Coding-style exceptionalism [LWN.net]

July 20, 2016

This article was contributed by Neil Brown

As I was analyzing the behavioral details of various drivers as part of my research for a recent article on USB battery charging in Linux, I was struck by the the thought that code doesn't exist just to make certain hardware perform certain functions. Important though that is, the code in Linux, and in other open projects, also exists as a cultural artifact through which we programmers communicate and from which we learn. The disappointment I felt at the haphazard quality I found was not simply because some hardware somewhere might not perform optimally. It was because some other programmer tasked with writing a similar driver for new hardware might look to some of these drivers for inspiration, and might copy something that was barely functional and not use the best interfaces available.

With these thoughts floating around my mind I was interested to find a recent thread on the linux-kernel mailing list that was more concerned about how a block of code looked than about what it did.

The code in question handles SHA-256 hash generation on Intel x86 platforms. The thread started because Dan Carpenter's smatch tool had found some unusual code:

    if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) {

The "|" here looks like it was probably meant to be "||" — so there was a bit-wise "or" where a logical "or" is more common. Carpenter went to some pains to be clear that he knew the code would produce the same result no matter which operator was used, but observed that "it's hard to tell the intent." Intent doesn't matter to a compiler, but it does to a human reader. Even well-written code can be a challenge to read due to the enormous amount of detail embedded in it. When there is an unusual construct that you need to stop and think about, that doesn't make it any easier.

There were a couple of suggestions that this was an intentional optimization and there is some justification for this. With both GCC 4.8 and 5.3 compiling for x86_64, the "|" version produces one fewer instruction, avoiding a jump. In some cases that small performance difference might be worth the small extra burden on the reader, though as Joe Perches observed: "It's probably useful to add a comment for the specific intent here"; that would not only make it easier to read, but would ensure that nobody broke the optimization in the future. Further, the value of such optimizations can easily vary from compiler to compiler.

Once a little attention was focused on this code, other complaints arose, with Ingo Molnar complaining about the excessive use of parentheses, the unusually long field name partial_block_buffer_length, and, responding to what is clearly a sore spot for some, requesting that the "customary" style be used for multi-line comments.

Documentation/Codingstyle explains that:

    The preferred style for long (multi-line) comments is:

        /*
         * This is the preferred style for multi-line
         * comments in the Linux kernel source code.
         * Please use it consistently.
         *
         * Description:  A column of asterisks on the left side,
         * with beginning and ending almost-blank lines.
         */

    For files in net/ and drivers/net/ the preferred style for long (multi-line)
    comments is a little different.

        /* The preferred comment style for files in net/ and drivers/net
         * looks like this.
         *
         * It is nearly the same as the generally preferred comment style,
         * but there is no initial almost-blank line.
         */

The code under the microscope is in arch/x86/crypto — not strictly part of the networking subsystem — but this code uses the style for net/ and drivers/net/ in at least one place. Herbert Xu, the crypto subsystem maintainer, asserted that the crypto API uses the same style as networking, but Molnar wasn't convinced and neither, it turned out, was Linus Torvalds. I won't try to summarize Torvalds's rant (which he promised he would not follow up on) but I will examine a concrete and testable assertion made by Molnar: "That 'standard' is not being enforced consistently at all".

Looking at the ".c" and ".h" files in linux 4.7-rc7 and using fairly simple regular expressions (which might have occasional false positives), the string "/*" appears 1,308,166 times, suggesting the presence of over 1.3 million comments. Of those, 981,168 are followed by "*/" on the same line, leaving 326,998 multi-line comments. 200,737 of these have nothing (apart from the occasional space) following the opening "/*" on the first line, and 51,366 start with "/**" which indicates a "kernel-doc" formatted comment, leaving 74,895 multi-line comments in the non-customary format with text on the first line.

These three groups are present in a ratio of approximately 8:2:3. The kernel-doc comments have to be in the expected format to be properly functional, leaving the developer no discretion; it thus isn't reasonable to include them when looking at the choices developers have made. Of the multi-line comments where the programmer has some discretion, we find an 8:3 ratio of customary format, in the sense Molnar meant it, to others. So 27% are non-standard.

If we repeat these measurements for net/, drivers/net/, crypto/, and drivers/crypto/, the number of non-standard multi-line comments are:

Subsystem Comments Percent

Total Net-style

net/ 13,441 6,423 48%

drivers/net/ 36,599 19.516 54%

crypto/ 593 171 29%

drivers/crypto/ 706 178 25%

Subsystem	Comments	Percent
Total	Net-style
`net/`	13,441	6,423	48%
`drivers/net/`	36,599	19.516	54%
`crypto/`	593	171	29%
`drivers/crypto/`	706	178	25%

So broadly, the evidence does seem to support Molnar's claim. While "text-on-the-first-line" comments are more common in the networking code, they just barely constitute a majority of multi-line comments there and they are not significantly more common in the crypto code. This statistic doesn't tell us a lot, but it does suggest that the supposed "preferred" style for the networking code is not consistently preferred in practice, and that sticking to it for new comments wouldn't actually improve the overall consistency of that code.

Some of us may think this is all a storm in a teacup and that empty lines in comments, much like empty lines in code, are a matter of personal taste and nothing more. For many people this may be true. But open-source code will particularly benefit from being read by people who have a high attention for details, who will notice things that look a bit out of place, and who can spot bugs that compilers or static analyzers will miss. These people are likely to notice, and so be burdened by, irrelevant details like non-standard comments.

For Molnar at least, "the networking code's 'exceptionalism' regarding the standard comment style is super distracting" and there is evidence that he is not alone in this. To get the greatest value from other people reading our code, it makes sense to keep it as easy to read as possible. The code doesn't just belong to the author, it belongs to the community which very much includes those who will read it, whether to fix bugs, to write documentation, or as a basis for writing new drivers. We serve that community, and so indirectly ourselves, best when we make our code uniform and easy for others to read.

Index entries for this article
Kernel	Coding style
GuestArticles	Brown, Neil

to post comments

Coding-style exceptionalism

Posted Jul 21, 2016 10:55 UTC (Thu) by epa (subscriber, #39769) [Link] (8 responses)

/*****************************************************************************/
/* Linus is right - and moreover, his insight can be generalized.  The lack  */
/* of a uniform, strongly enforced comment style on LWN makes discussions    */
/* harder to read and reduces maintainability of the site.  I don't          */
/* understand why those who write comments on LWN articles fail to stick to  */
/* the obvious convention.                                                   */
/*****************************************************************************/

Coding-style exceptionalism

Posted Jul 21, 2016 14:50 UTC (Thu) by smitty_one_each (subscriber, #28989) [Link] (4 responses)

//I see what you did there.

Coding-style exceptionalism

Posted Jul 28, 2016 23:41 UTC (Thu) by dfsmith (guest, #20302) [Link] (3 responses)

#define COMMENT 0

#if COMMENT
There are some quite obnoxious ways
to make a multi-line comment.
#endif

Coding-style exceptionalism

Posted Jul 28, 2016 23:47 UTC (Thu) by dfsmith (guest, #20302) [Link] (1 responses)

#define REMINDER(X)

REMINDER(
And as long as you don't need a comma; this one
handles both multi-line...
)

exit(good_grief); REMINDER(... and inline.)

Coding-style exceptionalism

Posted Jul 29, 2016 11:36 UTC (Fri) by cladisch (✭ supporter ✭, #50193) [Link]

This macro can be, er, improved by making it variadic:

#define REMINDER(...)

Coding-style exceptionalism

Posted Aug 5, 2016 20:04 UTC (Fri) by nix (subscriber, #2304) [Link]

#if 0

But multi-line comments featuring #if 0 don't work because #if is processed too late.

We are in serious trouble now, for instance.
#endif

Coding-style exceptionalism

Posted Jul 21, 2016 20:43 UTC (Thu) by njd27 (subscriber, #5770) [Link]

I find myself reminiscing fondly of alt.fan.warlord

Coding-style exceptionalism

Posted Jul 21, 2016 21:11 UTC (Thu) by iabervon (subscriber, #722) [Link] (1 responses)

I don't know about that; I find that comments on LWN stick to flowed
paragraphs in proportional fonts, except when there is something in
particular to convey by line-breaks. If someone were to post with
fixed-length lines as a matter of personal style, it would actually be
quite distracting.

Of course, since LWN takes care of delimiting particular comments from
other text, it's not necessary to have standards for that (e.g., we
don't have to conform to a standard on how to let people know that the
text that we slipped into an article isn't actually part of the
article, but rather an inline comment, because we can't do that). And
LWN's rendering takes care of presenting the metadata, and does it
consistently (for each reader) without any standard followed by the
poster. So the aspects that coding-system standardizes aren't really
variable on LWN anyway.

Coding-style exceptionalism

Posted Aug 5, 2016 20:06 UTC (Fri) by nix (subscriber, #2304) [Link]

I don't know about that; I find that comments on LWN stick to flowed paragraphs in proportional fonts, except when there is something in particular to convey by line-breaks. If someone were to post with fixed-length lines as a matter of personal style, it would actually be quite distracting.

Of course, some people make a habit (bordering on fetish) of that, for instance, Jim Warner, maintainer of top.

Coding-style exceptionalism

Posted Jul 22, 2016 8:02 UTC (Fri) by linusw (subscriber, #40300) [Link] (5 responses)

This phenomenon that programmers have very strong opinions on very small syntactic issues was ridiculed even in popular culture in a recent episode of the TV series Silion Valley which brought up the eternal TABs vs spaces thing again, so the general populace can have some popcorn and feel better than the geeks.

What would be really interesting would be if a cognitive scientist could add some hard facts to the issue. Those people can tell objectively by test audiences and eye tracking etc what is actually best for cognition, it's not "just like, your opinion man" this is a thing that can be determined by applied science. It can be determined which syntax is in general and at large best for the human perception.

Somebody just has to do it. I wish I knew a cognitive scientist up to the task of analyzing some of these for us once and for all.

Coding-style exceptionalism

Posted Jul 22, 2016 8:12 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

http://www.sandraandwoo.com/2015/04/13/0674-there-are-10-...

Personally, I've become less strict about code style.

Coding-style exceptionalism

Posted Jul 23, 2016 4:27 UTC (Sat) by pr1268 (guest, #24648) [Link]

It's a telltale sign of OCD.

...spoken from someone who is so afflicted. :-\

Coding-style exceptionalism

Posted Jul 26, 2016 10:21 UTC (Tue) by HenrikH (subscriber, #31152) [Link] (1 responses)

The problem is not what is best for cognition, the problem (which is also spelled out in the article) is that people who have to verify lots of patches have trained themselves to look for inconsistencies and therefore their brain sees the difference in commenting style and puts an unneeded amount of time processing that which halts the streamlined process of verifying the actual code in question.

So which commenting style that is used is completely irrelevant while being consistent is.

Coding-style exceptionalism

Posted Jul 28, 2016 15:12 UTC (Thu) by Wol (subscriber, #4433) [Link]

Exactly.

Look at speed-reading. I curse people who claim that one particular style of English is "correct" (usually a new variant, where the derided version has quite clearly been around far longer ... :-), but I'm very much a stickler for "standard" English. If you don't have a reason for using archaic or dialect English, then don't!

Thing is, *learners* read letter-by-letter. Experienced readers read symbol-by-symbol - that symbol usually being the entire word. A smelling pistake makes it "feel weird", and to a speed-reader (as I like to put it) it has the same effect as a speeding bike wheel hitting a half-brick in the road - even if you don't come off it's a jarring experience.

Since I've had to cope with American on these web sites I'm far more tolerant of their weird spelling, but it still has a habit of slowing me down.

Cheers,
Wol

Coding-style exceptionalism

Posted Aug 3, 2016 6:43 UTC (Wed) by toyotabedzrock (guest, #88005) [Link]

Pretty sure open source projects are allergic to that type of testing.

And the public should be glad tabs don't work the same in browsers as they do in text editors.

One pipe is faster than two?

Posted Jul 23, 2016 3:59 UTC (Sat) by pr1268 (guest, #24648) [Link] (6 responses)

The "|" here looks like it was probably meant to be "||" — so there was a bit-wise "or" where a logical "or" is more common. Carpenter went to some pains to be clear that he knew the code would produce the same result no matter which operator was used, but observed that "it's hard to tell the intent."
...

With both GCC 4.8 and 5.3 compiling for x86_64, the "|" version produces one fewer instruction, avoiding a jump.

That sounds like something straight out of Hacker's Delight.

One pipe is faster than two?

Posted Jul 23, 2016 19:04 UTC (Sat) by tao (subscriber, #17563) [Link] (5 responses)

I guess the question, at least for this particular case, is: shouldn't gcc be able to avoid the jump for both versions?

One pipe is faster than two?

Posted Jul 23, 2016 20:26 UTC (Sat) by excors (subscriber, #95769) [Link] (2 responses)

I guess in theory you could have code like:

    int len; /* uninitialised */
    if (ctx->partial_block_buffer_length == 0)
        len = 1;
    f(ctx, len);

    void f(struct ctx *ctx, int len)
    {
        if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) {

If you turn the || into a |, the condition would start depending on an uninitialised value. That should still be safe on most architectures (int comparison won't raise exceptions - it'd be different if there was a pointer dereference or floating point), but I think it would at least make Valgrind complain, and breaking Valgrind would be a shame.

One pipe is faster than two?

Posted Jul 26, 2016 7:13 UTC (Tue) by jezuch (subscriber, #52988) [Link] (1 responses)

I would call this code... horrible. I'm glad that it wouldn't compile in Java ;) I'm also glad that even if you make it compile without serious refactoring, then findbugs will complain (I think).

One pipe is faster than two?

Posted Aug 5, 2016 20:10 UTC (Fri) by nix (subscriber, #2304) [Link]

It is fairly routine in C. A gigantic amount of code would fail to compile if you stopped || and && from short-circuiting.

One pipe is faster than two?

Posted Jul 25, 2016 21:29 UTC (Mon) by vbabka (subscriber, #91706) [Link] (1 responses)

It has to obey the lazy evaluation rules for ||. But I guess if it can prove that the latter part has no side effects or depend on uninitialized vars, and thinks it's unlikely for the first part to be false...

One pipe is faster than two?

Posted Jul 26, 2016 14:08 UTC (Tue) by jezuch (subscriber, #52988) [Link]

> It has to obey the lazy evaluation rules for ||.

The compiler is obligated to generate code that behaves *as if* these rules were obeyed. This is one of the [many] reasons the imperative paradigm requires serious cleverness in the compiler: so that it can prove that there are no illicit side effects, because pure functions are *vastly* easier to work with.

Coding-style exceptionalism

Posted Jul 27, 2016 9:25 UTC (Wed) by rvfh (guest, #31018) [Link]

checkpatch does not allow C++ comments. I guess only few people actually run checkpatch on new kernel code...

Too much emphasis on low level formatting rather than construct

Posted Jul 30, 2016 12:08 UTC (Sat) by simlo (guest, #10866) [Link] (5 responses)

In my jobs as software developer/architect, I have always been fighting too detailed coding style requirements. It so easy to pick a fight over - and in the end not actually increase code quality.

I agree, that a consistent style makes code easier to read, but as many of us have to read code from many different projects and languages, it does not matter that much.

My current boss for fun suggested that we should simply run a commit hook removing all formatting, and at checkout each developer could run his own code formatter to his delight..

Too much emphasis on low level formatting rather than construct

Posted Jul 30, 2016 21:24 UTC (Sat) by micka (subscriber, #38720) [Link] (4 responses)

Removing formatting is actually a kind of code formatting.
If you say: I don't want to decide between the n kind of indentation and then remove all indentations on all line... you just decided the indentation format: zero spaces (or zero tabs, etc.).

Too much emphasis on low level formatting rather than construct

Posted Jul 31, 2016 12:14 UTC (Sun) by simlo (guest, #10866) [Link] (3 responses)

Except when removing formatting at checkin, you avoid formatting conflicts.

Too much emphasis on low level formatting rather than construct

Posted Jul 31, 2016 12:35 UTC (Sun) by micka (subscriber, #38720) [Link]

For the case of tabulations ok, but think about the simplest example that comes after. For the C family of languages, you have to decide where to place curly braces. The different choices span from 1 to 3 lines.

for (...) {
..
}

v.s.

for (...)
{
...
}

If you want to prevent a one-line change to become a noise-commit, you have to decide on a normalized form before commit.
"Removing formatting at commit" _is_ deciding of one format.

Too much emphasis on low level formatting rather than construct

Posted Jul 31, 2016 13:03 UTC (Sun) by mathstuf (subscriber, #69389) [Link] (1 responses)

I've seen it talked about multiple times, but are there any projects which actually do this? I also pity those who have to read the code without the proper tools; even these "solutions"which try to please everyone fail pretty hard at it. Best is to clmmjt a script to format the code properly and if your commit has a diff after running it, it isn't following the style.

Too much emphasis on low level formatting rather than construct

Posted Aug 4, 2016 21:29 UTC (Thu) by dtlin (subscriber, #36537) [Link]

I don't know of any projects with no formatting either. On the other hand, tool-assisted standard formatting, definitely yes, e.g. when contributing to golang, you are expected to use git-codereview hooks which include automatic gofmt formatting.