NASA C Style Guide [pdf]
homepages.inf.ed.ac.ukLooking at their example code.... I find there is a lot of problems, duplicated code, large function with many many obvious simpler functions inlined causing lots of local variable pollution.
MISRA is another standard that's popular and I've seen a bunch of code developed using this standard.
But the problem with style guides, they have lots of points that are very agreeable, but it is all undone if you don't have clean well designed code. I've seen too much emphasis on conforming to the style guide (often because of contractual agreements on the developed code). But the more important part of making the code clean gets less attention because it is harder to quantify and harder to enforce via static analysis.
however, that doesn't mean it's a bad thing to have, it's just that conformity to a style guide is a very low bar in terms of quality.
There's a difference between style guides, like this, and standards, like MISRA.
Style is concerned with the appearance of the code, and is largely subjective. Many languages, like Common Lisp and Java, have got this nailed: the same style is used everywhere. In the C world, there are endless arguments about levels of indentation, the position of braces, etc.
Standards ensure that good, safe, coding practices are followed. For C, these are needed for many applications because the language is weakly typed and inherently unsafe in many ways. Other languages, such as Ada, have safety built into the language.
Here's a great talk that addresses style vs. standards in the context of NASA and space flight software.
https://www.usenix.org/conference/hotdep12/workshop-program/...
He presents a compelling case for why you should use automated tools to check compliance against coding standards (the standards don't do you any good otherwise).
As far as style goes, pipe your code through indent if you have hangups about formatting. That way you can spend your time on issues that are known to be correlated with risk.
> Style is concerned with the appearance of the code, and is largely subjective. Many languages, like Common Lisp and Java, have got this nailed: the same style is used everywhere. In the C world, there are endless arguments about levels of indentation, the position of braces, etc.
I'm struggling with where to first disagree with this. Some style guides deal only with code appearance, but they can also include things like preferred iteration mechanisms, maximum function lengths or even cyclomatic complexity.
Comon Lisp doesn't even remotely have standardized style; ask a dozen CL programmers how they would perform an operation on each element of a list and you'll get answers including: MAPCAR, MAP, DOLIST, LOOP, ITERATE.
It does have a standard for indentation, which is roughly "however emacs would indent your code" but that breaks down when DSLs get involved (see how different people indent LOOP for an example).
[edit]
One simple example of a style guide entry that is not primarily concerned with the appearance of code. There are dozens more in that one style guide:
We're disagreeing about the meanings of style vs. standards here. I'm using style in the commonly accepted sense, e.g. "hair stylist", "stylish", "all style and no substance."
Maximum function lengths and cyclomatic complexity are important but I'd put those under standards.
Lisp gives you a lot of flexibility regarding how you do things, but once you choose a way, that constrains how your code should be laid out, i.e. its style. EMACS indents code in the accepted Lisp style. It doesn't define it. It implements it.
Saying you should avoid eval at run time is a coding standard, not style.
> We're disagreeing about the meanings of style vs. standards here. I'm using style in the commonly accepted sense, e.g. "hair stylist", "stylish", "all style and no substance."
Indeed we are. I'm considering "style guide" as a noun phrase to include many things that you would call standards, and comes from the definition of style "a manner of doing something."
> It does have a standard for indentation, which is roughly "however emacs would indent your code" but that breaks down when DSLs get involved (see how different people indent LOOP for an example).
It actually makes me think that there should be a standardized way for including indentation hints. CL's &body in macros is not nearly enough for any kind of complicated DSLs.
That's minor aesthetics anyway. There are always some degrees of freedom in it, but Lisp has historically much less of those than C-like languages.
How strictly do people writing code have to adhere to styling guides (not just in NASA, but everywhere else too)?
I get that coding standards are a good thing and plain-simply following these will produce "readable" and (possibly) maintainable code, but will that make the code any _better/efficient_ ?
Though this does catch some "gotchas" in C, like the if-if-else and the #define trap, I wonder if the Code Review involves a guy rejecting my patches with the comments, "you have missed out guideline 6.4.3.5 defined in page 54".
There is nothing more annoying than getting a PR that fixed a one line bug, along with someone's editor's autoindent rewriting the entire file the fix was in, because it wanted to change indents.
It's certainly not efficient reading a patch with a +1000/-999 diffstat, hunting for a one line fix. I've had this repeatedly and it's painful. Anyone that noted the existing style wouldn't have let this happen.
Generally, code that does not adhere to the project's style guide will not be merged until it's fixed.
If programming in Ruby, I find that rubocop can enforce our style guide programmatically and impersonally, and it can even be set up with a git commit hook. You can't push ugly syntax! It's not perfect, but it's very good with very little effort.
I love seeing internal documents like this that are used at reputable companies. They're both educational and a fun glimpse into how high-performing teams operate.
In that case, check this out - the NASA Systems Engineering Handbook. It's an impressive beast (only tangentially software-related though).
http://www.acq.osd.mil/se/docs/NASA-SP-2007-6105-Rev-1-Final...
*average=*total/*count; /* compute the average */
^ begin comment end comment^
--
As an aside, I'd be interested to see their NodeJS Style Guide too. Any pointers?
Two others of theirs:
I'm a little disturbed that this doesn't make any mention of when C is even appropriate. I know if I were an astronaut, I'd be concerned about the code running on the vehicle I was on.
Most high-reliability software is still written in C or other languages in the algol family. For the highest level of assurances, often the binary code must be mapped back to the source code (to reduce the chances of a compiler bug introducing errors), and doing so in languages that are higher-level than C becomes problematic.
If someone were to formally verify the correctness of a particular higher-level language implementation, then it would start to become usable. Most GCed languages are out though due to the fact that hard-realtime GC algorithms require an excess of CPU and RAM to run correctly, and vehicles going into space are often several generations of hardware behind, as new radiation-hardened CPUs come out only rarely.
NASA did use Lisp in the past.
Super nit-pick but if you are talking about the DS1, I believe it was JPL under contract for NASA.
4 space indentation and not tabs. What would Hendricks say?!
Tabs really only works easily when everyone's using the same editor settings. Otherwise, it quickly devolves into a mess.
Spaces really only works easily when everyone uses an editor that can convert presses of the tab key into some number of space characters.
The only solution that works easily in all cases is to flatly refuse to collaborate with others.
> Spaces really only works easily when everyone uses an editor that can convert presses of the tab key into some number of space characters.
Could you show me an editor that doesn't do that?
I just finished three years in a job in which I worked on a GUI containing an editor that does not do that.
I'd personally say 4 spaces on even indentation levels and tabs everywhere else.
I see the brace goes on the next line, as it should:
if(condition)
{
expression...
}
if(condition) {
expression...
}What's obfuscated about the second form? It's my personal preference, so I'm sure there's some personal bias there, but one doesn't seem more or less obfuscated than the other one. They are both equally readable to me, but the second seems more compact without sacrificing readability. I can think of other reasons why someone might prefer the first to the second, but reduced obfuscation isn't one of them.
Personally, I prefer the second one.
It's more concise and still provide the braces safety.
First one is taking more space then it need to read. I normally use second.
Statements are inside the brackets as well