Calling code that ignores an error could lead to wrong results or undefined systems state. For example, not being able to connect to a remote server is not by itself an error: This style unfortunately leads to uninitialized variables. Exception Many traditional interface functions e.
For now, we place it in the definition function body. Note that the initialization of a local static does not imply a race condition. Simple Warn on failure to either reset or explicitly delete an owner pointer on every code path.
Note Prefer a formal specification of requirements, such as Expects p. Stating the postcondition would have made it clear: Prefer Ensures for expressing postconditions Reason To make it clear that the condition is a postcondition and to enable tool use.
Enforcement Not yet enforceable A language facility is under specification. Note Postconditions are especially important when they relate to something that is not directly reflected in a returned result, such as a state of a data structure used.
Do not pass an array as a single pointer Reason pointer, size -style interfaces are error-prone. Note Every object passed as a raw pointer or iterator is assumed to be owned by the caller, so that its lifetime is handled by the caller. Enforcement Not enforceable This is a philosophical guideline that is infeasible to check directly.
Also, precisely typed code is often optimized better. This can make them hard to distinguish from ordinary code, hard to update, hard to manipulate by tools, and may have the wrong semantics. Consider using a variant or a pointer to base instead.
Often, cleaner code yields better performance with exceptions simplifying the tracing of paths through the program and their optimization.
Example Consider a function that manipulates a Record, using a mutex to avoid race conditions: Argument passinguse of smart pointer argumentsand value return.
This can make them hard to distinguish from ordinary code, hard to update, hard to manipulate by tools, and may have the wrong semantics do you always want to abort in debug mode and check nothing in productions runs? Warning about those that can be easily identified assert has questionable value in the absence of a language facility.
In the longer term, more regular code gets better optimized. Enforcement Not enforceable This is a philosophical guideline that is infeasible to check directly in the general case. To improve performance by avoiding redundant checks for nullptr.
In a multi-threaded environment, the initialization of the static object does not introduce a race condition unless you carelessly access a shared object from within its constructor.
State postconditions To detect misunderstandings about the result and possibly catch erroneous implementations.
For generic code these Ts can be general or concept constrained template parameters. Simple Warn if the return value of new or a function call with an owner return value is assigned to a raw pointer or non-owner reference. That is error-prone and often verbose.
Look for classes for which only a single object is created by counting objects or by examining constructors. Prefer Expects for expressing preconditions Reason To make it clear that the condition is a precondition and to enable tool use. This is a major source of errors.
Also, a plain pointer to array must rely on some convention to allow the callee to determine the size.The C++ Core Guidelines are a set of tried-and-true guidelines, rules, and best practices about coding in C++. Do you want to know how to write a children's book?
Have you ever said, "I've always wanted to write a book for kids!" but then never got around to it?Download