/*程序员第八期有此文章,并且请了各位专家来点评,很不错。不过,该文翻译稍微有些问题,共享英文原版,想看者看。*/
Appendix E. C# Coding Standard
A comprehensive coding standard is essential for a successful product delivery. The standard helps in enforcing best practices and avoiding pitfalls, and makes knowledge dissemination across the team easier. Traditionally, coding standards are thick, laborious documents, spanning hundreds of pages and detailing the rationale behind every directive. While these are still better than no standard at all, such efforts are usually indigestible by the average developer. In contrast, the C# coding standard presented in this appendix is very thin on the "why" and very detailed on the "what" and the "how." I believe that while fully understanding every insight that goes into a particular programming decision may require reading books such as this and even years of experience, applying the standard should not. When absorbing a new developer into your team, you should be able to simply point him or her at the standard and say: "Read this first." Being able to comply with a good standard should come before fully understanding and appreciating itthat should come over time, with experience. The coding standard presented next is based on this book, and it captures its best practices, dos and don'ts, helper classes, pitfalls, guidelines, and recommendations, as well as naming conventions and styles, project settings and structure, and framework-specific guidelines. Since I published this standard, it has become the de facto industry standard for C# and .NET development.
Naming Conventions and Styles
-
Use Pascal casing for type and method names and constants:
public class SomeClass { const int DefaultSize = 100; public SomeMethod( ) {} }
-
Use camel casing for local variable names and method arguments:
int number; void MyMethod(int someNumber) {}
-
Prefix interface names with I:
interface IMyInterface {..}
-
Prefix private member variables with m_.
-
Suffix custom attribute classes with Attribute.
-
Suffix custom exception classes with Exception.
-
Name methods using verb/object pairs, such as ShowDialog( ).
-
Methods with return values should have names describing the values returned, such as GetObjectState( ).
-
Use descriptive variable names.
-
Avoid single-character variable names, such as i or t. Use index or temp instead.
-
Avoid using Hungarian notation for public or protected members.
-
Avoid abbreviating words (such as num instead of number).
-
-
Always use C# predefined types, rather than the aliases in the System namespace. For example:
object NOT Object string NOT String intNOT Int32
-
With generics, use capital letters for types. Reserve suffixing Type for when dealing with the .NET type Type:
//Correct: public class LinkedList<K,T> {...} //Avoid: public class LinkedList<KeyType,DataType> {...}
-
Use meaningful namespace names, such as the product name or the company name.
-
Avoid fully qualified type names. Use the using statement instead.
-
Avoid putting a using statement inside a namespace.
-
Group all framework namespaces together and put custom or third-party namespaces underneath:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using MyCompany; using MyControls;
-
Use delegate inference instead of explicit delegate instantiation:
delegate void SomeDelegate( ); public void SomeMethod( ) {...} SomeDelegate someDelegate = SomeMethod;
-
Maintain strict indentation. Do not use tabs or nonstandard indentation, such as one space. Recommended values are three or four spaces.
-
Indent comments at the same level of indentation as the code that you are documenting.
-
All comments should pass spellchecking. Misspelled comments indicate sloppy development.
-
All member variables should be declared at the top, with one line separating them from the properties or methods:
public class MyClass { int m_Number; string m_Name; public void SomeMethod1( ) {} public void SomeMethod2( ) {} }
-
Declare a local variable as close as possible to its first use.
-
A filename should reflect the class it contains.
-
When using partial types and allocating a part per file, name each file after the logical part that part plays. For example:
//In MyClass.cs public partial class MyClass {...} //In MyClass.Designer.cs public partial class MyClass {...}
-
Always place an open curly brace ({) in a new line.
-
With anonymous methods, mimic the code layout of a regular method, aligned with the anonymous delegate declaration (this complies with placing an open curly brace in a new line):
delegate void SomeDelegate(string someString); //Correct: public void InvokeMethod( ) { SomeDelegate someDelegate = delegate(string name) { MessageBox.Show(name); }; someDelegate("Juval"); } //Avoid public void InvokeMethod( ) { SomeDelegate someDelegate = delegate(string name){MessageBox.Show(name);}; someDelegate("Juval"); }
-
Use empty parentheses on parameter-less anonymous methods. Omit the parentheses only if the anonymous method could have been used on any delegate:
delegate void SomeDelegate( ); //Correct SomeDelegate someDelegate1 = delegate( ) { MessageBox.Show("Hello"); }; //Avoid SomeDelegate someDelegate1 = delegate { MessageBox.Show("Hello"); };
Coding Practices
-
Avoid putting multiple classes in a single file.
-
A single file should contribute types to only a single namespace. Avoid having multiple namespaces in the same file.
-
Avoid files with more than 500 lines (excluding machine-generated code).
-
Avoid methods with more than 25 lines.
-
Avoid methods with more than five arguments. Use structures for passing multiple arguments.
-
Lines should not exceed 80 characters.
-
Do not manually edit any machine-generated code.
-
If modifying machine-generated code, modify the format and style to match this coding standard.
-
Use partial classes whenever possible to factor out the maintained portions.
-
-
Avoid comments that explain the obvious. Code should be self-explanatory. Good code with readable variable and method names should not require comments.
-
Document only operational assumptions, algorithm insights, and so on.
-
Avoid method-level documentation.
-
Use extensive external documentation for API documentation.
-
Use method-level comments only as tool tips for other developers.
-
-
With the exception of zero and one, never hardcode a numeric value; always declare a constant instead.
-
Use the const directive only on natural constants, such as the number of days of the week.
-
Avoid using const on read-only variables. For that, use the readonly directive:
public class MyClass { public const int DaysInWeek = 7; public readonlyint Number; public MyClass(int someValue) { Number = someValue; } }
-
Assert every assumption. On average, every fifth line is an assertion:
using System.Diagnostics; object GetObject( ) {...} object someObject = GetObject( ); Debug.Assert(someObject != null);
-
Every line of code should be walked through in a "white box" testing manner.
-
Catch only exceptions for which you have explicit handling.
-
In a catch statement that throws an exception, always throw the original exception (or another exception constructed from the original exception) to maintain the stack location of the original error:
catch(Exception exception) { MessageBox.Show(exception.Message); throw; //Same as throw exception; }
-
Avoid error code as method return values.
-
Avoid defining custom exception classes.
-
When defining custom exceptions:
-
Derive the custom exception from Exception.
-
Provide custom serialization.
-
-
Avoid multiple Main( ) methods in a single assembly.
-
Make only the most necessary types public; mark others as internal.
-
Avoid friend assemblies, as they increase interassembly coupling.
-
Avoid code that relies on an assembly running from a particular location.
-
Minimize code in application assemblies (i.e., EXE client assemblies). Use class libraries instead to contain business logic.
-
Avoid providing explicit values for enums:
//Correct public enum Color { Red,Green,Blue } //Avoid public enum Color { Red = 1,Green = 2,Blue = 3 }
-
Avoid specifying a type for an enum:
//Avoid public enum Color : long { Red,Green,Blue }
-
Always use a curly brace scope in an if statement, even if it contains a single statement.
-
Avoid using the trinary conditional operator.
-
Avoid function calls in Boolean conditional statements. Assign into local variables and check on them:
bool IsEverythingOK( ) {...} //Avoid: if(IsEverythingOK( )) {...} //Correct: bool ok = IsEverythingOK( ); if(ok) {...}
-
Always use zero-based arrays.
-
Always explicitly initialize an array of reference types:
public class MyClass {} const int ArrraySize = 100; MyClass[] array = new MyClass[ArrraySize]; for(int index = 0; index < array.Length; index++) { array[index] = new MyClass( ); }
-
Do not provide public or protected member variables. Use properties instead.
-
Avoid using the new inheritance qualifier. Use override instead.
-
Always mark public and protected methods as virtual in a non-sealed class.
-
Never use unsafe code, except when using interop.
-
Avoid explicit casting. Use the as operator to defensively cast to a type:
Dog dog = new GermanShepherd( ); GermanShepherd shepherd = dog asGermanShepherd; if(shepherd != null) {...}
-
Always check a delegate for null before invoking it.
-
Do not provide public event member variables. Use event accessors instead.
-
Avoid defining event-handling delegates. Use GenericEventHandler instead.
-
Avoid raising events explicitly. Use EventsHelper to publish events defensively.
-
Always use interfaces.
-
Classes and interfaces should have at least a 2:1 ratio of methods to properties.
-
Avoid interfaces with one member.
-
Strive to have three to five members per interface.
-
Do not have more than 20 members per interface. The practical limit is probably 12.
-
Avoid events as interface members.
-
When using abstract classes, offer an interface as well.
-
Expose interfaces on class hierarchies.
-
Prefer using explicit interface implementation.
-
Never assume a type supports an interface. Defensively query for that interface:
SomeType obj1; IMyInterface obj2; /* Some code to initialize obj1, then: */ obj2 = obj1 as IMyInterface; if(obj2 != null) { obj2.Method1( ); } else { //Handle error in expected interface }
-
Never hardcode strings that will be presented to end users. Use resources instead.
-
Never hardcode strings that might change based on deployment, such as connection strings.
-
Use String.Empty instead of "":
//Avoid string name = ""; //Correct string name = String.Empty;
-
When building a long string, use StringBuilder, not string.
-
Avoid providing methods on structures.
-
Parameterized constructors are encouraged.
-
You can overload operators.
-
-
Always provide a static constructor when providing static member variables.
-
Do not use late-binding invocation when early binding is possible.
-
Use application logging and tracing.
-
Never use goto, except in a switch statement fall-through.
-
Always have a default case in a switch statement that asserts:
int number = SomeMethod( ); switch(number) { case 1: Trace.WriteLine("Case 1:"); break; case 2: Trace.WriteLine("Case 2:"); break; default: Debug.Assert(false); break; }
-
Do not use the this reference unless invoking another constructor from within a constructor:
//Example of proper use of 'this' public class MyClass { public MyClass(string message) {} public MyClass( ) : this("Hello") {} }
-
Do not use the base word to access base class members unless you wish to resolve a conflict with a subclass member of the same name or when invoking a base class constructor:
//Example of proper use of 'base' public class Dog { public Dog(string name) {} virtual public void Bark(int howLong) {} } public class GermanShepherd : Dog { public GermanShepherd(string name) : base(name) {} override public void Bark(int howLong) { base.Bark(howLong); } }
-
Do not use GC.AddMemoryPressure( ).
-
Do not rely on HandleCollector.
-
Implement Dispose( ) and Finalize( ) methods based on the template in Chapter 4.
-
Always run code unchecked by default (for the sake of performance), but explicitly in checked mode for overflow- or underflow-prone operations:
int CalcPower(int number,int power) { int result = 1; for(int count = 1;count <= power;count++) { checked { result *= number; } } return result; }
-
Avoid explicit code exclusion of method calls (#if...#endif). Use conditional methods instead:
public class MyClass { [Conditional("MySpecialCondition")] public void MyMethod( ) {} }
-
Avoid casting to and from System.Object in code that uses generics. Use constraints or the as operator instead:
class SomeClass {} //Avoid: class MyClass<T> { void SomeMethod(T t) { object temp = t; SomeClass obj = (SomeClass)temp; } } //Correct: class MyClass<T> where T : SomeClass { void SomeMethod(T t) { SomeClass obj = t; } }
-
Do not define constraints in generic interfaces. Interface-level constraints can often be replaced by strong typing:
public class Customer {...} //Avoid: public interface IList<T> where T : Customer {...} //Correct: public interface ICustomerList : IList<Customer> {...}
-
Do not define method-specific constraints in interfaces.
-
If a class or a method offers both generic and non-generic flavors, always prefer using the generics flavor.
-
When implementing a generic interface that derived from an equivalent non-generic interface (such as IEnumerable<T>), use explicit interface implementation on all methods, and implement the non-generic methods by delegating to the generic ones:
class MyCollection<T> : IEnumerable<T> { IEnumerator<T> IEnumerable<T>.GetEnumerator() {...} IEnumerator IEnumerable.GetEnumerator() { IEnumerable<T> enumerable = this; return enumerable.GetEnumerator(); } }
Project Settings and Project Structure
Always build your projects with Warning Level 4 (see Figure E-1).
Treat warnings as errors in the Release build (note that this is not the default of Visual Studio). Although it is optional, this standard recommends treating warnings as errors in Debug builds as well.
Avoid suppressing specific compiler warnings.
Avoid explicit custom version redirection and binding to CLR assemblies.
Avoid explicit preprocessor definitions (#define). Use the project settings for defining conditional compilation constants.
Do not put any logic inside AssemblyInfo.cs.
Do not put any assembly attributes in any file other than AssemblyInfo.cs.
Populate all fields in AssemblyInfo.cs, such as company name, description, and copyright notice.
All assembly references should use relative paths.
Disallow cyclic references between assemblies.
Avoid multi-module assemblies.
Avoid tampering with exception handling using the Exception window (Debug
Exceptions).
Strive to use uniform version numbers on all assemblies and clients in the same logical application (typically, a solution). Use the SolutionInfo.cs technique from Chapter 5 to automate.
Name your Visual Studio 2005 application configuration file App.config, and include it in the project.
Modify the Visual Studio 2005 default project structure to your project's standard layout, and apply a uniform structure for project folders and files.
A release build should contain debug symbols (see Figure E-2).
Figure E-2. The Advanced Build Settings dialog
![]()
Always sign your assemblies, including the client applications.
Use password-protected keys.
Framework-Specific Guidelines
Multithreading
Never call outside your synchronization domain.
Manage asynchronous call completion on a callback method. Do not wait, poll, or block for completion.
Always name your threads:
Thread currentThread = Thread.CurrentThread; string threadName = "Main UI Thread"; currentThread.Name = threadName;
The name is traced in the debugger Threads window, making debug sessions more productive.
Do not call Suspend( ) or Resume( ) on a thread.
Do not call Thread.Sleep( ), except in the following conditions:
Thread.Sleep(0) is an acceptable optimization technique to force a context switch.
Thread.Sleep( ) is acceptable in testing or simulation code.
Do not call THRead.SpinWait( ).
Do not call Thread.Abort( ) to terminate threads. Use a synchronization object instead to signal the thread to terminate.
Avoid explicitly setting the thread priority to control execution. You can set the thread priority based on task semantics (such as ThreadPriority.BelowNormal for a screensaver).
Do not read the value of the ThreadState property. Use Thread.IsAlive( ) to determine whether the thread is dead or alive.
Do not rely on setting the thread type to background thread for application shutdown. Use a watchdog or other monitoring entity to deterministically kill threads.
Do not use the thread local storage unless thread affinity is guaranteed.
Do not call Thread.MemoryBarrier( ).
Never call Thread.Join( ) without checking that you are not joining your own thread:
void WaitForThreadToDie(Thread thread) { Debug.Assert(Thread.CurrentThread.ManagedThreadId != thread.ManagedThreadId); thread.Join( ); }
Always use the lock( ) statement rather than explicit Monitor manipulation.
Always encapsulate the lock( ) statement inside the object it protects:
public class MyClass { public void DoSomething( ) { lock(this) {...} } }
You can use synchronized methods instead of writing the lock( ) statement yourself.
Avoid fragmented locking.
Avoid using a Monitor to wait or pulse objects. Use manual or auto-reset events instead.
Do not use volatile variables. Lock your object or fields instead to guarantee deterministic and thread-safe access. Do not use THRead.VolatileRead( ), Thread.VolatileWrite( ), or the volatile modifier.
Avoid increasing the maximum number of threads in the thread pool.
Never stack lock( ) statements, because that does not provide atomic locking:
MyClass obj1 = new MyClass( ); MyClass obj2 = new MyClass( ); MyClass obj3 = new MyClass( ); //Do not stack lock statements lock(obj1) lock(obj2) lock(obj3) { obj1.DoSomething( ); obj2.DoSomething( ); obj3.DoSomething( ); }
Use WaitHandle.WaitAll( ) instead.
Serialization
Prefer the binary formatter.
Use the generic IGenericFormatter interface.
Always mark non-sealed classes as serializable.
When implementing IDeserializationCallback on a non-sealed class, make sure to do so in a way that allows subclasses to call the base class implementation of OnDeserialization( ).
Always mark unserializable member variables as non-serializable.
Always mark delegates on a serialized class as non-serializable fields:
[Serializable] public class MyClass { [field:NonSerialized] public event EventHandler MyEvent; }
Remoting
Prefer administrative configuration to programmatic configuration.
Always implement IDisposable on single-call objects.
Always provide a null lease for a singleton object:
public class MySingleton : MarshalByRefObject { public override object InitializeLifetimeService( ) { return null; } }
Always provide a sponsor for a client-activated object. The sponsor should return the initial lease time.
Always unregister the sponsor on client application shutdown.
Always put remote objects in class libraries.
Avoid using SoapSuds.exe.
Avoid hosting in IIS.
Avoid using uni-directional channels.
Always load a remoting configuration file in Main( ), even if the file is empty and the application does not use remoting:
static void Main( ) { RemotingConfigurationEx.Configure( ); /* Rest of Main( ) */ }
Avoid using Activator.GetObject( ) and Activator.CreateInstance( ) for remote object activation. Use new instead.
Always register port 0 on the client side, to allow callbacks.
Always elevate type filtering to Full on both client and host, to allow callbacks.
Security
Always demand your own strong name on assemblies and components that are private to the application, but are public (so that only you can use them):
public class PublicKeys { public const string MyCompany = "1234567894800000940000000602000000240000"+ "52534131000400000100010007D1FA57C4AED9F0"+ "A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C83"+ "4C99921EB23BE79AD9D5DCC1DD9AD23613210290"+ "0B723CF980957FC4E177108FC607774F29E8320E"+ "92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99"+ "285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF"+ "0FC4963D261C8A12436518206DC093344D5AD293"; } [StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey = PublicKeys.MyCompany)] public class MyClass {...}
Apply encryption and security protection on application configuration files.
When importing an interop method, assert unmanaged code permission and demand appropriate permission instead:
[DllImport("user32",EntryPoint="MessageBoxA")] private static extern int Show(IntPtr handle,string text,string caption, int msgType); [SecurityPermission(SecurityAction.Assert,UnmanagedCode = true)] [UIPermission(SecurityAction.Demand, Window = UIPermissionWindow.SafeTopLevelWindows)] public static void Show(string text,string caption) { Show(IntPtr.Zero,text,caption,0); }
Do not suppress unmanaged code access via the SuppressUnmanagedCodeSecurity attribute.
Do not use the /unsafe switch of TlbImp.exe. Wrap the RCW in managed code so that you can assert and demand permissions declaratively on the wrapper.
On server machines, deploy a code access security policy that grants only Microsoft, ECMA, and self (identified by a strong name) full trust. Code originating from anywhere else is implicitly granted nothing.
On client machines, deploy a security policy that grants client application only the permissions to execute, to call back the server, and to potentially display user interface. When not using ClickOnce, client application should be identified by a strong name in the code groups.
To counter a luring attack, always refuse at the assembly level all permissions not required to perform the task at hand:
[assembly:UIPermission(SecurityAction.RequestRefuse, Window=UIPermissionWindow.AllWindows)]
Always set the principal policy in every Main( ) method to Windows:
public class MyClass { static void Main( ) { AppDomain currentDomain = AppDomain.CurrentDomain; currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); } //other methods }
Never assert a permission without demanding a different permission in its place.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
