[PATCH] D27621: [clang-tidy] check to find declarations declaring more than one name

Aaron Ballman via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jan 4 07:58:16 PST 2017 

aaron.ballman added inline comments.


================
Comment at: clang-tidy/readability/OneNamePerDeclarationCheck.cpp:34
+  // a tag declaration (e.g. struct, class etc.):
+  // class A { } Object1, Object2;  <-- won't be matched
+  Finder->addMatcher(
----------------
firolino wrote:
> aaron.ballman wrote:
> > firolino wrote:
> > > aaron.ballman wrote:
> > > > firolino wrote:
> > > > > firolino wrote:
> > > > > > firolino wrote:
> > > > > > > firolino wrote:
> > > > > > > > aaron.ballman wrote:
> > > > > > > > > firolino wrote:
> > > > > > > > > > aaron.ballman wrote:
> > > > > > > > > > > Why do we not want to match this?
> > > > > > > > > > If we decide, whether we transform 
> > > > > > > > > > ```
> > > > > > > > > > class A { 
> > > > > > > > > > } Object1, Object2;
> > > > > > > > > > ``` 
> > > > > > > > > > to
> > > > > > > > > > ```
> > > > > > > > > > class A { 
> > > > > > > > > > } Object1, 
> > > > > > > > > > Object2;
> > > > > > > > > > ``` 
> > > > > > > > > > or
> > > > > > > > > > ```
> > > > > > > > > > class A { 
> > > > > > > > > > } 
> > > > > > > > > > Object1, 
> > > > > > > > > > Object2;
> > > > > > > > > > ``` 
> > > > > > > > > > I might consider adding support for it. Moreover, this kind of definition is usually seen globally and I don't know how to handle globals yet. See http://lists.llvm.org/pipermail/cfe-dev/2015-November/046262.html
> > > > > > > > > I think this should be handled. It can be handled in either of the forms you show, or by saying:
> > > > > > > > > ```
> > > > > > > > > A Object1;
> > > > > > > > > A Object2;
> > > > > > > > > ```
> > > > > > > > > If all of these turn out to be a problem, we can still diagnose without providing a fixit.
> > > > > > > > > 
> > > > > > > > > As for globals in general, they can be handled in a separate patch once we figure out the declaration grouping.
> > > > > > > > OK. I will try to split the object definition from the class definition, as you have suggested. Thus, I can kick out the tagDecl-matcher as well. If there is no easy way to do this, it will be reported anyway but without a fixit.
> > > > > > > > 
> > > > > > > > Note for me: Update documentation!
> > > > > > > What about
> > > > > > > ```
> > > > > > > struct S {
> > > > > > > } S1;
> > > > > > > ```
> > > > > > > I would like to report this too, since two names are being declared here. `S` and `S1`. What do you think?
> > > > > > ```
> > > > > > struct {
> > > > > > } nn1, nn2;
> > > > > > ```
> > > > > > Shall we ignore anonymous definitions?
> > > > > To be more precise: Warn and provide a fixit for `struct S {} S1`. Only warn for `struct {} nn1, nn2`.
> > > > > What about
> > > > > 
> > > > > ```
> > > > > struct S {
> > > > > } S1;
> > > > > ```
> > > > > I would like to report this too, since two names are being declared here. S and S1. What do you think?
> > > > 
> > > > I don't think that this should be diagnosed. For one, this is a relatively common pattern (arguably more common than `struct S { } S1, S2;`), but also, it names two very distinct entities (a type and a variable).
> > > > 
> > > > > ```
> > > > > struct {
> > > > > } nn1, nn2;
> > > > >```
> > > > > Shall we ignore anonymous definitions?
> > > > 
> > > > Yes, we basically have to.
> > > > 
> > > Transforming
> > > ```
> > > typedef struct X { int t; } X, Y;
> > > ```
> > > to
> > > ```
> > > typedef struct X { int t; };
> > > typedef X X;
> > > typedef X Y;
> > > ```
> > > will be valid, but looks odd.
> > I am on the fence about this transformation -- it does not declare new objects, but instead declares new types. A very common pattern in some libraries (such as the Win32 SDK) is to declare:
> > ```
> > typedef struct Blah {
> > 
> > } Blah, *PBlah, **PPBlah;
> > ```
> > Because of that pattern, diagnosing the above typedef is likely to be very chatty in some projects, and I don't know that the fixit provides much real benefit for types.
> > 
> > At least for the CERT DCL04-C version of this rule, that code should not be flagged. Do you think any of the variations of this check should flag it?
> Maybe we should reconsider where to split and where not. The original idea was to minimize confusion on code like
> ```
> int* a,b;
> ```
> whereas 
> ```
> struct S {} *s1, s2;
> ```
> seems not so confusing as above. However, 
> ```
> struct S {}* s1, s2;
> ```
> looks dangerous again.
> 
> Even following code looks unfamiliar to me.
> ```
> typedef struct Blah {} Blah, *PBlah;
> ```
> 
> It really depends on the beholder. So, how about letting this check split **everything** and provide options for maximum flexibility? So specific rulesets or the user may configure it as they wish. We could add for example split-after-tag-def, split-tag-typedef in addition to cppcore and cert and use a default setting (split-after-tag-def=true, split-tag-typedef=false).
I've typically found that users go with whatever the default options are, rather than specify a slew of options, and if the default options produce an onerous check, they simply disable the entire check. I'd rather not push the design off to the users unless there's really no better alternative.

I think that the only "dangerous" operations this sort of check is meant to catch is when the declaration group uses different specifiers for the declarator or when there's an initializer on one declarator but none of the rest. I think the other operations are more likely to be a consistency thing than a bug-prone thing. e.g.,
```
// Differing specifiers
int i, j, k; // Not at all likely to be mistaken code.
int i, *j, &k; // Not really likely to be mistaken code.
int *i, j; // More likely to be mistaken code.
int i, *j; // Not really likely to be mistaken code.
typedef int *one, two, three; // More likely to be mistaken code.
typedef int one, *two, **three; // Not really likely to be mistaken code.

// Initialization
int i = 10, j = 10; // Not at all likely to be mistaken code.
int i = 10, j; // Not really likely to be mistaken code.
int i, j = 10; // More likely to be mistaken code.
```
I think declarations that declare both types and variables should ignore the type name and focus only on the variable name following the same heuristics. e.g.,
```
struct S {} s; // Not at all likely to be mistaken code.
struct S {} s, *t; // Not really likely to be mistaken code.
struct S {} *s, t; // More likely to be mistaken code.
```
I could imagine an option like `FlagPossiblyDangerous` or something else; if the flag is set, the check diagnoses based on some heuristic of likely dangerous operations and if the flag is not set, the check flags all declarators in the same declaration.

What do you think?


https://reviews.llvm.org/D27621

More information about the cfe-commits mailing list