuples">Structs vs. Pairs and Tuples</h3>

<p>Prefer to use a <code>struct</code> instead of a pair or a
tuple whenever the elements can have meaningful names.</p>

<p>
  While using pairs and tuples can avoid the need to define a custom type,
  potentially saving work when <em>writing</em> code, a meaningful field
  name will almost always be much clearer when <em>reading</em> code than
  <code>.first</code>, <code>.second</code>, or <code>std::get&lt;X&gt;</code>.
  While C++14's introduction of <code>std::get&lt;Type&gt;</code> to access a
  tuple element by type rather than index (when the type is unique) can
  sometimes partially mitigate this, a field name is usually substantially
  clearer and more informative than a type.
</p>

<p>
  Pairs and tuples may be appropriate in generic code where there are not
  specific meanings for the elements of the pair or tuple. Their use may
  also be required in order to interoperate with existing code or APIs.
</p>

<a id="Multiple_Inheritance"></a>
<h3 id="Inheritance">Inheritance</h3>

<p>Composition is often more appropriate than inheritance.
When using inheritance, make it <code>public</code>.</p>

<p class="definition"></p>
<p> When a sub-class
inherits from a base class, it includes the definitions
of all the data and operations that the base class
defines. "Interface inheritance" is inheritance from a
pure abstract base class (one with no state or defined
methods); all other inheritance is "implementation
inheritance".</p>

<p class="pros"></p>
<p>Implementation inheritance reduces code size by re-using
the base class code as it specializes an existing type.
Because inheritance is a compile-time declaration, you
and the compiler can understand the operation and detect
errors. Interface inheritance can be used to
programmatically enforce that a class expose a particular
API. Again, the compiler can detect errors, in this case,
when a class does not define a necessary method of the
API.</p>

<p class="cons"></p>
<p>For implementation inheritance, because the code
implementing a sub-class is spread between the base and
the sub-class, it can be more difficult to understand an
implementation. The sub-class cannot override functions
that are not virtual, so the sub-class cannot change
implementation.</p>

<p>Multiple inheritance is especially problematic, because
it often imposes a higher performance overhead (in fact,
the performance drop from single inheritance to multiple
inheritance can often be greater than the performance
drop from ordinary to virtual dispatch), and because
it risks leading to "diamond" inheritance patterns,
which are prone to ambiguity, confusion, and outright bugs.</p>

<p class="decision"></p>

<p>All inheritance should be <code>public</code>. If you
want to do private inheritance, you should be including
an instance of the base class as a member instead.</p>

<p>Do not overuse implementation inheritance. Composition
is often more appropriate. Try to restrict use of
inheritance to the "is-a" case: <code>Bar</code>
subclasses <code>Foo</code> if it can reasonably be said
that <code>Bar</code> "is a kind of"
<code>Foo</code>.</p>

<p>Limit the use of <code>protected</code> to those
member functions that might need to be accessed from
subclasses. Note that <a href="#Access_Control">data
members should be private</a>.</p>

<p>Explicitly annotate overrides of virtual functions or virtual
destructors with exactly one of an <code>override</code> or (less
frequently) <code>final</code> specifier. Do not
use <code>virtual</code> when declaring an override.
Rationale: A function or destructor marked
<code>override</code> or <code>final</code> that is
not an override of a base class virtual function will
not compile, and this helps catch common errors. The
specifiers serve as documentation; if no specifier is
present, the reader has to check all ancestors of the
class in question to determine if the function or
destructor is virtual or not.</p>

<p>Multiple inheritance is permitted, but multiple <em>implementation</em>
inheritance is strongly discouraged.</p>

<h3 id="Operator_Overloading">Operator Overloading</h3>

<p>Overload operators judiciously. Do not use user-defined literals.</p>

<p class="definition"></p>
<p>C++ permits user code to
<a href="http://en.cppreference.com/w/cpp/language/operators">declare
overloaded versions of the built-in operators</a> using the
<code>operator</code> keyword, so long as one of the parameters
is a user-defined type. The <code>operator</code> keyword also
permits user code to define new kinds of literals using
<code>operator""</code>, and to define type-conversion functions
such as <code>operator bool()</code>.</p>

<p class="pros"></p>
<p>Operator overloading can make code more concise and
intuitive by enabling user-defined types to behave the same
as built-in types. Overloaded operators are the idiomatic names
for certain operations (e.g. <code>==</code>, <code>&lt;</code>,
<code>=</code>, and <code>&lt;&lt;</code>), and adhering to
those conventions can make user-defined types more readable
and enable them to interoperate with libraries that expect
those names.</p>

<p>User-defined literals are a very concise notation for
creating objects of user-defined types.</p>

<p class="cons"></p>
<ul>
  <li>Providing a correct, consistent, and unsurprising
  set of operator overloads requires some care, and failure
  to do so can lead to confusion and bugs.</li>

  <li>Overuse of operators can lead to obfuscated code,
  particularly if the overloaded operator's semantics
  don't follow convention.</li>

  <li>The hazards of function overloading apply just as
  much to operator overloading, if not more so.</li>

  <li>Operator overloads can fool our intuition into
  thinking that expensive operations are cheap, built-in
  operations.</li>

  <li>Finding the call sites for overloaded operators may
  require a search tool that's aware of C++ syntax, rather
  than e.g. grep.</li>

  <li>If you get the argument type of an overloaded operator
  wrong, you may get a different overload rather than a
  compiler error. For example, <code>foo &lt; bar</code>
  may do one thing, while <code>&amp;foo &lt; &amp;bar</code>
  does something totally different.</li>

  <li>Certain operator overloads are inherently hazardous.
  Overloading unary <code>&amp;</code> can cause the same
  code to have different meanings depending on whether
  the overload declaration is visible. Overloads of
  <code>&amp;&amp;</code>, <code>||</code>, and <code>,</code>
  (comma) cannot match the evaluation-order semantics of the
  built-in operators.</li>

  <li>Operators are often defined outside the class,
  so there's a risk of different files introducing
  different definitions of the same operator. If both
  definitions are linked into the same binary, this results
  in undefined behavior, which can manifest as subtle
  run-time bugs.</li>

  <li>User-defined literals (UDLs) allow the creation of new
  syntactic forms that are unfamiliar even to experienced C++
  programmers, such as <code>"Hello World"sv</code> as a
  shorthand for <code>std::string_view("Hello World")</code>.
  Existing notations are clearer, though less terse.</li>

  <li>Because they can't be namespace-qualified, uses of UDLs also require
  use of either using-directives (which <a href="#Namespaces">we ban</a>) or
  using-declarations (which <a href="#Aliases">we ban in header files</a> except
  when the imported names are part of the interface exposed by the header
  file in question).  Given that header files would have to avoid UDL
  suffixes, we prefer to avoid having conventions for literals differ
  between header files and source files.
  </li>
</ul>

<p class="decision"></p>
<p>Define overloaded operators only if their meaning is
obvious, unsurprising, and consistent with the corresponding
built-in operators. For example, use <code>|</code> as a
bitwise- or logical-or, not as a shell-style pipe.</p>

<p>Define operators only on your own types. More precisely,
define them in the same headers, .cc files, and namespaces
as the types they operate on. That way, the operators are available
wherever the type is, minimizing the risk of multiple
definitions. If possible, avoid defining operators as templates,
because they must satisfy this rule for any possible template
arguments. If you define an operator, also define
any related operators that make sense, and make sure they
are defined consistently. For example, if you overload
<code>&lt;</code>, overload all the comparison operators,
and make sure <code>&lt;</code> and <code>&gt;</code> never
return true for the same arguments.</p>

<p>Prefer to define non-modifying binary operators as
non-member functions. If a binary operator is defined as a
class member, implicit conversions will apply to the
right-hand argument, but not the left-hand one. It will
confuse your users if <code>a &lt; b</code> compiles but
<code>b &lt; a</code> doesn't.</p>

<p>Don't go out of your way to avoid defining operator
overloads. For example, prefer to define <code>==</code>,
<code>=</code>, and <code>&lt;&lt;</code>, rather than
<code>Equals()</code>, <code>CopyFrom()</code>, and
<code>PrintTo()</code>. Conversely, don't define
operator overloads just because other libraries expect
them. For example, if your type doesn't have a natural
ordering, but you want to store it in a <code>std::set</code>,
use a custom comparator rather than overloading
<code>&lt;</code>.</p>

<p>Do not overload <code>&amp;&amp;</code>, <code>||</code>,
<code>,</code> (comma), or unary <code>&amp;</code>. Do not overload
<code>operator""</code>, i.e. do not introduce user-defined
literals.  Do not use any such literals provided by others
(including the standard library).</p>

<p>Type conversion operators are covered in the section on
<a href="#Implicit_Conversions">implicit conversions</a>.
The <code>=</code> operator is covered in the section on
<a href="#Copy_Constructors">copy constructors</a>. Overloading
<code>&lt;&lt;</code> for use with streams is covered in the
section on <a href="#Streams">streams</a>. See also the rules on
<a href="#Function_Overloading">function overloading</a>, which
apply to operator overloading as well.</p>

<h3 id="Access_Control">Access Control</h3>

<p>Make classes' data members <code>private</code>, unless they are
<a href="#Constant_Names">constants</a>. This simplifies reasoning about invariants, at the cost
of some easy boilerplate in the form of accessors (usually <code>const</code>) if necessary.</p>

<p>For technical
reasons, we allow data members of a test fixture class in a .cc file to
be <code>protected</code> when using


<a href="https://github.com/google/googletest">Google
Test</a>).</p>

<h3 id="Declaration_Order">Declaration Order</h3>

<p>Group similar declarations together, placing public parts
earlier.</p>

<p>A class definition should usually start with a
<code>public:</code> section, followed by
<code>protected:</code>, then <code>private:</code>.  Omit
sections that would be empty.</p>

<p>Within each section, generally prefer grouping similar
kinds of declarations together, and generally prefer the
following order: types (including <code>typedef</code>,
<code>using</code>, and nested structs and classes),
constants, factory functions, constructors, assignment
operators, destructor, all other methods, data members.</p>

<p>Do not put large method definitions inline in the
class definition. Usually, only trivial or
performance-critical, and very short, methods may be
defined inline. See <a href="#Inline_Functions">Inline
Functions</a> for more details.</p>

<h2 id="Functions">Functions</h2>

<a id="Function_Parameter_Ordering"></a>
<h3 id="Output_Parameters">Output Parameters</h3>

<p>The output of a C++ function is naturally provided via
a return value and sometimes via output parameters.</p>

<p>Prefer using return values over output parameters: they
improve readability, and often provide the same or better
performance.  If output-only parameters are used,
they should appear after input parameters.</p>

<p>Parameters are either input to the function, output from the
function, or both. Input parameters are usually values or
<code>const</code> references, while output and input/output
parameters will be pointers to non-<code>const</code>.</p>

<p>When ordering function parameters, put all input-only
parameters before any output parameters. In particular,
do not add new parameters to the end of the function just
because they are new; place new input-only parameters before
the output parameters.</p>

<p>This is not a hard-and-fast rule. Parameters that are
both input and output (often classes/structs) muddy the
waters, and, as always, consistency with related
functions may require you to bend the rule.</p>

<h3 id="Write_Short_Functions">Write Short Functions</h3>

<p>Prefer small and focused functions.</p>

<p>We recognize that long functions are sometimes
appropriate, so no hard limit is placed on functions
length. If a function exceeds about 40 lines, think about
whether it can be broken up without harming the structure
of the program.</p>

<p>Even if your long function works perfectly now,
someone modifying it in a few months may add new
behavior. This could result in bugs that are hard to
find. Keeping your functions short and simple makes it
easier for other people to read and modify your code.
Small functions are also easier to test.</p>

<p>You could find long and complicated functions when
working with
some code. Do not be
intimidated by modifying existing code: if working with
such a function proves to be difficult, you find that
errors are hard to debug, or you want to use a piece of
it in several different contexts, consider breaking up
the function into smaller and more manageable pieces.</p>

<h3 id="Reference_Arguments">Reference Arguments</h3>

<p>All parameters passed by lvalue reference must be labeled
<code>const</code>.</p>

<p class="definition"></p>
<p>In C, if a
function needs to modify a variable, the parameter must
use a pointer, eg <code>int foo(int *pval)</code>. In
C++, the function can alternatively declare a reference
parameter: <code>int foo(int &amp;val)</code>.</p>

<p class="pros"></p>
<p>Defining a parameter as reference avoids ugly code like
<code>(*pval)++</code>. Necessary for some applications
like copy constructors. Makes it clear, unlike with
pointers, that a null pointer is not a possible
value.</p>

<p class="cons"></p>
<p>References can be confusing, as they have value syntax
but pointer semantics.</p>

<p class="decision"></p>
<p>Within function parameter lists all references must be
<code>const</code>:</p>

<pre>void Foo(const std::string &amp;in, std::string *out);
</pre>

<p>In fact it is a very strong convention in Google code
that input arguments are values or <code>const</code>
references while output arguments are pointers. Input
parameters may be <code>const</code> pointers, but we
never allow non-<code>const</code> reference parameters
except when required by convention, e.g.,
<code>swap()</code>.</p>

<p>However, there are some instances where using
<code>const T*</code> is preferable to <code>const
T&amp;</code> for input parameters. For example:</p>

<ul>
  <li>You want to pass in a null pointer.</li>

  <li>The function saves a pointer or reference to the
  input.</li>
</ul>

<p> Remember that most of the time input
parameters are going to be specified as <code>const
T&amp;</code>. Using <code>const T*</code> instead
communicates to the reader that the input is somehow
treated differently. So if you choose <code>const
T*</code> rather than <code>const T&amp;</code>, do so
for a concrete reason; otherwise it will likely confuse
readers by making them look for an explanation that
doesn't exist.</p>

<h3 id="Function_Overloading">Function Overloading</h3>

<p>Use overloaded functions (including constructors) only if a
reader looking at a call site can get a good idea of what
is happening without having to first figure out exactly
which overload is being called.</p>

<p class="definition"></p>
<p>You may write a function that takes a <code>const
std::string&amp;</code> and overload it with another that
takes <code>const char*</code>. However, in this case consider
std::string_view
 instead.</p>

<pre>class MyClass {
 public:
  void Analyze(const std::string &amp;text);
  void Analyze(const char *text, size_t textlen);
};
</pre>

<p class="pros"></p>
<p>Overloading can make code more intuitive by allowing an
identically-named function to take different arguments.
It may be necessary for templatized code, and it can be
convenient for Visitors.</p>
<p>Overloading based on const or ref qualification may make utility
  code more usable, more efficient, or both.
  (See <a href="http://abseil.io/tips/148">TotW 148</a> for more.)
</p>

<p class="cons"></p>
<p>If a function is overloaded by the argument types alone,
a reader may have to understand C++'s complex matching
rules in order to tell what's going on. Also many people
are confused by the semantics of inheritance if a derived
class overrides only some of the variants of a
function.</p>

<p class="decision"></p>
<p>You may overload a function when there are no semantic differences
between variants. These overloads may vary in types, qualifiers, or
argument count. However, a reader of such a call must not need to know
which member of the overload set is chosen, only that <b>something</b>
from the set is being called. If you can document all entries in the
overload set with a single comment in the header, that is a good sign
that it is a well-designed overload set.</p>

<h3 id="Default_Arguments">Default Arguments</h3>

<p>Default arguments are allowed on non-virtual functions
when the default is guaranteed to always have the same
value. Follow the same restrictions as for <a href="#Function_Overloading">function overloading</a>, and
prefer overloaded functions if the readability gained with
default arguments doesn't outweigh the downsides below.</p>

<p class="pros"></p>
<p>Often you have a function that uses default values, but
occasionally you want to override the defaults. Default
parameters allow an easy way to do this without having to
define many functions for the rare exceptions. Compared
to overloading the function, default arguments have a
cleaner syntax, with less boilerplate and a clearer
distinction between 'required' and 'optional'
arguments.</p>

<p class="cons"></p>
<p>Defaulted arguments are another way to achieve the
semantics of overloaded functions, so all the <a href="#Function_Overloading">reasons not to overload
functions</a> apply.</p>

<p>The defaults for arguments in a virtual function call are
determined by the static type of the target object, and
there's no guarantee that all overrides of a given function
declare the same defaults.</p>

<p>Default parameters are re-evaluated at each call site,
which can bloat the generated code. Readers may also expect
the default's value to be fixed at the declaration instead
of varying at each call.</p>

<p>Function pointers are confusing in the presence of
default arguments, since the function signature often
doesn't match the call signature. Adding
function overloads avoids these problems.</p>

<p class="decision"></p>
<p>Default arguments are banned on virtual functions, where
they don't work properly, and in cases where the specified
default might not evaluate to the same value depending on
when it was evaluated. (For example, don't write <code>void
f(int n = counter++);</code>.)</p>

<p>In some other cases, default arguments can improve the
readability of their function declarations enough to
overcome the downsides above, so they are allowed. When in
doubt, use overloads.</p>

<h3 id="trailing_return">Trailing Return Type Syntax</h3>

<p>Use trailing return types only where using the ordinary syntax (leading
  return types) is impractical or much less readable.</p>

<p class="definition"></p>
<p>C++ allows two different forms of function declarations. In the older
  form, the return type appears before the function name. For example:</p>
<pre>int foo(int x);
</pre>
<p>The newer form, introduced in C++11, uses the <code>auto</code>
  keyword before the function name and a trailing return type after
  the argument list. For example, the declaration above could
  equivalently be written:</p>
<pre>auto foo(int x) -&gt; int;
</pre>
<p>The trailing return type is in the function's scope. This doesn't
  make a difference for a simple case like <code>int</code> but it matters
  for more complicated cases, like types declared in class scope or
  types written in terms of the function parameters.</p>

<p class="pros"></p>
<p>Trailing return types are the only way to explicitly specify the
  return type of a <a href="#Lambda_expressions">lambda expression</a>.
  In some cases the compiler is able to deduce a lambda's return type,
  but not in all cases. Even when the compiler can deduce it automatically,
  sometimes specifying it explicitly would be clearer for readers.
</p>
<p>Sometimes it's easier and more readable to specify a return type
  after the function's parameter list has already appeared. This is
  particularly true when the return type depends on template parameters.
  For example:</p>
  <pre>    template &lt;typename T, typename U&gt;
    auto add(T t, U u) -&gt; decltype(t + u);
  </pre>
  versus
  <pre>    template &lt;typename T, typename U&gt;
    decltype(declval&lt;T&amp;&gt;() + declval&lt;U&amp;&gt;()) add(T t, U u);
  </pre>

<p class="cons"></p>
<p>Trailing return type syntax is relatively new and it has no
  analogue in C++-like languages such as C and Java, so some readers may
  find it unfamiliar.</p>
<p>Existing code bases have an enormous number of function
  declarations that aren't going to get changed to use the new syntax,
  so the realistic choices are using the old syntax only or using a mixture
  of the two. Using a single version is better for uniformity of style.</p>

<p class="decision"></p>
<p>In most cases, continue to use the older style of function
  declaration where the return type goes before the function name.
  Use the new trailing-return-type form only in cases where it's
  required (such as lambdas) or where, by putting the type after the
  function's parameter list, it allows you to write the type in a much
  more readable way. The latter case should be rare; it's mostly an
  issue in fairly complicated template code, which is
  <a href="#Template_metaprogramming">discouraged in most cases</a>.</p>


<h2 id="Google-Specific_Magic">Google-Specific Magic</h2>



<div>
<p>There are various tricks and utilities that
we use to make C++ code more robust, and various ways we use
C++ that may differ from what you see elsewhere.</p>
</div>



<h3 id="Ownership_and_Smart_Pointers">Ownership and Smart Pointers</h3>

<p>Prefer to have single, fixed owners for dynamically
allocated objects. Prefer to transfer ownership with smart
pointers.</p>

<p class="definition"></p>
<p>"Ownership" is a bookkeeping technique for managing
dynamically allocated memory (and other resources). The
owner of a dynamically allocated object is an object or
function that is responsible for ensuring that it is
deleted when no longer needed. Ownership can sometimes be
shared, in which case the last owner is typically
responsible for deleting it. Even when ownership is not
shared, it can be transferred from one piece of code to
another.</p>

<p>"Smart" pointers are classes that act like pointers,
e.g. by overloading the <code>*</code> and
<code>-&gt;</code> operators. Some smart pointer types
can be used to automate ownership bookkeeping, to ensure
these responsibilities are met.
<a href="http://en.cppreference.com/w/cpp/memory/unique_ptr">
<code>std::unique_ptr</code></a> is a smart pointer type
introduced in C++11, which expresses exclusive ownership
of a dynamically allocated object; the object is deleted
when the <code>std::unique_ptr</code> goes out of scope.
It cannot be copied, but can be <em>moved</em> to
represent ownership transfer.
<a href="http://en.cppreference.com/w/cpp/memory/shared_ptr">
<code>std::shared_ptr</code></a> is a smart pointer type
that expresses shared ownership of
a dynamically allocated object. <code>std::shared_ptr</code>s
can be copied; ownership of the object is shared among
all copies, and the object is deleted when the last
<code>std::shared_ptr</code> is destroyed. </p>

<p class="pros"></p>
<ul>
  <li>It's virtually impossible to manage dynamically
  allocated memory without some sort of ownership
  logic.</li>

  <li>Transferring ownership of an object can be cheaper
  than copying it (if copying it is even possible).</li>

  <li>Transferring ownership can be simpler than
  'borrowing' a pointer or reference, because it reduces
  the need to coordinate the lifetime of the object
  between the two users.</li>

  <li>Smart pointers can improve readability by making
  ownership logic explicit, self-documenting, and
  unambiguous.</li>

  <li>Smart pointers can eliminate manual ownership
  bookkeeping, simplifying the code and ruling out large
  classes of errors.</li>

  <li>For const objects, shared ownership can be a simple
  and efficient alternative to deep copying.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>Ownership must be represented and transferred via
  pointers (whether smart or plain). Pointer semantics
  are more complicated than value semantics, especially
  in APIs: you have to worry not just about ownership,
  but also aliasing, lifetime, and mutability, among
  other issues.</li>

  <li>The performance costs of value semantics are often
  overestimated, so the performance benefits of ownership
  transfer might not justify the readability and
  complexity costs.</li>

  <li>APIs that transfer ownership force their clients
  into a single memory management model.</li>

  <li>Code using smart pointers is less explicit about
  where the resource releases take place.</li>

  <li><code>std::unique_ptr</code> expresses ownership
  transfer using C++11's move semantics, which are
  relatively new and may confuse some programmers.</li>

  <li>Shared ownership can be a tempting alternative to
  careful ownership design, obfuscating the design of a
  system.</li>

  <li>Shared ownership requires explicit bookkeeping at
  run-time, which can be costly.</li>

  <li>In some cases (e.g. cyclic references), objects
  with shared ownership may never be deleted.</li>

  <li>Smart pointers are not perfect substitutes for
  plain pointers.</li>
</ul>

<p class="decision"></p>
<p>If dynamic allocation is necessary, prefer to keep
ownership with the code that allocated it. If other code
needs access to the object, consider passing it a copy,
or passing a pointer or reference without transferring
ownership. Prefer to use <code>std::unique_ptr</code> to
make ownership transfer explicit. For example:</p>

<pre>std::unique_ptr&lt;Foo&gt; FooFactory();
void FooConsumer(std::unique_ptr&lt;Foo&gt; ptr);
</pre>



<p>Do not design your code to use shared ownership
without a very good reason. One such reason is to avoid
expensive copy operations, but you should only do this if
the performance benefits are significant, and the
underlying object is immutable (i.e.
<code>std::shared_ptr&lt;const Foo&gt;</code>).  If you
do use shared ownership, prefer to use
<code>std::shared_ptr</code>.</p>

<p>Never use <code>std::auto_ptr</code>. Instead, use
<code>std::unique_ptr</code>.</p>

<h3 id="cpplint">cpplint</h3>

<p>Use <code>cpplint.py</code> to detect style errors.</p>

<p><code>cpplint.py</code>
is a tool that reads a source file and identifies many
style errors. It is not perfect, and has both false
positives and false negatives, but it is still a valuable
tool. False positives can be ignored by putting <code>//
NOLINT</code> at the end of the line or
<code>// NOLINTNEXTLINE</code> in the previous line.</p>



<div>
<p>Some projects have instructions on
how to run <code>cpplint.py</code> from their project
tools. If the project you are contributing to does not,
you can download
<a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/cpplint/cpplint.py">
<code>cpplint.py</code></a> separately.</p>
</div>



<h2 id="Other_C++_Features">Other C++ Features</h2>

<h3 id="Rvalue_references">Rvalue References</h3>

<p>Use rvalue references to:</p>
<ul>
  <li>Define move constructors and move assignment operators.</li>

  <li>Define <a href="#Function_Overloading">overload sets</a> with
  const&amp; and &amp;&amp; variants if you have evidence that this
  provides meaningfully better performance than passing by value,
  or if you're writing low-overhead generic code that needs to support
  arbitrary types. Beware combinatorial overload sets, that is, seldom
  overload more than one parameter.</li>

  <li>Support 'perfect forwarding' in generic code.</li>
</ul>

<p class="definition"></p>
<p> Rvalue references
are a type of reference that can only bind to temporary
objects. The syntax is similar to traditional reference
syntax. For example, <code>void f(std::string&amp;&amp;
s);</code> declares a function whose argument is an
rvalue reference to a std::string.</p>

<p id="Forwarding_references"> When the token '&amp;&amp;' is applied to
an unqualified template argument in a function
parameter, special template argument deduction
rules apply. Such a reference is called forwarding reference.</p>

<p class="pros"></p>
<ul>
  <li>Defining a move constructor (a constructor taking
  an rvalue reference to the class type) makes it
  possible to move a value instead of copying it. If
  <code>v1</code> is a <code>std::vector&lt;std::string&gt;</code>,
  for example, then <code>auto v2(std::move(v1))</code>
  will probably just result in some simple pointer
  manipulation instead of copying a large amount of data.
  In many cases this can result in a major performance
  improvement.</li>

  <li>Rvalue references make it possible to implement
  types that are movable but not copyable, which can be
  useful for types that have no sensible definition of
  copying but where you might still want to pass them as
  function arguments, put them in containers, etc.</li>

  <li><code>std::move</code> is necessary to make
  effective use of some standard-library types, such as
  <code>std::unique_ptr</code>.</li>

  <li><a href="#Forwarding_references">Forwarding references</a> which
  use the rvalue reference token, make it possible to write a
  generic function wrapper that forwards its arguments to
  another function, and works whether or not its
  arguments are temporary objects and/or const.
  This is called 'perfect forwarding'.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>Rvalue references are not yet widely understood. Rules like reference
  collapsing and the special deduction rule for forwarding references
  are somewhat obscure.</li>

  <li>Rvalue references are often misused. Using rvalue
  references is counter-intuitive in signatures where the argument is expected
  to have a valid specified state after the function call, or where no move
  operation is performed.</li>
</ul>

<p class="decision"></p>
<p>You may use rvalue references to define move constructors and move
assignment operators (as described in
<a href="#Copyable_Movable_Types">Copyable and Movable Types</a>). See the
<a href="primer#copying_moving">C++ Primer</a> for more information about
move semantics and <code>std::move</code>.</p>

<p>You may use rvalue references to define pairs of overloads, one taking
<code>Foo&amp;&amp;</code> and the other taking <code>const Foo&amp;</code>.
Usually the preferred solution is just to pass by value, but an overloaded pair
of functions sometimes yields better performance and is sometimes necessary in
generic code that needs to support a wide variety of types. As always: if
you're writing more complicated code for the sake of performance, make sure you
have evidence that it actually helps.</p>

<p>You may use forwarding references in conjunction with <code>
<a href="http://en.cppreference.com/w/cpp/utility/forward">std::forward</a></code>,
to support perfect forwarding.</p>

<h3 id="Friends">Friends</h3>

<p>We allow use of <code>friend</code> classes and functions,
within reason.</p>

<p>Friends should usually be defined in the same file so
that the reader does not have to look in another file to
find uses of the private members of a class. A common use
of <code>friend</code> is to have a
<code>FooBuilder</code> class be a friend of
<code>Foo</code> so that it can construct the inner state
of <code>Foo</code> correctly, without exposing this
state to the world. In some cases it may be useful to
make a unittest class a friend of the class it tests.</p>

<p>Friends extend, but do not break, the encapsulation
boundary of a class. In some cases this is better than
making a member public when you want to give only one
other class access to it. However, most classes should
interact with other classes solely through their public
members.</p>

<h3 id="Exceptions">Exceptions</h3>

<p>We do not use C++ exceptions.</p>

<p class="pros"></p>
<ul>
  <li>Exceptions allow higher levels of an application to
  decide how to handle "can't happen" failures in deeply
  nested functions, without the obscuring and error-prone
  bookkeeping of error codes.</li>



  <div>
  <li>Exceptions are used by most other
  modern languages. Using them in C++ would make it more
  consistent with Python, Java, and the C++ that others
  are familiar with.</li>
  </div>

  <li>Some third-party C++ libraries use exceptions, and
  turning them off internally makes it harder to
  integrate with those libraries.</li>

  <li>Exceptions are the only way for a constructor to
  fail. We can simulate this with a factory function or
  an <code>Init()</code> method, but these require heap
  allocation or a new "invalid" state, respectively.</li>

  <li>Exceptions are really handy in testing
  frameworks.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>When you add a <code>throw</code> statement to an
  existing function, you must examine all of its
  transitive callers. Either they must make at least the
  basic exception safety guarantee, or they must never
  catch the exception and be happy with the program
  terminating as a result. For instance, if
  <code>f()</code> calls <code>g()</code> calls
  <code>h()</code>, and <code>h</code> throws an
  exception that <code>f</code> catches, <code>g</code>
  has to be careful or it may not clean up properly.</li>

  <li>More generally, exceptions make the control flow of
  programs difficult to evaluate by looking at code:
  functions may return in places you don't expect. This
  causes maintainability and debugging difficulties. You
  can minimize this cost via some rules on how and where
  exceptions can be used, but at the cost of more that a
  developer needs to know and understand.</li>

  <li>Exception safety requires both RAII and different
  coding practices. Lots of supporting machinery is
  needed to make writing correct exception-safe code
  easy. Further, to avoid requiring readers to understand
  the entire call graph, exception-safe code must isolate
  logic that writes to persistent state into a "commit"
  phase. This will have both benefits and costs (perhaps
  where you're forced to obfuscate code to isolate the
  commit). Allowing exceptions would force us to always
  pay those costs even when they're not worth it.</li>

  <li>Turning on exceptions adds data to each binary
  produced, increasing compile time (probably slightly)
  and possibly increasing address space pressure.
  </li>

  <li>The availability of exceptions may encourage
  developers to throw them when they are not appropriate
  or recover from them when it's not safe to do so. For
  example, invalid user input should not cause exceptions
  to be thrown. We would need to make the style guide
  even longer to document these restrictions!</li>
</ul>

<p class="decision"></p>
<p>On their face, the benefits of using exceptions
outweigh the costs, especially in new projects. However,
for existing code, the introduction of exceptions has
implications on all dependent code. If exceptions can be
propagated beyond a new project, it also becomes
problematic to integrate the new project into existing
exception-free code. Because most existing C++ code at
Google is not prepared to deal with exceptions, it is
comparatively difficult to adopt new code that generates
exceptions.</p>

<p>Given that Google's existing code is not
exception-tolerant, the costs of using exceptions are
somewhat greater than the costs in a new project. The
conversion process would be slow and error-prone. We
don't believe that the available alternatives to
exceptions, such as error codes and assertions, introduce
a significant burden. </p>

<p>Our advice against using exceptions is not predicated
on philosophical or moral grounds, but practical ones.
 Because we'd like to use our open-source
projects at Google and it's difficult to do so if those
projects use exceptions, we need to advise against
exceptions in Google open-source projects as well.
Things would probably be different if we had to do it all
over again from scratch.</p>

<p>This prohibition also applies to the exception handling related
features added in C++11, such as
<code>std::exception_ptr</code> and
<code>std::nested_exception</code>.</p>

<p>There is an <a href="#Windows_Code">exception</a> to
this rule (no pun intended) for Windows code.</p>

<h3 id="noexcept"><code>noexcept</code></h3>

<p>Specify <code>noexcept</code> when it is useful and correct.</p>

<p class="definition"></p>
<p>The <code>noexcept</code> specifier is used to specify whether
a function will throw exceptions or not. If an exception
escapes from a function marked <code>noexcept</code>, the program
crashes via <code>std::terminate</code>.</p>

<p>The <code>noexcept</code> operator performs a compile-time
check that returns true if an expression is declared to not
throw any exceptions.</p>

<p class="pros"></p>
<ul>
  <li>Specifying move constructors as <code>noexcept</code>
  improves performance in some cases, e.g.
  <code>std::vector&lt;T&gt;::resize()</code> moves rather than
  copies the objects if T's move constructor is
  <code>noexcept</code>.</li>

  <li>Specifying <code>noexcept</code> on a function can
  trigger compiler optimizations in environments where
  exceptions are enabled, e.g. compiler does not have to
  generate extra code for stack-unwinding, if it knows
  that no exceptions can be thrown due to a
  <code>noexcept</code> specifier.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>

  In projects following this guide
  that have exceptions disabled it is hard
  to ensure that <code>noexcept</code>
  specifiers are correct, and hard to define what
  correctness even means.</li>

  <li>It's hard, if not impossible, to undo <code>noexcept</code>
  because it eliminates a guarantee that callers may be relying
  on, in ways that are hard to detect.</li>
</ul>

<p class="decision"></p>
<p>You may use <code>noexcept</code> when it is useful for
performance if it accurately reflects the intended semantics
of your function, i.e. that if an exception is somehow thrown
from within the function body then it represents a fatal error.
You can assume that <code>noexcept</code> on move constructors
has a meaningful performance benefit. If you think
there is significant performance benefit from specifying
<code>noexcept</code> on some other function, please discuss it
with
your project leads.</p>

<p>Prefer unconditional <code>noexcept</code> if exceptions are
completely disabled (i.e. most Google C++ environments).
Otherwise, use conditional <code>noexcept</code> specifiers
with simple conditions, in ways that evaluate false only in
the few cases where the function could potentially throw.
The tests might include type traits check on whether the
involved operation might throw (e.g.
<code>std::is_nothrow_move_constructible</code> for
move-constructing objects), or on whether allocation can throw
(e.g. <code>absl::default_allocator_is_nothrow</code> for
standard default allocation). Note in many cases the only
possible cause for an exception is allocation failure (we
believe move constructors should not throw except due to
allocation failure), and there are many applications where it&#8217;s
appropriate to treat memory exhaustion as a fatal error rather
than an exceptional condition that your program should attempt
to recover from.  Even for other
potential failures you should prioritize interface simplicity
over supporting all possible exception throwing scenarios:
instead of writing a complicated <code>noexcept</code> clause
that depends on whether a hash function can throw, for example,
simply document that your component doesn&#8217;t support hash
functions throwing and make it unconditionally
<code>noexcept</code>.</p>

<h3 id="Run-Time_Type_Information__RTTI_">Run-Time Type
Information (RTTI)</h3>

<p>Avoid using Run Time Type Information (RTTI).</p>

<p class="definition"></p>
<p> RTTI allows a
programmer to query the C++ class of an object at run
time. This is done by use of <code>typeid</code> or
<code>dynamic_cast</code>.</p>

<p class="pros"></p>
<p>The standard alternatives to RTTI (described below)
require modification or redesign of the class hierarchy
in question. Sometimes such modifications are infeasible
or undesirable, particularly in widely-used or mature
code.</p>

<p>RTTI can be useful in some unit tests. For example, it
is useful in tests of factory classes where the test has
to verify that a newly created object has the expected
dynamic type. It is also useful in managing the
relationship between objects and their mocks.</p>

<p>RTTI is useful when considering multiple abstract
objects. Consider</p>

<pre>bool Base::Equal(Base* other) = 0;
bool Derived::Equal(Base* other) {
  Derived* that = dynamic_cast&lt;Derived*&gt;(other);
  if (that == nullptr)
    return false;
  ...
}
</pre>

<p class="cons"></p>
<p>Querying the type of an object at run-time frequently
means a design problem. Needing to know the type of an
object at runtime is often an indication that the design
of your class hierarchy is flawed.</p>

<p>Undisciplined use of RTTI makes code hard to maintain.
It can lead to type-based decision trees or switch
statements scattered throughout the code, all of which
must be examined when making further changes.</p>

<p class="decision"></p>
<p>RTTI has legitimate uses but is prone to abuse, so you
must be careful when using it. You may use it freely in
unittests, but avoid it when possible in other code. In
particular, think twice before using RTTI in new code. If
you find yourself needing to write code that behaves
differently based on the class of an object, consider one
of the following alternatives to querying the type:</p>

<ul>
  <li>Virtual methods are the preferred way of executing
  different code paths depending on a specific subclass
  type. This puts the work within the object itself.</li>

  <li>If the work belongs outside the object and instead
  in some processing code, consider a double-dispatch
  solution, such as the Visitor design pattern. This
  allows a facility outside the object itself to
  determine the type of class using the built-in type
  system.</li>
</ul>

<p>When the logic of a program guarantees that a given
instance of a base class is in fact an instance of a
particular derived class, then a
<code>dynamic_cast</code> may be used freely on the
object.  Usually one
can use a <code>static_cast</code> as an alternative in
such situations.</p>

<p>Decision trees based on type are a strong indication
that your code is on the wrong track.</p>

<pre class="badcode">if (typeid(*data) == typeid(D1)) {
  ...
} else if (typeid(*data) == typeid(D2)) {
  ...
} else if (typeid(*data) == typeid(D3)) {
...
</pre>

<p>Code such as this usually breaks when additional
subclasses are added to the class hierarchy. Moreover,
when properties of a subclass change, it is difficult to
find and modify all the affected code segments.</p>

<p>Do not hand-implement an RTTI-like workaround. The
arguments against RTTI apply just as much to workarounds
like class hierarchies with type tags. Moreover,
workarounds disguise your true intent.</p>

<h3 id="Casting">Casting</h3>

<p>Use C++-style casts
like <code>static_cast&lt;float&gt;(double_value)</code>, or brace
initialization for conversion of arithmetic types like
<code>int64 y = int64{1} &lt;&lt; 42</code>. Do not use
cast formats like
<code>int y = (int)x</code> or <code>int y = int(x)</code> (but the latter
is okay when invoking a constructor of a class type).</p>

<p class="definition"></p>
<p> C++ introduced a
different cast system from C that distinguishes the types
of cast operations.</p>

<p class="pros"></p>
<p>The problem with C casts is the ambiguity of the operation;
sometimes you are doing a <em>conversion</em>
(e.g., <code>(int)3.5</code>) and sometimes you are doing
a <em>cast</em> (e.g., <code>(int)"hello"</code>). Brace
initialization and C++ casts can often help avoid this
ambiguity. Additionally, C++ casts are more visible when searching for
them.</p>

<p class="cons"></p>
<p>The C++-style cast syntax is verbose and cumbersome.</p>

<p class="decision"></p>
<p>Do not use C-style casts. Instead, use these C++-style casts when
explicit type conversion is necessary. </p>

<ul>
  <li>Use brace initialization to convert arithmetic types
  (e.g. <code>int64{x}</code>).  This is the safest approach because code
  will not compile if conversion can result in information loss.  The
  syntax is also concise.</li>



  <li>Use <code>static_cast</code> as the equivalent of a C-style cast
  that does value conversion, when you need to
  explicitly up-cast a pointer from a class to its superclass, or when
  you need to explicitly cast a pointer from a superclass to a
  subclass.  In this last case, you must be sure your object is
  actually an instance of the subclass.</li>



  <li>Use <code>const_cast</code> to remove the
  <code>const</code> qualifier (see <a href="#Use_of_const">const</a>).</li>

  <li>Use <code>reinterpret_cast</code> to do unsafe conversions of
  pointer types to and from integer and other pointer
  types. Use this
  only if you know what you are doing and you understand the aliasing
  issues. Also, consider the alternative
  <code>absl::bit_cast</code>.</li>

  <li>Use <code>absl::bit_cast</code> to interpret the raw bits of a
  value using a different type of the same size (a type pun), such as
  interpreting the bits of a <code>double</code> as
  <code>int64</code>.</li>
</ul>

<p>See the <a href="#Run-Time_Type_Information__RTTI_">
RTTI section</a> for guidance on the use of
<code>dynamic_cast</code>.</p>

<h3 id="Streams">Streams</h3>

<p>Use streams where appropriate, and stick to "simple"
usages. Overload <code>&lt;&lt;</code> for streaming only for types
representing values, and write only the user-visible value, not any
implementation details.</p>

<p class="definition"></p>
<p>Streams are the standard I/O abstraction in C++, as
exemplified by the standard header <code>&lt;iostream&gt;</code>.
They are widely used in Google code, mostly for debug logging
and test diagnostics.</p>

<p class="pros"></p>
<p>The <code>&lt;&lt;</code> and <code>&gt;&gt;</code>
stream operators provide an API for formatted I/O that
is easily learned, portable, reusable, and extensible.
<code>printf</code>, by contrast, doesn't even support
<code>std::string</code>, to say nothing of user-defined types,
and is very difficult to use portably.
<code>printf</code> also obliges you to choose among the
numerous slightly different versions of that function,
and navigate the dozens of conversion specifiers.</p>

<p>Streams provide first-class support for console I/O
via <code>std::cin</code>, <code>std::cout</code>,
<code>std::cerr</code>, and <code>std::clog</code>.
The C APIs do as well, but are hampered by the need to
manually buffer the input. </p>

<p class="cons"></p>
<ul>
<li>Stream formatting can be configured by mutating the
state of the stream. Such mutations are persistent, so
the behavior of your code can be affected by the entire
previous history of the stream, unless you go out of your
way to restore it to a known state every time other code
might have touched it. User code can not only modify the
built-in state, it can add new state variables and behaviors
through a registration system.</li>

<li>It is difficult to precisely control stream output, due
to the above issues, the way code and data are mixed in
streaming code, and the use of operator overloading (which
may select a different overload than you expect).</li>

<li>The practice of building up output through chains
of <code>&lt;&lt;</code> operators interferes with
internationalization, because it bakes word order into the
code, and streams' support for localization is <a href="http://www.boost.org/doc/libs/1_48_0/libs/locale/doc/html/rationale.html#rationale_why">
flawed</a>.</li>





<li>The streams API is subtle and complex, so programmers must
develop experience with it in order to use it effectively.</li>

<li>Resolving the many overloads of <code>&lt;&lt;</code> is
extremely costly for the compiler. When used pervasively in a
large code base, it can consume as much as 20% of the parsing
and semantic analysis time.</li>
</ul>

<p class="decision"></p>
<p>Use streams only when they are the best tool for the job.
This is typically the case when the I/O is ad-hoc, local,
human-readable, and targeted at other developers rather than
end-users. Be consistent with the code around you, and with the
codebase as a whole; if there's an established tool for
your problem, use that tool instead.
In particular,

logging libraries are usually a better
choice than <code>std::cerr</code> or <code>std::clog</code>
for diagnostic output, and the libraries in

<code>absl/strings</code>
or the equivalent are usually a
better choice than <code>std::stringstream</code>.</p>

<p>Avoid using streams for I/O that faces external users or
handles untrusted data. Instead, find and use the appropriate
templating libraries to handle issues like internationalization,
localization, and security hardening.</p>

<p>If you do use streams, avoid the stateful parts of the
streams API (other than error state), such as <code>imbue()</code>,
<code>xalloc()</code>, and <code>register_callback()</code>.
Use explicit formatting functions (see e.g.

<code>absl/strings</code>)
rather than
stream manipulators or formatting flags to control formatting
details such as number base, precision, or padding.</p>

<p>Overload <code>&lt;&lt;</code> as a streaming operator
for your type only if your type represents a value, and
<code>&lt;&lt;</code> writes out a human-readable string
representation of that value. Avoid exposing implementation
details in the output of <code>&lt;&lt;</code>; if you need to print
object internals for debugging, use named functions instead
(a method named <code>DebugString()</code> is the most common
convention).</p>

<h3 id="Preincrement_and_Predecrement">Preincrement and Predecrement</h3>

<p>Use prefix form (<code>++i</code>) of the increment and
decrement operators with iterators and other template
objects.</p>

<p class="definition"></p>
<p> When a variable
is incremented (<code>++i</code> or <code>i++</code>) or
decremented (<code>--i</code> or <code>i--</code>) and
the value of the expression is not used, one must decide
whether to preincrement (decrement) or postincrement
(decrement).</p>

<p class="pros"></p>
<p>When the return value is ignored, the "pre" form
(<code>++i</code>) is never less efficient than the
"post" form (<code>i++</code>), and is often more
efficient. This is because post-increment (or decrement)
requires a copy of <code>i</code> to be made, which is
the value of the expression. If <code>i</code> is an
iterator or other non-scalar type, copying <code>i</code>
could be expensive. Since the two types of increment
behave the same when the value is ignored, why not just
always pre-increment?</p>

<p class="cons"></p>
<p>The tradition developed, in C, of using post-increment
when the expression value is not used, especially in
<code>for</code> loops. Some find post-increment easier
to read, since the "subject" (<code>i</code>) precedes
the "verb" (<code>++</code>), just like in English.</p>

<p class="decision"></p>
<p> For simple scalar
(non-object) values there is no reason to prefer one form
and we allow either. For iterators and other template
types, use pre-increment.</p>

<h3 id="Use_of_const">Use of const</h3>

<p>In APIs, use <code>const</code> whenever it makes sense.
<code>constexpr</code> is a better choice for some uses of
const.</p>

<p class="definition"></p>
<p> Declared variables and parameters can be preceded
by the keyword <code>const</code> to indicate the variables
are not changed (e.g., <code>const int foo</code>). Class
functions can have the <code>const</code> qualifier to
indicate the function does not change the state of the
class member variables (e.g., <code>class Foo { int
Bar(char c) const; };</code>).</p>

<p class="pros"></p>
<p>Easier for people to understand how variables are being
used. Allows the compiler to do better type checking,
and, conceivably, generate better code. Helps people
convince themselves of program correctness because they
know the functions they call are limited in how they can
modify your variables. Helps people know what functions
are safe to use without locks in multi-threaded
programs.</p>

<p class="cons"></p>
<p><code>const</code> is viral: if you pass a
<code>const</code> variable to a function, that function
must have <code>const</code> in its prototype (or the
variable will need a <code>const_cast</code>). This can
be a particular problem when calling library
functions.</p>

<p class="decision"></p>
<p>We strongly recommend using <code>const</code>
in APIs (i.e. on function parameters, methods, and
non-local variables) wherever it is meaningful and accurate. This
provides consistent, mostly compiler-verified documentation
of what objects an operation can mutate. Having
a consistent and reliable way to distinguish reads from writes
is critical to writing thread-safe code, and is useful in
many other contexts as well. In particular:</p>

<ul>
  <li>If a function guarantees that it will not modify an argument
  passed by reference or by pointer, the corresponding function parameter
  should be a reference-to-const (<code>const T&amp;</code>) or
  pointer-to-const (<code>const T*</code>), respectively.</li>

  <li>For a function parameter passed by value, <code>const</code> has
  no effect on the caller, thus is not recommended in function
  declarations. See


  <a href="https://abseil.io/tips/109">TotW #109</a>.


  </li><li>Declare methods to be <code>const</code> unless they
  alter the logical state of the object (or enable the user to modify
  that state, e.g. by returning a non-const reference, but that's
  rare), or they can't safely be invoked concurrently.</li>
</ul>

<p>Using <code>const</code> on local variables is neither encouraged
nor discouraged.</p>

<p>All of a class's <code>const</code> operations should be safe
to invoke concurrently with each other. If that's not feasible, the class must
be clearly documented as "thread-unsafe".</p>


<h4>Where to put the const</h4>

<p>Some people favor the form <code>int const *foo</code>
to <code>const int* foo</code>. They argue that this is
more readable because it's more consistent: it keeps the
rule that <code>const</code> always follows the object
it's describing. However, this consistency argument
doesn't apply in codebases with few deeply-nested pointer
expressions since most <code>const</code> expressions
have only one <code>const</code>, and it applies to the
underlying value. In such cases, there's no consistency
to maintain. Putting the <code>const</code> first is
arguably more readable, since it follows English in
putting the "adjective" (<code>const</code>) before the
"noun" (<code>int</code>).</p>

<p>That said, while we encourage putting
<code>const</code> first, we do not require it. But be
consistent with the code around you!</p>

<h3 id="Use_of_constexpr">Use of constexpr</h3>

<p>Use <code>constexpr</code> to define true
constants or to ensure constant initialization.</p>

<p class="definition"></p>
<p> Some variables can be declared <code>constexpr</code>
to indicate the variables are true constants, i.e. fixed at
compilation/link time. Some functions and constructors
can be declared <code>constexpr</code> which enables them
to be used in defining a <code>constexpr</code>
variable.</p>

<p class="pros"></p>
<p>Use of <code>constexpr</code> enables definition of
constants with floating-point expressions rather than
just literals; definition of constants of user-defined
types; and definition of constants with function
calls.</p>

<p class="cons"></p>
<p>Prematurely marking something as constexpr may cause
migration problems if later on it has to be downgraded.
Current restrictions on what is allowed in constexpr
functions and constructors may invite obscure workarounds
in these definitions.</p>

<p class="decision"></p>
<p><code>constexpr</code> definitions enable a more
robust specification of the constant parts of an
interface. Use <code>constexpr</code> to specify true
constants and the functions that support their
definitions. Avoid complexifying function definitions to
enable their use with <code>constexpr</code>. Do not use
<code>constexpr</code> to force inlining.</p>

<h3 id="Integer_Types">Integer Types</h3>

<p>Of the built-in C++ integer types, the only one used
 is
<code>int</code>. If a program needs a variable of a
different size, use
a precise-width integer type from
<code>&lt;stdint.h&gt;</code>, such as
<code>int16_t</code>. If your variable represents a
value that could ever be greater than or equal to 2^31
(2GiB), use a 64-bit type such as
<code>int64_t</code>.
Keep in mind that even if your value won't ever be too large
for an <code>int</code>, it may be used in intermediate
calculations which may require a larger type. When in doubt,
choose a larger type.</p>

<p class="definition"></p>
<p> C++ does not specify the sizes of integer types
like <code>int</code>. Typically people assume
that <code>short</code> is 16 bits,
<code>int</code> is 32 bits, <code>long</code> is 32 bits
and <code>long long</code> is 64 bits.</p>

<p class="pros"></p>
<p>Uniformity of declaration.</p>

<p class="cons"></p>
<p>The sizes of integral types in C++ can vary based on
compiler and architecture.</p>

<p class="decision"></p>

<p>
<code>&lt;cstdint&gt;</code> defines types
like <code>int16_t</code>, <code>uint32_t</code>,
<code>int64_t</code>, etc. You should always use
those in preference to <code>short</code>, <code>unsigned
long long</code> and the like, when you need a guarantee
on the size of an integer. Of the C integer types, only
<code>int</code> should be used. When appropriate, you
are welcome to use standard types like
<code>size_t</code> and <code>ptrdiff_t</code>.</p>

<p>We use <code>int</code> very often, for integers we
know are not going to be too big, e.g., loop counters.
Use plain old <code>int</code> for such things. You
should assume that an <code>int</code> is

at least 32 bits, but don't
assume that it has more than 32 bits. If you need a 64-bit
integer type, use
<code>int64_t</code>
or
<code>uint64_t</code>.</p>

<p>For integers we know can be "big",
 use
<code>int64_t</code>.
</p>

<p>You should not use the unsigned integer types such as

<code>uint32_t</code>, unless there is a valid
reason such as representing a bit pattern rather than a
number, or you need defined overflow modulo 2^N. In
particular, do not use unsigned types to say a number
will never be negative. Instead, use

assertions for this.</p>



<p>If your code is a container that returns a size, be
sure to use a type that will accommodate any possible
usage of your container. When in doubt, use a larger type
rather than a smaller type.</p>

<p>Use care when converting integer types. Integer conversions and
promotions can cause undefined behavior, leading to security bugs and
other problems.</p>

<h4>On Unsigned Integers</h4>

<p>Unsigned integers are good for representing bitfields and modular
arithmetic. Because of historical accident, the C++ standard also uses
unsigned integers to represent the size of containers - many members
of the standards body believe this to be a mistake, but it is
effectively impossible to fix at this point. The fact that unsigned
arithmetic doesn't model the behavior of a simple integer, but is
instead defined by the standard to model modular arithmetic (wrapping
around on overflow/underflow), means that a significant class of bugs
cannot be diagnosed by the compiler. In other cases, the defined
behavior impedes optimization.</p>

<p>That said, mixing signedness of integer types is responsible for an
equally large class of problems. The best advice we can provide: try
to use iterators and containers rather than pointers and sizes, try
not to mix signedness, and try to avoid unsigned types (except for
representing bitfields or modular arithmetic). Do not use an unsigned
type merely to assert that a variable is non-negative.</p>

<h3 id="64-bit_Portability">64-bit Portability</h3>

<p>Code should be 64-bit and 32-bit friendly. Bear in mind
problems of printing, comparisons, and structure alignment.</p>

<ul>
  <li>
  <p>Correct portable <code>printf()</code> conversion specifiers for
  some integral typedefs rely on macro expansions that we find unpleasant to
  use and impractical to require (the <code>PRI</code> macros from
  <code>&lt;cinttypes&gt;</code>). Unless there is no reasonable alternative
  for your particular case, try to avoid or even upgrade APIs that rely on the
  <code>printf</code> family. Instead use a library supporting typesafe numeric
  formatting, such as


    <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/str_cat.h"><code>StrCat</code></a>

    or


    <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/strings/substitute.h"><code>Substitute</code></a>

    for fast simple conversions,

    or <a href="#Streams"><code>std::ostream</code></a>.</p>

  <p>Unfortunately, the <code>PRI</code> macros are the only portable way to
  specify a conversion for the standard bitwidth typedefs (e.g.
  <code>int64_t</code>, <code>uint64_t</code>, <code>int32_t</code>,
  <code>uint32_t</code>, etc).

  Where possible, avoid passing arguments of types specified by bitwidth
  typedefs to <code>printf</code>-based APIs. Note that it is acceptable
  to use typedefs for which printf has dedicated length modifiers, such as
  <code>size_t</code> (<code>z</code>),
  <code>ptrdiff_t</code> (<code>t</code>), and
  <code>maxint_t</code> (<code>j</code>).</p>
  </li>

  <li>Remember that <code>sizeof(void *)</code> !=
  <code>sizeof(int)</code>. Use <code>intptr_t</code> if
  you want a pointer-sized integer.</li>

  <li>You may need to be careful with structure
  alignments, particularly for structures being stored on
  disk. Any class/structure with a
  <code>int64_t</code>/<code>uint64_t</code>
  member will by default end up being 8-byte aligned on a
  64-bit system. If you have such structures being shared
  on disk between 32-bit and 64-bit code, you will need
  to ensure that they are packed the same on both
  architectures.
  Most compilers offer a way to
  alter structure alignment. For gcc, you can use
  <code>__attribute__((packed))</code>. MSVC offers
  <code>#pragma pack()</code> and
  <code>__declspec(align())</code>.</li>

  <li>
  <p>Use <a href="#Casting">braced-initialization</a> as needed to create
  64-bit constants. For example:</p>


<div>
<pre>int64_t my_value{0x123456789};
uint64_t my_mask{3ULL &lt;&lt; 48};
</pre>
</div>
  </li>
</ul>

<h3 id="Preprocessor_Macros">Preprocessor Macros</h3>

<p>Avoid defining macros, especially in headers; prefer
inline functions, enums, and <code>const</code> variables.
Name macros with a project-specific prefix. Do not use
macros to define pieces of a C++ API.</p>

<p>Macros mean that the code you see is not the same as
the code the compiler sees. This can introduce unexpected
behavior, especially since macros have global scope.</p>

<p>The problems introduced by macros are especially severe
when they are used to define pieces of a C++ API,
and still more so for public APIs. Every error message from
the compiler when developers incorrectly use that interface
now must explain how the macros formed the interface.
Refactoring and analysis tools have a dramatically harder
time updating the interface. As a consequence, we
specifically disallow using macros in this way.
For example, avoid patterns like:</p>

<pre class="badcode">class WOMBAT_TYPE(Foo) {
  // ...

 public:
  EXPAND_PUBLIC_WOMBAT_API(Foo)

  EXPAND_WOMBAT_COMPARISONS(Foo, ==, &lt;)
};
</pre>

<p>Luckily, macros are not nearly as necessary in C++ as
they are in C. Instead of using a macro to inline
performance-critical code, use an inline function.
Instead of using a macro to store a constant, use a
<code>const</code> variable. Instead of using a macro to
"abbreviate" a long variable name, use a reference.
Instead of using a macro to conditionally compile code
... well, don't do that at all (except, of course, for
the <code>#define</code> guards to prevent double
inclusion of header files). It makes testing much more
difficult.</p>

<p>Macros can do things these other techniques cannot,
and you do see them in the codebase, especially in the
lower-level libraries. And some of their special features
(like stringifying, concatenation, and so forth) are not
available through the language proper. But before using a
macro, consider carefully whether there's a non-macro way
to achieve the same result. If you need to use a macro to
define an interface, contact
your project leads to request
a waiver of this rule.</p>

<p>The following usage pattern will avoid many problems
with macros; if you use macros, follow it whenever
possible:</p>

<ul>
  <li>Don't define macros in a <code>.h</code> file.</li>

  <li><code>#define</code> macros right before you use
  them, and <code>#undef</code> them right after.</li>

  <li>Do not just <code>#undef</code> an existing macro
  before replacing it with your own; instead, pick a name
  that's likely to be unique.</li>

  <li>Try not to use macros that expand to unbalanced C++
  constructs, or at least document that behavior
  well.</li>

  <li>Prefer not using <code>##</code> to generate
  function/class/variable names.</li>
</ul>

<p>Exporting macros from headers (i.e. defining them in a header
without <code>#undef</code>ing them before the end of the header)
is extremely strongly discouraged. If you do export a macro from a
header, it must have a globally unique name. To achieve this, it
must be named with a prefix consisting of your project's namespace
name (but upper case). </p>

<h3 id="0_and_nullptr/NULL">0 and nullptr/NULL</h3>

<p>Use <code>nullptr</code> for pointers, and <code>'\0'</code> for chars (and
not the <code>0</code> literal).</p>

<p>For pointers (address values), use <code>nullptr</code>, as this
provides type-safety.</p>

<p>For C++03 projects, prefer <code>NULL</code> to <code>0</code>. While the
values are equivalent, <code>NULL</code> looks more like a pointer to the
reader, and some C++ compilers provide special definitions of <code>NULL</code>
which enable them to give useful warnings. Never use <code>NULL</code> for
numeric (integer or floating-point) values.</p>

<p>Use <code>'\0'</code> for the null character. Using the correct type makes
the code more readable.</p>

<h3 id="sizeof">sizeof</h3>

<p>Prefer <code>sizeof(<var>varname</var>)</code> to
<code>sizeof(<var>type</var>)</code>.</p>

<p>Use <code>sizeof(<var>varname</var>)</code> when you
take the size of a particular variable.
<code>sizeof(<var>varname</var>)</code> will update
appropriately if someone changes the variable type either
now or later. You may use
<code>sizeof(<var>type</var>)</code> for code unrelated
to any particular variable, such as code that manages an
external or internal data format where a variable of an
appropriate C++ type is not convenient.</p>

<pre>struct data;
memset(&amp;data, 0, sizeof(data));
</pre>

<pre class="badcode">memset(&amp;data, 0, sizeof(Struct));
</pre>

<pre>if (raw_size &lt; sizeof(int)) {
  LOG(ERROR) &lt;&lt; "compressed record not big enough for count: " &lt;&lt; raw_size;
  return false;
}
</pre>

<a name="auto"></a>
<h3 id="Type_deduction">Type deduction</h3>

<p>Use type deduction only if it makes the code clearer to readers who aren't
  familiar with the project, or if it makes the code safer. Do not use it
  merely to avoid the inconvenience of writing an explicit type.</p>

<p class="definition"></p>

<p>There are several contexts in which C++ allows (or even requires) types to
be deduced by the compiler, rather than spelled out explicitly in the code:</p>
<dl>
  <dt><a href="https://en.cppreference.com/w/cpp/language/template_argument_deduction">Function template argument deduction</a></dt>
  <dd>A function template can be invoked without explicit template arguments.
    The compiler deduces those arguments from the types of the function
    arguments:
    <pre class="neutralcode">template &lt;typename T&gt;
void f(T t);

f(0);  // Invokes f&lt;int&gt;(0)</pre>
  </dd>
  <dt><a href="https://en.cppreference.com/w/cpp/language/auto"><code>auto</code> variable declarations</a></dt>
  <dd>A variable declaration can use the <code>auto</code> keyword in place
    of the type. The compiler deduces the type from the variable's
    initializer, following the same rules as function template argument
    deduction with the same initializer (so long as you don't use curly braces
    instead of parentheses).
    <pre class="neutralcode">auto a = 42;  // a is an int
auto&amp; b = a;  // b is an int&amp;
auto c = b;   // c is an int
auto d{42};   // d is an int, not a std::initializer_list&lt;int&gt;
</pre>
    <code>auto</code> can be qualified with <code>const</code>, and can be
    used as part of a pointer or reference type, but it can't be used as a
    template argument. A rare variant of this syntax uses
    <code>decltype(auto)</code> instead of <code>auto</code>, in which case
    the deduced type is the result of applying
    <a href="https://en.cppreference.com/w/cpp/language/decltype"><code>decltype</code></a>
    to the initializer.
  </dd>
  <dt><a href="https://en.cppreference.com/w/cpp/language/function#Return_type_deduction">Function return type deduction</a></dt>
  <dd><code>auto</code> (and <code>decltype(auto)</code>) can also be used in
    place of a function return type. The compiler deduces the return type from
    the <code>return</code> statements in the function body, following the same
    rules as for variable declarations:
    <pre class="neutralcode">auto f() { return 0; }  // The return type of f is int</pre>
    <a href="#Lambda_expressions">Lambda expression</a> return types can be
    deduced in the same way, but this is triggered by omitting the return type,
    rather than by an explicit <code>auto</code>. Confusingly,
    <a href="trailing_return">trailing return type</a> syntax for functions
    also uses <code>auto</code> in the return-type position, but that doesn't
    rely on type deduction; it's just an alternate syntax for an explicit
    return type.
  </dd>
  <dt><a href="https://isocpp.org/wiki/faq/cpp14-language#generic-lambdas">Generic lambdas</a></dt>
  <dd>A lambda expression can use the <code>auto</code> keyword in place of
    one or more of its parameter types. This causes the lambda's call operator
    to be a function template instead of an ordinary function, with a separate
    template parameter for each <code>auto</code> function parameter:
    <pre class="neutralcode">// Sort `vec` in increasing order
std::sort(vec.begin(), vec.end(), [](auto lhs, auto rhs) { return lhs &gt; rhs; });</pre>
  </dd>
  <dt><a href="https://isocpp.org/wiki/faq/cpp14-language#lambda-captures">Lambda init captures</a></dt>
  <dd>Lambda captures can have explicit initializers, which can be used to
    declare wholly new variables rather than only capturing existing ones:
    <pre class="neutralcode">[x = 42, y = "foo"] { ... }  // x is an int, and y is a const char*</pre>
    This syntax doesn't allow the type to be specified; instead, it's deduced
    using the rules for <code>auto</code> variables.
  </dd>
  <dt><a href="https://en.cppreference.com/w/cpp/language/class_template_argument_deduction">Class template argument deduction</a></dt>
  <dd>See <a href="#CTAD">below</a>.</dd>
  <dt><a href="https://en.cppreference.com/w/cpp/language/structured_binding">Structured bindings</a></dt>
  <dd>When declaring a tuple, struct, or array using <code>auto</code>, you can
    specify names for the individual elements instead of a name for the whole
    object; these names are called "structured bindings", and the whole
    declaration is called a "structured binding declaration". This syntax
    provides no way of specifying the type of either the enclosing object
    or the individual names:
    <pre class="neutralcode">auto [iter, success] = my_map.insert({key, value});
if (!success) {
  iter-&gt;second = value;
}</pre>
    The <code>auto</code> can also be qualified with <code>const</code>,
    <code>&amp;</code>, and <code>&amp;&amp;</code>, but note that these qualifiers
    technically apply to the anonymous tuple/struct/array, rather than the
    individual bindings. The rules that determine the types of the bindings
    are quite complex; the results tend to be unsurprising, except that
    the binding types typically won't be references even if the declaration
    declares a reference (but they will usually behave like references anyway).
  </dd>

<p>(These summaries omit many details and caveats; see the links for further
  information.)</p>

<p class="pros"></p>

<ul>
  <li>C++ type names can be long and cumbersome, especially when they
    involve templates or namespaces.</li>
  <li>When a C++ type name is repeated within a single declaration or a
    small code region, the repetition may not be aiding readability.</li>
  <li>It is sometimes safer to let the type be deduced, since that avoids
    the possibility of unintended copies or type conversions.</li>
</ul>

<p class="cons"></p>
<p>C++ code is usually clearer when types are explicit,
  especially when type deduction would depend on information from
  distant parts of the code. In expressions like:</p>

<pre class="badcode">auto foo = x.add_foo();
auto i = y.Find(key);
</pre>

<p>it may not be obvious what the resulting types are if the type
  of <code>y</code> isn't very well known, or if <code>y</code> was
  declared many lines earlier.</p>

<p>Programmers have to understand when type deduction will or won't
  produce a reference type, or they'll get copies when they didn't
  mean to.</p>

<p>If a deduced type is used as part of an interface, then a
  programmer might change its type while only intending to
  change its value, leading to a more radical API change
  than intended.</p>

<p class="decision"></p>

<p>The fundamental rule is: use type deduction only to make the code
  clearer or safer, and do not use it merely to avoid the
  inconvenience of writing an explicit type. When judging whether the
  code is clearer, keep in mind that your readers are not necessarily
  on your team, or familiar with your project, so types that you and
  your reviewer experience as as unnecessary clutter will very often
  provide useful information to others. For example, you can assume that
  the return type of <code>make_unique&lt;Foo&gt;()</code> is obvious,
  but the return type of <code>MyWidgetFactory()</code> probably isn't.</p>

  <p>These principles applies to all forms of type deduction, but the
  details vary, as described in the following sections.</p>

<h4>Function template argument deduction</h4>

<p>Function template argument deduction is almost always OK. Type deduction
  is the expected default way of interacting with function templates,
  because it allows function templates to act like infinite sets of ordinary
  function overloads. Consequently, function templates are almost always
  designed so that template argument deduction is clear and safe, or
  doesn't compile.</p>

<h4>Local variable type deduction</h4>

<p>For local variables, you can use type deduction to make the code clearer
  by eliminating type information that is obvious or irrelevant, so that
  the reader can focus on the meaningful parts of the code:
  </p><pre class="neutralcode">std::unique_ptr&lt;WidgetWithBellsAndWhistles&gt; widget_ptr =
    absl::make_unique&lt;WidgetWithBellsAndWhistles&gt;(arg1, arg2);
absl::flat_hash_map&lt;std::string,
                    std::unique_ptr&lt;WidgetWithBellsAndWhistles&gt;&gt;::const_iterator
    it = my_map_.find(key);
std::array&lt;int, 0&gt; numbers = {4, 8, 15, 16, 23, 42};</pre>

  <pre class="goodcode">auto widget_ptr = absl::make_unique&lt;WidgetWithBellsAndWhistles&gt;(arg1, arg2);
auto it = my_map_.find(key);
std::array numbers = {4, 8, 15, 16, 23, 42};</pre>

<p>Types sometimes contain a mixture of useful information and boilerplate,
  such as <code>it</code> in the example above: it's obvious that the
  type is an iterator, and in many contexts the container type and even the
  key type aren't relevant, but the type of the values is probably useful.
  In such situations, it's often possible to define local variables with
  explicit types that convey the relevant information:
  </p><pre class="goodcode">auto it = my_map_.find(key);
if (it != my_map_.end()) {
  WidgetWithBellsAndWhistles&amp; widget = *it-&gt;second;
  // Do stuff with `widget`
}</pre>
  If the type is a template instance, and the parameters are
  boilerplate but the template itself is informative, you can use
  class template argument deduction to suppress the boilerplate. However,
  cases where this actually provides a meaningful benefit are quite rare.
  Note that class template argument deduction is also subject to a
  <a href="#CTAD">separate style rule</a>.

<p>Do not use <code>decltype(auto)</code> if a simpler option will work,
  because it's a fairly obscure feature, so it has a high cost in code
  clarity.</p>

<h4>Return type deduction</h4>

<p>Use return type deduction (for both functions and lambdas) only if the
  function body has a very small number of <code>return</code> statements,
  and very little other code, because otherwise the reader may not be able
  to tell at a glance what the return type is. Furthermore, use it only
  if the function or lambda has a very narrow scope, because functions with
  deduced return types don't define abstraction boundaries: the implementation
  <em>is</em> the interface. In particular, public functions in header files
  should almost never have deduced return types.</p>

<h4>Parameter type deduction</h4>

<p><code>auto</code> parameter types for lambdas should be used with caution,
  because the actual type is determined by the code that calls the lambda,
  rather than by the definition of the lambda. Consequently, an explicit
  type will almost always be clearer unless the lambda is explicitly called
  very close to where it's defined (so that the reader can easily see both),
  or the lambda is passed to an interface so well-known that it's
  obvious what arguments it will eventually be called with (e.g.
  the <code>std::sort</code> example above).</p>

<h4>Lambda init captures</h4>

<p>Init captures are covered by a <a href="#Lambda_expressions">more specific
    style rule</a>, which largely supersedes the general rules for
  type deduction.</p>

<h4>Structured bindings</h4>

<p>Unlike other forms of type deduction, structured bindings can actually
  give the reader additional information, by giving meaningful names to the
  elements of a larger object. This means that a structured binding declaration
  may provide a net readability improvement over an explicit type, even in cases
  where <code>auto</code> would not. Structured bindings are especially
  beneficial when the object is a pair or tuple (as in the <code>insert</code>
  example above), because they don't have meaningful field names to begin with,
  but note that you generally <a href="#Structs_vs._Tuples">shouldn't use
    pairs or tuples</a> unless a pre-existing API like <code>insert</code>
  forces you to.</p>

<p>If the object being bound is a struct, it may sometimes be helpful to
  provide names that are more specific to your usage, but keep in mind that
  this may also mean the names are less recognizable to your reader than the
  field names. We recommend using a comment to indicate the name of the
  underlying field, if it doesn't match the name of the binding, using the
  same syntax as for function parameter comments:
  </p><pre>auto [/*field_name1=*/ bound_name1, /*field_name2=*/ bound_name2] = ...</pre>
  As with function parameter comments, this can enable tools to detect if
  you get the order of the fields wrong.

<h3 id="CTAD">Class template argument deduction</h3>

<p>Use class template argument deduction only with templates that have
  explicitly opted into supporting it.</p>

<p class="definition"></p>
<p><a href="https://en.cppreference.com/w/cpp/language/class_template_argument_deduction">Class
    template argument deduction</a> (often abbreviated "CTAD") occurs when
  a variable is declared with a type that names a template, and the template
  argument list is not provided (not even empty angle brackets):
  </p><pre class="neutralcode">std::array a = {1, 2, 3};  // `a` is a std::array&lt;int, 3&gt;</pre>
  The compiler deduces the arguments from the initializer using the
  template's "deduction guides", which can be explicit or implicit.

<p>Explicit deduction guides look like function declarations with trailing
  return types, except that there's no leading <code>auto</code>, and the
  function name is the name of the template. For example, the above example
  relies on this deduction guide for <code>std::array</code>:
  </p><pre class="neutralcode">namespace std {
template &lt;class T, class... U&gt;
array(T, U...) -&gt; std::array&lt;T, 1 + sizeof...(U)&gt;;
}</pre>
  Constructors in a primary template (as opposed to a template specialization)
  also implicitly define deduction guides.

<p>When you declare a variable that relies on CTAD, the compiler selects
  a deduction guide using the rules of constructor overload resolution,
  and that guide's return type becomes the type of the variable.</p>

<p class="pros"></p>
<p>CTAD can sometimes allow you to omit boilerplate from your code.</p>

<p class="cons"></p>
<p>The implicit deduction guides that are generated from constructors
  may have undesirable behavior, or be outright incorrect. This is
  particularly problematic for constructors written before CTAD was
  introduced in C++17, because the authors of those constructors had no
  way of knowing about (much less fixing) any problems that their
  constructors would cause for CTAD. Furthermore, adding explicit deduction
  guides to fix those problems might break any existing code that relies on
  the implicit deduction guides.</p>

<p>CTAD also suffers from many of the same drawbacks as <code>auto</code>,
  because they are both mechanisms for deducing all or part of a variable's
  type from its initializer. CTAD does give the reader more information
  than <code>auto</code>, but it also doesn't give the reader an obvious
  cue that information has been omitted.</p>

<p class="decision"></p>
<p>Do not use CTAD with a given template unless the template's maintainers
  have opted into supporting use of CTAD by providing at least one explicit
  deduction guide (all templates in the <code>std</code> namespace are
  also presumed to have opted in). This should be enforced with a compiler
  warning if available.</p>

<p>Uses of CTAD must also follow the general rules on
  <a href="#Type_deduction">Type deduction</a>.</p>

<h3 id="Lambda_expressions">Lambda expressions</h3>

<p>Use lambda expressions where appropriate. Prefer explicit captures
when the lambda will escape the current scope.</p>

<p class="definition"></p>
<p> Lambda expressions are a concise way of creating anonymous
function objects. They're often useful when passing
functions as arguments. For example:</p>

<pre>std::sort(v.begin(), v.end(), [](int x, int y) {
  return Weight(x) &lt; Weight(y);
});
</pre>

<p> They further allow capturing variables from the enclosing scope either
explicitly by name, or implicitly using a default capture. Explicit captures
require each variable to be listed, as
either a value or reference capture:</p>

<pre>int weight = 3;
int sum = 0;
// Captures `weight` by value and `sum` by reference.
std::for_each(v.begin(), v.end(), [weight, &amp;sum](int x) {
  sum += weight * x;
});
</pre>


<p>Default captures implicitly capture any variable referenced in the
lambda body, including <code>this</code> if any members are used:</p>

<pre>const std::vector&lt;int&gt; lookup_table = ...;
std::vector&lt;int&gt; indices = ...;
// Captures `lookup_table` by reference, sorts `indices` by the value
// of the associated element in `lookup_table`.
std::sort(indices.begin(), indices.end(), [&amp;](int a, int b) {
  return lookup_table[a] &lt; lookup_table[b];
});
</pre>

<p>A variable capture can also have an explicit initializer, which can
  be used for capturing move-only variables by value, or for other situations
  not handled by ordinary reference or value captures:
  </p><pre>std::unique_ptr&lt;Foo&gt; foo = ...;
[foo = std::move(foo)] () {
  ...
}</pre>
  Such captures (often called "init captures" or "generalized lambda captures")
  need not actually "capture" anything from the enclosing scope, or even have
  a name from the enclosing scope; this syntax is a fully general way to define
  members of a lambda object:
  <pre class="neutralcode">[foo = std::vector&lt;int&gt;({1, 2, 3})] () {
  ...
}</pre>
  The type of a capture with an initializer is deduced using the same rules
  as <code>auto</code>.

<p class="pros"></p>
<ul>
  <li>Lambdas are much more concise than other ways of
   defining function objects to be passed to STL
   algorithms, which can be a readability
   improvement.</li>

  <li>Appropriate use of default captures can remove
    redundancy and highlight important exceptions from
    the default.</li>

   <li>Lambdas, <code>std::function</code>, and
   <code>std::bind</code> can be used in combination as a
   general purpose callback mechanism; they make it easy
   to write functions that take bound functions as
   arguments.</li>
</ul>

<p class="cons"></p>
<ul>
  <li>Variable capture in lambdas can be a source of dangling-pointer
  bugs, particularly if a lambda escapes the current scope.</li>

  <li>Default captures by value can be misleading because they do not prevent
  dangling-pointer bugs. Capturing a pointer by value doesn't cause a deep
  copy, so it often has the same lifetime issues as capture by reference.
  This is especially confusing when capturing 'this' by value, since the use
  of 'this' is often implicit.</li>

  <li>Captures actually declare new variables (whether or not the captures have
    initializers), but they look nothing like any other variable declaration
    syntax in C++. In particular, there's no place for the variable's type,
    or even an <code>auto</code> placeholder (although init captures can
    indicate it indirectly, e.g. with a cast). This can make it difficult to
    even recognize them as declarations.</li>

  <li>Init captures inherently rely on <a href="#Type_deduction">type
      deduction</a>, and suffer from many of the same drawbacks as
    <code>auto</code>, with the additional problem that the syntax doesn't
    even cue the reader that deduction is taking place.</li>

  <li>It's possible for use of lambdas to get out of
  hand; very long nested anonymous functions can make
  code harder to understand.</li>

</ul>

<p class="decision"></p>
<ul>
<li>Use lambda expressions where appropriate, with formatting as
described <a href="#Formatting_Lambda_Expressions">below</a>.</li>
<li>Prefer explicit captures if the lambda may escape the current scope.
For example, instead of:
<pre class="badcode">{
  Foo foo;
  ...
  executor-&gt;Schedule([&amp;] { Frobnicate(foo); })
  ...
}
// BAD! The fact that the lambda makes use of a reference to `foo` and
// possibly `this` (if `Frobnicate` is a member function) may not be
// apparent on a cursory inspection. If the lambda is invoked after
// the function returns, that would be bad, because both `foo`
// and the enclosing object could have been destroyed.
</pre>
prefer to write:
<pre>{
  Foo foo;
  ...
  executor-&gt;Schedule([&amp;foo] { Frobnicate(foo); })
  ...
}
// BETTER - The compile will fail if `Frobnicate` is a member
// function, and it's clearer that `foo` is dangerously captured by
// reference.
</pre>
</li>
<li>Use default capture by reference ([&amp;]) only when the
lifetime of the lambda is obviously shorter than any potential
captures.
</li>
<li>Use default capture by value ([=]) only as a means of binding a
few variables for a short lambda, where the set of captured
variables is obvious at a glance. Prefer not to write long or
complex lambdas with default capture by value.
</li>
<li>Use captures only to actually capture variables from the enclosing scope.
  Do not use captures with initializers to introduce new names, or
  to substantially change the meaning of an existing name. Instead,
  declare a new variable in the conventional way and then capture it,
  or avoid the lambda shorthand and define a function object explicitly.</li>
<li>See the section on <a href="#Type_deduction">type deduction</a>
  for guidance on specifying the parameter and return types.</li>

</ul>

<h3 id="Template_metaprogramming">Template metaprogramming</h3>

<p>Avoid complicated template programming.</p>

<p class="definition"></p>
<p>Template metaprogramming refers to a family of techniques that
exploit the fact that the C++ template instantiation mechanism is
Turing complete and can be used to perform arbitrary compile-time
computation in the type domain.</p>

<p class="pros"></p>
<p>Template metaprogramming allows extremely flexible interfaces that
are type safe and high performance. Facilities like

<a href="https://code.google.com/p/googletest/">Google Test</a>,
<code>std::tuple</code>, <code>std::function</code>, and
Boost.Spirit would be impossible without it.</p>

<p class="cons"></p>
<p>The techniques used in template metaprogramming are often obscure
to anyone but language experts. Code that uses templates in
complicated ways is often unreadable, and is hard to debug or
maintain.</p>

<p>Template metaprogramming often leads to extremely poor compile
time error messages: even if an interface is simple, the complicated
implementation details become visible when the user does something
wrong.</p>

<p>Template metaprogramming interferes with large scale refactoring by
making the job of refactoring tools harder. First, the template code
is expanded in multiple contexts, and it's hard to verify that the
transformation makes sense in all of them. Second, some refactoring
tools work with an AST that only represents the structure of the code
after template expansion. It can be difficult to automatically work
back to the original source construct that needs to be
rewritten.</p>

<p class="decision"></p>
<p>Template metaprogramming sometimes allows cleaner and easier-to-use
interfaces than would be possible without it, but it's also often a
temptation to be overly clever. It's best used in a small number of
low level components where the extra maintenance burden is spread out
over a large number of uses.</p>

<p>Think twice before using template metaprogramming or other
complicated template techniques; think about whether the average
member of your team will be able to understand your code well enough
to maintain it after you switch to another project, or whether a
non-C++ programmer or someone casually browsing the code base will be
able to understand the error messages or trace the flow of a function
they want to call.  If you're using recursive template instantiations
or type lists or metafunctions or expression templates, or relying on
SFINAE or on the <code>sizeof</code> trick for detecting function
overload resolution, then there's a good chance you've gone too
far.</p>

<p>If you use template metaprogramming, you should expect to put
considerable effort into minimizing and isolating the complexity. You
should hide metaprogramming as an implementation detail whenever
possible, so that user-facing headers are readable, and you should
make sure that tricky code is especially well commented. You should
carefully document how the code is used, and you should say something
about what the "generated" code looks like. Pay extra attention to the
error messages that the compiler emits when users make mistakes.  The
error messages are part of your user interface, and your code should
be tweaked as necessary so that the error messages are understandable
and actionable from a user point of view.</p>

<h3 id="Boost">Boost</h3>

<p>Use only approved libraries from the Boost library
collection.</p>

<p class="definition"></p>
<p> The
<a href="https://www.boost.org/">
Boost library collection</a> is a popular collection of
peer-reviewed, free, open-source C++ libraries.</p>

<p class="pros"></p>
<p>Boost code is generally very high-quality, is widely
portable, and fills many important gaps in the C++
standard library, such as type traits and better binders.</p>

<p class="cons"></p>
<p>Some Boost libraries encourage coding practices which can
hamper readability, such as metaprogramming and other
advanced template techniques, and an excessively
"functional" style of programming. </p>

<p class="decision"></p>



<div>
<p>In order to maintain a high level of readability for
all contributors who might read and maintain code, we
only allow an approved subset of Boost features.
Currently, the following libraries are permitted:</p>

<ul>
  <li>
  <a href="https://www.boost.org/libs/utility/call_traits.htm">
  Call Traits</a> from <code>boost/call_traits.hpp</code></li>

  <li><a href="https://www.boost.org/libs/utility/compressed_pair.htm">
  Compressed Pair</a> from  <code>boost/compressed_pair.hpp</code></li>

  <li><a href="https://www.boost.org/libs/graph/">
  The Boost Graph Library (BGL)</a> from <code>boost/graph</code>,
  except serialization (<code>adj_list_serialize.hpp</code>) and
   parallel/distributed algorithms and data structures
   (<code>boost/graph/parallel/*</code> and
   <code>boost/graph/distributed/*</code>).</li>

  <li><a href="https://www.boost.org/libs/property_map/">
  Property Map</a> from <code>boost/property_map</code>, except
  parallel/distributed property maps (<code>boost/property_map/parallel/*</code>).</li>

  <li><a href="https://www.boost.org/libs/iterator/">
  Iterator</a> from <code>boost/iterator</code></li>

  <li>The part of <a href="https://www.boost.org/libs/polygon/">
  Polygon</a> that deals with Voronoi diagram
  construction and doesn't depend on the rest of
  Polygon:
  <code>boost/polygon/voronoi_builder.hpp</code>,
  <code>boost/polygon/voronoi_diagram.hpp</code>, and
  <code>boost/polygon/voronoi_geometry_type.hpp</code></li>

  <li><a href="https://www.boost.org/libs/bimap/">
  Bimap</a> from <code>boost/bimap</code></li>

  <li><a href="https://www.boost.org/libs/math/doc/html/dist.html">
  Statistical Distributions and Functions</a> from
  <code>boost/math/distributions</code></li>

  <li><a href="https://www.boost.org/libs/math/doc/html/special.html">
  Special Functions</a> from <code>boost/math/special_functions</code></li>

  <li><a href="https://www.boost.org/libs/math/doc/html/root_finding.html">
  Root Finding Functions</a> from <code>boost/math/tools</code></li>

  <li><a href="https://www.boost.org/libs/multi_index/">
  Multi-index</a> from <code>boost/multi_index</code></li>

  <li><a href="https://www.boost.org/libs/heap/">
  Heap</a> from <code>boost/heap</code></li>

  <li>The flat containers from
  <a href="https://www.boost.org/libs/container/">Container</a>:
  <code>boost/container/flat_map</code>, and
  <code>boost/container/flat_set</code></li>

  <li><a href="https://www.boost.org/libs/intrusive/">Intrusive</a>
  from <code>boost/intrusive</code>.</li>

  <li><a href="https://www.boost.org/libs/sort/">The
  <code>boost/sort</code> library</a>.</li>

  <li><a href="https://www.boost.org/libs/preprocessor/">Preprocessor</a>
  from <code>boost/preprocessor</code>.</li>
</ul>

<p>We are actively considering adding other Boost
features to the list, so this list may be expanded in
the future.</p>
</div>



<h3 id="std_hash">std::hash</h3>

<p>Do not define specializations of <code>std::hash</code>.</p>

<p class="definition"></p>
<p><code>std::hash&lt;T&gt;</code> is the function object that the
C++11 hash containers use to hash keys of type <code>T</code>,
unless the user explicitly specifies a different hash function. For
example, <code>std::unordered_map&lt;int, std::string&gt;</code> is a hash
map that uses <code>std::hash&lt;int&gt;</code> to hash its keys,
whereas <code>std::unordered_map&lt;int, std::string, MyIntHash&gt;</code>
uses <code>MyIntHash</code>.</p>

<p><code>std::hash</code> is defined for all integral, floating-point,
pointer, and <code>enum</code> types, as well as some standard library
types such as <code>string</code> and <code>unique_ptr</code>. Users
can enable it to work for their own types by defining specializations
of it for those types.</p>

<p class="pros"></p>
<p><code>std::hash</code> is easy to use, and simplifies the code
since you don't have to name it explicitly. Specializing
<code>std::hash</code> is the standard way of specifying how to
hash a type, so it's what outside resources will teach, and what
new engineers will expect.</p>

<p class="cons"></p>
<p><code>std::hash</code> is hard to specialize. It requires a lot
of boilerplate code, and more importantly, it combines responsibility
for identifying the hash inputs with responsibility for executing the
hashing algorithm itself. The type author has to be responsible for
the former, but the latter requires expertise that a type author
usually doesn't have, and shouldn't need. The stakes here are high
because low-quality hash functions can be security vulnerabilities,
due to the emergence of
<a href="https://emboss.github.io/blog/2012/12/14/breaking-murmur-hash-flooding-dos-reloaded/">
hash flooding attacks</a>.</p>

<p>Even for experts, <code>std::hash</code> specializations are
inordinately difficult to implement correctly for compound types,
because the implementation cannot recursively call <code>std::hash</code>
on data members. High-quality hash algorithms maintain large
amounts of internal state, and reducing that state to the
<code>size_t</code> bytes that <code>std::hash</code>
returns is usually the slowest part of the computation, so it
should not be done more than once.</p>

<p>Due to exactly that issue, <code>std::hash</code> does not work
with <code>std::pair</code> or <code>std::tuple</code>, and the
language does not allow us to extend it to support them.</p>

<p class="decision"></p>
<p>You can use <code>std::hash</code> with the types that it supports
"out of the box", but do not specialize it to support additional types.
If you need a hash table with a key type that <code>std::hash</code>
does not support, consider using legacy hash containers (e.g.
<code>hash_map</code>) for now; they use a different default hasher,
which is unaffected by this prohibition.</p>

<p>If you want to use the standard hash containers anyway, you will
need to specify a custom hasher for the key type, e.g.</p>
<pre>std::unordered_map&lt;MyKeyType, Value, MyKeyTypeHasher&gt; my_map;
</pre><p>
Consult with the type's owners to see if there is an existing hasher
that you can use; otherwise work with them to provide one,
 or roll your own.</p>

<p>We are planning to provide a hash function that can work with any type,
using a new customization mechanism that doesn't have the drawbacks of
<code>std::hash</code>.</p>



<h3 id="Other_Features"><a name="C++11">Other C++ Features</a></h3>

<p>As with <a href="#Boost">Boost</a>, some modern C++
extensions encourage coding practices that hamper
readability&#8212;for example by removing
checked redundancy (such as type names) that may be
helpful to readers, or by encouraging template
metaprogramming. Other extensions duplicate functionality
available through existing mechanisms, which may lead to confusion
and conversion costs.</p>

<p class="decision"></p>
<p>In addition to what's described in the rest of the style
guide, the following C++ features may not be used:</p>

<ul>


  <li>Compile-time rational numbers
  (<code>&lt;ratio&gt;</code>), because of concerns that
  it's tied to a more template-heavy interface
  style.</li>

  <li>The <code>&lt;cfenv&gt;</code> and
  <code>&lt;fenv.h&gt;</code> headers, because many
  compilers do not support those features reliably.</li>

  <li>The <code>&lt;filesystem&gt;</code> header, which

  does not have sufficient support for testing, and suffers
  from inherent security vulnerabilities.</li>


</ul>

<h3 id="Nonstandard_Extensions">Nonstandard Extensions</h3>

<p>Nonstandard extensions to C++ may not be used unless otherwise specified.</p>

<p class="definition"></p>
<p>Compilers support various extensions that are not part of standard C++. Such
  extensions include GCC's <code>__attribute__</code>, intrinsic functions such
  as <code>__builtin_prefetch</code>, designated initializers (e.g.
  <code>Foo f = {.field = 3}</code>), inline assembly, <code>__COUNTER__</code>,
  <code>__PRETTY_FUNCTION__</code>, compound statement expressions (e.g.
  <code>foo = ({ int x; Bar(&amp;x); x })</code>, variable-length arrays and
  <code>alloca()</code>, and the "<a href="https://en.wikipedia.org/wiki/Elvis_operator">Elvis Operator</a>"
  <code>a?:b</code>.</p>

<p class="pros"></p>
  <ul>
    <li>Nonstandard extensions may provide useful features that do not exist
      in standard C++. For example, some people think that designated
      initializers are more readable than standard C++ features like
      constructors.</li>
    <li>Important performance guidance to the compiler can only be specified
      using extensions.</li>
  </ul>

<p class="cons"></p>
  <ul>
    <li>Nonstandard extensions do not work in all compilers. Use of nonstandard
      extensions reduces portability of code.</li>
    <li>Even if they are supported in all targeted compilers, the extensions
      are often not well-specified, and there may be subtle behavior differences
      between compilers.</li>
    <li>Nonstandard extensions add to the language features that a reader must
      know to understand the code.</li>
  </ul>

<p class="decision"></p>
<p>Do not use nonstandard extensions. You may use portability wrappers that
  are implemented using nonstandard extensions, so long as those wrappers

  are provided by a designated project-wide
  portability header.</p>

<h3 id="Aliases">Aliases</h3>

<p>Public aliases are for the benefit of an API's user, and should be clearly documented.</p>

<p class="definition"></p>
<p>There are several ways to create names that are aliases of other entities:</p>
<pre>typedef Foo Bar;
using Bar = Foo;
using other_namespace::Foo;
</pre>

  <p>In new code, <code>using</code> is preferable to <code>typedef</code>,
  because it provides a more consistent syntax with the rest of C++ and works
  with templates.</p>

  <p>Like other declarations, aliases declared in a header file are part of that
  header's public API unless they're in a function definition, in the private portion of a class,
  or in an explicitly-marked internal namespace. Aliases in such areas or in .cc files are
  implementation details (because client code can't refer to them), and are not restricted by this
  rule.</p>

<p class="pros"></p>
  <ul>
    <li>Aliases can improve readability by simplifying a long or complicated name.</li>
    <li>Aliases can reduce duplication by naming in one place a type used repeatedly in an API,
      which <em>might</em> make it easier to change the type later.
    </li>
  </ul>

<p class="cons"></p>
  <ul>
    <li>When placed in a header where client code can refer to them, aliases increase the
      number of entities in that header's API, increasing its complexity.</li>
    <li>Clients can easily rely on unintended details of public aliases, making
      changes difficult.</li>
    <li>It can be tempting to create a public alias that is only intended for use
      in the implementation, without considering its impact on the API, or on maintainability.</li>
    <li>Aliases can create risk of name collisions</li>
    <li>Aliases can reduce readability by giving a familiar construct an unfamiliar name</li>
    <li>Type aliases can create an unclear API contract:
      it is unclear whether the alias is guaranteed to be identical to the type it aliases,
      to have the same API, or only to be usable in specified narrow ways</li>
  </ul>

<p class="decision"></p>
<p>Don't put an alias in your public API just to save typing in the implementation;
  do so only if you intend it to be used by your clients.</p>
<p>When defining a public alias, document the intent of
the new name, including whether it is guaranteed to always be the same as the type
it's currently aliased to, or whether a more limited compatibility is
intended. This lets the user know whether they can treat the types as
substitutable or whether more specific rules must be followed, and can help the
implementation retain some degree of freedom to change the alias.</p>
<p>Don't put namespace aliases in your public API. (See also <a href="#Namespaces">Namespaces</a>).
</p>

<p>For example, these aliases document how they are intended to be used in client code:</p>
<pre>namespace mynamespace {
// Used to store field measurements. DataPoint may change from Bar* to some internal type.
// Client code should treat it as an opaque pointer.
using DataPoint = foo::Bar*;

// A set of measurements. Just an alias for user convenience.
using TimeSeries = std::unordered_set&lt;DataPoint, std::hash&lt;DataPoint&gt;, DataPointComparator&gt;;
}  // namespace mynamespace
</pre>

<p>These aliases don't document intended use, and half of them aren't meant for client use:</p>

<pre class="badcode">namespace mynamespace {
// Bad: none of these say how they should be used.
using DataPoint = foo::Bar*;
using std::unordered_set;  // Bad: just for local convenience
using std::hash;           // Bad: just for local convenience
typedef unordered_set&lt;DataPoint, hash&lt;DataPoint&gt;, DataPointComparator&gt; TimeSeries;
}  // namespace mynamespace
</pre>

<p>However, local convenience aliases are fine in function definitions, private sections of
  classes, explicitly marked internal namespaces, and in .cc files:</p>

<pre>// In a .cc file
using foo::Bar;
</pre>

<h2 id="Naming">Naming</h2>

<p>The most important consistency rules are those that govern
naming. The style of a name immediately informs us what sort of
thing the named entity is: a type, a variable, a function, a
constant, a macro, etc., without requiring us to search for the
declaration of that entity. The pattern-matching engine in our
brains relies a great deal on these naming rules.
</p>

<p>Naming rules are pretty arbitrary, but
 we feel that
consistency is more important than individual preferences in this
area, so regardless of whether you find them sensible or not,
the rules are the rules.</p>

<h3 id="General_Naming_Rules">General Naming Rules</h3>

<p>Optimize for readability using names that would be clear
even to people on a different team.</p>

<p>Use names that describe the purpose or intent of the object.
Do not worry about saving horizontal space as it is far
more important to make your code immediately
understandable by a new reader. Minimize the use of
abbreviations that would likely be unknown to someone outside
your project (especially acronyms and initialisms). Do not
abbreviate by deleting letters within a word. As a rule of thumb,
an abbreviation is probably OK if it's listed in
 Wikipedia. Generally speaking, descriptiveness should be
proportional to the name's scope of visibility. For example,
<code>n</code> may be a fine name within a 5-line function,
but within the scope of a class, it's likely too vague.</p>

<pre>class MyClass {
 public:
  int CountFooErrors(const std::vector&lt;Foo&gt;&amp; foos) {
    int n = 0;  // Clear meaning given limited scope and context
    for (const auto&amp; foo : foos) {
      ...
      ++n;
    }
    return n;
  }
  void DoSomethingImportant() {
    std::string fqdn = ...;  // Well-known abbreviation for Fully Qualified Domain Name
  }
 private:
  const int kMaxAllowedConnections = ...;  // Clear meaning within context
};
</pre>

<pre class="badcode">class MyClass {
 public:
  int CountFooErrors(const std::vector&lt;Foo&gt;&amp; foos) {
    int total_number_of_foo_errors = 0;  // Overly verbose given limited scope and context
    for (int foo_index = 0; foo_index &lt; foos.size(); ++foo_index) {  // Use idiomatic `i`
      ...
      ++total_number_of_foo_errors;
    }
    return total_number_of_foo_errors;
  }
  void DoSomethingImportant() {
    int cstmr_id = ...;  // Deletes internal letters
  }
 private:
  const int kNum = ...;  // Unclear meaning within broad scope
};
</pre>

<p>Note that certain universally-known abbreviations are OK, such as
<code>i</code> for an iteration variable and <code>T</code> for a
template parameter.</p>

<p>For the purposes of the naming rules below, a "word" is anything that you
would write in English without internal spaces. This includes abbreviations and
acronyms; e.g., for "<a href="https://en.wikipedia.org/wiki/Camel_case">camel
case</a>" or "Pascal case," in which the first letter of each word is
capitalized, use a name like <code>StartRpc()</code>, not
<code>StartRPC()</code>.</p>

<p>Template parameters should follow the naming style for their
category: type template parameters should follow the rules for
<a href="#Type_Names">type names</a>, and non-type template
parameters should follow the rules for <a href="#Variable_Names">
variable names</a>.

</p><h3 id="File_Names">File Names</h3>

<p>Filenames should be all lowercase and can include
underscores (<code>_</code>) or dashes (<code>-</code>).
Follow the convention that your

project uses. If there is no consistent
local pattern to follow, prefer "_".</p>

<p>Examples of acceptable file names:</p>

<ul>
  <li><code>my_useful_class.cc</code></li>
  <li><code>my-useful-class.cc</code></li>
  <li><code>myusefulclass.cc</code></li>
  <li><code>myusefulclass_test.cc // _unittest and _regtest are deprecated.</code></li>
</ul>

<p>C++ files should end in <code>.cc</code> and header files should end in
<code>.h</code>. Files that rely on being textually included at specific points
should end in <code>.inc</code> (see also the section on
<a href="#Self_contained_Headers">self-contained headers</a>).</p>

<p>Do not use filenames that already exist in
<code>/usr/include</code>, such as <code>db.h</code>.</p>

<p>In general, make your filenames very specific. For
example, use <code>http_server_logs.h</code> rather than
<code>logs.h</code>. A very common case is to have a pair
of files called, e.g., <code>foo_bar.h</code> and
<code>foo_bar.cc</code>, defining a class called
<code>FooBar</code>.</p>

<h3 id="Type_Names">Type Names</h3>

<p>Type names start with a capital letter and have a capital
letter for each new word, with no underscores:
<code>MyExcitingClass</code>, <code>MyExcitingEnum</code>.</p>

<p>The names of all types &#8212; classes, structs, type aliases,
enums, and type template parameters &#8212; have the same naming convention.
Type names should start with a capital letter and have a capital letter
for each new word. No underscores. For example:</p>

<pre>// classes and structs
class UrlTable { ...
class UrlTableTester { ...
struct UrlTableProperties { ...

// typedefs
typedef hash_map&lt;UrlTableProperties *, std::string&gt; PropertiesMap;

// using aliases
using PropertiesMap = hash_map&lt;UrlTableProperties *, std::string&gt;;

// enums
enum UrlTableErrors { ...
</pre>

<h3 id="Variable_Names">Variable Names</h3>

<p>The names of variables (including function parameters) and data members are
all lowercase, with underscores between words. Data members of classes (but not
structs) additionally have trailing underscores. For instance:
<code>a_local_variable</code>, <code>a_struct_data_member</code>,
<code>a_class_data_member_</code>.</p>

<h4>Common Variable names</h4>

<p>For example:</p>

<pre>std::string table_name;  // OK - lowercase with underscore.
</pre>

<pre class="badcode">std::string tableName;   // Bad - mixed case.
</pre>

<h4>Class Data Members</h4>

<p>Data members of classes, both static and non-static, are
named like ordinary nonmember variables, but with a
trailing underscore.</p>

<pre>class TableInfo {
  ...
 private:
  std::string table_name_;  // OK - underscore at end.
  static Pool&lt;TableInfo&gt;* pool_;  // OK.
};
</pre>

<h4>Struct Data Members</h4>

<p>Data members of structs, both static and non-static,
are named like ordinary nonmember variables. They do not have
the trailing underscores that data members in classes have.</p>

<pre>struct UrlTableProperties {
  std::string name;
  int num_entries;
  static Pool&lt;UrlTableProperties&gt;* pool;
};
</pre>


<p>See <a href="#Structs_vs._Classes">Structs vs.
Classes</a> for a discussion of when to use a struct
versus a class.</p>

<h3 id="Constant_Names">Constant Names</h3>

<p>Variables declared constexpr or const, and whose value is fixed for
the duration of the program, are named with a leading "k" followed
by mixed case. Underscores can be used as separators in the rare cases
where capitalization cannot be used for separation. For example:</p>

<pre>const int kDaysInAWeek = 7;
const int kAndroid8_0_0 = 24;  // Android 8.0.0
</pre>

<p>All such variables with static storage duration (i.e. statics and globals,
see <a href="http://en.cppreference.com/w/cpp/language/storage_duration#Storage_duration">
Storage Duration</a> for details) should be named this way.  This
convention is optional for variables of other storage classes, e.g. automatic
variables, otherwise the usual variable naming rules apply.</p>

<h3 id="Function_Names">Function Names</h3>

<p>Regular functions have mixed case; accessors and mutators may be named
like variables.</p>

<p>Ordinarily, functions should start with a capital letter and have a
capital letter for each new word.</p>

<pre>AddTableEntry()
DeleteUrl()
OpenFileOrDie()
</pre>

<p>(The same naming rule applies to class- and namespace-scope
constants that are exposed as part of an API and that are intended to look
like functions, because the fact that they're objects rather than functions
is an unimportant implementation detail.)</p>

<p>Accessors and mutators (get and set functions) may be named like
variables. These often correspond to actual member variables, but this is
not required. For example, <code>int count()</code> and <code>void
set_count(int count)</code>.</p>

<h3 id="Namespace_Names">Namespace Names</h3>

Namespace names are all lower-case. Top-level namespace names are
based on the project name
. Avoid collisions
between nested namespaces and well-known top-level namespaces.

<p>The name of a top-level namespace should usually be the
name of the project or team whose code is contained in that
namespace. The code in that namespace should usually be in
a directory whose basename matches the namespace name (or in
subdirectories thereof).</p>



<p>Keep in mind that the <a href="#General_Naming_Rules">rule
against abbreviated names</a> applies to namespaces just as much
as variable names. Code inside the namespace seldom needs to
mention the namespace name, so there's usually no particular need
for abbreviation anyway.</p>

<p>Avoid nested namespaces that match well-known top-level
namespaces. Collisions between namespace names can lead to surprising
build breaks because of name lookup rules. In particular, do not
create any nested <code>std</code> namespaces. Prefer unique project
identifiers
(<code>websearch::index</code>, <code>websearch::index_util</code>)
over collision-prone names like <code>websearch::util</code>.</p>

<p>For <code>internal</code> namespaces, be wary of other code being
added to the same <code>internal</code> namespace causing a collision
(internal helpers within a team tend to be related and may lead to
collisions). In such a situation, using the filename to make a unique
internal name is helpful
(<code>websearch::index::frobber_internal</code> for use
in <code>frobber.h</code>)</p>

<h3 id="Enumerator_Names">Enumerator Names</h3>

<p>Enumerators (for both scoped and unscoped enums) should be named <i>either</i> like
<a href="#Constant_Names">constants</a> or like
<a href="#Macro_Names">macros</a>: either <code>kEnumName</code> or
<code>ENUM_NAME</code>.</p>

<p>Preferably, the individual enumerators should be named
like <a href="#Constant_Names">constants</a>. However, it
is also acceptable to name them like
<a href="#Macro_Names">macros</a>.  The enumeration name,
<code>UrlTableErrors</code> (and
<code>AlternateUrlTableErrors</code>), is a type, and
therefore mixed case.</p>

<pre>enum UrlTableErrors {
  kOk = 0,
  kErrorOutOfMemory,
  kErrorMalformedInput,
};
enum AlternateUrlTableErrors {
  OK = 0,
  OUT_OF_MEMORY = 1,
  MALFORMED_INPUT = 2,
};
</pre>

<p>Until January 2009, the style was to name enum values
like <a href="#Macro_Names">macros</a>. This caused
problems with name collisions between enum values and
macros. Hence, the change to prefer constant-style naming
was put in place. New code should prefer constant-style
naming if possible. However, there is no reason to change
old code to use constant-style names, unless the old
names are actually causing a compile-time problem.</p>



<h3 id="Macro_Names">Macro Names</h3>

<p>You're not really going to <a href="#Preprocessor_Macros">
define a macro</a>, are you? If you do, they're like this:
<code>MY_MACRO_THAT_SCARES_SMALL_CHILDREN_AND_ADULTS_ALIKE</code>.
</p>

<p>Please see the <a href="#Preprocessor_Macros">description
of macros</a>; in general macros should <em>not</em> be used.
However, if they are absolutely needed, then they should be
named with all capitals and underscores.</p>

<pre>#define ROUND(x) ...
#define PI_ROUNDED 3.0
</pre>

<h3 id="Exceptions_to_Naming_Rules">Exceptions to Naming Rules</h3>

<p>If you are naming something that is analogous to an
existing C or C++ entity then you can follow the existing
naming convention scheme.</p>

<dl>
  <dt><code>bigopen()</code></dt>
  <dd>function name, follows form of <code>open()</code></dd>

  <dt><code>uint</code></dt>
  <dd><code>typedef</code></dd>

  <dt><code>bigpos</code></dt>
  <dd><code>struct</code> or <code>class</code>, follows
  form of <code>pos</code></dd>

  <dt><code>sparse_hash_map</code></dt>
  <dd>STL-like entity; follows STL naming conventions</dd>

  <dt><code>LONGLONG_MAX</code></dt>
  <dd>a constant, as in <code>INT_MAX</code></dd>
</dl>

<h2 id="Comments">Comments</h2>

<p>Comments are absolutely vital to keeping our code readable. The following rules describe what you
should comment and where. But remember: while comments are very important, the best code is
self-documenting. Giving sensible names to types and variables is much better than using obscure
names that you must then explain through comments.</p>

<p>When writing your comments, write for your audience: the
next
contributor who will need to
understand your code. Be generous &#8212; the next
one may be you!</p>

<h3 id="Comment_Style">Comment Style</h3>

<p>Use either the <code>//</code> or <code>/* */</code>
syntax, as long as you are consistent.</p>

<p>You can use either the <code>//</code> or the <code>/*
*/</code> syntax; however, <code>//</code> is
<em>much</em> more common. Be consistent with how you
comment and what style you use where.</p>

<h3 id="File_Comments">File Comments</h3>

<div>
<p>Start each file with license boilerplate.</p>
</div>

<p>File comments describe the contents of a file. If a file declares,
implements, or tests exactly one abstraction that is documented by a comment
at the point of declaration, file comments are not required. All other files
must have file comments.</p>

<h4>Legal Notice and Author
Line</h4>



<div>
<p>Every file should contain license
boilerplate. Choose the appropriate boilerplate for the
license used by the project (for example, Apache 2.0,
BSD, LGPL, GPL).</p>
</div>

<p>If you make significant changes to a file with an
author line, consider deleting the author line.
New files should usually not contain copyright notice or
author line.</p>

<h4>File Contents</h4>

<p>If a <code>.h</code> declares multiple abstractions, the file-level comment
should broadly describe the contents of the file, and how the abstractions are
related. A 1 or 2 sentence file-level comment may be sufficient. The detailed
documentation about individual abstractions belongs with those abstractions,
not at the file level.</p>

<p>Do not duplicate comments in both the <code>.h</code> and the
<code>.cc</code>. Duplicated comments diverge.</p>

<h3 id="Class_Comments">Class Comments</h3>

<p>Every non-obvious class declaration should have an accompanying
comment that describes what it is for and how it should be used.</p>

<pre>// Iterates over the contents of a GargantuanTable.
// Example:
//    GargantuanTableIterator* iter = table-&gt;NewIterator();
//    for (iter-&gt;Seek("foo"); !iter-&gt;done(); iter-&gt;Next()) {
//      process(iter-&gt;key(), iter-&gt;value());
//    }
//    delete iter;
class GargantuanTableIterator {
  ...
};
</pre>

<p>The class comment should provide the reader with enough information to know
how and when to use the class, as well as any additional considerations
necessary to correctly use the class. Document the synchronization assumptions
the class makes, if any. If an instance of the class can be accessed by
multiple threads, take extra care to document the rules and invariants
surrounding multithreaded use.</p>

<p>The class comment is often a good place for a small example code snippet
demonstrating a simple and focused usage of the class.</p>

<p>When sufficiently separated (e.g. <code>.h</code> and <code>.cc</code>
files), comments describing the use of the class should go together with its
interface definition; comments about the class operation and implementation
should accompany the implementation of the class's methods.</p>

<h3 id="Function_Comments">Function Comments</h3>

<p>Declaration comments describe use of the function (when it is
non-obvious); comments at the definition of a function describe
operation.</p>

<h4>Function Declarations</h4>

<p>Almost every function declaration should have comments immediately
preceding it that describe what the function does and how to use
it. These comments may be omitted only if the function is simple and
obvious (e.g. simple accessors for obvious properties of the
class).  These comments should open with descriptive verbs in the
indicative mood ("Opens the file") rather than verbs in the imperative
("Open the file"). The comment describes the function; it does not
tell the function what to do. In general, these comments do not
describe how the function performs its task. Instead, that should be
left to comments in the function definition.</p>

<p>Types of things to mention in comments at the function
declaration:</p>

<ul>
  <li>What the inputs and outputs are.</li>

  <li>For class member functions: whether the object
  remembers reference arguments beyond the duration of
  the method call, and whether it will free them or
  not.</li>

  <li>If the function allocates memory that the caller
  must free.</li>

  <li>Whether any of the arguments can be a null
  pointer.</li>

  <li>If there are any performance implications of how a
  function is used.</li>

  <li>If the function is re-entrant. What are its
  synchronization assumptions?</li>
 </ul>

<p>Here is an example:</p>

<pre>// Returns an iterator for this table.  It is the client's
// responsibility to delete the iterator when it is done with it,
// and it must not use the iterator once the GargantuanTable object
// on which the iterator was created has been deleted.
//
// The iterator is initially positioned at the beginning of the table.
//
// This method is equivalent to:
//    Iterator* iter = table-&gt;NewIterator();
//    iter-&gt;Seek("");
//    return iter;
// If you are going to immediately seek to another place in the
// returned iterator, it will be faster to use NewIterator()
// and avoid the extra seek.
Iterator* GetIterator() const;
</pre>

<p>However, do not be unnecessarily verbose or state the
completely obvious.</p>

<p>When documenting function overrides, focus on the
specifics of the override itself, rather than repeating
the comment from the overridden function.  In many of these
cases, the override needs no additional documentation and
thus no comment is required.</p>

<p>When commenting constructors and destructors, remember
that the person reading your code knows what constructors
and destructors are for, so comments that just say
something like "destroys this object" are not useful.
Document what constructors do with their arguments (for
example, if they take ownership of pointers), and what
cleanup the destructor does. If this is trivial, just
skip the comment. It is quite common for destructors not
to have a header comment.</p>

<h4>Function Definitions</h4>

<p>If there is anything tricky about how a function does
its job, the function definition should have an
explanatory comment. For example, in the definition
comment you might describe any coding tricks you use,
give an overview of the steps you go through, or explain
why you chose to implement the function in the way you
did rather than using a viable alternative. For instance,
you might mention why it must acquire a lock for the
first half of the function but why it is not needed for
the second half.</p>

<p>Note you should <em>not</em> just repeat the comments
given with the function declaration, in the
<code>.h</code> file or wherever. It's okay to
recapitulate briefly what the function does, but the
focus of the comments should be on how it does it.</p>

<h3 id="Variable_Comments">Variable Comments</h3>

<p>In general the actual name of the variable should be
descriptive enough to give a good idea of what the variable
is used for. In certain cases, more comments are required.</p>

<h4>Class Data Members</h4>

<p>The purpose of each class data member (also called an instance
variable or member variable) must be clear. If there are any
invariants (special values, relationships between members, lifetime
requirements) not clearly expressed by the type and name, they must be
commented. However, if the type and name suffice (<code>int
num_events_;</code>), no comment is needed.</p>

<p>In particular, add comments to describe the existence and meaning
of sentinel values, such as nullptr or -1, when they are not
obvious. For example:</p>

<pre>private:
 // Used to bounds-check table accesses. -1 means
 // that we don't yet know how many entries the table has.
 int num_total_entries_;
</pre>

<h4>Global Variables</h4>

<p>All global variables should have a comment describing what they
are, what they are used for, and (if unclear) why it needs to be
global. For example:</p>

<pre>// The total number of tests cases that we run through in this regression test.
const int kNumTestCases = 6;
</pre>

<h3 id="Implementation_Comments">Implementation Comments</h3>

<p>In your implementation you should have comments in tricky,
non-obvious, interesting, or important parts of your code.</p>

<h4>Explanatory Comments</h4>

<p>Tricky or complicated code blocks should have comments
before them. Example:</p>

<pre>// Divide result by two, taking into account that x
// contains the carry from the add.
for (int i = 0; i &lt; result-&gt;size(); ++i) {
  x = (x &lt;&lt; 8) + (*result)[i];
  (*result)[i] = x &gt;&gt; 1;
  x &amp;= 1;
}
</pre>

<h4>Line-end Comments</h4>

<p>Also, lines that are non-obvious should get a comment
at the end of the line. These end-of-line comments should
be separated from the code by 2 spaces. Example:</p>

<pre>// If we have enough memory, mmap the data portion too.
mmap_budget = max&lt;int64&gt;(0, mmap_budget - index_-&gt;length());
if (mmap_budget &gt;= data_size_ &amp;&amp; !MmapData(mmap_chunk_bytes, mlock))
  return;  // Error already logged.
</pre>

<p>Note that there are both comments that describe what
the code is doing, and comments that mention that an
error has already been logged when the function
returns.</p>

<h4 id="Function_Argument_Comments" class="stylepoint_subsection">Function Argument Comments</h4>

<p>When the meaning of a function argument is nonobvious, consider
one of the following remedies:</p>

<ul>
  <li>If the argument is a literal constant, and the same constant is
  used in multiple function calls in a way that tacitly assumes they're
  the same, you should use a named constant to make that constraint
  explicit, and to guarantee that it holds.</li>

  <li>Consider changing the function signature to replace a <code>bool</code>
  argument with an <code>enum</code> argument. This will make the argument
  values self-describing.</li>

  <li>For functions that have several configuration options, consider
  defining a single class or struct to hold all the options
  ,
  and pass an instance of that.
  This approach has several advantages. Options are referenced by name
  at the call site, which clarifies their meaning. It also reduces
  function argument count, which makes function calls easier to read and
  write. As an added benefit, you don't have to change call sites when
  you add another option.
  </li>

  <li>Replace large or complex nested expressions with named variables.</li>

  <li>As a last resort, use comments to clarify argument meanings at the
  call site. </li>
</ul>

Consider the following example:

<pre class="badcode">// What are these arguments?
const DecimalNumber product = CalculateProduct(values, 7, false, nullptr);
</pre>

<p>versus:</p>

<pre>ProductOptions options;
options.set_precision_decimals(7);
options.set_use_cache(ProductOptions::kDontUseCache);
const DecimalNumber product =
    CalculateProduct(values, options, /*completion_callback=*/nullptr);
</pre>

<h4 id="Implementation_Comment_Donts">Don'ts</h4>

<p>Do not state the obvious. In particular, don't literally describe what
code does, unless the behavior is nonobvious to a reader who understands
C++ well. Instead, provide higher level comments that describe <i>why</i>
the code does what it does, or make the code self describing.</p>

Compare this:

<pre class="badcode">// Find the element in the vector.  &lt;-- Bad: obvious!
auto iter = std::find(v.begin(), v.end(), element);
if (iter != v.end()) {
  Process(element);
}
</pre>

To this:

<pre>// Process "element" unless it was already processed.
auto iter = std::find(v.begin(), v.end(), element);
if (iter != v.end()) {
  Process(element);
}
</pre>

Self-describing code doesn't need a comment. The comment from
the example above would be obvious:

<pre>if (!IsAlreadyProcessed(element)) {
  Process(element);
}
</pre>

<h3 id="Punctuation,_Spelling_and_Grammar">Punctuation, Spelling, and Grammar</h3>

<p>Pay attention to punctuation, spelling, and grammar; it is
easier to read well-written comments than badly written
ones.</p>

<p>Comments should be as readable as narrative text, with
proper capitalization and punctuation. In many cases,
complete sentences are more readable than sentence
fragments. Shorter comments, such as comments at the end
of a line of code, can sometimes be less formal, but you
should be consistent with your style.</p>

<p>Although it can be frustrating to have a code reviewer
point out that you are using a comma when you should be
using a semicolon, it is very important that source code
maintain a high level of clarity and readability. Proper
punctuation, spelling, and grammar help with that
goal.</p>

<h3 id="TODO_Comments">TODO Comments</h3>

<p>Use <code>TODO</code> comments for code that is temporary,
a short-term solution, or good-enough but not perfect.</p>

<p><code>TODO</code>s should include the string
<code>TODO</code> in all caps, followed by the

name, e-mail address, bug ID, or other
identifier
of the person or issue with the best context
about the problem referenced by the <code>TODO</code>. The
main purpose is to have a consistent <code>TODO</code> that
can be searched to find out how to get more details upon
request. A <code>TODO</code> is not a commitment that the
person referenced will fix the problem. Thus when you create
a <code>TODO</code> with a name, it is almost always your
name that is given.</p>



<div>
<pre>// TODO(kl@gmail.com): Use a "*" here for concatenation operator.
// TODO(Zeke) change this to use relations.
// TODO(bug 12345): remove the "Last visitors" feature
</pre>
</div>

<p>If your <code>TODO</code> is of the form "At a future
date do something" make sure that you either include a
very specific date ("Fix by November 2005") or a very
specific event ("Remove this code when all clients can
handle XML responses.").</p>

<h2 id="Formatting">Formatting</h2>

<p>Coding style and formatting are pretty arbitrary, but a

project is much easier to follow
if everyone uses the same style. Individuals may not agree with every
aspect of the formatting rules, and some of the rules may take
some getting used to, but it is important that all

project contributors follow the
style rules so that
they can all read and understand
everyone's code easily.</p>



<div>
<p>To help you format code correctly, we've created a
<a href="https://raw.githubusercontent.com/google/styleguide/gh-pages/google-c-style.el">
settings file for emacs</a>.</p>
</div>

<h3 id="Line_Length">Line Length</h3>

<p>Each line of text in your code should be at most 80
characters long.</p>



<div>
<p>We recognize that this rule is
controversial, but so much existing code already adheres
to it, and we feel that consistency is important.</p>
</div>

<p class="pros"></p>
<p>Those who favor  this rule
argue that it is rude to force them to resize
their windows and there is no need for anything longer.
Some folks are used to having several code windows
side-by-side, and thus don't have room to widen their
windows in any case. People set up their work environment
assuming a particular maximum window width, and 80
columns has been the traditional standard. Why change
it?</p>

<p class="cons"></p>
<p>Proponents of change argue that a wider line can make
code more readable. The 80-column limit is an hidebound
throwback to 1960s mainframes;  modern equipment has wide screens that
can easily show longer lines.</p>

<p class="decision"></p>
<p> 80 characters is the maximum.</p>

<p>A line may exceed 80 characters if it is</p>

<ul>
  <li>a comment line which is not feasible to split without harming
  readability, ease of cut and paste or auto-linking -- e.g. if a line
  contains an example command or a literal URL longer than 80 characters.</li>

  <li>a raw-string literal with content that exceeds 80 characters.  Except for
  test code, such literals should appear near the top of a file.</li>

  <li>an include statement.</li>

  <li>a <a href="#The__define_Guard">header guard</a></li>

  <li>a using-declaration</li>
</ul>

<h3 id="Non-ASCII_Characters">Non-ASCII Characters</h3>

<p>Non-ASCII characters should be rare, and must use UTF-8
formatting.</p>

<p>You shouldn't hard-code user-facing text in source,
even English, so use of non-ASCII characters should be
rare. However, in certain cases it is appropriate to
include such words in your code. For example, if your
code parses data files from foreign sources, it may be
appropriate to hard-code the non-ASCII string(s) used in
those data files as delimiters. More commonly, unittest
code (which does not  need to be localized) might
contain non-ASCII strings. In such cases, you should use
UTF-8, since that is  an encoding
understood by most tools able to handle more than just
ASCII.</p>

<p>Hex encoding is also OK, and encouraged where it
enhances readability &#8212; for example,
<code>"\xEF\xBB\xBF"</code>, or, even more simply,
<code>u8"\uFEFF"</code>, is the Unicode zero-width
no-break space character, which would be invisible if
included in the source as straight UTF-8.</p>

<p>Use the <code>u8</code> prefix
to guarantee that a string literal containing
<code>\uXXXX</code> escape sequences is encoded as UTF-8.
Do not use it for strings containing non-ASCII characters
encoded as UTF-8, because that will produce incorrect
output if the compiler does not interpret the source file
as UTF-8. </p>

<p>You shouldn't use the C++11 <code>char16_t</code> and
<code>char32_t</code> character types, since they're for
non-UTF-8 text. For similar reasons you also shouldn't
use <code>wchar_t</code> (unless you're writing code that
interacts with the Windows API, which uses
<code>wchar_t</code> extensively).</p>

<h3 id="Spaces_vs._Tabs">Spaces vs. Tabs</h3>

<p>Use only spaces, and indent 2 spaces at a time.</p>

<p>We use spaces for indentation. Do not use tabs in your
code. You should set your editor to emit spaces when you
hit the tab key.</p>

<h3 id="Function_Declarations_and_Definitions">Function Declarations and Definitions</h3>

<p>Return type on the same line as function name, parameters
on the same line if they fit. Wrap parameter lists which do
not fit on a single line as you would wrap arguments in a
<a href="#Function_Calls">function call</a>.</p>

<p>Functions look like this:</p>


<pre>ReturnType ClassName::FunctionName(Type par_name1, Type par_name2) {
  DoSomething();
  ...
}
</pre>

<p>If you have too much text to fit on one line:</p>

<pre>ReturnType ClassName::ReallyLongFunctionName(Type par_name1, Type par_name2,
                                             Type par_name3) {
  DoSomething();
  ...
}
</pre>

<p>or if you cannot fit even the first parameter:</p>

<pre>ReturnType LongClassName::ReallyReallyReallyLongFunctionName(
    Type par_name1,  // 4 space indent
    Type par_name2,
    Type par_name3) {
  DoSomething();  // 2 space indent
  ...
}
</pre>

<p>Some points to note:</p>

<ul>
  <li>Choose good parameter names.</li>

  <li>A parameter name may be omitted only if the parameter is not used in the
  function's definition.</li>

  <li>If you cannot fit the return type and the function
  name on a single line, break between them.</li>

  <li>If you break after the return type of a function
  declaration or definition, do not indent.</li>

  <li>The open parenthesis is always on the same line as
  the function name.</li>

  <li>There is never a space between the function name
  and the open parenthesis.</li>

  <li>There is never a space between the parentheses and
  the parameters.</li>

  <li>The open curly brace is always on the end of the last line of the function
  declaration, not the start of the next line.</li>

  <li>The close curly brace is either on the last line by
  itself or on the same line as the open curly brace.</li>

  <li>There should be a space between the close
  parenthesis and the open curly brace.</li>

  <li>All parameters should be aligned if possible.</li>

  <li>Default indentation is 2 spaces.</li>

  <li>Wrapped parameters have a 4 space indent.</li>
</ul>

<p>Unused parameters that are obvious from context may be omitted:</p>

<pre>class Foo {
 public:
  Foo(const Foo&amp;) = delete;
  Foo&amp; operator=(const Foo&amp;) = delete;
};
</pre>

<p>Unused parameters that might not be obvious should comment out the variable
name in the function definition:</p>

<pre>class Shape {
 public:
  virtual void Rotate(double radians) = 0;
};

class Circle : public Shape {
 public:
  void Rotate(double radians) override;
};

void Circle::Rotate(double /*radians*/) {}
</pre>

<pre class="badcode">// Bad - if someone wants to implement later, it's not clear what the
// variable means.
void Circle::Rotate(double) {}
</pre>

<p>Attributes, and macros that expand to attributes, appear at the very
beginning of the function declaration or definition, before the
return type:</p>
<pre>ABSL_MUST_USE_RESULT bool IsOk();
</pre>

<h3 id="Formatting_Lambda_Expressions">Lambda Expressions</h3>

<p>Format parameters and bodies as for any other function, and capture
lists like other comma-separated lists.</p>

<p>For by-reference captures, do not leave a space between the
ampersand (&amp;) and the variable name.</p>
<pre>int x = 0;
auto x_plus_n = [&amp;x](int n) -&gt; int { return x + n; }
</pre>
<p>Short lambdas may be written inline as function arguments.</p>
<pre>std::set&lt;int&gt; blacklist = {7, 8, 9};
std::vector&lt;int&gt; digits = {3, 9, 1, 8, 4, 7, 1};
digits.erase(std::remove_if(digits.begin(), digits.end(), [&amp;blacklist](int i) {
               return blacklist.find(i) != blacklist.end();
             }),
             digits.end());
</pre>

<h3 id="Floating_Literals">Floating-point Literals</h3>

<p>Floating-point literals should always have a radix point, with digits on both
sides, even if they use exponential notation. Readability is improved if all
floating-point literals take this familiar form, as this helps ensure that they
are not mistaken for integer literals, and that the
<code>E</code>/<code>e</code> of the exponential notation is not mistaken for a
hexadecimal digit. It is fine to initialize a floating-point variable with an
integer literal (assuming the variable type can exactly represent that integer),
but note that a number in exponential notation is never an integer literal.
</p>

<pre class="badcode">float f = 1.f;
long double ld = -.5L;
double d = 1248e6;
</pre>

<pre class="goodcode">float f = 1.0f;
float f2 = 1;   // Also OK
long double ld = -0.5L;
double d = 1248.0e6;
</pre>


<h3 id="Function_Calls">Function Calls</h3>

<p>Either write the call all on a single line, wrap the
arguments at the parenthesis, or start the arguments on a new
line indented by four spaces and continue at that 4 space
indent. In the absence of other considerations, use the
minimum number of lines, including placing multiple arguments
on each line where appropriate.</p>

<p>Function calls have the following format:</p>
<pre>bool result = DoSomething(argument1, argument2, argument3);
</pre>

<p>If the arguments do not all fit on one line, they
should be broken up onto multiple lines, with each
subsequent line aligned with the first argument. Do not
add spaces after the open paren or before the close
paren:</p>
<pre>bool result = DoSomething(averyveryveryverylongargument1,
                          argument2, argument3);
</pre>

<p>Arguments may optionally all be placed on subsequent
lines with a four space indent:</p>
<pre>if (...) {
  ...
  ...
  if (...) {
    bool result = DoSomething(
        argument1, argument2,  // 4 space indent
        argument3, argument4);
    ...
  }
</pre>

<p>Put multiple arguments on a single line to reduce the
number of lines necessary for calling a function unless
there is a specific readability problem. Some find that
formatting with strictly one argument on each line is
more readable and simplifies editing of the arguments.
However, we prioritize for the reader over the ease of
editing arguments, and most readability problems are
better addressed with the following techniques.</p>

<p>If having multiple arguments in a single line decreases
readability due to the complexity or confusing nature of the
expressions that make up some arguments, try creating
variables that capture those arguments in a descriptive name:</p>
<pre>int my_heuristic = scores[x] * y + bases[x];
bool result = DoSomething(my_heuristic, x, y, z);
</pre>

<p>Or put the confusing argument on its own line with
an explanatory comment:</p>
<pre>bool result = DoSomething(scores[x] * y + bases[x],  // Score heuristic.
                          x, y, z);
</pre>

<p>If there is still a case where one argument is
significantly more readable on its own line, then put it on
its own line. The decision should be specific to the argument
which is made more readable rather than a general policy.</p>

<p>Sometimes arguments form a structure that is important
for readability. In those cases, feel free to format the
arguments according to that structure:</p>
<pre>// Transform the widget by a 3x3 matrix.
my_widget.Transform(x1, x2, x3,
                    y1, y2, y3,
                    z1, z2, z3);
</pre>

<h3 id="Braced_Initializer_List_Format">Braced Initializer List Format</h3>

<p>Format a <a href="#Braced_Initializer_List">braced initializer list</a>
exactly like you would format a function call in its place.</p>

<p>If the braced list follows a name (e.g. a type or
variable name), format as if the <code>{}</code> were the
parentheses of a function call with that name. If there
is no name, assume a zero-length name.</p>

<pre>// Examples of braced init list on a single line.
return {foo, bar};
functioncall({foo, bar});
std::pair&lt;int, int&gt; p{foo, bar};

// When you have to wrap.
SomeFunction(
    {"assume a zero-length name before {"},
    some_other_function_parameter);
SomeType variable{
    some, other, values,
    {"assume a zero-length name before {"},
    SomeOtherType{
        "Very long string requiring the surrounding breaks.",
        some, other values},
    SomeOtherType{"Slightly shorter string",
                  some, other, values}};
SomeType variable{
    "This is too long to fit all in one line"};
MyType m = {  // Here, you could also break before {.
    superlongvariablename1,
    superlongvariablename2,
    {short, interior, list},
    {interiorwrappinglist,
     interiorwrappinglist2}};
</pre>

<h3 id="Conditionals">Conditionals</h3>

<p>Prefer no spaces inside parentheses. The <code>if</code>
and <code>else</code> keywords belong on separate lines.</p>

<p>There are two acceptable formats for a basic
conditional statement. One includes spaces between the
parentheses and the condition, and one does not.</p>

<p>The most common form is without spaces. Either is
fine, but <em>be consistent</em>. If you are modifying a
file, use the format that is already present. If you are
writing new code, use the format that the other files in
that directory or project use. If in doubt and you have
no personal preference, do not add the spaces.</p>

<pre>if (condition) {  // no spaces inside parentheses
  ...  // 2 space indent.
} else if (...) {  // The else goes on the same line as the closing brace.
  ...
} else {
  ...
}
</pre>

<p>If you prefer you may add spaces inside the
parentheses:</p>

<pre>if ( condition ) {  // spaces inside parentheses - rare
  ...  // 2 space indent.
} else {  // The else goes on the same line as the closing brace.
  ...
}
</pre>

<p>Note that in all cases you must have a space between
the <code>if</code> and the open parenthesis. You must
also have a space between the close parenthesis and the
curly brace, if you're using one.</p>

<pre class="badcode">if(condition) {   // Bad - space missing after IF.
if (condition){   // Bad - space missing before {.
if(condition){    // Doubly bad.
</pre>

<pre>if (condition) {  // Good - proper space after IF and before {.
</pre>

<p>Short conditional statements may be written on one
line if this enhances readability. You may use this only
when the line is brief and the statement does not use the
<code>else</code> clause.</p>

<pre>if (x == kFoo) return new Foo();
if (x == kBar) return new Bar();
</pre>

<p>This is not allowed when the if statement has an
<code>else</code>:</p>

<pre class="badcode">// Not allowed - IF statement on one line when there is an ELSE clause
if (x) DoThis();
else DoThat();
</pre>

<p>In general, curly braces are not required for
single-line statements, but they are allowed if you like
them; conditional or loop statements with complex
conditions or statements may be more readable with curly
braces. Some
projects require that an
<code>if</code> must always have an accompanying
brace.</p>

<pre>if (condition)
  DoSomething();  // 2 space indent.

if (condition) {
  DoSomething();  // 2 space indent.
}
</pre>

<p>However, if one part of an
<code>if</code>-<code>else</code> statement uses curly
braces, the other part must too:</p>

<pre class="badcode">// Not allowed - curly on IF but not ELSE
if (condition) {
  foo;
} else
  bar;

// Not allowed - curly on ELSE but not IF
if (condition)
  foo;
else {
  bar;
}
</pre>

<pre>// Curly braces around both IF and ELSE required because
// one of the clauses used braces.
if (condition) {
  foo;
} else {
  bar;
}
</pre>

<h3 id="Loops_and_Switch_Statements">Loops and Switch Statements</h3>

<p>Switch statements may use braces for blocks. Annotate
non-trivial fall-through between cases.
Braces are optional for single-statement loops.
Empty loop bodies should use either empty braces or <code>continue</code>.</p>

<p><code>case</code> blocks in <code>switch</code>
statements can have curly braces or not, depending on
your preference. If you do include curly braces they
should be placed as shown below.</p>

<p>If not conditional on an enumerated value, switch
statements should always have a <code>default</code> case
(in the case of an enumerated value, the compiler will
warn you if any values are not handled). If the default
case should never execute, treat this as an error. For example:

</p>

<div>
<pre>switch (var) {
  case 0: {  // 2 space indent
    ...      // 4 space indent
    break;
  }
  case 1: {
    ...
    break;
  }
  default: {
    assert(false);
  }
}
</pre>
</div>

<p>Fall-through from one case label to
another must be annotated using the
<code>ABSL_FALLTHROUGH_INTENDED;</code> macro (defined in

<code>absl/base/macros.h</code>).
<code>ABSL_FALLTHROUGH_INTENDED;</code> should be placed at a
point of execution where a fall-through to the next case
label occurs. A common exception is consecutive case
labels without intervening code, in which case no
annotation is needed.</p>

<pre>switch (x) {
  case 41:  // No annotation needed here.
  case 43:
    if (dont_be_picky) {
      // Use this instead of or along with annotations in comments.
      ABSL_FALLTHROUGH_INTENDED;
    } else {
      CloseButNoCigar();
      break;
    }
  case 42:
    DoSomethingSpecial();
    ABSL_FALLTHROUGH_INTENDED;
  default:
    DoSomethingGeneric();
    break;
}
</pre>

<p> Braces are optional for single-statement loops.</p>

<pre>for (int i = 0; i &lt; kSomeNumber; ++i)
  printf("I love you\n");

for (int i = 0; i &lt; kSomeNumber; ++i) {
  printf("I take it back\n");
}
</pre>


<p>Empty loop bodies should use either an empty pair of braces or
<code>continue</code> with no braces, rather than a single semicolon.</p>

<pre>while (condition) {
  // Repeat test until it returns false.
}
for (int i = 0; i &lt; kSomeNumber; ++i) {}  // Good - one newline is also OK.
while (condition) continue;  // Good - continue indicates no logic.
</pre>

<pre class="badcode">while (condition);  // Bad - looks like part of do/while loop.
</pre>

<h3 id="Pointer_and_Reference_Expressions">Pointer and Reference Expressions</h3>

<p>No spaces around period or arrow. Pointer operators do not
have trailing spaces.</p>

<p>The following are examples of correctly-formatted
pointer and reference expressions:</p>

<pre>x = *p;
p = &amp;x;
x = r.y;
x = r-&gt;y;
</pre>

<p>Note that:</p>

<ul>
  <li>There are no spaces around the period or arrow when
  accessing a member.</li>

   <li>Pointer operators have no space after the
   <code>*</code> or <code>&amp;</code>.</li>
</ul>

<p>When declaring a pointer variable or argument, you may
place the asterisk adjacent to either the type or to the
variable name:</p>

<pre>// These are fine, space preceding.
char *c;
const std::string &amp;str;

// These are fine, space following.
char* c;
const std::string&amp; str;
</pre>

<p>You should do this consistently within a single
file,
so, when modifying an existing file, use the style in
that file.</p>

It is allowed (if unusual) to declare multiple variables in the same
declaration, but it is disallowed if any of those have pointer or
reference decorations. Such declarations are easily misread.
<pre>// Fine if helpful for readability.
int x, y;
</pre>
<pre class="badcode">int x, *y;  // Disallowed - no &amp; or * in multiple declaration
char * c;  // Bad - spaces on both sides of *
const std::string &amp; str;  // Bad - spaces on both sides of &amp;
</pre>

<h3 id="Boolean_Expressions">Boolean Expressions</h3>

<p>When you have a boolean expression that is longer than the
<a href="#Line_Length">standard line length</a>, be
consistent in how you break up the lines.</p>

<p>In this example, the logical AND operator is always at
the end of the lines:</p>

<pre>if (this_one_thing &gt; this_other_thing &amp;&amp;
    a_third_thing == a_fourth_thing &amp;&amp;
    yet_another &amp;&amp; last_one) {
  ...
}
</pre>

<p>Note that when the code wraps in this example, both of
the <code>&amp;&amp;</code> logical AND operators are at
the end of the line. This is more common in Google code,
though wrapping all operators at the beginning of the
line is also allowed. Feel free to insert extra
parentheses judiciously because they can be very helpful
in increasing readability when used
appropriately. Also note that you should always use
the punctuation operators, such as
<code>&amp;&amp;</code> and <code>~</code>, rather than
the word operators, such as <code>and</code> and
<code>compl</code>.</p>

<h3 id="Return_Values">Return Values</h3>

<p>Do not needlessly surround the <code>return</code>
expression with parentheses.</p>

<p>Use parentheses in <code>return expr;</code> only
where you would use them in <code>x = expr;</code>.</p>

<pre>return result;                  // No parentheses in the simple case.
// Parentheses OK to make a complex expression more readable.
return (some_long_condition &amp;&amp;
        another_condition);
</pre>

<pre class="badcode">return (value);                // You wouldn't write var = (value);
return(result);                // return is not a function!
</pre>



<h3 id="Variable_and_Array_Initialization">Variable and Array Initialization</h3>

<p>Your choice of <code>=</code>, <code>()</code>, or
<code>{}</code>.</p>

<p>You may choose between <code>=</code>,
<code>()</code>, and <code>{}</code>; the following are
all correct:</p>

<pre>int x = 3;
int x(3);
int x{3};
std::string name = "Some Name";
std::string name("Some Name");
std::string name{"Some Name"};
</pre>

<p>Be careful when using a braced initialization list <code>{...}</code>
on a type with an <code>std::initializer_list</code> constructor.
A nonempty <i>braced-init-list</i> prefers the
<code>std::initializer_list</code> constructor whenever
possible. Note that empty braces <code>{}</code> are special, and
will call a default constructor if available. To force the
non-<code>std::initializer_list</code> constructor, use parentheses
instead of braces.</p>

<pre>std::vector&lt;int&gt; v(100, 1);  // A vector containing 100 items: All 1s.
std::vector&lt;int&gt; v{100, 1};  // A vector containing 2 items: 100 and 1.
</pre>

<p>Also, the brace form prevents narrowing of integral
types. This can prevent some types of programming
errors.</p>

<pre>int pi(3.14);  // OK -- pi == 3.
int pi{3.14};  // Compile error: narrowing conversion.
</pre>

<h3 id="Preprocessor_Directives">Preprocessor Directives</h3>

<p>The hash mark that starts a preprocessor directive should
always be at the beginning of the line.</p>

<p>Even when preprocessor directives are within the body
of indented code, the directives should start at the
beginning of the line.</p>

<pre>// Good - directives at beginning of line
  if (lopsided_score) {
#if DISASTER_PENDING      // Correct -- Starts at beginning of line
    DropEverything();
# if NOTIFY               // OK but not required -- Spaces after #
    NotifyClient();
# endif
#endif
    BackToNormal();
  }
</pre>

<pre class="badcode">// Bad - indented directives
  if (lopsided_score) {
    #if DISASTER_PENDING  // Wrong!  The "#if" should be at beginning of line
    DropEverything();
    #endif                // Wrong!  Do not indent "#endif"
    BackToNormal();
  }
</pre>

<h3 id="Class_Format">Class Format</h3>

<p>Sections in <code>public</code>, <code>protected</code> and
<code>private</code> order, each indented one space.</p>

<p>The basic format for a class definition (lacking the
comments, see <a href="#Class_Comments">Class
Comments</a> for a discussion of what comments are
needed) is:</p>

<pre>class MyClass : public OtherClass {
 public:      // Note the 1 space indent!
  MyClass();  // Regular 2 space indent.
  explicit MyClass(int var);
  ~MyClass() {}

  void SomeFunction();
  void SomeFunctionThatDoesNothing() {
  }

  void set_some_var(int var) { some_var_ = var; }
  int some_var() const { return some_var_; }

 private:
  bool SomeInternalFunction();

  int some_var_;
  int some_other_var_;
};
</pre>

<p>Things to note:</p>

<ul>
  <li>Any base class name should be on the same line as
  the subclass name, subject to the 80-column limit.</li>

  <li>The <code>public:</code>, <code>protected:</code>,
  and <code>private:</code> keywords should be indented
  one space.</li>

  <li>Except for the first instance, these keywords
  should be preceded by a blank line. This rule is
  optional in small classes.</li>

  <li>Do not leave a blank line after these
  keywords.</li>

  <li>The <code>public</code> section should be first,
  followed by the <code>protected</code> and finally the
  <code>private</code> section.</li>

  <li>See <a href="#Declaration_Order">Declaration
  Order</a> for rules on ordering declarations within
  each of these sections.</li>
</ul>

<h3 id="Constructor_Initializer_Lists">Constructor Initializer Lists</h3>

<p>Constructor initializer lists can be all on one line or
with subsequent lines indented four spaces.</p>

<p>The acceptable formats for initializer lists are:</p>

<pre>// When everything fits on one line:
MyClass::MyClass(int var) : some_var_(var) {
  DoSomething();
}

// If the signature and initializer list are not all on one line,
// you must wrap before the colon and indent 4 spaces:
MyClass::MyClass(int var)
    : some_var_(var), some_other_var_(var + 1) {
  DoSomething();
}

// When the list spans multiple lines, put each member on its own line
// and align them:
MyClass::MyClass(int var)
    : some_var_(var),             // 4 space indent
      some_other_var_(var + 1) {  // lined up
  DoSomething();
}

// As with any other code block, the close curly can be on the same
// line as the open curly, if it fits.
MyClass::MyClass(int var)
    : some_var_(var) {}
</pre>

<h3 id="Namespace_Formatting">Namespace Formatting</h3>

<p>The contents of namespaces are not indented.</p>

<p><a href="#Namespaces">Namespaces</a> do not add an
extra level of indentation. For example, use:</p>

<pre>namespace {

void foo() {  // Correct.  No extra indentation within namespace.
  ...
}

}  // namespace
</pre>

<p>Do not indent within a namespace:</p>

<pre class="badcode">namespace {

  // Wrong!  Indented when it should not be.
  void foo() {
    ...
  }

}  // namespace
</pre>

<p>When declaring nested namespaces, put each namespace
on its own line.</p>

<pre>namespace foo {
namespace bar {
</pre>

<h3 id="Horizontal_Whitespace">Horizontal Whitespace</h3>

<p>Use of horizontal whitespace depends on location. Never put
trailing whitespace at the end of a line.</p>

<h4>General</h4>

<pre>void f(bool b) {  // Open braces should always have a space before them.
  ...
int i = 0;  // Semicolons usually have no space before them.
// Spaces inside braces for braced-init-list are optional.  If you use them,
// put them on both sides!
int x[] = { 0 };
int x[] = {0};

// Spaces around the colon in inheritance and initializer lists.
class Foo : public Bar {
 public:
  // For inline function implementations, put spaces between the braces
  // and the implementation itself.
  Foo(int b) : Bar(), baz_(b) {}  // No spaces inside empty braces.
  void Reset() { baz_ = 0; }  // Spaces separating braces from implementation.
  ...
</pre>

<p>Adding trailing whitespace can cause extra work for
others editing the same file, when they merge, as can
removing existing trailing whitespace. So: Don't
introduce trailing whitespace. Remove it if you're
already changing that line, or do it in a separate
clean-up
operation (preferably when no-one
else is working on the file).</p>

<h4>Loops and Conditionals</h4>

<pre>if (b) {          // Space after the keyword in conditions and loops.
} else {          // Spaces around else.
}
while (test) {}   // There is usually no space inside parentheses.
switch (i) {
for (int i = 0; i &lt; 5; ++i) {
// Loops and conditions may have spaces inside parentheses, but this
// is rare.  Be consistent.
switch ( i ) {
if ( test ) {
for ( int i = 0; i &lt; 5; ++i ) {
// For loops always have a space after the semicolon.  They may have a space
// before the semicolon, but this is rare.
for ( ; i &lt; 5 ; ++i) {
  ...

// Range-based for loops always have a space before and after the colon.
for (auto x : counts) {
  ...
}
switch (i) {
  case 1:         // No space before colon in a switch case.
    ...
  case 2: break;  // Use a space after a colon if there's code after it.
</pre>

<h4>Operators</h4>

<pre>// Assignment operators always have spaces around them.
x = 0;

// Other binary operators usually have spaces around them, but it's
// OK to remove spaces around factors.  Parentheses should have no
// internal padding.
v = w * x + y / z;
v = w*x + y/z;
v = w * (x + z);

// No spaces separating unary operators and their arguments.
x = -5;
++x;
if (x &amp;&amp; !y)
  ...
</pre>

<h4>Templates and Casts</h4>

<pre>// No spaces inside the angle brackets (&lt; and &gt;), before
// &lt;, or between &gt;( in a cast
std::vector&lt;std::string&gt; x;
y = static_cast&lt;char*&gt;(x);

// Spaces between type and pointer are OK, but be consistent.
std::vector&lt;char *&gt; x;
</pre>

<h3 id="Vertical_Whitespace">Vertical Whitespace</h3>

<p>Minimize use of vertical whitespace.</p>

<p>This is more a principle than a rule: don't use blank lines when
you don't have to. In particular, don't put more than one or two blank
lines between functions, resist starting functions with a blank line,
don't end functions with a blank line, and be sparing with your use of
blank lines. A blank line within a block of code serves like a
paragraph break in prose: visually separating two thoughts.</p>

<p>The basic principle is: The more code that fits on one screen, the
easier it is to follow and understand the control flow of the
program. Use whitespace purposefully to provide separation in that
flow.</p>

<p>Some rules of thumb to help when blank lines may be
useful:</p>

<ul>
  <li>Blank lines at the beginning or end of a function
  do not help readability.</li>

  <li>Blank lines inside a chain of if-else blocks may
  well help readability.</li>

  <li>A blank line before a comment line usually helps
  readability &#8212; the introduction of a new comment suggests
  the start of a new thought, and the blank line makes it clear
  that the comment goes with the following thing instead of the
  preceding.</li>
</ul>

<h2 id="Exceptions_to_the_Rules">Exceptions to the Rules</h2>

<p>The coding conventions described above are mandatory.
However, like all good rules, these sometimes have exceptions,
which we discuss here.</p>



<div>
<h3 id="Existing_Non-conformant_Code">Existing Non-conformant Code</h3>

<p>You may diverge from the rules when dealing with code that
does not conform to this style guide.</p>

<p>If you find yourself modifying code that was written
to specifications other than those presented by this
guide, you may have to diverge from these rules in order
to stay consistent with the local conventions in that
code. If you are in doubt about how to do this, ask the
original author or the person currently responsible for
the code. Remember that <em>consistency</em> includes
local consistency, too.</p>

</div>



<h3 id="Windows_Code">Windows Code</h3>

<p> Windows
programmers have developed their own set of coding
conventions, mainly derived from the conventions in Windows
headers and other Microsoft code. We want to make it easy
for anyone to understand your code, so we have a single set
of guidelines for everyone writing C++ on any platform.</p>

<p>It is worth reiterating a few of the guidelines that
you might forget if you are used to the prevalent Windows
style:</p>

<ul>
  <li>Do not use Hungarian notation (for example, naming
  an integer <code>iNum</code>). Use the Google naming
  conventions, including the <code>.cc</code> extension
  for source files.</li>

  <li>Windows defines many of its own synonyms for
  primitive types, such as <code>DWORD</code>,
  <code>HANDLE</code>, etc. It is perfectly acceptable,
  and encouraged, that you use these types when calling
  Windows API functions. Even so, keep as close as you
  can to the underlying C++ types. For example, use
  <code>const TCHAR *</code> instead of
  <code>LPCTSTR</code>.</li>

  <li>When compiling with Microsoft Visual C++, set the
  compiler to warning level 3 or higher, and treat all
  warnings as errors.</li>

  <li>Do not use <code>#pragma once</code>; instead use
  the standard Google include guards. The path in the
  include guards should be relative to the top of your
  project tree.</li>

  <li>In fact, do not use any nonstandard extensions,
  like <code>#pragma</code> and <code>__declspec</code>,
  unless you absolutely must. Using
  <code>__declspec(dllimport)</code> and
  <code>__declspec(dllexport)</code> is allowed; however,
  you must use them through macros such as
  <code>DLLIMPORT</code> and <code>DLLEXPORT</code>, so
  that someone can easily disable the extensions if they
  share the code.</li>
</ul>

<p>However, there are just a few rules that we
occasionally need to break on Windows:</p>

<ul>
  <li>Normally we <a href="#Multiple_Inheritance">strongly discourage
  the use of multiple implementation inheritance</a>;
  however, it is required when using COM and some ATL/WTL
  classes. You may use multiple implementation
  inheritance to implement COM or ATL/WTL classes and
  interfaces.</li>

  <li>Although you should not use exceptions in your own
  code, they are used extensively in the ATL and some
  STLs, including the one that comes with Visual C++.
  When using the ATL, you should define
  <code>_ATL_NO_EXCEPTIONS</code> to disable exceptions.
  You should investigate whether you can also disable
  exceptions in your STL, but if not, it is OK to turn on
  exceptions in the compiler. (Note that this is only to
  get the STL to compile. You should still not write
  exception handling code yourself.)</li>

  <li>The usual way of working with precompiled headers
  is to include a header file at the top of each source
  file, typically with a name like <code>StdAfx.h</code>
  or <code>precompile.h</code>. To make your code easier
  to share with other projects, avoid including this file
  explicitly (except in <code>precompile.cc</code>), and
  use the <code>/FI</code> compiler option to include the
  file automatically.</li>

  <li>Resource headers, which are usually named
  <code>resource.h</code> and contain only macros, do not
  need to conform to these style guidelines.</li>
</ul>

<h2 id="Parting_Words">Parting Words</h2>

<p>Use common sense and <em>BE CONSISTENT</em>.</p>

<p>If you are editing code, take a few minutes to look at the
code around you and determine its style. If they use spaces
around their <code>if</code> clauses, you should, too. If their
comments have little boxes of stars around them, make your
comments have little boxes of stars around them too.</p>

<p>The point of having style guidelines is to have a common
vocabulary of coding so people can concentrate on what you are
saying, rather than on how you are saying it. We present global
style rules here so people know the vocabulary. But local style
is also important. If code you add to a file looks drastically
different from the existing code around it, the discontinuity
throws readers out of their rhythm when they go to read it. Try
to avoid this.</p>



<p>OK, enough writing about writing code; the code itself is much
more interesting. Have fun!</p>

<hr>
</div>
</body>
</html>