ASML C Coding Standard

©TIOBE Software www.tiobe.com

Coding Rules

Name	Checked	Synopsis
5.1.1.b		Each source file shall start with a file header, for which the "file name", "description" and copyright notice are to be filled in.
5.1.1.c		With respect to includes, each source file (.c and .h) shall be self-contained.
5.1.1.d		Only files that are really needed shall be included.
5.1.1.f		With respect to user files, it is good practice to place the include of the header file with the own definitions of the source file at the top.
5.1.1.1.b		The content (body) of every header file shall be enclosed in #ifndef/#if !defined, #define and #endif.
5.1.1.1.c		Naming convention of the include guard of an include file named CCBB_foo.h is of format: CCBB_FOO_H
5.1.1.2.b		Each non-trivial function shall be accompanied by a doxygen style function header.
5.1.2.b		Local variables shall not cause stack overflow.
5.1.2.3.a		Side effects shall not be relied upon between successive sequence points.
5.1.2.3.b		If in doubt about operator precedence, parenthesize.
5.2.1.1.b		Digraphs shall not be used: "<:", ":>", "<%", "%>", "%:".
5.2.5.a		Static dependencies between components shall only be used according to the defined architectural "scope control" rules.
6.2.2.b		Objects and functions with external linkage shall be declared in header files and defined after including the header file that declares them.
6.2.2.c		A variable declaration with storage class static shall have a scope limited to the source file.
6.2.3.a		To avoid name collision, one shall not use the same name for different identifiers.
6.2.4.b		Memory operations shall be symmetric; allocation and de-allocation shall take place in the same scope where the allocated variable is defined.
6.2.5.a		One must not rely on the actual numerical value of an enum variable.
6.3.a		Unsafe implicit conversions in expressions, return statements, assignment statements or argument lists shall not be used. Unsafe means: conversions where values are truncated and/or sign can be lost.
6.3.b		Unsafe implicit conversions of literals shall be avoided.
6.3.1.a		Mixed signed/unsigned type arithmetic shall not be used.
6.3.2.1.a		void expressions shall not be used in expressions.
6.3.2.2.a		Pointer to and from integer conversions shall not be used. For instance on 64-bit x86 processors the size of an integer is 32-bits while the pointer is 64-bits. Therefore converting a pointer to an integer will discard part of the address.
6.3.2.2.b		For generic pointers void * shall be used rather than char *.
6.3.2.2.c		Pointers shall not be converted to other pointer types.
6.3.2.2.d		Pointers shall not be added, multiplied nor divided.
6.3.2.2.e		Pointers shall not be subtracted from each other, unless their unqualified type is the same.
6.3.2.3.a		bool shall be used as boolean type.
6.3.2.3.d		Avoid conversions between booleans and non-boolean types
6.4.b		The tab character (0x09 ASCII) shall not be used.
6.4.1.a		C keywords are reserved for use as keywords and shall not be used otherwise.
6.4.1.b		Only with a very good reason, the asm keyword may be used to insert assembly language directly into the translator output.
6.4.1.1.a		Do not use C++ keywords.
6.4.1.1.b		Do not use C++ alternative representations that are not part of the C keywords (see also 6.4.1.a).
6.4.2.a		Identifiers shall satisfy the standard C syntax for identifiers.
6.4.2.b		Identifiers shall not be defined with one or more leading underscores (_).
6.4.2.d		Don't use extern variable declarations in header files, except for consts.
6.4.4.b		Use suffix 'L' instead of 'l' to avoid confusion
6.4.4.1.a		Only decimal or hexadecimal notation may be used for integer constants.
6.4.4.1.b		Use clear constant values. Small letters shall not be used, expecially to avoid confusion between l (letter l) and 1 (digit one). The letter U shall be written in uppercase to be consistent with the case of the letter L.
6.4.4.3.a		Only the first entry in an enumerator shall be explicitly defined using '='.
6.4.4.4.a		Only ANSI defined escape sequences shall be used.
6.4.5.a		A character string literal token shall not be adjacent to a wide string literal token.
6.4.9.a		Comments in the form of opening (/) and closing (/) shall not be nested.
6.4.9.c		Do not use mixed comments.
6.5.a		Bitwise operations shall only be applied on operands of unsigned type.
6.5.2.1.a		Array subscripting requires a pointer to object type and one or more integral subscript expressions. The indices must be within the bounds values of the (allocated) array.
6.5.2.1.b		typedef for an array of unknown size shall not be used.
6.5.2.2.b		Do not declare functions within functions.
6.5.2.2.c		Do not use functions marked as deprecated.
6.5.2.3.a		When structures are accessed by means of a pointer, the pointer-to notation -> rather than the member notation * shall be used to denote a specified member of the structure.
6.5.2.3.b		Structs or unions must be passed by reference into functions with variable numbers of parameters.
6.5.2.3.d		Do not use nested structures.
6.5.3.1.a		Do not mix postfix and prefix increment and/or decrement in a statement.
6.5.3.1.b		Don't increment (decrement) a pointer to a function.
6.5.3.2.a		A variable declared as an array shall not be used as a pointer.
6.5.3.3.a		The unary plus operator shall not be used.
6.5.3.3.b		Unary minus shall only be applied to an operand having a signed arithmetic type.
6.5.3.4.a		sizeof shall not be applied to an expression with side-effects.
6.5.3.4.b		Don't use sizeof on a variable of an array type that is passed as argument.
6.5.3.4.c		Don't apply sizeof to a function.
6.5.4.a		Casting shall only be used to denote required casting.
6.5.7.b		The right operand of a left shift operator for a signed type as left operand shall not be so large that the resulting value cannot be represented.
6.5.8.a		Comparison of unsigned operands shall not occur against negative values.
6.5.8.c		Don't compare floats of different types.
6.5.8.d		Comparison of floating point numbers (float or double) shall preferably be avoided.
6.5.8.e		Use memcmp only to compare arrays of scalar types.
6.5.8.f		Do not compare floating point numbers with memcmp.
6.5.9.a		Pointer comparison shall only be done for compatible pointer types.
6.5.9.b		Floating point expressions shall not be compared using the "==", "!=" operators. Floating point expressions shall be compared using special functions.
6.5.13.a		The right-hand operand of the "&&" or "\|\|" operator shall not contain any side-effects.
6.5.15.a		The second and third operand of a conditional expression of the conditional operator shall not contain side-effects.
6.5.16.a		Do not use nested assignments.
6.5.16.b		Do not discard const qualifiers in pointer assignments.
6.5.17.a		The comma operator shall not be used.
6.7.a		Only one identifier type shall be declared on each source line.
6.7.1.a		Identifiers with file scope shall be declared static, thus preventing them from having global scope.
6.7.1.b		Since auto is redundant it shall be omitted to avoid cluttering up declarations.
6.7.1.c		Since "register" is redundant it shall be omitted to avoid cluttering up declarations.
6.7.2.a		Compiler-specific extensions shall not be used in type specifiers.
6.7.2.b		Every identifier declaration shall include a type specifier.
6.7.2.1.a		Do not use bit-fields for combining multiple logical values in one memory location.
6.7.2.2.a		Mixing of different enum types is not allowed.
6.7.3.a		"const" shall be used to specify that a variable is non-modifiable.
6.7.5.a		Only variables and parameters that are used shall be declared.
6.7.5.2.a		Array bounds shall be specified as integral constant expressions.
6.7.5.3.a		All function prototypes shall specify the type and the name of each of their parameters.
6.7.5.3.b		A function shall only be used if its prototype is known.
6.7.5.3.c		Avoid unused static functions
6.7.8.a		All variables shall be initialized or assigned before being read.
6.7.8.b		The initializer for a struct, union or array shall be enclosed in braces.
6.7.8.c		For a struct the initializer should be {0} or all fields should be initialized.
6.7.8.d		All variables containing a pointer shall be initialized.
6.8.a		All control statements shall be fully brace enclosed. This means that all "if", "while", "for", "do" and "switch" statements are followed by a brace-enclosed compound statement.
6.8.c		Any statement that is logically never executed shall not occur in the source code.
6.8.d		Avoid magic numbers.
6.8.1.a		Statements shall not be labelled except for "case" and "default" in a switch-statement.
6.8.3.a		Each expression and statement shall have an effect.
6.8.3.b		A null statement (;) shall not be used.
6.8.4.b		The condition (or guard) of a selective alternative shall be a logical operator, an equality operator or a relational expression (and not be an assignment). Exception is made for boolean type. For boolean type no relational expression is required.
6.8.4.c		The termination condition of iterations shall be of type boolean.
6.8.4.1.b		N-ary selection constructs programmed using "if ... else if ..." shall have an "else" clause.
6.8.4.2.a		The switch expression shall not contain any logical expression (one or more of the ">", ">=", "<", "<=", "==", "!=", "&&", "\|\|" or "!" operators).
6.8.4.2.b		"switch" statements shall have one and only one "default" clause.
6.8.4.2.c		Each non empty case clause and default clause shall end with a break statement.
6.8.4.2.d		The default clause shall be the last entry in the switch statement.
6.8.4.2.e		Make sure all code in a switch statement serves a purpose.
6.8.5.a		The termination condition of iteration shall not have a constant value.
6.8.5.1.a		The variables used in expression 2 of a "for" loop shall not be changed in the loop body and expression 3 at the same time.
6.8.5.1.c		The loop variable of a for loop shall be used in the loop body.
6.8.6.1.a		The "goto" statement shall not be used.
6.8.6.2.a		The "continue" statement shall not be used.
6.8.6.3.a		The break statement shall not be used to exit from an iteration statement ("for" or "while").
6.8.6.4.a		There shall be exactly one "return" statement in a function returning non-void.
6.8.6.4.b		There shall be no return statement in a void function.
6.8.6.4.c		A function "return" expression shall be compatible with its explicitly defined type.
6.8.6.4.d		Function return values that are error codes shall not be ignored.
6.9.1.a		Function pointer parameters should not be declared as ordinary pointer type. A type should be used which is declared by a "typedef" declaration.
6.9.1.b		Do not use K&R declaration style.
6.9.2.a		Explicitly use "static" or "extern" on all global const declarations.
6.9.2.b		Only static global variables that are used shall be declared.
6.10.a		Use of pre-processor directives shall be according to strict ANSI syntax and constraints.
6.10.b		Only perform token pasting with the token pasting operator (##).
6.10.1.a		Code checker flags shall not be used in the source code.
6.10.1.c		#ifdef, #ifndef, #if defined and #if !defined are not allowed in external header files.
6.10.1.d		C headers should be guarded by extern "C".
6.10.1.e		Don't use "#if 0" as comments
6.10.2.a		All headers files shall be identified by an #include directive.
6.10.2.b		Including source files is not allowed.
6.10.2.c		It is forbidden to include hpp files in C files.
6.10.3.a		Use of macros shall strictly be according to the ANSI C89 macro syntax and within the ANSI C89 macro constraints.
6.10.3.b		#define macros shall only be used for symbolic constants. They shall not be used for function like macros if a function can be written to accomplish the same task.
6.10.3.c		Any instance of macro parameters, macro body and macro operations shall be enclosed within parenthesis.
6.10.3.d		Macros should not end with a semicolon.
6.10.3.e		Use a semicolon at the end of a function-like macro call.
6.10.3.2.b		A macro shall not comprise both the "#" and "##" operators simultaneously.
6.10.3.3.a		Result of "##" operator shall be a legal pre-processing token.
6.10.3.4.a		Recursive macro definitions shall not be used.
6.10.3.5.a		Macros shall only be #define'd and #undef'ed at file scope.
6.10.4.a		The line splicing character ('\' at the end of a line) shall not be used, except in preprocessor macros.
6.10.4.b		When used, the line-splicing character ('\' at the end of a line) shall immediately be followed by the newline character.
6.10.4.c		Do not use mixed EOL characters in a file.
6.10.6.a		The pragma directive and pragma operator shall not be used.
6.10.8.b		Only the predefined macro names __FILE__, __LINE__ and __func__ may be used.
7.2.a		The standard header file assert.h shall not be used.
7.12.a		The arguments to any mathematical function shall be within the appropriate range.
7.12.b		Any calculation result shall not overflow the corresponding output parameter or return value data type.
7.13.a		The setjmp() function and its counterpart longjmp() shall not be used.
7.18.a		Do not define types or macros with the same name as types or macros in stdint.h.
7.19.a		Only standard output specifiers and standard flags shall be used in output format specifications.
7.19.b		The arguments in a formatted output function shall match the output specifiers in the format specification.
7.19.c		Only standard input specifiers and standard flags shall be used in input format specifications.
7.19.d		The arguments in a formatted input function shall match the input specifiers in the format specification.
7.19.e		The number of arguments to printf formats should correspond to the actual arguments.
7.19.f		Do not access members of type FILE directly.
7.19.g		Do not use the same buffer for reading and writing when calling input/output functions.
7.21.a		Don't use the functions strerror and strtok, instead use their re-entrant counterparts strerror_r and strtok_r.
7.23.a		Don't use the functions asctime, ctime and gmtime instead use their re-entrant counterparts asctime_r, ctime_r and gmtime_r.
7.26.1.a		Don't use the functions readdir instead use the re-entrant counterpart readdir_r
7.26.2.a		Don't use the functions rand. Instead use the re-entrant counterpart rand_r.