Replace styleguide with Google guide supplement #21
Conversation
As discussed in secure-systems-lab#20 Secure Systems Lab does not need to maintain a custom Python Style Guide, given the availability of public style guides that too are based on PEP 8, but are more comprehensive and generally better curated. This commit replaces the existing guidelines with a pointer to the Google Python Style Guide, which seems a good fit for us, and makes a few refinements, additions and accentuations. This commit also moves the Python specific recommendations to a separate document, so that the README can be used as landing page for other guidelines in the future. Only the preamble of the README is kept and updated. Most of the rules and recommendations from the old guide are covered in the new guide in a similar fashion. However, some items were changed or completely removed for below reasons. **List of changes/removals** - 'Nesting' is moved to 'Recommendations->Miscellaneous' and slightly updated to mention the "return early" pattern, which is what it is, and the "arrowhead anti-pattern", which is what it can help to avoid. - 'Docstrings and comments' are covered in detail in the Google guide and refined in the new document, suggesting a more Sphinx-friendly docstring format and preserving some recommendations from the old guide. - Some recommendations about comments are removed, including "comments should document changes" (commit messages seem better suited), "write comment as a question" (seems a matter of taste) and "document your assumption" (seems like an excuse to not test you assumption, at least in the example). - "string formatting" is updated to recommend new style `format()` or newer style f-string syntax and mention pitfalls about string concatenation - The example in "Use else statements for handling errors, not for normal flow in most cases" conflicts with the "return early" recommendation (see above) - "Unix not Windows style text files" seems obsolete - "Avoid objects" and no "No lambda functions or lisp-esque code" seems too strict as a general rule. Similar more nuanced advice can be found in the Google guide, i.e. to avoid power features and that comprehensions, generator expressions and lamdba functions are okay for simple cases and one-liners. - The example in "Never use short circuit evaluation to produce output" is very confusing - Recommendations about 'os.popen', 'os.system', 'subprocess.Popen', are covered in the Python standard library reference - "Avoid changing directory" seems like a corner case Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
|
@jhdalek55, would you mind checking this for language? It's probably nicer to read the updated README.md and new python.md, than reading the diff. @JustinCappos, would you mind checking if the new text in README.md seems accurate to you? |
|
Lukas, I'd be happy to look this over. Is there a set timeline for this? Can it wait just a few days? If its urgent, I can reshuffle things. Otherwise, I'll try to look it over before the end of the week. Thanks. Lois |
|
Thanks, Lois! There is no rush. Later this week is definitely fine. |
| ``` | ||
|
|
||
|
|
||
| Use `else` statements for handling errors, not for normal flow in most cases. |
There was a problem hiding this comment.
I am a bit unsure about this recommendation and whether we should keep it (it is marked for removal in this PR).
IMO the example (below) is not about style but about correct programming. Although one may argue that the recommendation helps to avoid such programming errors?
If we want to keep the recommendation I would make it about switch (i.e. if/elif/.../else statements in Python) only. Because if you only have if/else, I'd rather recommend the "return early" pattern.
There was a problem hiding this comment.
Agreed that this doesn't really feel like a programming style recommendation. It could also be interpreted as contradictory with EAFP style programming.
I'm be in favour of removing, as is already done in this PR.
| with `__`) are up to your discretion. | ||
|
|
||
|
|
||
| ### Never use short circuit evaluation to produce output |
There was a problem hiding this comment.
I am a bit unsure about this recommendation and whether we should keep it (it is marked for removal in this PR).
I find the examples very confusing, apart from distracting syntax errors I have to guess what askokcancel does, even though its call requires four lines. And the "YES" examples suggest excessive nesting that does not seem necessary (also see #3).
Is the problem here that askokcancel produces output? Or that it blocks on stdin? Is short circuit evaluation generally discouraged?
There was a problem hiding this comment.
Either way, this PR should close #3.
| Adding a parenthesized identifier in a `# TODO:`-comment is not necessary. The | ||
| version control system can provide that information just as well. | ||
|
|
||
| ### Strings |
There was a problem hiding this comment.
IMO we should add a clear recommendation for either double or single quoted strings here. See #4 (comment).
There was a problem hiding this comment.
Any preferences, anyone?
There was a problem hiding this comment.
I like double quotes because of the prevalence of apostrophes, but either is fine.
There was a problem hiding this comment.
I default to double quotes as well.
There was a problem hiding this comment.
I agree with double quotes.
There was a problem hiding this comment.
Thanks! I added a recommendation in 6837167.
|
Curious to hear feedback from other Secure Systems Lab Python coders... cc @mnm678, @adityasaky, @SantiagoTorres, @joshuagl, @sechkova, @jku, @MVrachev |
| Adding a parenthesized identifier in a `# TODO:`-comment is not necessary. The | ||
| version control system can provide that information just as well. | ||
|
|
||
| ### Strings |
There was a problem hiding this comment.
I like double quotes because of the prevalence of apostrophes, but either is fine.
python.md
Outdated
|
|
||
| ### Testing | ||
|
|
||
| <!-- TODO: Should we add more tangible instructions? --> |
There was a problem hiding this comment.
This might be self-explanatory, but we could give advice about testing at least all paths through the function, etc
There was a problem hiding this comment.
Probably add that the test execution order shouldn't matter.
Also, because most of the tests are unit tests, maybe it's worth mentioning that unit tests shouldn't be dependent on external service and if they do, then mocking could be a solution.
There was a problem hiding this comment.
Thanks. I decided to just remove this section to keep this document minimal. Let's think of more actionable recommendations in theupdateframework/python-tuf#1129 (where I also referenced your suggestions here).
|
LGTM. I think project (or even lab) specific style guides should be as short as humanly possible (so I would probably remove the two sections that are currently marked "TODO"): a statement like "Follow existing code conventions and PEP-8" would probably have at least as much effect on code quality as 99% of the project specific style guides out there. I agree with everything stated in the intro section, think that Google style guide looks fine and have no disagreements with the specific recommendations. |
| # YES: | ||
| raise Exception("Lorem {0} ipsum {1} dolor sit amet, {2} consectetur {3} ad " | ||
| "{4} rcitatio {5}.".format(reprehenderit, voluptate, velit, | ||
| pariatur, deserunt, laborum)) |
There was a problem hiding this comment.
I support the idea to align the continued lines with the opening bracket, but this seems this is the opposite of Google's line breaking rules, right?
https://google.github.io/styleguide/pyguide.html#3192-line-breaking
Just wanted to make sure I understand it correctly. :)
There was a problem hiding this comment.
I don't think so, the first line breaking rule is "Try to follow the existing indentation rules.".
|
A couple of thoughts:
One blank line between method definitions seems little to me. Also, no black line after function declaration doesn't seem right especially when there is a multiline def my_method(
self, other_arg: Optional[MyLongType]
) -> Dict[OtherLongType, MyLongType]:
call_func()which given that we are going to use
|
|
Another thing which I liked in the Google style guide and probably is worth emphasizing in our doc as well is this: from here: https://google.github.io/styleguide/pyguide.html#doc-function-raises |
There was a problem hiding this comment.
LGTM. Thanks for writing this up @lukpueh. I completely agree with @jku's assessment that we should keep this guide as minimal as possible. For even moderately experienced programmers, it should be possible to infer as much of the coding style as possible by reading code that adheres to the style. I think we achieve that with PEP 8 + Google's guide.
| # YES: | ||
| raise Exception("Lorem {0} ipsum {1} dolor sit amet, {2} consectetur {3} ad " | ||
| "{4} rcitatio {5}.".format(reprehenderit, voluptate, velit, | ||
| pariatur, deserunt, laborum)) |
There was a problem hiding this comment.
I don't think so, the first line breaking rule is "Try to follow the existing indentation rules.".
| Adding a parenthesized identifier in a `# TODO:`-comment is not necessary. The | ||
| version control system can provide that information just as well. | ||
|
|
||
| ### Strings |
There was a problem hiding this comment.
I agree with double quotes.
| ``` | ||
|
|
||
|
|
||
| Use `else` statements for handling errors, not for normal flow in most cases. |
There was a problem hiding this comment.
Agreed that this doesn't really feel like a programming style recommendation. It could also be interpreted as contradictory with EAFP style programming.
I'm be in favour of removing, as is already done in this PR.
|
|
||
| ```python | ||
| # NO: | ||
| import package.has.many.sub.packages.or_long_package_names.foo |
There was a problem hiding this comment.
This import style is contrary to style recommended by the Google guide. Is this example necessary?
There was a problem hiding this comment.
AFAICS, the Google guide permits this one as well (see "verbose" vs. "common" import style), so I thought it might be good to advise against it here.
There was a problem hiding this comment.
oh, so it does. Ugh. Then yes please let's advise against.
The Google style guide says "Use
Python relies on indentation to delineate code blocks. In both of the examples there should be an indentation change. The Google style's use of relatively few blank lines works in conjunction with 4 spaces to indent. With two space indentations an indented block can be harder to spot, and a blank line can be a useful visual cue.
Good question. I think for tuf we anticipate re-writing, or at least touching, most of the code during our refactor efforts. Therefore, I'd expect the code to match the style guide by the time 1.0 is released. However, I'm not so sure for securesystemslib. I think it would make sense to ensure the code matches the style guide completely before we make a 1.0 release of that project, but I'm aware of the arguments against touching code for purely stylistic reasons, and against flag days. |
lukpueh
force-pushed
the
new-python-guidelines
branch
from
3a4f67e
to
6ea78bc
Compare
Co-authored-by: Marina Moore <mnm678@users.noreply.github.com> Co-authored-by: Joshua Lock <jlock@vmware.com>
We want to keep the style guide as minimal as possible. Recommendations about code testing should go into a separate document (see theupdateframework/python-tuf#1129).
We want to keep the style guide as minimal as possible. A separate miscellaneous programming recommendations document might be added in the future.
lukpueh
force-pushed
the
new-python-guidelines
branch
from
6ea78bc
to
a0b32a9
Compare
|
Thanks for the many great comments! I just added a small note about string quotes, and removed testing and programming recommendations. To follow @jku's and @joshuagl's advice of keeping this document as short as possible. The removed sections might resurface as part of other guidelines (see https://github.com/secure-systems-lab/code-style-guidelines/issues and theupdateframework/python-tuf#1129). I'll merge this as is to move forward. I would, however, still appreciate feedback from @jhdalek55. I can address any comments in follow-up PRs. @jhdalek55, the documents can be found at: |
|
@MVrachev, I hope @joshuagl's comments, which I agree with, answered your questions? Regarding the documentation of Exceptions in docstrings, I also found that piece of information in the Google guide quite interesting, but I don't think we need to replicate it in our guide, given that we say:
|
|
@lukpueh --I haven't forgotten about this...just been tied up with other work. I also like to wait till most content issues are resolved. I should be able to take a look today. |
Closes #20, closes #3, closes #5 and closes #4
As discussed in #20 Secure Systems Lab does not need to maintain a custom Python Style Guide, given the availability of public style guides that too are based on PEP 8, but are more comprehensive and generally better curated.
This PR replaces the existing guidelines with a pointer to the Google Python Style Guide, which seems a good fit for us, and makes a few refinements, additions and accentuations.
This PR also moves the Python specific recommendations to a separate document, so that the README can be used as landing page for other guidelines in the future. Only the preamble of the README is kept and updated.
Most of the rules and recommendations from the old guide are covered in the new guide in a similar fashion. However, some items were changed or completely removed for below reasons:
List of changes/removals
format()or newer style f-string syntax and mention pitfalls about string concatenation