]> git.proxmox.com Git - mirror_qemu.git/blame - HACKING
block: add close notifiers
[mirror_qemu.git] / HACKING
CommitLineData
45fad878
BS
11. Preprocessor
2
3For variadic macros, stick with this C99-like syntax:
4
5#define DPRINTF(fmt, ...) \
6 do { printf("IRQ: " fmt, ## __VA_ARGS__); } while (0)
84174436
BS
7
82. C types
9
10It should be common sense to use the right type, but we have collected
11a few useful guidelines here.
12
132.1. Scalars
14
15If you're using "int" or "long", odds are good that there's a better type.
16If a variable is counting something, it should be declared with an
17unsigned type.
18
19If it's host memory-size related, size_t should be a good choice (use
20ssize_t only if required). Guest RAM memory offsets must use ram_addr_t,
21but only for RAM, it may not cover whole guest address space.
22
23If it's file-size related, use off_t.
24If it's file-offset related (i.e., signed), use off_t.
25If it's just counting small numbers use "unsigned int";
26(on all but oddball embedded systems, you can assume that that
27type is at least four bytes wide).
28
29In the event that you require a specific width, use a standard type
30like int32_t, uint32_t, uint64_t, etc. The specific types are
31mandatory for VMState fields.
32
33Don't use Linux kernel internal types like u32, __u32 or __le32.
34
35Use target_phys_addr_t for guest physical addresses except pcibus_t
36for PCI addresses. In addition, ram_addr_t is a QEMU internal address
37space that maps guest RAM physical addresses into an intermediate
38address space that can map to host virtual address spaces. Generally
39speaking, the size of guest memory can always fit into ram_addr_t but
40it would not be correct to store an actual guest physical address in a
41ram_addr_t.
42
43Use target_ulong (or abi_ulong) for CPU virtual addresses, however
44devices should not need to use target_ulong.
45
46Of course, take all of the above with a grain of salt. If you're about
47to use some system interface that requires a type like size_t, pid_t or
48off_t, use matching types for any corresponding variables.
49
50Also, if you try to use e.g., "unsigned int" as a type, and that
51conflicts with the signedness of a related variable, sometimes
52it's best just to use the *wrong* type, if "pulling the thread"
53and fixing all related variables would be too invasive.
54
55Finally, while using descriptive types is important, be careful not to
56go overboard. If whatever you're doing causes warnings, or requires
57casts, then reconsider or ask for help.
58
592.2. Pointers
60
61Ensure that all of your pointers are "const-correct".
62Unless a pointer is used to modify the pointed-to storage,
63give it the "const" attribute. That way, the reader knows
64up-front that this is a read-only pointer. Perhaps more
65importantly, if we're diligent about this, when you see a non-const
66pointer, you're guaranteed that it is used to modify the storage
67it points to, or it is aliased to another pointer that is.
68
692.3. Typedefs
70Typedefs are used to eliminate the redundant 'struct' keyword.
71
722.4. Reserved namespaces in C and POSIX
73Underscore capital, double underscore, and underscore 't' suffixes should be
74avoided.
54b2cc50
BS
75
763. Low level memory management
77
78Use of the malloc/free/realloc/calloc/valloc/memalign/posix_memalign
79APIs is not allowed in the QEMU codebase. Instead of these routines,
f603a687
PM
80use the GLib memory allocation routines g_malloc/g_malloc0/g_new/
81g_new0/g_realloc/g_free or QEMU's qemu_vmalloc/qemu_memalign/qemu_vfree
82APIs.
54b2cc50 83
f603a687
PM
84Please note that g_malloc will exit on allocation failure, so there
85is no need to test for failure (as you would have to with malloc).
86Calling g_malloc with a zero size is valid and will return NULL.
54b2cc50
BS
87
88Memory allocated by qemu_vmalloc or qemu_memalign must be freed with
89qemu_vfree, since breaking this will cause problems on Win32 and user
90emulators.
d241f143
BS
91
924. String manipulation
93
9b9e3ec1
JM
94Do not use the strncpy function. As mentioned in the man page, it does *not*
95guarantee a NULL-terminated buffer, which makes it extremely dangerous to use.
96It also zeros trailing destination bytes out to the specified length. Instead,
97use this similar function when possible, but note its different signature:
98void pstrcpy(char *dest, int dest_buf_size, const char *src)
d241f143
BS
99
100Don't use strcat because it can't check for buffer overflows, but:
101char *pstrcat(char *buf, int buf_size, const char *s)
102
103The same limitation exists with sprintf and vsprintf, so use snprintf and
104vsnprintf.
105
106QEMU provides other useful string functions:
107int strstart(const char *str, const char *val, const char **ptr)
108int stristart(const char *str, const char *val, const char **ptr)
109int qemu_strnlen(const char *s, int max_len)
110
111There are also replacement character processing macros for isxyz and toxyz,
112so instead of e.g. isalnum you should use qemu_isalnum.
113
145e21db 114Because of the memory management rules, you must use g_strdup/g_strndup
d241f143 115instead of plain strdup/strndup.
876f256b
BS
116
1175. Printf-style functions
118
119Whenever you add a new printf-style function, i.e., one with a format
120string argument and following "..." in its prototype, be sure to use
121gcc's printf attribute directive in the prototype.
122
123This makes it so gcc's -Wformat and -Wformat-security options can do
124their jobs and cross-check format strings with the number and types
125of arguments.