Fuchsia Networking welcomes contributions from all. This document defines contribution guidelines where they differ from or refine on the guidelines that apply to Fuchsia as a whole.
Consult the getting started document to set up your development environment.
Consult the contribute changes document for general contribution guidance and project-wide best practices. The remainder of this document describes best practices specific to Fuchsia Networking.
This section is inspired by Flutter's style guide, which contains many general principles that you should apply to all your programming work. Read it. The below calls out specific aspects that we feel are particularly important.
Do not implement features you don't need. It is hard to correctly design unused code. This is closely related to the commit sizing advice given above; adding a new data structure to be used in some future commit is akin to adding a feature you don't need - it is exceedingly hard for your code reviewer to determine if you've designed the structure correctly because they (and you!) can't see how it is to be used.
Go Down the Rabbit Hole
You will occasionally encounter behaviour that surprises you or seems wrong. It probably is! Invest the time to find the root cause - you will either learn something, or fix something, and both are worth your time. Do not work around behaviour you don't understand.
Avoid duplicating code whenever possible. In cases where existing code is not exposed in a manner suitable to your needs, prefer to extract the necessary parts into a common dependency.
Avoid unhandled errors and APIs which inherently disallow proper error handling;
for a common example, consider
spawn inherently precludes error passing (since the flow of execution is
severed). In most cases
spawn can be replaced with a future that is later
included in a
select expression (example commit) or
awaited on directly (example commit).
Compile-time over Run-time
Prefer type safety over runtime invariant checking. In other words, arrange your abstractions such that they cannot express invalid conditions rather than relying on assertions at runtime.
Write testable code; testable code is modular and its dependencies are easily injected.
Avoid magic numbers.
When writing comments, take a moment to consider the future reader of your comment. Ensure that your comments are complete sentences with proper grammar and punctuation. Note that adding more comments or more verbose comments is not always better; for example, avoid comments that repeat the code they're anchored on.
Documentation comments should be self-contained; in other words, do not assume
that the reader is aware of documentation in adjacent files or on adjacent
structures. Avoid documentation comments on types which describe instances of
the type; for example,
AddressSet is a set of client addresses. is a comment
that describes a field of type
AddressSet, but the type may be used to hold
any kind of
Address, not just a client's.
Phrase your comments to avoid references that might become stale; for example: do not mention a variable or type by name when possible (certain doc comments are necessary exceptions). Also avoid references to past or future versions of or past or future work surrounding the item being documented; explain things from first principles rather than making external references (including past revisions).
When writing TODOs:
- Include an issue reference using the format
- Phrase the text as an action that is to be taken; it should be possible for another contributor to pick up the TODO without consulting any external sources, including the referenced issue.
When an implementation is following some specification/document (e.g. RFCs), include a comment with both a quote and citation of the relevant portion(s) of the document near the implementation. The quote lets readers know why something is being done and the citation allows a reader to get more context.
As with code comments, consider the future reader of the error messages emitted
by your code. Ensure that your error messages are actionable. For example, avoid
test failure messages such as "unexpected value" - always include the unexpected
value; another example is "expected
<variable> to be empty, was non-empty" -
this message would be much more useful if it included the unexpected elements.
Always consider: what will the reader do with this message?
Consult the testability rubrics for general guidelines on test-writing and testability reviews on Fuchsia. In Fuchsia Networking, we define the following test classes:
- Unit tests are fully local to a piece of code and all their external dependencies are faked or mocked.
- Integration tests validate behavior between two or more different components.
- End-to-end tests are driven by an external host machine and use the public
APIs and bytes written to the network to perform behavior validation. Can be
performed over a physical network or by virtualization of the DUT (
Consider the following guidelines when writing tests:
- Always add tests for new features or bug fixes.
- Consider the guidelines in Error Messages when writing test assertions.
- Tests must be deterministic. Threaded or time-dependent code, Random Number Generators (RNGs), and cross-component communication are common sources of nondeterminism. See Write reproducible, deterministic tests for tips.
- Avoid tests with hard-coded timeouts. Prefer relying on the framework/fixture to time out tests.
- Prefer hermetic tests; test set-up routines should be explicit and deterministic. Be mindful of test fixtures that run cases in parallel (such as Rust's) when using "ambient" services. Prefer to explicitly inject component dependencies that are vital to the test.
- Tests should always be components.
- Prefer virtual devices and networks for non-end-to-end tests. See netemul for guidance on virtual network environments.
- Avoid change detector tests; tests that are unnecessarily sensitive to changes, especially ones external to the code under test, can hamper feature development and refactoring.
- Do not encode implementation details in tests, prefer testing through a module's public API.
When unwrapping a
Result<_, fidl::Error>returned from a FIDL method call, restate the function being called in the panic message to make it easier to track down the callsite. Don't repeat the type of the error, which is already included in the panic output. For example:
// Bad: let foo_result = proxy .foo() // `foo` returns a `Result<_, fidl::Error>`. .await .expect("FIDL error"); // Doesn't provide any new information. // Good: let foo_result = proxy .foo() // `foo` returns a `Result<_, fidl::Error>`. .await .expect("calling foo"); // Restate the function being called.
Source Control Best Practices
Commits should be arranged for ease of reading; that is, incidental changes such as code movement or formatting changes should be committed separately from actual code changes.
Commits should always be focused. For example, a commit could add a feature, fix a bug, or refactor code, but not a mixture.
Commits should be thoughtfully sized; avoid overly large or complex commits which can be logically separated, but also avoid overly separated commits that require code reviews to load multiple commits into their mental working memory in order to properly understand how the various pieces fit together. If your changes require multiple commits, consider whether those changes warrant a design doc or RFC.
Commit messages should be concise but self-contained (avoid relying on issue references as explanations for changes) and written such that they are helpful to people reading in the future (include rationale and any necessary context).
Avoid superfluous details or narrative.
Commit messages should consist of a brief subject line and a separate explanatory paragraph in accordance with the following:
- Separate subject from body with a blank line
- Limit the subject line to 50 characters
- Capitalize the subject line
- Do not end the subject line with a period
- Use the imperative mood in the subject line
- Wrap the body at 72 characters
- Use the body to explain what and why vs. how
The body may be omitted if the subject is self-explanatory; e.g. when fixing a typo. The git book contains a Commit Guidelines section with much of the same advice, and the list above is part of a blog post by Chris Beams.
Commit messages should make use of issue tracker integration. See Commit-log message integration in the monorail documentation.
When using issue tracker integration, don't omit necessary context that may also be included in the relevant issue (see "Commit messages should be concise but self-contained" above). Many issues are Google-internal, and any given issue tracker is not guaranteed to be usable at the time that the commit history is read.
Commit messages should never contain references to any of:
- Relative moments in time
- Non-public URLs
- Hosted code reviews (such as on fuchsia-review.googlesource.com)
- Refer to commits in this repository by their SHA-1 hash
- Refer to commits in other repositories by public web address (such as https://fuchsia.googlesource.com/fuchsia/+/67fec6d)
- Other entities which may not make sense to arbitrary future readers
Test: line to the commit message is encouraged. A
- Justify that any behavior changes or additions are thoroughly tested.
- Describe how to run new/affected test cases.
Test: Added new unit tests. `fx test netstack-gotests`.
Code Review Guidelines
Code Review Flow
The following code review guidelines are adopted within the Netstack team:
- When your CL is ready for review, request a review from a team member listed in the closest OWNERS file.
- If your CL introduces non-trivial changes, also add a secondary reviewer
src/connectivity/network/OWNERS. This should happen simultaneously to requesting review from owners. You can choose any team member you want; Consider the following criteria:
- Listed as readability reviewer in
src/connectivity/network/tests/integration/common/OWNERSif the CL consists primarily of changes to netemul integration tests.
- Ramping up in the target area.
- Working in tangentially related areas.
- Has language/patterns experience.
- Listed as readability reviewer in
- Before adding reviewer from the closest OWNERS file, you can add the Google group firstname.lastname@example.org as a reviewer. The gwsq bot will pick a random reviewer from the group.
- Acquiring +2 from both reviewers is strongly recommended, but not strictly necessary.
- If you feel you don’t have enough local knowledge to +2, the right thing to do is perform a best effort review in terms of language use, style, patterns, or generalities and +1.
- Always review the code as if you were the sole reviewer.
- Avoid delegating parts of the review if possible - “you’re more familiar with this part”.
- Engage in code reviews meaningfully, regardless of local ownership.
- Owner reviewers are encouraged to allow secondary reviewers to take first pass. Once the CL is +2d by the owner, there’s a strong anchoring effect that reduces the challenge and learning opportunity. Secondary reviewers may request taking first pass or owner reviewers may grant secondaries first pass by posting a comment on the CL stating that intent. The inverse, i.e. secondary reviewers requesting that owners take first pass, is discouraged.
Note that this scheme can increase latency for reviews, which is a negative side effect we'd like to minimize. Try to decrease your latency when either being asked for review or addressing comments. We strive to keep latency under 24h for both authors and reviewers. Don't be afraid to ping if it's been over 24h. Gerrit notification settings and smart e-mail filters can be a big help to drive those interrupts. Also, don't be afraid to ping for reviews.
Area owners are encouraged to create Gerrit notification filters for their areas of interest to help enforce these guidelines and design vision.
Tips & Tricks
Run the following command to build all tests and their dependencies:
fx set core.x64 --with //src/connectivity/network:tests
If you're working on changes that affect
--with //sdk/lib/fdio:tests --with //third_party/go:tests