2016-08-14 00:27:48 +02:00
|
|
|
# kernel
|
2016-08-14 00:53:13 +02:00
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
A collaborative effort to rewrite the kernel with focus on correctness and code
|
|
|
|
|
quality.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
|
|
|
|
## Why?
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
The kernel code was getting increasingly messy to the point where only the
|
|
|
|
|
original writer would be able to find and fix bugs. Fortunately, the kernel of
|
|
|
|
|
Redox is relatively small and such a project is estimated to take only a few
|
|
|
|
|
months.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
|
|
|
|
## What?
|
|
|
|
|
|
|
|
|
|
The aims of the new kernel should be clear in their order:
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
1. **Correctness**: Above anything else, the kernel should be correct. No hacks,
|
|
|
|
|
despite how the tiny cool shortcuts might seem, it gives severe backslash later
|
|
|
|
|
on. Keep it correct and well-written.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
2. **Readability and documentation**: The code quality should be high, with that
|
|
|
|
|
follows a detailed documentation, including both API docs (on every item!) and
|
|
|
|
|
careful comments for anything non-trivial.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
|
|
|
|
3. **Performance**: If you can, go for it.
|
|
|
|
|
|
|
|
|
|
## Guidelines
|
|
|
|
|
|
|
|
|
|
### A rotten house is built on a rotten fundament.
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
Don't fool yourself. You are likely not getting back to the ugly code. Write it
|
|
|
|
|
the right way **first time**, and make sure you only move on when it's
|
|
|
|
|
**done right**.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
|
|
|
|
### Comments
|
|
|
|
|
|
|
|
|
|
Do not hesitate to put comments all over the place.
|
|
|
|
|
|
|
|
|
|
### Documentation
|
|
|
|
|
|
|
|
|
|
Every public item should contain API documentation.
|
|
|
|
|
|
|
|
|
|
### Debug assertions
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
Abusing debug assertions is a wonderful way to catch bugs, and it is very much
|
|
|
|
|
encouraged.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
|
|
|
|
### Statical checking
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
Rust provides a lot of type-system features which can be used to create
|
|
|
|
|
wonderful safe abstractions, and you should use them whenever you get the chance.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
Unsafety should be avoided, and if it is triggered only under some addition
|
|
|
|
|
**insert an assertion**. Despite this being a kernel, we prefer kernel panics
|
|
|
|
|
over security vulnerabilities.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
If the condition is (or should be) unreachable, but if not upheld, leading to
|
|
|
|
|
UB, put an assertion in the start of the function.
|
2016-08-14 00:53:13 +02:00
|
|
|
|
|
|
|
|
### Be gentle
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
Don't just write as much code as you can as quick as possible. Take your time
|
|
|
|
|
and be careful.
|
2016-08-14 18:10:28 +02:00
|
|
|
|
|
|
|
|
### Commits
|
|
|
|
|
|
2016-09-29 23:02:05 +02:00
|
|
|
Use descriptive commits. One way to force yourself to do that is to not pass the
|
|
|
|
|
`-m` flag, which will make your editor pop up, so that you can conviniently
|
|
|
|
|
write long commit messages.
|
