Update coding guidelines #4754
Update coding guidelines #4754
Conversation
daxian-dbw
requested review from
PaulHigin,
SteveL-MSFT,
TravisEz13,
andyleejordan,
iSazonov,
lzybkr,
mirichmo and
vors
|
Please feel free to question the content I put in the doc as well as suggest more content. |
| A better example is: "Add Ensure parameter to New-Item cmdlet", with "Fixes #5" in the PR's body. | ||
| Don't simply put: "Fix issue #5". | ||
| Also don't directly use the issue title as the PR title. | ||
| An issue title is to briefly describe what is wrong, while a PR title is to briefly describe what is changed. |
There was a problem hiding this comment.
May be worth adding that the body of the PR is used to create the ChangeLog, so try to have the first sentence explain benefit to end user
|
|
||
| * Fields should be specified at the top within type declarations. | ||
|
|
||
| * File encoding should be `ASCII` (preferred) or `UTF8` (with `BOM`) if absolutely necessary. |
There was a problem hiding this comment.
Maybe a note to explicitly avoid UTF-16, and a warning that some Windows editors may default to this.
There was a problem hiding this comment.
I'd like to disallow all BOM encodings - tests that need a BOM are better off generating the file anyway.
There was a problem hiding this comment.
Fixed -- Mention that all bom encoding should be avoided.
| All new features should support CoreCLR. | ||
|
|
||
| ## Performance considerations | ||
| ## Performance Considerations |
There was a problem hiding this comment.
Maybe a note about avoiding exceptions as much as possible? Especially avoid using exceptions for logic (reserve them for unrecoverable errors such as those from the OS or libraries).
| but not required. | ||
|
|
||
| * Stick to the `DRY` principle -- Don't Repeat Yourself. | ||
| * Wrap the commonly used code in methods, or even put it in a utility class if that makes sense, |
There was a problem hiding this comment.
Maybe mention some of the existing utility classes.
There was a problem hiding this comment.
Add an example utility class System.Management.Automation.StringToBase64Converter
andyleejordan
left a comment
andyleejordan
left a comment
There was a problem hiding this comment.
Left some ideas, but looks great overall.
| A better example is: "Add Ensure parameter to New-Item cmdlet", with "Fixes #5" in the PR's body. | ||
| Don't simply put: "Fix issue #5". | ||
| Also don't directly use the issue title as the PR title. | ||
| An issue title is to briefly describe what is wrong, while a PR title is to briefly describe what is changed. |
There was a problem hiding this comment.
May be worth adding that the body of the PR is used to create the ChangeLog, so try to have the first sentence explain benefit to end user
| * Add comments when a reviewer needs help to understand your changes. | ||
|
|
||
| ### Runtimes | ||
| * Update existing comments when you are changing the corresponding code. |
|
|
||
| ## Security Considerations | ||
|
|
||
| Security is an important aspect of PowerShell and we need to be very careful about changes that may introduce security risks. |
There was a problem hiding this comment.
I feel we should say a little more about what security risks are and should at least mention input validation, code injection, privilege escalation, data privacy, and DOS concerns. We should have a separate document that goes into more detail but that can be a separate effort.
There was a problem hiding this comment.
input validation - this could be easily confused with the input validation within an API. Could you please elaborate a bit on it in the security context?
data privacy - do you mean data privacy breach? Can you please give an example?
We should have a separate document that goes into more detail
That would be very useful. Can you please work on such a doc? If you are busy on things and cannot get to it in near future, I'm happy to work on a draft if you can provide me some resources and pointers.
There was a problem hiding this comment.
Has CoreFX such document?
There was a problem hiding this comment.
Input validation for public API or Cmdlet is exactly what I mean :). That is where code injection can occur and I feel being aware of it should be part of all code reviews. Likewise data privacy is being aware that private data must always be protected. It is not something we have to be too concerned with with PowerShell (other than credentials and transferring remote data) but again something to be aware of during a code review.
I think we should just mention basic security areas to be aware of during a code review in a general way here, and then provide a link to a separate document where we can provide more details and examples. I am happy to work on such a document but I am not sure when I can get to it. I'll create an issue to track the work.
There was a problem hiding this comment.
Add the following:
... may introduce security risks,
such as code injection caused by the lack of input validation,
privilege escalation due to the misuse of impersonation,
or data privacy breach with a plain text password.
iSazonov
left a comment
iSazonov
left a comment
There was a problem hiding this comment.
Sorry for many comments - most is minor - feel free to ignore.
|
|
||
| When making changes, you may find some existing code goes against the conventions defined here. | ||
| In such cases, please avoid reformatting any existing code when submitting a PR as it obscures the functional changes of the PR. | ||
| A separate PR should be submitted for style-only changes. |
There was a problem hiding this comment.
What is the preferred process?
- Block current PR1
- Open style PR and merge
- Rebase and continue PR1
or
- Open new tracking Issue
- Continue and merge current PR
- Open new PR to fix the tracking Issue - Should we address this to the author of the first PR?
There was a problem hiding this comment.
Here are my experiences:
-
Depending on how bad the reformatting affects the review, I will choose to either tolerate the formatting changes or block the PR and ask the author to revert the formatting changes.
- For example, some PRs has changes that remove the trailing spaces. When that kind of formatting changes doesn't affect review much, I will tolerate them.
- But for some other PRs, the formatting changes might cause the review to be difficult, and I will block the PR and ask the author to revert formatting changes.
-
We ask authors to revert the formatting changes and suggest them to submit a separate PR, but they are not required to submit a PR to fix the formatting. You can give them the choices as for how to revert the reformatting changes -- submit style PR and merge and then rebase the original PR is certainly one way to do it; or they can just revert the formatting changes and submit a style PR later.
-
I don't like tracking issue in this situation.
There was a problem hiding this comment.
I unlike tracking issue too. But without it we can forget and lost. So we should open style PR before continue original PR.
There was a problem hiding this comment.
I don't think we should make it a requirement for the author to submit a style-only PR in this situation. It's acceptable if they just revert the formatting changes, and it would be a plus if they are willing to go one step further to fix the style/formatting in a separate PR as well.
.github/CONTRIBUTING.md
Outdated
|
|
||
|  | ||
|
|
||
| * It's recommended that the lines of changes in a PR should not be too big, |
There was a problem hiding this comment.
"It's recommended to keep PR as small as possible"
|
|
||
| * Avoid more than one blank empty line at any time. | ||
|
|
||
| * Avoid unnecessary trailing spaces at the end of a line. |
There was a problem hiding this comment.
Where we have "necessary" trailing spaces at the end of a line?
It seems we recommend to configure VS Code to automatically remove trailing spaces.
There was a problem hiding this comment.
Will remove unnecessary.
|
|
||
| * Use four spaces of indentation (no tabs). | ||
|
|
||
| * Avoid more than one blank empty line at any time. |
There was a problem hiding this comment.
Maybe add "Split logical code blocks by one blank empty line. "
Maybe add "Split code regions by three blank empty lines." Ex.: some files define some classes.
There was a problem hiding this comment.
The layout conventions are mostly from https://github.com/dotnet/corefx/blob/master/Documentation/coding-guidelines/coding-style.md
I think we shouldn't go that details about how to use empty lines.
| use `readonly` where possible. | ||
|
|
||
| * Namespace imports should be specified at the top of the file, | ||
| outside of `namespace` declarations and should be sorted alphabetically. |
There was a problem hiding this comment.
The follow pattern looks fine and we use it:
- Put on first place
using System.*sorted alphabetically - Then put blank line and separate block third party namespaces sorted alphabetically.
There was a problem hiding this comment.
Yes, sorted alphabetically is too much detailed. I will remove it.
| or even put it in a utility class if that makes sense, | ||
| so that the same code can be reused (i.e. `StringToBase64Converter.Base64ToString(string)`). | ||
| * Check if the code for the same purpose already exists in the code base before inventing your own wheel. | ||
| * Avoid repeating literal strings in code. Instead, use `const` variable to hold the string. |
There was a problem hiding this comment.
Put strings that are displayed to users in resx files that can be localized later.
| without causing performance concerns in performance-sensitive code. | ||
|
|
||
| * We produce a single binary for all UNIX variants, | ||
| so runtime checks are currently necessary for some of them (e.g. macOS vs. Linux). |
There was a problem hiding this comment.
Do we require the directives to be placed at the beginning of the line?
(VS Code expand/collapse right the directives only if they indent with surrounding code - should we consider this as bug or we can indent the directives?)
There was a problem hiding this comment.
Will mention this in this section.
There was a problem hiding this comment.
Mentioned in ### Layout Conventions as it's related to the code layout.
| Currently, @PaulHigin and @TravisEz13 are our security SMEs. | ||
| See [CODEOWNERS](../../.github/CODEOWNERS) for more information about the area experts. | ||
|
|
||
| ## Best Practices |
There was a problem hiding this comment.
Maybe add that we should follow CoreFX everywhere:
- use CoreFX APIs
- request CoreFX to enhance API when we need the new API
- fix CoreFX bugs in CoreFX repo
There was a problem hiding this comment.
I don't think that belongs to coding best practices. And use CoreFX APIs is mentioned in the portable code section:
Going forward, we try to depend on .NET Core to handle platform differences,
so avoid adding new P/Invoke calls where a suitable alternative exists in .NET Core.
| * Avoid LINQ - it can create lots of avoidable garbage | ||
| * Avoid LINQ - it can create lots of avoidable garbage. | ||
|
|
||
| * Prefer `for` and `foreach`, |
There was a problem hiding this comment.
What do you mean here?
There was a problem hiding this comment.
What is a context here? "We prefer use 'for' instead of LINQ"?
There was a problem hiding this comment.
Yes, I think it's prefer looping over collections directly over LINQ.
I will try to clarify.
| Instead, reuse the static ones via `Utils.EmptyArray<T>`. | ||
|
|
||
| * Avoid unnecessary memory allocation in a loop. | ||
| Move the memory allocation outside the loop if possible. |
There was a problem hiding this comment.
I remember a recommendation to use static RegEx to benefit caching. Is this relevant? Maybe still mention compile RegEx and using StringBuilder if we have more 3-4 re-allocations.
There was a problem hiding this comment.
I think StringBuilder is worth mentioning -- string operations are quite common. RegEx is too specific to me.
| ### Naming Conventions | ||
|
|
||
| * Use meaningful, descriptive words for names. | ||
| For method names, it's encouraged to use `Verb-Object` pair such as **`LoadModule`**. |
There was a problem hiding this comment.
Verb-Objectpair such asLoadModule.
shoud it be VerbObject then?
|
|
||
| * Use `_camelCase` to name internal and private fields and use `readonly` where possible. | ||
| Prefix instance fields with `_`, static fields with `s_` and thread static fields with `t_`. | ||
| When used on static fields, `readonly` should come after `static` (i.e. `static readonly` not `readonly static`). |
There was a problem hiding this comment.
this is generally a linter job to enforce such things.
We have a hand-written linter for tabs vs spaces and such.
Do we consider to add a proper dotnet linter to CI and build.psm1?
There was a problem hiding this comment.
@TravisEz13 has some ideas to enforce the formatting check in CI.
|
|
||
| Any other preprocessor defines found in the source are used for one-off custom builds, | ||
| typically to help debug specific scenarios. | ||
| * Add comments when a reviewer needs help to understand your changes. |
There was a problem hiding this comment.
I think phrasing can be better here. It may be perceived as encouragement for creating a historical log in the comments, i.e.
// This line used to be bla-bla
// and was changed to bla-bla because previously we had a problem in bla-bla corner case.
There was a problem hiding this comment.
The sentences are reworded to:
* Add comments where the code is not trivial or could be confusing.
* Add comments where a reviewer needs help to understand the code.
|
All comments are addressed. Please take another look, thanks! |
|
@PaulHigin your comment has been addressed. Can you please take another look? |
|
@daxian-dbw Is the PR ready to merge? (Squash and merge?) |
|
@iSazonov Yes, I think it's ready to go. |
|
@daxian-dbw Many thanks! |
9 participants
Update coding guidelines to make it more concrete and useful in a review process.