Guide to writing portable and efficient code in C

This guide mainly focuses prime issues that are involved in writing professional code, which is very efficient both in terms of space and time as well as be readily ported, to different systems with minimal changes. Writing portable code is an area, which is not paid much heed in the initial period of project. The code might work on the developers’ system architecture but once it goes to field, bugs began to raise their ugly heads. This way although time to market the product minimizes but overall time for final product maturity decreases. The best approach for any developer is to avoid bugs in the first place.

One of the easiest ways to write portable software is to do it in a language that is itself portable. However every project has different requirements and hence prime coding language is chosen after a thorough evaluation of various aspects like nature and type of project, development period of project, its application, developers‘ability etc. This guide primarily focuses on portability issues relating to modules written in C language. Further if “used properly”, C language can be portable, but in practice, developers are bugged of many portability problems due to non-portable libraries & header files due to ‘n’ number of reasons of which many would be discussed in this article.

The introduction section briefly explains the topic of the article. It consists of three main sections. The first section consists of common aspects that enhance (or reduce if not used properly) portability of any generic code. The next section gives tips and suggestions pertaining to the design level with specific examples to explain the idea. The last, but not the least section, is a conclusion section, which is followed by references and web resources.


Intended audience

This guide is intended for reference of software developers working in small to large projects using C language as their base coding language. This will also be useful for any person who is aspiring to be a professional developer in systems side programming. It would also help those who are working on compilers and user level libraries. Further it will be a starting point for those who are making move from college level projects to industrial level live projects.

Prerequisites

• C language
• Programming Concepts,
• Data Structures
• Basic Understanding of Compiler



1. Problems and suggestions

This section will focus on developing an approach to write efficient, portable and bug free code.

1. Follow a systematic approach at design time

The main intent of any programmer should ideally be to write less LOC (lines of code) with fewer bugs than more LOC having more potential bugs. It is not feasible to continually re-engineer old modules to make them suitable for the present needs. Design stage is most critical in any product’s life cycle because this stage decides the whole architecture of the system. (mostly done after reiterations as per iterative process models [8]). Thus if any feature level bug remains in the design, the project will come to a halt later. And the main reason for it is poor design decisions. Thus designing a module right the first time not only saves time but also eventually reduces time to market.

So it is better to devote more time at design stage because one will rarely get the chance to re-engineer the module.


2. Coding approach

Another issue that is of prime concern is approach towards development of a module. There are basically two approaches for coding any module. The first way is working feverishly on a module and compile at the last time. The second way is to carefully divide the module into smaller tasks ; than code the module, one piece at a time and finally move on to the next piece only when the developer is certain that the piece he just wrote is working. In this process he not only codes the module but also has done its complete unit testing and also has generated test lobes for it. This way it will make life easy for the developer while system and integration testing.

The Author believes that coding a module a piece at a time is much easier than coding the entire module straight. Although the task looks big once the developer sub divides a module, most of the time the module is completed in time and with minimum bugs.


3. Following a proper coding convention

This is an area which although looks minor but if neglected, than later at integration and testing stages, can create a lot of problems. A good programmer should always adopt a standard coding convention and stick to it consistently. It may be possible that such a convention is already been developed in house as per requirements of the application. Further the developer must also follow some in house conventions specific to their company. For example, there should be a proper convention to declare local variables used in the code. Like if x is to be declared an integer then instead of int x, it is better to declare it as

typedef int uint16_t; uint16_t x;

This away of declaring an integer is useful (in case of embedded programs like writing hardware libraries) when size of ‘int’ is an important factor considering the overall memory available in the system in the long run. By following a systematic approach, the code will not only be efficient but also well documented and readable. Its transfer to a new developer, for e.g. in case the original person leaves it in the middle for some reason, becomes very easy and quick.


4. Module framework

All the protocols implemented using message based approach follows this basic structure and add specifics of that particular layer. In a nutshell every module has some parameters expected, some return value in case of functions, specific entry points and exit point, initialization and destruction sequences etc. One of the best way to start writing a module is to start with an empty function, then define its interface as per specification (this includes parameter definitions, return value etc.), then define its APIENTRY and APIEXIT functions (empty). When all details are know and specific framework is complete then, all the APIENTRY functions are stubbed out and code is complete subsequently. The APIs are then defined in a separate wrapper file (explained later). This approach will make the module more generic.


5. Use of local, global and static variable

Variables used in C language can be classified on the basis of their lifetime and scope. Local variables have their life only in the block in which they are defined. They are initialized to “garbage value” at run time and have priority over global variables in their parent block. Global variables have scope over the file in which it is defined; are initialized to 0 at run time and its life is the point till program remains in memory. Static variables on the other hand are initialized to zero on startup, have scope in the file in which it is defined. So it is better to use local variables over global as too many global variables make the code complex and hard to debug. Local variables can be declared in each block and named as per their purpose.


6. Nesting levels

Many times in a module, the developer uses a deeply nested loop structure to implement some intra module testing. This is basically done using a nested ‘if else’ loop which in many cases can go 7 or 8 times. When nesting gets too deep, the code becomes harder to read and understand. There are two basic solutions to this problem.

• Unroll the tests.
The first solution is to create a Boolean variable that maintains the current success or failure status and to constantly retest it. • Call another function
The second solution is to package the innermost tests into another function and to call that function instead of performing the tests directly.


7. Size of functions and their Entry/Exit point

The primary reason to keep functions small is that it helps to manage a programming problem better. In case developer revisits the code a year later to modify it, he would have forgotten many small details and have to spend a good amount of time to figure out them. It sure helps if functions are small.

As a general rule, every developer should try to keep functions simple and manageable by restricting their length to one page. Most of the time functions are smaller than a page and sometimes they are a page or two. Having a function spanning five pages will only add to confusion.

The developer can sometimes safely replace a subroutine with a macro. A macro is a label that replaces a block of instructions that is used more than once, but only coded once (useful for reentrant code). It differs from a subroutine in that the assembler inserts the code where the call is made rather than having a jump-to-it command. It works by text substitution and is usually faster than a subroutine as no stack operation is involved but takes up more memory due to extra storage.


9. Use of goto statements

The Author goes with the majority opinion that goto statements should be avoided. Functions with goto statements are hard to maintain although in some cases like error handling. However in some case particularly in device driver routines, goto statements can help in debugging the module during development stage, although there are techniques to all together avoid the use of goto construct [10].


10. Adding error control and recovery in the code

In hardware design circuits like FPGAs, PLLs etc, DFT [6] technology is wide used these days. On similar lines, most of the software products have automated test suits and beds to test and understand their functionality. In a nutshell, the debug build and retail build of the product is fast merging on to one. The Author feels that any released application should be able to be switch into debug mode at runtime on its own. For example most of the development tools for embedded systems like Codewarrior, Powertap etc., are based on this strategy.

One way of having a single release of the product is to maintain a global Boolean variable called debug_status that is either FALSE or TRUE. The debugging code could then be placed within an if statement that checks debug_status. This is usually done for debugging code that adds a lot of execution overhead. For debug code that does not add many overheads, the developer should simply include the debugging code and need not bother himself with Debugging.

The obvious advantage of doing this extra work is that in case a customer is runs into a severe problem with the product, the manufacturer can instruct the customer how to run the product in debug mode and this way enable him to possibly find the problem and report for further action.


11. Dependence on compiler for all optimization

Code optimization is an important issue on which different developers have different opinion. The time of code optimization is not that important than the way it is done. The Author feels that while coding the module, the developers should do code optimization side by side of writing it. This approach will reduce the efforts in the later stages. Further developers should not write any code which depends on the compilers behavior. For example, some compilers insert some padding bits to any structures in case the target architecture reads efficiently only from even addresses. In such cases for boundary alignments, it becomes important from program’s point of view as to where exactly in the structure are padding bits inserted. For instance consider this structure,

typedef struct _Packet{
			int u16;
			char x;
			float y;
			} PACKET;    

In this case considering size of int as 16 bits, char as 8 bits and float as 32 bits then total length of this structure is 56 bits or 8 bytes or octets. Now the compiler may add a pad byte to it. There are two possibilities here. i.e., either the compiler will align each individual field at even addresses (in this case it will add a pad byte after char x) or it may add a pad byte at the end. In both cases the interpretation of the structure will change once the code is ported to different systems. Some compilers have a _PackedType attribute to bind the structure in minimal space.

Further in C language the behavior of system is undefined for following cases :

• Floating point representation
• The order in which function designator or arguments of the function in a function call are evaluated.
• Pointer converted to types other than integral or pointer type.
• Order of evaluation of preprocessor concatenation operators # and ## during macro substitution.

In cases like this the best solutions will be to manually pad the structure so as to make it have one single interpretation in all systems. The best way out is to write the program that are not dependent on its data's representation

An optimizing compiler makes a program run faster, but it is a good design that makes a program run faster and in a more efficient manner. A little more time spent on a programming problem generally results in a better design, which can make a program run significantly faster.


12. Use of wrapper libraries

Wrapper libraries are a good way to bundle already-implemented functionality into a portable interface. Even if the implementation of the wrapper library needs conditional compilation to select implementation, possibly from various system-dependent libraries under it, at least the programs that use the wrapper library can be written without conditional compilation. The application programs need not be aware of any kind of system-specific details around the library.

For e.g., suppose one is writing a module in Linux platform using system call malloc ( ) to allocate a small piece of memory then this code might not work in any other operating system as it might have a different OEA and different APIs. Hence it is advisable to define such system calls as User defined Macros and call these macros instead of real system calls. These user-defined macros could be declared along with other definitions. Further the actual definitions of these user-defined macros could be defined in a separate file where in mapping code could be written to make the module compile and run on different environments. This is the procedure of making wrapper libraries.


13. Documentation Tools

Every programmer should document the work he has done and is currently doing so that other persons who need to know about that work can easily read it out. However it is a fact that programmers hate to make documentation where as they love to write code. Further adding comments to their code depends upon programmer to programmer. Further documentation if done once, is not updated regularly and hence it is more than likely out of date because it hasn't been maintained to reflect code changes.

By having all programmers follow a common documentation style in the entire project, it is possible to write a program that scans all source files and produces documentation. The Author personally uses markers in comment blocks to assist in parsing the comments. For example, module comment blocks can be something like this: /*Module entry point # */, APIENTRY function comment blocks can begin with /*API xxxx entry point #*/ and LOCAL function comment blocks can begin with /*Local function xxxxx entry point #*/.


14. Having a Source-Code Control Systems and maintenance of Revision logs

A source-code control system is a must for any project that is having multiple modules and several people are simultaneously working on more than one module. Even in case of that no two developers are working on the same file at a time, still they would be changing definitions in common headers. This will create the problem of synchronization and data duplicacy and destruction. I like them because they give me access to the source as it existed all the way back to day one. It is also essential for tracking down problems in released software. In Unix environment, RCS and CVS are good sources of version and source control. Among their many advantages, it helps in maintaining an accurate log of what changes were made to a module and document the reasons for the changes. This way the entire revision history becomes available at any time and is maintained by the source-code control system.

This section talks about common rules and suggestions which would make any C module more efficient in terms of space and speed as well as give it a more portable look. These aspects become more important in case of Embedded Systems where applications needed to be ported to different architectures and having various memory and timing constraints. This part of the article focuses on six main topics i.e., generic declarations, naming conventions arrays, pointers, complex data types, preprocessors and the left overs.


1. Generic declarations

• The developer should always ensure that length of a variable doesn’t exceed its portable range. For example for a signed integer, the range should be -32767 to 32767 (32 bits).
  
• If for some reason the developer needs to declare something with an exact size (often when memory storage plan is prefixed), he should encapsulate the choice behind an appropriate typedef.
  
• It a good practice to write the proper suffix after constant numerals i.e, if 8034343 is to be used as a constant then demote it with suffix ‘UL’.
  
• It is always advisable to declare all user defined functions used in the module in a separate header file (possibly name it user_fun.h) and define each of them in a separate c file. This way code will look more modular and readable. There can be second approach to this. The developer can simply collect related functions in the same C file instead of distributing it to many files. The reason for this may be that a too large collection of C files is a pain to deal with.
  
• When explicitly type casting any variable, the developer must ensure that the value of the data object must lie with in the portable range of the converted type. For this developer may checkup values in limits.h file.
  
• Unlike C++, the C language does not have a true Boolean type; the developers usually implement the Boolean functionality by other arithmetic types. Only integer or pointer type should be used as Boolean and use of floating point variable should be strongly discouraged.
  
• It’s a good practice to isolate system dependent code as a separate module and do conditional compilation.

• Name space pollution
  

  A developer must ensure that there is no or minimal name space pollution in his or her module. Naming a module or a function or a variable ambiguously i.e. giving it a name not related to its function causes name space pollution. This ambiguity causes more problems in a kernel level module as well as system libraries. So the developer must choose suitable names for each entity and document the same.

• For Boolean operators like ‘&&’ and ‘||’, integer and pointer operands can be mixed.
  
• One of the ways to reduce time complexity in the program is to use ‘integer’ type frequently because of the fact the basic access type of any machine is integer. Further to reduce space complexity, use of ‘char’ data type is recommended.
  
• In the declaration section of the module, it is always advisable to initialize all variables and especially floating point variables as most of the compilers fill garbage or last used value in automatic fps (floating points).

  In practice, many programmers have found that uninitialized variables aren’t likely to be a problem in a well-designed and clearly coded program. Again this issue depends upon the development approach i.e., if a consistent behavior is needed for the time being then its better to initialize each variable but this approach may hamper bug detection which may come up if the variable is left uninitialized . The best solution is a tool that does complete data flow analysis of your program and catches such errors before you get to the testing phase.

• In case of comparison with EOF (End Of File), in an if else statement, its advisable to use an integer instead of a character variable as EOF due to many reasons. Firstly its value may exceed 255 which is the permissible range of char in most of the systems. Secondly, character I/O functions return even other characters as 'int's with values converted to the range of 'unsigned char'. For e.g. in the following code snippet,
  
  if (x!=EOF) do this ; else do that;
  x’ should be declared as integer.
  
  
• In case of code set character and bytes, single-quoted constants should be used. For C language, single quoted character is treated of the type ‘int’. It is better to use character representations rather than octal representation for single quoted constants as Octal constants are usually prohibited (except for 0).
  
• It is advisable not to compare bytes or codeset characters with integer entities. For operators like ‘==’ or ‘!=’, developer must ensure that both the operands are of integers or characters.
  
• Please note that expressions like float _expr_1!== float_expr2 will never be satisfied due to rounding errors i.e., different internal representations of float number. So better approach is to code such situations is if ((float _expr_1- float_expr2)
• A developer must not reinvent the wheel. It is better to use ctype macros wherever possible instead of writing code. This is true because ctype macros are standardized and remain unchanged on almost all types of libraries.
  

Apart from standard naming convention rules [5], it is better to adopt an in house naming convention and stick to it for the whole project. The specifics will vary with the kind and nature of project but here are some important generic conventions, which are followed worldwide.

• The best place to declare all data objects of program scope is a separate header file i.e., (.h file).
  
• Different file systems use different number of characters to identify a file like DOS uses 8.3 convention. Hence a file name must be unique by first 8 characters if one needs to take care of DOS. Otherwise usually the file name is unique up to 31 characters.
  
• Within its scope and name space, the naming of local variables and macros must be unique by first 63 significant initial characters in an internal identifier or a macro name and 31 significant initial characters in an external identifier.[11]
  
• The language puts certain restrictions on use of certain names in the program.
  
  
  • Keywords of the language including keywords of ANSI C
    
  • Names beginning with underscore or double underscore i.e., _ or __. Mostly system dependent variables as well as compiler variables start with _ or __.
    
  • Names of ANSI standard library functions, macros and other external names in ANSI standard header files.
    

• It’s a potential mistake to put initializers in declaration of automatic arrays.
  
• In case of arrays for storing strings, developers should always ensure that size of the array should be taken such that to store the null character also.
  
• It is better to avoid expressions like array[i]=i++. Such expressions cause side-effects [1] and their result is highly compiler dependent.
  
• Consider an array of 10 elements as an example. Sometime during the program, it tries to access the 11th element of the array then the result is unpredictable (it depends upon compiler to compiler). Underunning and overrunning of references needs to be avoided in any code. In this case even the program will easily compile and will run also but when this code snippet is integrated and executed with other modules then this bug will be hard to detect.
  
• It is considered suicidal to modify string literals. The developer should never modify the string constants or for that matter any other constant as some compilers store them in read only memory.
  
• The developers should avoid the use of ‘??’ in strings or comments.
  
• Its is safer to refrain the use of ANSI string concatenation as it is not a universally followed method and lacks support in many pre ANSI C compilers.
  
• Assuming a unique storage for a string literal is a very common mistake. It is entirely dependent on compiler to allocate space for a string literal.
  

• One rule of thumb is to always initialize the newly allocated pointer to NULL before using it further although that may sometimes hide some potential bugs.
  
• It is not advisable to de- reference a NULL pointer as internal implementation of NULL pointers vary form system to system.
  
• A developer must ensure that pointer operands of an operator must match in type. One suggestion from the Author is that an explicit cast can be used to ensure it.
  
• Care should be taken when using relational operators on two pointers as improper operations may result in bugs. For such operations, the developers’ should always ensure that both the pointers are of same type and both the pointers are associated with same primary data objects which are independent of environment.
  
• A data object must always be used with the same type with which its value was stored.
  
• Application of ‘&’ on an array expression or a function name is not necessary as conversion is implicit as per ANSI standards (and it is followed in all most all compilers).
  
• Direct subtraction operation on pointers should be avoided. In order to perform subtraction operation, the developer should ensure that both the pointers must be.
  
  
  
  1. Of the same type,
     
  2. Point to data objects associated with the same primary data object.
     
  3. Pointing to elements of same array .
     
     
• Any pointer can be converted into a pointer of type char *.
  
• Any pointer to a data object, which requires strictest alignment in storage, can be converted into a pointer of any type.
  
• Compound data type pointers like pointers to a structure, union etc., can be converted to a pointer to the type of any member or element of that compound type. In fact the start of structure obtained from malloc() has the correct alignment for an object of the member's type, and so does the member itself. This means that the offset of the member from the start of the struct must be a multiple of the alignment requirement. That offset is however, independent of whether or not the structure is dynamically allocated, otherwise the offsetof() macro couldn't work. However, except for pointers to the type of the first member, the standard makes no guarantees about where that pointer points. The standard says nothing about where a pointer points after converting it to a pointer to a different type, except for three cases:
  
  
  1. "When a pointer to an object is converted to a pointer to a character type, the result points to the lowest addressed byte of the object." [C90 standard, 6.3.2.3p7].
     
  2. "A pointer to a structure object, suitably converted, points to its initial member (or if that member is a bit-field, then to the unit in which it resides), and vice versa." [C90 standard, 6.7.2.1p13].
     
  3. "A pointer to a union object, suitably converted, points to each of its members (or if a member is a bit-field, then to the unit in which it resides), and vice versa." [C90 standard 6.7.2.1p14].
     
  
  
• For pointers p and q of the same type, p<q if and only if the value of (char *q)- (char*) p> 0.

• There is no need to put initializers in the declarations of automatic structures and unions.
  
• The most portable and readable way to initialize a structure or a union is to use full curly brackets i.e., {}.
  
• In case of structures, when using ‘->’ or ‘.’, the right hand operand must be a member name which belongs to the structure or union referred to or pointed to by the left-hand operator.
  
• One gray area affecting the portability of code involving structures is structure assignment. While some compilers support it, generally older pre ANSI compilers don’t support structure assignment. Hence it is better to individually assign values to each structure members rather than full structure assignment.
  
  E.g. one of the most portable way of assigning values of one structure to another is as follows :

 
	struct{
	      S32 x;
	      U8 y;
	    }a;

	struct{
	      U32 a1;
	      U8 b1;
	    }b;

	# define ASSIGN (a,b) (*memcopy ((char*)&a, (char*)&b, sizeof(a)))

• It is much better to use unique member names for each structure and union. A personal suggestion is that incase the structure and union names are same then you can use a common prefix like ‘_xxx’.

• It is a better approach to use compiler features in preference of Preprocessor features.
  
• Nesting comments decreases the utility of the point, which this comment is trying to make as nesting makes them difficult to read and adds to complexity of the document. The developer should choose a format for comment and then must stick to it for the whole project.
  
• An internationally followed practice is to leave no white space after ‘#’.
  
• Use of ‘# define’ to redefine any C keywords or any function name in the library is an error and should be strongly discouraged.
  
• Macro calls within a string constant or character constant should be avoided.
  

• Large data objects i.e., having bigger size should be declared with external or static storage class.
  
• It is always fruitful and worth while to explicitly initialize each and every variable instead of relying on compiler to do “all bits 0” initialization.
  
• One of the good ways to create an exit from a function is to use of exit () function and return its status to main program.
  
• Every compiler and system has different order of evaluation of side effects, sub expressions, function arguments. Hence developer should not rest on the logic of the code on relative order of these.
  

C language is so successful because it is so flexible for both system as well as application programmers. For example, it is flexible to the compiler writer because many key issues are left to the compiler writer to specify how they should work. This was done so that each implementation of C could take advantage of how particular machine architecture works. For example, what is the sign of the remainder upon integer division? How many bytes are there in an int or long or short? Are members of a structure padded to an alignment boundary? Does a zero-length file actually exist? What is the ordering of bytes within an int, long or short? etc.

Further issues like writing data to files or sockets in binary, native form on a system may be not be readable when ported to different system and sometimes to another system of same configuration. Most compilers provide a chapter or two in their documentation on how they have implemented these and many more implementation-defined behaviors. It is always a good approach to read some details about the system set on which the code is intended to be run.

In a nutshell, the main intent of the author is to introduce the idea of writing efficient and portable code in particularly C language right from the start of the module. The article addresses some key areas which have a mammoth effect on portability and efficiency of any program as well as suggests ways to increase their level.



4. References

[1] Programming FAQs : Frequently Asked Questions by Steve summit, Addison-Wesley Pub Co, 2nd edition.
[2] C Programming Language (2nd Edition) by Brian W. Kernighan (Author), Dennis Ritchie (Author), Dennis M. Ritchie, Prentice Hall PTR; 2nd edition (March 22, 1988).
[3] http:// www.google.com
[4] http://www.cuj.com
[5] http://www.splint.org/manual/html
[6] http://www.mentor.com/dft/dft-tech.pdf
[7] http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&group=comp.programming
[8] Software Engineering by Roger S. Pressman, McGraw Hill Text; 3rd edition (September 1991).
[9] http://www.duckware.com/bugfreec
[10] Linux Device Drivers, (2nd Edition) by Alessandro Rubini, Jonathan Corbet, O'Reilly & Associates; 2nd edition (June 2001), (chapter 1, 2).
[11] C99 standard