summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/sources.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/sgml/sources.sgml')
-rw-r--r--doc/src/sgml/sources.sgml1035
1 files changed, 1035 insertions, 0 deletions
diff --git a/doc/src/sgml/sources.sgml b/doc/src/sgml/sources.sgml
new file mode 100644
index 0000000..e0a6f77
--- /dev/null
+++ b/doc/src/sgml/sources.sgml
@@ -0,0 +1,1035 @@
+<!-- doc/src/sgml/sources.sgml -->
+
+ <chapter id="source">
+ <title>PostgreSQL Coding Conventions</title>
+
+ <sect1 id="source-format">
+ <title>Formatting</title>
+
+ <para>
+ Source code formatting uses 4 column tab spacing, with
+ tabs preserved (i.e., tabs are not expanded to spaces).
+ Each logical indentation level is one additional tab stop.
+ </para>
+
+ <para>
+ Layout rules (brace positioning, etc.) follow BSD conventions. In
+ particular, curly braces for the controlled blocks of <literal>if</literal>,
+ <literal>while</literal>, <literal>switch</literal>, etc. go on their own lines.
+ </para>
+
+ <para>
+ Limit line lengths so that the code is readable in an 80-column window.
+ (This doesn't mean that you must never go past 80 columns. For instance,
+ breaking a long error message string in arbitrary places just to keep the
+ code within 80 columns is probably not a net gain in readability.)
+ </para>
+
+ <para>
+ To maintain a consistent coding style, do not use C++ style comments
+ (<literal>//</literal> comments). <application>pgindent</application>
+ will replace them with <literal>/* ... */</literal>.
+ </para>
+
+ <para>
+ The preferred style for multi-line comment blocks is
+<programlisting>
+/*
+ * comment text begins here
+ * and continues here
+ */
+</programlisting>
+ Note that comment blocks that begin in column 1 will be preserved as-is
+ by <application>pgindent</application>, but it will re-flow indented comment blocks
+ as though they were plain text. If you want to preserve the line breaks
+ in an indented block, add dashes like this:
+<programlisting>
+ /*----------
+ * comment text begins here
+ * and continues here
+ *----------
+ */
+</programlisting>
+ </para>
+
+ <para>
+ While submitted patches do not absolutely have to follow these formatting
+ rules, it's a good idea to do so. Your code will get run through
+ <application>pgindent</application> before the next release, so there's no point in
+ making it look nice under some other set of formatting conventions.
+ A good rule of thumb for patches is <quote>make the new code look like
+ the existing code around it</quote>.
+ </para>
+
+ <para>
+ The <filename>src/tools/editors</filename> directory contains sample settings
+ files that can be used with the <productname>Emacs</productname>,
+ <productname>xemacs</productname> or <productname>vim</productname>
+ editors to help ensure that they format code according to these
+ conventions.
+ </para>
+
+ <para>
+ If you'd like to run <application>pgindent</application> locally
+ to help make your code match project style, see
+ the <filename>src/tools/pgindent</filename> directory.
+ </para>
+
+ <para>
+ The text browsing tools <application>more</application> and
+ <application>less</application> can be invoked as:
+<programlisting>
+more -x4
+less -x4
+</programlisting>
+ to make them show tabs appropriately.
+ </para>
+ </sect1>
+
+ <sect1 id="error-message-reporting">
+ <title>Reporting Errors Within the Server</title>
+
+ <indexterm>
+ <primary>ereport</primary>
+ </indexterm>
+ <indexterm>
+ <primary>elog</primary>
+ </indexterm>
+
+ <para>
+ Error, warning, and log messages generated within the server code
+ should be created using <function>ereport</function>, or its older cousin
+ <function>elog</function>. The use of this function is complex enough to
+ require some explanation.
+ </para>
+
+ <para>
+ There are two required elements for every message: a severity level
+ (ranging from <literal>DEBUG</literal> to <literal>PANIC</literal>) and a primary
+ message text. In addition there are optional elements, the most
+ common of which is an error identifier code that follows the SQL spec's
+ SQLSTATE conventions.
+ <function>ereport</function> itself is just a shell macro that exists
+ mainly for the syntactic convenience of making message generation
+ look like a single function call in the C source code. The only parameter
+ accepted directly by <function>ereport</function> is the severity level.
+ The primary message text and any optional message elements are
+ generated by calling auxiliary functions, such as <function>errmsg</function>,
+ within the <function>ereport</function> call.
+ </para>
+
+ <para>
+ A typical call to <function>ereport</function> might look like this:
+<programlisting>
+ereport(ERROR,
+ errcode(ERRCODE_DIVISION_BY_ZERO),
+ errmsg("division by zero"));
+</programlisting>
+ This specifies error severity level <literal>ERROR</literal> (a run-of-the-mill
+ error). The <function>errcode</function> call specifies the SQLSTATE error code
+ using a macro defined in <filename>src/include/utils/errcodes.h</filename>. The
+ <function>errmsg</function> call provides the primary message text.
+ </para>
+
+ <para>
+ You will also frequently see this older style, with an extra set of
+ parentheses surrounding the auxiliary function calls:
+<programlisting>
+ereport(ERROR,
+ (errcode(ERRCODE_DIVISION_BY_ZERO),
+ errmsg("division by zero")));
+</programlisting>
+ The extra parentheses were required
+ before <productname>PostgreSQL</productname> version 12, but are now
+ optional.
+ </para>
+
+ <para>
+ Here is a more complex example:
+<programlisting>
+ereport(ERROR,
+ errcode(ERRCODE_AMBIGUOUS_FUNCTION),
+ errmsg("function %s is not unique",
+ func_signature_string(funcname, nargs,
+ NIL, actual_arg_types)),
+ errhint("Unable to choose a best candidate function. "
+ "You might need to add explicit typecasts."));
+</programlisting>
+ This illustrates the use of format codes to embed run-time values into
+ a message text. Also, an optional <quote>hint</quote> message is provided.
+ The auxiliary function calls can be written in any order, but
+ conventionally <function>errcode</function>
+ and <function>errmsg</function> appear first.
+ </para>
+
+ <para>
+ If the severity level is <literal>ERROR</literal> or higher,
+ <function>ereport</function> aborts execution of the current query
+ and does not return to the caller. If the severity level is
+ lower than <literal>ERROR</literal>, <function>ereport</function> returns normally.
+ </para>
+
+ <para>
+ The available auxiliary routines for <function>ereport</function> are:
+ <itemizedlist>
+ <listitem>
+ <para>
+ <function>errcode(sqlerrcode)</function> specifies the SQLSTATE error identifier
+ code for the condition. If this routine is not called, the error
+ identifier defaults to
+ <literal>ERRCODE_INTERNAL_ERROR</literal> when the error severity level is
+ <literal>ERROR</literal> or higher, <literal>ERRCODE_WARNING</literal> when the
+ error level is <literal>WARNING</literal>, otherwise (for <literal>NOTICE</literal>
+ and below) <literal>ERRCODE_SUCCESSFUL_COMPLETION</literal>.
+ While these defaults are often convenient, always think whether they
+ are appropriate before omitting the <function>errcode()</function> call.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errmsg(const char *msg, ...)</function> specifies the primary error
+ message text, and possibly run-time values to insert into it. Insertions
+ are specified by <function>sprintf</function>-style format codes. In addition to
+ the standard format codes accepted by <function>sprintf</function>, the format
+ code <literal>%m</literal> can be used to insert the error message returned
+ by <function>strerror</function> for the current value of <literal>errno</literal>.
+ <footnote>
+ <para>
+ That is, the value that was current when the <function>ereport</function> call
+ was reached; changes of <literal>errno</literal> within the auxiliary reporting
+ routines will not affect it. That would not be true if you were to
+ write <literal>strerror(errno)</literal> explicitly in <function>errmsg</function>'s
+ parameter list; accordingly, do not do so.
+ </para>
+ </footnote>
+ <literal>%m</literal> does not require any
+ corresponding entry in the parameter list for <function>errmsg</function>.
+ Note that the message string will be run through <function>gettext</function>
+ for possible localization before format codes are processed.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errmsg_internal(const char *msg, ...)</function> is the same as
+ <function>errmsg</function>, except that the message string will not be
+ translated nor included in the internationalization message dictionary.
+ This should be used for <quote>cannot happen</quote> cases that are probably
+ not worth expending translation effort on.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errmsg_plural(const char *fmt_singular, const char *fmt_plural,
+ unsigned long n, ...)</function> is like <function>errmsg</function>, but with
+ support for various plural forms of the message.
+ <replaceable>fmt_singular</replaceable> is the English singular format,
+ <replaceable>fmt_plural</replaceable> is the English plural format,
+ <replaceable>n</replaceable> is the integer value that determines which plural
+ form is needed, and the remaining arguments are formatted according
+ to the selected format string. For more information see
+ <xref linkend="nls-guidelines"/>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdetail(const char *msg, ...)</function> supplies an optional
+ <quote>detail</quote> message; this is to be used when there is additional
+ information that seems inappropriate to put in the primary message.
+ The message string is processed in just the same way as for
+ <function>errmsg</function>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdetail_internal(const char *msg, ...)</function> is the same
+ as <function>errdetail</function>, except that the message string will not be
+ translated nor included in the internationalization message dictionary.
+ This should be used for detail messages that are not worth expending
+ translation effort on, for instance because they are too technical to be
+ useful to most users.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdetail_plural(const char *fmt_singular, const char *fmt_plural,
+ unsigned long n, ...)</function> is like <function>errdetail</function>, but with
+ support for various plural forms of the message.
+ For more information see <xref linkend="nls-guidelines"/>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdetail_log(const char *msg, ...)</function> is the same as
+ <function>errdetail</function> except that this string goes only to the server
+ log, never to the client. If both <function>errdetail</function> (or one of
+ its equivalents above) and
+ <function>errdetail_log</function> are used then one string goes to the client
+ and the other to the log. This is useful for error details that are
+ too security-sensitive or too bulky to include in the report
+ sent to the client.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdetail_log_plural(const char *fmt_singular, const char
+ *fmt_plural, unsigned long n, ...)</function> is like
+ <function>errdetail_log</function>, but with support for various plural forms of
+ the message.
+ For more information see <xref linkend="nls-guidelines"/>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errhint(const char *msg, ...)</function> supplies an optional
+ <quote>hint</quote> message; this is to be used when offering suggestions
+ about how to fix the problem, as opposed to factual details about
+ what went wrong.
+ The message string is processed in just the same way as for
+ <function>errmsg</function>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errhint_plural(const char *fmt_singular, const char *fmt_plural,
+ unsigned long n, ...)</function> is like <function>errhint</function>, but with
+ support for various plural forms of the message.
+ For more information see <xref linkend="nls-guidelines"/>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errcontext(const char *msg, ...)</function> is not normally called
+ directly from an <function>ereport</function> message site; rather it is used
+ in <literal>error_context_stack</literal> callback functions to provide
+ information about the context in which an error occurred, such as the
+ current location in a PL function.
+ The message string is processed in just the same way as for
+ <function>errmsg</function>. Unlike the other auxiliary functions, this can
+ be called more than once per <function>ereport</function> call; the successive
+ strings thus supplied are concatenated with separating newlines.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errposition(int cursorpos)</function> specifies the textual location
+ of an error within a query string. Currently it is only useful for
+ errors detected in the lexical and syntactic analysis phases of
+ query processing.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errtable(Relation rel)</function> specifies a relation whose
+ name and schema name should be included as auxiliary fields in the error
+ report.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errtablecol(Relation rel, int attnum)</function> specifies
+ a column whose name, table name, and schema name should be included as
+ auxiliary fields in the error report.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errtableconstraint(Relation rel, const char *conname)</function>
+ specifies a table constraint whose name, table name, and schema name
+ should be included as auxiliary fields in the error report. Indexes
+ should be considered to be constraints for this purpose, whether or
+ not they have an associated <structname>pg_constraint</structname> entry. Be
+ careful to pass the underlying heap relation, not the index itself, as
+ <literal>rel</literal>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdatatype(Oid datatypeOid)</function> specifies a data
+ type whose name and schema name should be included as auxiliary fields
+ in the error report.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errdomainconstraint(Oid datatypeOid, const char *conname)</function>
+ specifies a domain constraint whose name, domain name, and schema name
+ should be included as auxiliary fields in the error report.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errcode_for_file_access()</function> is a convenience function that
+ selects an appropriate SQLSTATE error identifier for a failure in a
+ file-access-related system call. It uses the saved
+ <literal>errno</literal> to determine which error code to generate.
+ Usually this should be used in combination with <literal>%m</literal> in the
+ primary error message text.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errcode_for_socket_access()</function> is a convenience function that
+ selects an appropriate SQLSTATE error identifier for a failure in a
+ socket-related system call.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errhidestmt(bool hide_stmt)</function> can be called to specify
+ suppression of the <literal>STATEMENT:</literal> portion of a message in the
+ postmaster log. Generally this is appropriate if the message text
+ includes the current statement already.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <function>errhidecontext(bool hide_ctx)</function> can be called to
+ specify suppression of the <literal>CONTEXT:</literal> portion of a message in
+ the postmaster log. This should only be used for verbose debugging
+ messages where the repeated inclusion of context would bloat the log
+ too much.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ <note>
+ <para>
+ At most one of the functions <function>errtable</function>,
+ <function>errtablecol</function>, <function>errtableconstraint</function>,
+ <function>errdatatype</function>, or <function>errdomainconstraint</function> should
+ be used in an <function>ereport</function> call. These functions exist to
+ allow applications to extract the name of a database object associated
+ with the error condition without having to examine the
+ potentially-localized error message text.
+ These functions should be used in error reports for which it's likely
+ that applications would wish to have automatic error handling. As of
+ <productname>PostgreSQL</productname> 9.3, complete coverage exists only for
+ errors in SQLSTATE class 23 (integrity constraint violation), but this
+ is likely to be expanded in future.
+ </para>
+ </note>
+
+ <para>
+ There is an older function <function>elog</function> that is still heavily used.
+ An <function>elog</function> call:
+<programlisting>
+elog(level, "format string", ...);
+</programlisting>
+ is exactly equivalent to:
+<programlisting>
+ereport(level, errmsg_internal("format string", ...));
+</programlisting>
+ Notice that the SQLSTATE error code is always defaulted, and the message
+ string is not subject to translation.
+ Therefore, <function>elog</function> should be used only for internal errors and
+ low-level debug logging. Any message that is likely to be of interest to
+ ordinary users should go through <function>ereport</function>. Nonetheless,
+ there are enough internal <quote>cannot happen</quote> error checks in the
+ system that <function>elog</function> is still widely used; it is preferred for
+ those messages for its notational simplicity.
+ </para>
+
+ <para>
+ Advice about writing good error messages can be found in
+ <xref linkend="error-style-guide"/>.
+ </para>
+ </sect1>
+
+ <sect1 id="error-style-guide">
+ <title>Error Message Style Guide</title>
+
+ <para>
+ This style guide is offered in the hope of maintaining a consistent,
+ user-friendly style throughout all the messages generated by
+ <productname>PostgreSQL</productname>.
+ </para>
+
+ <simplesect>
+ <title>What Goes Where</title>
+
+ <para>
+ The primary message should be short, factual, and avoid reference to
+ implementation details such as specific function names.
+ <quote>Short</quote> means <quote>should fit on one line under normal
+ conditions</quote>. Use a detail message if needed to keep the primary
+ message short, or if you feel a need to mention implementation details
+ such as the particular system call that failed. Both primary and detail
+ messages should be factual. Use a hint message for suggestions about what
+ to do to fix the problem, especially if the suggestion might not always be
+ applicable.
+ </para>
+
+ <para>
+ For example, instead of:
+<programlisting>
+IpcMemoryCreate: shmget(key=%d, size=%u, 0%o) failed: %m
+(plus a long addendum that is basically a hint)
+</programlisting>
+ write:
+<programlisting>
+Primary: could not create shared memory segment: %m
+Detail: Failed syscall was shmget(key=%d, size=%u, 0%o).
+Hint: the addendum
+</programlisting>
+ </para>
+
+ <para>
+ Rationale: keeping the primary message short helps keep it to the point,
+ and lets clients lay out screen space on the assumption that one line is
+ enough for error messages. Detail and hint messages can be relegated to a
+ verbose mode, or perhaps a pop-up error-details window. Also, details and
+ hints would normally be suppressed from the server log to save
+ space. Reference to implementation details is best avoided since users
+ aren't expected to know the details.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Formatting</title>
+
+ <para>
+ Don't put any specific assumptions about formatting into the message
+ texts. Expect clients and the server log to wrap lines to fit their own
+ needs. In long messages, newline characters (\n) can be used to indicate
+ suggested paragraph breaks. Don't end a message with a newline. Don't
+ use tabs or other formatting characters. (In error context displays,
+ newlines are automatically added to separate levels of context such as
+ function calls.)
+ </para>
+
+ <para>
+ Rationale: Messages are not necessarily displayed on terminal-type
+ displays. In GUI displays or browsers these formatting instructions are
+ at best ignored.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Quotation Marks</title>
+
+ <para>
+ English text should use double quotes when quoting is appropriate.
+ Text in other languages should consistently use one kind of quotes that is
+ consistent with publishing customs and computer output of other programs.
+ </para>
+
+ <para>
+ Rationale: The choice of double quotes over single quotes is somewhat
+ arbitrary, but tends to be the preferred use. Some have suggested
+ choosing the kind of quotes depending on the type of object according to
+ SQL conventions (namely, strings single quoted, identifiers double
+ quoted). But this is a language-internal technical issue that many users
+ aren't even familiar with, it won't scale to other kinds of quoted terms,
+ it doesn't translate to other languages, and it's pretty pointless, too.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Use of Quotes</title>
+
+ <para>
+ Always use quotes to delimit file names, user-supplied identifiers, and
+ other variables that might contain words. Do not use them to mark up
+ variables that will not contain words (for example, operator names).
+ </para>
+
+ <para>
+ There are functions in the backend that will double-quote their own output
+ as needed (for example, <function>format_type_be()</function>). Do not put
+ additional quotes around the output of such functions.
+ </para>
+
+ <para>
+ Rationale: Objects can have names that create ambiguity when embedded in a
+ message. Be consistent about denoting where a plugged-in name starts and
+ ends. But don't clutter messages with unnecessary or duplicate quote
+ marks.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Grammar and Punctuation</title>
+
+ <para>
+ The rules are different for primary error messages and for detail/hint
+ messages:
+ </para>
+
+ <para>
+ Primary error messages: Do not capitalize the first letter. Do not end a
+ message with a period. Do not even think about ending a message with an
+ exclamation point.
+ </para>
+
+ <para>
+ Detail and hint messages: Use complete sentences, and end each with
+ a period. Capitalize the first word of sentences. Put two spaces after
+ the period if another sentence follows (for English text; might be
+ inappropriate in other languages).
+ </para>
+
+ <para>
+ Error context strings: Do not capitalize the first letter and do
+ not end the string with a period. Context strings should normally
+ not be complete sentences.
+ </para>
+
+ <para>
+ Rationale: Avoiding punctuation makes it easier for client applications to
+ embed the message into a variety of grammatical contexts. Often, primary
+ messages are not grammatically complete sentences anyway. (And if they're
+ long enough to be more than one sentence, they should be split into
+ primary and detail parts.) However, detail and hint messages are longer
+ and might need to include multiple sentences. For consistency, they should
+ follow complete-sentence style even when there's only one sentence.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Upper Case vs. Lower Case</title>
+
+ <para>
+ Use lower case for message wording, including the first letter of a
+ primary error message. Use upper case for SQL commands and key words if
+ they appear in the message.
+ </para>
+
+ <para>
+ Rationale: It's easier to make everything look more consistent this
+ way, since some messages are complete sentences and some not.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Avoid Passive Voice</title>
+
+ <para>
+ Use the active voice. Use complete sentences when there is an acting
+ subject (<quote>A could not do B</quote>). Use telegram style without
+ subject if the subject would be the program itself; do not use
+ <quote>I</quote> for the program.
+ </para>
+
+ <para>
+ Rationale: The program is not human. Don't pretend otherwise.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Present vs. Past Tense</title>
+
+ <para>
+ Use past tense if an attempt to do something failed, but could perhaps
+ succeed next time (perhaps after fixing some problem). Use present tense
+ if the failure is certainly permanent.
+ </para>
+
+ <para>
+ There is a nontrivial semantic difference between sentences of the form:
+<programlisting>
+could not open file "%s": %m
+</programlisting>
+and:
+<programlisting>
+cannot open file "%s"
+</programlisting>
+ The first one means that the attempt to open the file failed. The
+ message should give a reason, such as <quote>disk full</quote> or
+ <quote>file doesn't exist</quote>. The past tense is appropriate because
+ next time the disk might not be full anymore or the file in question might
+ exist.
+ </para>
+
+ <para>
+ The second form indicates that the functionality of opening the named file
+ does not exist at all in the program, or that it's conceptually
+ impossible. The present tense is appropriate because the condition will
+ persist indefinitely.
+ </para>
+
+ <para>
+ Rationale: Granted, the average user will not be able to draw great
+ conclusions merely from the tense of the message, but since the language
+ provides us with a grammar we should use it correctly.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Type of the Object</title>
+
+ <para>
+ When citing the name of an object, state what kind of object it is.
+ </para>
+
+ <para>
+ Rationale: Otherwise no one will know what <quote>foo.bar.baz</quote>
+ refers to.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Brackets</title>
+
+ <para>
+ Square brackets are only to be used (1) in command synopses to denote
+ optional arguments, or (2) to denote an array subscript.
+ </para>
+
+ <para>
+ Rationale: Anything else does not correspond to widely-known customary
+ usage and will confuse people.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Assembling Error Messages</title>
+
+ <para>
+ When a message includes text that is generated elsewhere, embed it in
+ this style:
+<programlisting>
+could not open file %s: %m
+</programlisting>
+ </para>
+
+ <para>
+ Rationale: It would be difficult to account for all possible error codes
+ to paste this into a single smooth sentence, so some sort of punctuation
+ is needed. Putting the embedded text in parentheses has also been
+ suggested, but it's unnatural if the embedded text is likely to be the
+ most important part of the message, as is often the case.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Reasons for Errors</title>
+
+ <para>
+ Messages should always state the reason why an error occurred.
+ For example:
+<programlisting>
+BAD: could not open file %s
+BETTER: could not open file %s (I/O failure)
+</programlisting>
+ If no reason is known you better fix the code.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Function Names</title>
+
+ <para>
+ Don't include the name of the reporting routine in the error text. We have
+ other mechanisms for finding that out when needed, and for most users it's
+ not helpful information. If the error text doesn't make as much sense
+ without the function name, reword it.
+<programlisting>
+BAD: pg_strtoint32: error in "z": cannot parse "z"
+BETTER: invalid input syntax for type integer: "z"
+</programlisting>
+ </para>
+
+ <para>
+ Avoid mentioning called function names, either; instead say what the code
+ was trying to do:
+<programlisting>
+BAD: open() failed: %m
+BETTER: could not open file %s: %m
+</programlisting>
+ If it really seems necessary, mention the system call in the detail
+ message. (In some cases, providing the actual values passed to the
+ system call might be appropriate information for the detail message.)
+ </para>
+
+ <para>
+ Rationale: Users don't know what all those functions do.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Tricky Words to Avoid</title>
+
+ <formalpara>
+ <title>Unable</title>
+ <para>
+ <quote>Unable</quote> is nearly the passive voice. Better use
+ <quote>cannot</quote> or <quote>could not</quote>, as appropriate.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Bad</title>
+ <para>
+ Error messages like <quote>bad result</quote> are really hard to interpret
+ intelligently. It's better to write why the result is <quote>bad</quote>,
+ e.g., <quote>invalid format</quote>.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Illegal</title>
+ <para>
+ <quote>Illegal</quote> stands for a violation of the law, the rest is
+ <quote>invalid</quote>. Better yet, say why it's invalid.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Unknown</title>
+ <para>
+ Try to avoid <quote>unknown</quote>. Consider <quote>error: unknown
+ response</quote>. If you don't know what the response is, how do you know
+ it's erroneous? <quote>Unrecognized</quote> is often a better choice.
+ Also, be sure to include the value being complained of.
+<programlisting>
+BAD: unknown node type
+BETTER: unrecognized node type: 42
+</programlisting>
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Find vs. Exists</title>
+ <para>
+ If the program uses a nontrivial algorithm to locate a resource (e.g., a
+ path search) and that algorithm fails, it is fair to say that the program
+ couldn't <quote>find</quote> the resource. If, on the other hand, the
+ expected location of the resource is known but the program cannot access
+ it there then say that the resource doesn't <quote>exist</quote>. Using
+ <quote>find</quote> in this case sounds weak and confuses the issue.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>May vs. Can vs. Might</title>
+ <para>
+ <quote>May</quote> suggests permission (e.g., "You may borrow my rake."),
+ and has little use in documentation or error messages.
+ <quote>Can</quote> suggests ability (e.g., "I can lift that log."),
+ and <quote>might</quote> suggests possibility (e.g., "It might rain
+ today."). Using the proper word clarifies meaning and assists
+ translation.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Contractions</title>
+ <para>
+ Avoid contractions, like <quote>can't</quote>; use
+ <quote>cannot</quote> instead.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Non-negative</title>
+ <para>
+ Avoid <quote>non-negative</quote> as it is ambiguous
+ about whether it accepts zero. It's better to use
+ <quote>greater than zero</quote> or
+ <quote>greater than or equal to zero</quote>.
+ </para>
+ </formalpara>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Proper Spelling</title>
+
+ <para>
+ Spell out words in full. For instance, avoid:
+ <itemizedlist>
+ <listitem>
+ <para>
+ spec
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ stats
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ parens
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ auth
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xact
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ <para>
+ Rationale: This will improve consistency.
+ </para>
+
+ </simplesect>
+
+ <simplesect>
+ <title>Localization</title>
+
+ <para>
+ Keep in mind that error message texts need to be translated into other
+ languages. Follow the guidelines in <xref linkend="nls-guidelines"/>
+ to avoid making life difficult for translators.
+ </para>
+ </simplesect>
+
+ </sect1>
+
+ <sect1 id="source-conventions">
+ <title>Miscellaneous Coding Conventions</title>
+
+ <simplesect>
+ <title>C Standard</title>
+ <para>
+ Code in <productname>PostgreSQL</productname> should only rely on language
+ features available in the C99 standard. That means a conforming
+ C99 compiler has to be able to compile postgres, at least aside
+ from a few platform dependent pieces.
+ </para>
+ <para>
+ A few features included in the C99 standard are, at this time, not
+ permitted to be used in core <productname>PostgreSQL</productname>
+ code. This currently includes variable length arrays, intermingled
+ declarations and code, <literal>//</literal> comments, universal
+ character names. Reasons for that include portability and historical
+ practices.
+ </para>
+ <para>
+ Features from later revisions of the C standard or compiler specific
+ features can be used, if a fallback is provided.
+ </para>
+ <para>
+ For example <literal>_Static_assert()</literal> and
+ <literal>__builtin_constant_p</literal> are currently used, even though
+ they are from newer revisions of the C standard and a
+ <productname>GCC</productname> extension respectively. If not available
+ we respectively fall back to using a C99 compatible replacement that
+ performs the same checks, but emits rather cryptic messages and do not
+ use <literal>__builtin_constant_p</literal>.
+ </para>
+ </simplesect>
+
+ <simplesect>
+ <title>Function-Like Macros and Inline Functions</title>
+ <para>
+ Both macros with arguments and <literal>static inline</literal>
+ functions may be used. The latter are preferable if there are
+ multiple-evaluation hazards when written as a macro, as e.g., the
+ case with
+<programlisting>
+#define Max(x, y) ((x) > (y) ? (x) : (y))
+</programlisting>
+ or when the macro would be very long. In other cases it's only
+ possible to use macros, or at least easier. For example because
+ expressions of various types need to be passed to the macro.
+ </para>
+ <para>
+ When the definition of an inline function references symbols
+ (i.e., variables, functions) that are only available as part of the
+ backend, the function may not be visible when included from frontend
+ code.
+<programlisting>
+#ifndef FRONTEND
+static inline MemoryContext
+MemoryContextSwitchTo(MemoryContext context)
+{
+ MemoryContext old = CurrentMemoryContext;
+
+ CurrentMemoryContext = context;
+ return old;
+}
+#endif /* FRONTEND */
+</programlisting>
+ In this example <literal>CurrentMemoryContext</literal>, which is only
+ available in the backend, is referenced and the function thus
+ hidden with a <literal>#ifndef FRONTEND</literal>. This rule
+ exists because some compilers emit references to symbols
+ contained in inline functions even if the function is not used.
+ </para>
+ </simplesect>
+
+ <simplesect>
+ <title>Writing Signal Handlers</title>
+ <para>
+ To be suitable to run inside a signal handler code has to be
+ written very carefully. The fundamental problem is that, unless
+ blocked, a signal handler can interrupt code at any time. If code
+ inside the signal handler uses the same state as code outside
+ chaos may ensue. As an example consider what happens if a signal
+ handler tries to acquire a lock that's already held in the
+ interrupted code.
+ </para>
+ <para>
+ Barring special arrangements code in signal handlers may only
+ call async-signal safe functions (as defined in POSIX) and access
+ variables of type <literal>volatile sig_atomic_t</literal>. A few
+ functions in <command>postgres</command> are also deemed signal safe, importantly
+ <function>SetLatch()</function>.
+ </para>
+ <para>
+ In most cases signal handlers should do nothing more than note
+ that a signal has arrived, and wake up code running outside of
+ the handler using a latch. An example of such a handler is the
+ following:
+<programlisting>
+static void
+handle_sighup(SIGNAL_ARGS)
+{
+ int save_errno = errno;
+
+ got_SIGHUP = true;
+ SetLatch(MyLatch);
+
+ errno = save_errno;
+}
+</programlisting>
+ <varname>errno</varname> is saved and restored because
+ <function>SetLatch()</function> might change it. If that were not done
+ interrupted code that's currently inspecting <varname>errno</varname> might see the wrong
+ value.
+ </para>
+ </simplesect>
+
+ <simplesect>
+ <title>Calling Function Pointers</title>
+
+ <para>
+ For clarity, it is preferred to explicitly dereference a function pointer
+ when calling the pointed-to function if the pointer is a simple variable,
+ for example:
+<programlisting>
+(*emit_log_hook) (edata);
+</programlisting>
+ (even though <literal>emit_log_hook(edata)</literal> would also work).
+ When the function pointer is part of a structure, then the extra
+ punctuation can and usually should be omitted, for example:
+<programlisting>
+paramInfo->paramFetch(paramInfo, paramId);
+</programlisting>
+ </para>
+ </simplesect>
+ </sect1>
+ </chapter>