aboutsummaryrefslogtreecommitdiff
path: root/doc/developer-notes.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/developer-notes.md')
-rw-r--r--doc/developer-notes.md51
1 files changed, 50 insertions, 1 deletions
diff --git a/doc/developer-notes.md b/doc/developer-notes.md
index ae7f01cd24..e7fd8102a4 100644
--- a/doc/developer-notes.md
+++ b/doc/developer-notes.md
@@ -87,7 +87,6 @@ code.
- `++i` is preferred over `i++`.
- `nullptr` is preferred over `NULL` or `(void*)0`.
- `static_assert` is preferred over `assert` where possible. Generally; compile-time checking is preferred over run-time checking.
- - `enum class` is preferred over `enum` where possible. Scoped enumerations avoid two potential pitfalls/problems with traditional C++ enumerations: implicit conversions to int, and name clashes due to enumerators being exported to the surrounding scope.
Block style example:
```c++
@@ -563,6 +562,34 @@ class A
- *Rationale*: Easier to understand what is happening, thus easier to spot mistakes, even for those
that are not language lawyers.
+- Prefer `enum class` (scoped enumerations) over `enum` (traditional enumerations) where possible.
+
+ - *Rationale*: Scoped enumerations avoid two potential pitfalls/problems with traditional C++ enumerations: implicit conversions to `int`, and name clashes due to enumerators being exported to the surrounding scope.
+
+- `switch` statement on an enumeration example:
+
+```cpp
+enum class Tabs {
+ INFO,
+ CONSOLE,
+ GRAPH,
+ PEERS
+};
+
+int GetInt(Tabs tab)
+{
+ switch (tab) {
+ case Tabs::INFO: return 0;
+ case Tabs::CONSOLE: return 1;
+ case Tabs::GRAPH: return 2;
+ case Tabs::PEERS: return 3;
+ } // no default case, so the compiler can warn about missing cases
+ assert(false);
+}
+```
+
+*Rationale*: The comment documents skipping `default:` label, and it complies with `clang-format` rules. The assertion prevents firing of `-Wreturn-type` warning on some compilers.
+
Strings and formatting
------------------------
@@ -613,6 +640,28 @@ Strings and formatting
- *Rationale*: Bitcoin Core uses tinyformat, which is type safe. Leave them out to avoid confusion.
+- Use `.c_str()` sparingly. Its only valid use is to pass C++ strings to C functions that take NULL-terminated
+ strings.
+
+ - Do not use it when passing a sized array (so along with `.size()`). Use `.data()` instead to get a pointer
+ to the raw data.
+
+ - *Rationale*: Although this is guaranteed to be safe starting with C++11, `.data()` communicates the intent better.
+
+ - Do not use it when passing strings to `tfm::format`, `strprintf`, `LogPrint[f]`.
+
+ - *Rationale*: This is redundant. Tinyformat handles strings.
+
+ - Do not use it to convert to `QString`. Use `QString::fromStdString()`.
+
+ - *Rationale*: Qt has built-in functionality for converting their string
+ type from/to C++. No need to roll your own.
+
+ - In cases where do you call `.c_str()`, you might want to additionally check that the string does not contain embedded '\0' characters, because
+ it will (necessarily) truncate the string. This might be used to hide parts of the string from logging or to circumvent
+ checks. If a use of strings is sensitive to this, take care to check the string for embedded NULL characters first
+ and reject it if there are any (see `ParsePrechecks` in `strencodings.cpp` for an example).
+
Shadowing
--------------